gozi_rm3 | 4735bc5301854bc6c9479415539e95ad9930e00d46e6741e18b2ca4bb3a1f4ea

Analysis

max time kernel
146s
max time network
148s
platform
windows10_x64
resource
win10v20210408
submitted
10-09-2021 10:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4735bc5301854bc6c9479415539e95ad9930e00d46e6741e18b2ca4bb3a1f4ea.exe
Size

880KB
MD5

78ff24568a45eac70884f15a5e8732b4
SHA1

73de46ae140b5e3aeddaca9d05279c915846d7e1
SHA256

4735bc5301854bc6c9479415539e95ad9930e00d46e6741e18b2ca4bb3a1f4ea
SHA512

ff2bb08605a26b515946122a649aa635c097a13213736cfa941f321670b70384a545ccf1505de77b386474afa8f98c7db4c6c1f209c8b2596e3418e545446057

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Signatures

Gozi RM3
A heavily modified version of Gozi using RM3 loader.
banker trojan gozi_rm3

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fcec4a2d01946140a425099c9b48e843000000000200000000001066000000010000200000009101c1d52a9fe7cb3b887f9470e1329e14abeda51ab83b57167dae60fd8d1abf000000000e8000000002000020000000e825a318b30d49b77d663e8edb569d44baaf96eb4030d90d046a0068a9d0b446200000008166cc34de318e0a4da7b081a1e27148b8fb1cb163a249cf745d4fba9733f05e40000000bd01fe2b24f0aabab5427af817a7dccb72efcc331713ffa5ecdc1acc13b43562989258f63394b2295df93b9bf58f9ad66f6c03689c4d1f194a0b2b9626821fd7	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fcec4a2d01946140a425099c9b48e843000000000200000000001066000000010000200000004c4a2f2475cdccd89af821d4290eb7ff178ab18c7a397e5f4644b1d106c42e75000000000e80000000020000200000002fca2129229d285afd41164337bab32b8e0668a1dd539ce42555b571b3d52ab7200000005ab0a32806f7e3b9f779e060d494f460e2d2a3cfecf34c1f4c82991583e27d8940000000ad2077a109067be1acd969987dc8a7ddc135a2cf58ab01687bd053da5e8859d2cec422c837b0058ab765b4506bb8f59a4a1111a4fbf10b098eae0691486d8b6e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6B423AF1-122F-11EC-B2DB-FE102937BB87} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fcec4a2d01946140a425099c9b48e843000000000200000000001066000000010000200000004bf08beb88d30d2a34a47c1c97d7a380b502d16f1923776b00677d661ccd30c1000000000e800000000200002000000035fdaf18c5bec768e8c6f701ca825959f496bc7ad78321d9a0cda1b46f10e912200000004de7c462b9ddd22d0fd4d5e0f456ea2aa9bb0f6b2da7e983d9782238a5f5445c400000005fbd943f7c0b3007c7399995ab4deef68a695f039d538147f485f99c65485d76057359fb91c517465d41042247e11891c9615294200a2ecbdb7bf83a113389ee	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20cd04573ca6d701	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fcec4a2d01946140a425099c9b48e8430000000002000000000010660000000100002000000046dcebd6a0a92da24509e6fe49cfd955b783ad96c61d4a5469bf69f01a252a4c000000000e8000000002000020000000ef21febdc393b51272a4bb9e68b19d89328ca450db9fabcdafbdd51101adc2ec20000000cde6bf373c2ede20c6b1def5581c261f91417fb6ad1f6c098de763329c72040d40000000f3593be08aec7a23478d156c261a547477a80f2968f47af7eabf869f259cf0eaabc7db094a365465a38832fce27ad9f476be92bb182c0b9d6357d3b731aff96a	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fcec4a2d01946140a425099c9b48e84300000000020000000000106600000001000020000000c7934893badfda68e123dcb9de92c8f7f12ce0d15f65e17e86852e0291d1b305000000000e80000000020000200000000b0943945dfdf0d25f7b4bc1663452de3f3902d064bf32cb92ddfaf487b945b0200000003345aacbb204df295a938c2694361979f326002f5e3d3b24618810822500c73c40000000e577280364aee0d62fd3f376397ae6b9a0e208b282d939cf1ead1c01f063a6e006f369cba1bc07d1383b958b49f60154a97bb4d1d28c439d00456f859e300714	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "717440539"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50043b2d3ca6d701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{562547FA-122F-11EC-B2DB-FE102937BB87} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "717440539"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30910012"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fcec4a2d01946140a425099c9b48e84300000000020000000000106600000001000020000000cd1e7762a905abe252436c57163bac6d7754814a599408fba1f02fa77e86c5ef000000000e8000000002000020000000c2457536130943aa9462cc6a2dbacf6bcfe2c4826afa28539c2696b86abc3e6b2000000048ee5f01d53df01694c1beceafda1e4846874c613c5a11ed721dfba9e5e6ea3640000000388eab8d288d3da9afc45d707d24d892a1f1261a180277b62753b94331daa7e33a865c27d404d713622bee7c0757b47a74e9c3c7432746d4a91e529b7fb53747	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30910012"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fcec4a2d01946140a425099c9b48e843000000000200000000001066000000010000200000003106d6aaf8b38d1571a54c13072611b22d9a53e88f379f17ed80d9c13e151453000000000e800000000200002000000092d90282f95ffe62e5a04e5f4f30aa6e092bc8be721a6074f95dba15cf4338a320000000258b9eb1a3f480e5b1612a3096a3d27aadea7f64818474c1c93bf52ab85a1c6d4000000002341f167c71c7b4f63c38e01936c393c051724cd9fbeef141564d7998e00aaa8929b839b2e03319d9700816fd45bbe0ad5bef2fc3bee76244eb219193678faf	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fcec4a2d01946140a425099c9b48e8430000000002000000000010660000000100002000000072afc930bfefd19ae227f596b58bc47fd2f4de87126233e6d022f89a98d8a325000000000e8000000002000020000000b554ce03768aa6ea982c2a8e9d575bad55bfc9c232e4d322f85ba44cc21ff07220000000be695caabc215f93f663eba4511217b76469f31e27670ef4c9c6b0c98eeaaecc40000000d8d1b10fef7263974289f7e32f7a0072e2dca0e0ae0681249a165d0d10b3bbca982e42e58f022c43240f8729dacc357aba11fe38aaf3b59c83b0def6cac64482	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0012272e3ca6d701	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
2516	iexplore.exe
3556	iexplore.exe
976	iexplore.exe
8	iexplore.exe
3604	iexplore.exe
784	iexplore.exe
1092	iexplore.exe
3824	iexplore.exe

Suspicious use of SetWindowsHookEx 32 IoCs

pid	Process
2516	iexplore.exe
2516	iexplore.exe
3016	IEXPLORE.EXE
3016	IEXPLORE.EXE
3556	iexplore.exe
3556	iexplore.exe
3944	IEXPLORE.EXE
3944	IEXPLORE.EXE
976	iexplore.exe
976	iexplore.exe
816	IEXPLORE.EXE
816	IEXPLORE.EXE
8	iexplore.exe
8	iexplore.exe
2796	IEXPLORE.EXE
2796	IEXPLORE.EXE
3604	iexplore.exe
3604	iexplore.exe
1164	IEXPLORE.EXE
1164	IEXPLORE.EXE
784	iexplore.exe
784	iexplore.exe
2300	IEXPLORE.EXE
2300	IEXPLORE.EXE
1092	iexplore.exe
1092	iexplore.exe
1740	IEXPLORE.EXE
1740	IEXPLORE.EXE
3824	iexplore.exe
3824	iexplore.exe
2436	IEXPLORE.EXE
2436	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 3016	2516	iexplore.exe	71
PID 2516 wrote to memory of 3016	2516	iexplore.exe	71
PID 2516 wrote to memory of 3016	2516	iexplore.exe	71
PID 3556 wrote to memory of 3944	3556	iexplore.exe	80
PID 3556 wrote to memory of 3944	3556	iexplore.exe	80
PID 3556 wrote to memory of 3944	3556	iexplore.exe	80
PID 976 wrote to memory of 816	976	iexplore.exe	82
PID 976 wrote to memory of 816	976	iexplore.exe	82
PID 976 wrote to memory of 816	976	iexplore.exe	82
PID 8 wrote to memory of 2796	8	iexplore.exe	84
PID 8 wrote to memory of 2796	8	iexplore.exe	84
PID 8 wrote to memory of 2796	8	iexplore.exe	84
PID 3604 wrote to memory of 1164	3604	iexplore.exe	86
PID 3604 wrote to memory of 1164	3604	iexplore.exe	86
PID 3604 wrote to memory of 1164	3604	iexplore.exe	86
PID 784 wrote to memory of 2300	784	iexplore.exe	88
PID 784 wrote to memory of 2300	784	iexplore.exe	88
PID 784 wrote to memory of 2300	784	iexplore.exe	88
PID 1092 wrote to memory of 1740	1092	iexplore.exe	90
PID 1092 wrote to memory of 1740	1092	iexplore.exe	90
PID 1092 wrote to memory of 1740	1092	iexplore.exe	90
PID 3824 wrote to memory of 2436	3824	iexplore.exe	92
PID 3824 wrote to memory of 2436	3824	iexplore.exe	92
PID 3824 wrote to memory of 2436	3824	iexplore.exe	92

C:\Users\Admin\AppData\Local\Temp\4735bc5301854bc6c9479415539e95ad9930e00d46e6741e18b2ca4bb3a1f4ea.exe
"C:\Users\Admin\AppData\Local\Temp\4735bc5301854bc6c9479415539e95ad9930e00d46e6741e18b2ca4bb3a1f4ea.exe"
1⤵
PID:620

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2516 CREDAT:82945 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3016

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3556
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3556 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3944

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:976
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:976 CREDAT:82945 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:816

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:8
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8 CREDAT:82945 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2796

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3604
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3604 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1164

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:784
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:784 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2300

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1092
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1092 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1740

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3824
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3824 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2436

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/8-126-0x00007FFF85150000-0x00007FFF851BB000-memory.dmp

Filesize
428KB

Download
memory/620-115-0x0000000001000000-0x00000000010F4000-memory.dmp

Filesize
976KB

Download
memory/620-116-0x0000000000450000-0x000000000059A000-memory.dmp

Filesize
1.3MB

Download
memory/620-118-0x0000000000580000-0x0000000000590000-memory.dmp

Filesize
64KB

Download
memory/620-114-0x0000000001000000-0x000000000100F000-memory.dmp

Filesize
60KB

Download
memory/784-130-0x00007FFF85150000-0x00007FFF851BB000-memory.dmp

Filesize
428KB

Download
memory/976-124-0x00007FFF85150000-0x00007FFF851BB000-memory.dmp

Filesize
428KB

Download
memory/1092-132-0x00007FFF85150000-0x00007FFF851BB000-memory.dmp

Filesize
428KB

Download
memory/2516-120-0x00007FFF85150000-0x00007FFF851BB000-memory.dmp

Filesize
428KB

Download
memory/3556-122-0x00007FFF85150000-0x00007FFF851BB000-memory.dmp

Filesize
428KB

Download
memory/3604-128-0x00007FFF85150000-0x00007FFF851BB000-memory.dmp

Filesize
428KB

Download
memory/3824-134-0x00007FFF85150000-0x00007FFF851BB000-memory.dmp

Filesize
428KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads