Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
10-09-2021 07:11
Static task
static1
Behavioral task
behavioral1
Sample
XKArsO.exe_.exe
Resource
win7-en
windows7_x64
0 signatures
0 seconds
General
-
Target
XKArsO.exe_.exe
-
Size
880KB
-
MD5
e40c8ed836ffe0f83e1e5183fd01b7dd
-
SHA1
96f9957f985f4258b92ae2750bc012f4938bb632
-
SHA256
cd0a53dd2613409da460ac1b8274b6f6e6832c4f6454782604a6429dad31aebc
-
SHA512
8aed42d7e91c850a49b09493c6d7f37d4056541ec530aba0e1c3f2fd9d161538728a46d3f9d62b4f06be5aa86f798427d6daf4cc39c13c6b592cea6c6a32b635
Malware Config
Extracted
Family
gozi_rm3
Attributes
-
build
300981
Extracted
Family
gozi_rm3
Botnet
202108021
C2
https://haverit.xyz
Attributes
-
build
300981
-
exe_type
loader
-
non_target_locale
RU
-
server_id
12
-
url_path
index.htm
rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MIGhMA0GCSqGSIb3DQEBAQUAA4GPADCBiwKBgQDQvSE+pGC5ueFuFpsWZNFb2D62
3
JrHBcRqgYrVTvdjBpXuaQW5ardkd9dQbqV/m9lqnAPR/0bzeIxp3S25u4aysggiU
4
q9vS8NOAX5OUj/9xYDDmNGC4wwov91iWFs2zVQq/NK3xbdAoFHf4tBEbHMqwBYO0
5
yXwvy6ct9gfu47z1YQIFAOO89WE=
6
-----END PUBLIC KEY-----
aes.plain
1
kUQPFKASLooZS1Lr
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30de616f23a6d701 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D6507AB4-1216-11EC-B2DB-F634F559A0EA} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000939f74d9bd12304689855b58b5bf02300000000002000000000010660000000100002000000052d8815e87b3322eaab2ab839bcd9356e079af9d090297ae810fe51cf8944c1f000000000e8000000002000020000000bc1739063fd01891b9346a401e216b644d9c213eb5d549080ef051adc94b86822000000078068da64fe92736c8643bf34bc566886305713d887c4862794223efc0f31ba340000000ebe6f0c56d62431f8df9bcb238a40bef87c6ca540e184a024e0b99411d8ac0e8b681fc1f174f668e48f7d0e8de15ca9d617ac2d6e16d4c61f0dd20d570bf11f7 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30909987" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000939f74d9bd12304689855b58b5bf0230000000000200000000001066000000010000200000007a18c0b207a962408db3f8bc589304f164cb2d46745d7e4f55f746130a626063000000000e8000000002000020000000176716575bad5b2bb7ac6dc88a7ac8ecbd829cc8c42e1137f747c9d6c726c763200000008a652bdf7fdcfa0d92ba1407cf790ac0e1365c19cd64aaf4b7a2cee8c0d91e1840000000f7dc66219281989a490fb07c9fadbaf6db22dd42dc450545690d40f7caf01b824603726556bd748a153b5a2caef43208cf50d131ab53eb44e9902d1051313586 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CF545761-1216-11EC-B2DB-F634F559A0EA} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000939f74d9bd12304689855b58b5bf0230000000000200000000001066000000010000200000006a8b91aac1756d3039e540fd089b5970e30d2a2b94801e6d90488b56e15e1f14000000000e8000000002000020000000e60e01445d729c5cc70eabd6dfede439f00f88e1b7af843fecf5f1dda0ed3cd0200000007e8953b648135d1ab8b083648855f6b83268c39c6c8039e34be74c5eb0ad58bf400000004d382d84f81ca2c883d58df396274a8bdf81115c6a21bffa087d57fb31b96a8bcce8c1ea21221dbf1f84c614998e60039ee57c58dd2947783062bd86f43a9287 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0b4379923a6d701 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70323e7723a6d701 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1814786664" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000939f74d9bd12304689855b58b5bf023000000000020000000000106600000001000020000000f90c45f826fd7c836e711dab13c2d9b313ddcc815db6d8be2ae02fcf438bf67b000000000e800000000200002000000085d4a88d36e9450cc64623ab060eeeb8a52c27311a89b592895d12cc37096ea5200000007c76b5e778a73042dc8562d0b58a748b51093da0768bca4dea0e64ab11abdb26400000003a1601cdfd8cc57f65461dc90e30e33186e1b32155b27a0323cf7685256e096f372202d573412b5e579882cc8d0271cbe8031d1349eff311f24c82fc28b1f921 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DD588A7B-1216-11EC-B2DB-F634F559A0EA} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000939f74d9bd12304689855b58b5bf023000000000020000000000106600000001000020000000e1dd25c7c79945a9f72a4864c023ae2e46f39f5d8d0d225aa6a14308a19b8947000000000e80000000020000200000000c10c9be58c19138551264df7c37a6907211b3c5793b8ef00095560fcdd77b26200000001c5f655fb7ce09acc05c6e3114c439ef9ea17e0be881ba74f0912bc491a58bc14000000053b3dabafd2843a0b685d75a3e23cfb5ea6c9abb190bfbb6ddce6c31c5d3f659a8e8127ee07365d45107d47e4bc078f51aebc1fb1b9839dbf83500c3911ffbc8 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 502c36a023a6d701 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe -
Suspicious use of FindShellTrayWindow 8 IoCs
pid Process 1132 iexplore.exe 4028 iexplore.exe 3920 iexplore.exe 2160 iexplore.exe 2780 iexplore.exe 1212 iexplore.exe 2152 iexplore.exe 1548 iexplore.exe -
Suspicious use of SetWindowsHookEx 32 IoCs
pid Process 1132 iexplore.exe 1132 iexplore.exe 1700 IEXPLORE.EXE 1700 IEXPLORE.EXE 4028 iexplore.exe 4028 iexplore.exe 3492 IEXPLORE.EXE 3492 IEXPLORE.EXE 3920 iexplore.exe 3920 iexplore.exe 3472 IEXPLORE.EXE 3472 IEXPLORE.EXE 2160 iexplore.exe 2160 iexplore.exe 3936 IEXPLORE.EXE 3936 IEXPLORE.EXE 2780 iexplore.exe 2780 iexplore.exe 3672 IEXPLORE.EXE 3672 IEXPLORE.EXE 1212 iexplore.exe 1212 iexplore.exe 996 IEXPLORE.EXE 996 IEXPLORE.EXE 2152 iexplore.exe 2152 iexplore.exe 1188 IEXPLORE.EXE 1188 IEXPLORE.EXE 1548 iexplore.exe 1548 iexplore.exe 192 IEXPLORE.EXE 192 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 24 IoCs
description pid Process procid_target PID 1132 wrote to memory of 1700 1132 iexplore.exe 81 PID 1132 wrote to memory of 1700 1132 iexplore.exe 81 PID 1132 wrote to memory of 1700 1132 iexplore.exe 81 PID 4028 wrote to memory of 3492 4028 iexplore.exe 83 PID 4028 wrote to memory of 3492 4028 iexplore.exe 83 PID 4028 wrote to memory of 3492 4028 iexplore.exe 83 PID 3920 wrote to memory of 3472 3920 iexplore.exe 85 PID 3920 wrote to memory of 3472 3920 iexplore.exe 85 PID 3920 wrote to memory of 3472 3920 iexplore.exe 85 PID 2160 wrote to memory of 3936 2160 iexplore.exe 87 PID 2160 wrote to memory of 3936 2160 iexplore.exe 87 PID 2160 wrote to memory of 3936 2160 iexplore.exe 87 PID 2780 wrote to memory of 3672 2780 iexplore.exe 89 PID 2780 wrote to memory of 3672 2780 iexplore.exe 89 PID 2780 wrote to memory of 3672 2780 iexplore.exe 89 PID 1212 wrote to memory of 996 1212 iexplore.exe 91 PID 1212 wrote to memory of 996 1212 iexplore.exe 91 PID 1212 wrote to memory of 996 1212 iexplore.exe 91 PID 2152 wrote to memory of 1188 2152 iexplore.exe 93 PID 2152 wrote to memory of 1188 2152 iexplore.exe 93 PID 2152 wrote to memory of 1188 2152 iexplore.exe 93 PID 1548 wrote to memory of 192 1548 iexplore.exe 95 PID 1548 wrote to memory of 192 1548 iexplore.exe 95 PID 1548 wrote to memory of 192 1548 iexplore.exe 95
Processes
-
C:\Users\Admin\AppData\Local\Temp\XKArsO.exe_.exe"C:\Users\Admin\AppData\Local\Temp\XKArsO.exe_.exe"1⤵PID:4060
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1132 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1132 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1700
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4028 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4028 CREDAT:82945 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
PID:3492
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3920 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3920 CREDAT:82945 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
PID:3472
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2160 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3936
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2780 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:82945 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
PID:3672
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1212 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1212 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:996
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2152 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1188
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1548 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1548 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:192
-
Network
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
No results found
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz