Analysis
-
max time kernel
145s -
max time network
157s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
10-09-2021 10:12
Static task
static1
General
-
Target
79267d6392623e9a0ae504377252545990ff860c3c5498d3e32825de8057cd7f.exe
-
Size
880KB
-
MD5
2c3bd0e45218c8638c0322903d0ab9ac
-
SHA1
68af748a4745b51db646f4271712deee12a13880
-
SHA256
79267d6392623e9a0ae504377252545990ff860c3c5498d3e32825de8057cd7f
-
SHA512
18f64310fb51c96f755c23ba2e31a1af7c69c3de8d49bc54f1761402620dd30a8d9c5edbea6ac18ff1ccd5c555d16ca04453dd568617b0c51b55f6d246a1414f
Malware Config
Extracted
Family
gozi_rm3
Attributes
-
build
300981
Extracted
Family
gozi_rm3
Botnet
202108021
C2
https://haverit.xyz
Attributes
-
build
300981
-
exe_type
loader
-
non_target_locale
RU
-
server_id
12
-
url_path
index.htm
rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MIGhMA0GCSqGSIb3DQEBAQUAA4GPADCBiwKBgQDQvSE+pGC5ueFuFpsWZNFb2D62
3
JrHBcRqgYrVTvdjBpXuaQW5ardkd9dQbqV/m9lqnAPR/0bzeIxp3S25u4aysggiU
4
q9vS8NOAX5OUj/9xYDDmNGC4wwov91iWFs2zVQq/NK3xbdAoFHf4tBEbHMqwBYO0
5
yXwvy6ct9gfu47z1YQIFAOO89WE=
6
-----END PUBLIC KEY-----
aes.plain
1
kUQPFKASLooZS1Lr
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10d2f0603da6d701 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B2014973-1230-11EC-B2DB-F634F559A0EA} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b96d4373b7675b4d84eb10bb7229018a000000000200000000001066000000010000200000004f412cc0a421d909cbad7e5c2ff7a1c37c4d65cd83990f9fb2a372f9ee55c20d000000000e8000000002000020000000791813b29e137c951209100f44eb03c4ce40792fe84f38bcf812ba5105e3ccca20000000c9ee2dcc3b5a3cf3f4d58ecbd90c7e0edcb2a5c193c5b3958e916a77d1bec45240000000fbfbadf9477f43f2884fd9b3073722733e44597ffd24d833368819b40747556e0a6ecc58bfd5e43ec8927f4a6b7d59e0b4832cc3a8febd5c9196e0a51e8a8a98 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1325304605" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 304530523da6d701 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b96d4373b7675b4d84eb10bb7229018a00000000020000000000106600000001000020000000197164dcfacbb3729b430606375f33df13df1fc5e69c494db88b7d2592eedaf4000000000e8000000002000020000000eaa65a3be1c7599204f5c84d3f100adab9a1adc93ece8beeb0de037eabb221f520000000d2fa51f4dae4036a7e9fbb31550430dcaee7ca93c362fdd633ee4ad9ed592874400000004a255d7eec121896532264c9b3e7a3b039907dab6185ecf9342a769632c0229877b8dacbea4bb3851a8b100ab46fe29a18b86a1e9d6de0c41df7a8c1d6f1aaf3 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 402df6523da6d701 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b96d4373b7675b4d84eb10bb7229018a00000000020000000000106600000001000020000000dadc879a9f17eb54608f53379f2696755c7cbbccaa51a79f5f2ca7330b2bda71000000000e8000000002000020000000b619b031a0eb5c3fe3228e12e1f4e35220ce5483261f95c8e322550768f05298200000006745602cf4a3a9e03c98e9c6fc0773fad9c602cefdb5d76c205f3e9391e1d91d4000000020147509ccc8e7f42b33d8ed143f83f0193d16eb2dcee66fa59e903e15a5143e22a70dd3e6982113c6cd034e10de68ee71897828855c84e03b4a2202407d54fc iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1053f57b3da6d701 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30910013" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b96d4373b7675b4d84eb10bb7229018a00000000020000000000106600000001000020000000bc01be392dd608e42f2e2065e64804f407d7808fe471a6b00a90600c911032fc000000000e8000000002000020000000a788a974f5742d8b3bb2a400398a7269e308b21c183e8d5f231bb8c2429fef8820000000db910efc8c4e79ea138a6d569556e1174cee7e094d0591291c9009cac2f502c040000000dfec5ec0347486aa2a88494e77f548b2dc4b3f0613e3a6d2452593a297c8456525b0ba34e81077ae64aa82cd839c2667cca19841b45cd8498dab940a78bc21fa iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30910013" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b96d4373b7675b4d84eb10bb7229018a00000000020000000000106600000001000020000000c3b367aa9d87683deca885e545dab2a9c5b961431468478978670b4a757fd752000000000e80000000020000200000006ba61ece9728ea63fb9f3c0df2ddb15cf08c7802d031e8f8842d2a6517d4c2ad20000000770cf8373ec6714c4d683c1d21dfa753c9f64be39016d720f2dfac48f1defe994000000018ad019f5f9ef205e77ce3ef0353b5059fa978609b11ce02a40789afd34eb16592d9e133cf3a90983e08205ac8b35a13b0b93cb9dc9cab1dfc786c836bac5cfc iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b078ed593da6d701 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9E10BF31-1230-11EC-B2DB-F634F559A0EA} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{901F9CCF-1230-11EC-B2DB-F634F559A0EA} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b96d4373b7675b4d84eb10bb7229018a000000000200000000001066000000010000200000001c1876f46a071d497a32ed2a3477857cab142d93ac0ceeefe3a8e2f98f8e1a1e000000000e8000000002000020000000143e993080a0f7f82c8f17360b40d85d6a7348896cbcc56c9a402850be47e851200000004f0353bd587c94d57dd11906159a400bb70e3c2a999ee2693dce745d9a8a984240000000399b484a00bf8449019ff03cf7cf26baefc73c16184bee27001fc33e29013686352ee3c9f8922dbabaf9228f34cf9a7833b844253fd00d20704be4e39ba45b15 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b96d4373b7675b4d84eb10bb7229018a000000000200000000001066000000010000200000009bd6ac3c8e6fadf34b981c57ec3bdcec1f5269a29d3e7157d6f2b1d2a02383a7000000000e8000000002000020000000952f03ed9d89d2676c66ecbb00df4f7aa417e384a647bfa083f39928c7cbdcd12000000024105834675f780aa741529c5c0b09893f0c18dd2f4024cfdd31565345d2445a40000000dedad4a380b372f890a75e04b30a22d54278ff0c600b86480d19ee32c87dc2a9279c58c1cfe2f00e075000b85a9fd7a99693f2265ff572ebb4c935055165be90 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B8FFCE20-1230-11EC-B2DB-F634F559A0EA} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C00F0501-1230-11EC-B2DB-F634F559A0EA} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe -
Suspicious use of FindShellTrayWindow 8 IoCs
pid Process 404 iexplore.exe 1788 iexplore.exe 2300 iexplore.exe 2352 iexplore.exe 604 iexplore.exe 1488 iexplore.exe 1300 iexplore.exe 2992 iexplore.exe -
Suspicious use of SetWindowsHookEx 32 IoCs
pid Process 404 iexplore.exe 404 iexplore.exe 1220 IEXPLORE.EXE 1220 IEXPLORE.EXE 1788 iexplore.exe 1788 iexplore.exe 1736 IEXPLORE.EXE 1736 IEXPLORE.EXE 2300 iexplore.exe 2300 iexplore.exe 1300 IEXPLORE.EXE 1300 IEXPLORE.EXE 2352 iexplore.exe 2352 iexplore.exe 3964 IEXPLORE.EXE 3964 IEXPLORE.EXE 604 iexplore.exe 604 iexplore.exe 1640 IEXPLORE.EXE 1640 IEXPLORE.EXE 1488 iexplore.exe 1488 iexplore.exe 500 IEXPLORE.EXE 500 IEXPLORE.EXE 1300 iexplore.exe 1300 iexplore.exe 2008 IEXPLORE.EXE 2008 IEXPLORE.EXE 2992 iexplore.exe 2992 iexplore.exe 644 IEXPLORE.EXE 644 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 24 IoCs
description pid Process procid_target PID 404 wrote to memory of 1220 404 iexplore.exe 71 PID 404 wrote to memory of 1220 404 iexplore.exe 71 PID 404 wrote to memory of 1220 404 iexplore.exe 71 PID 1788 wrote to memory of 1736 1788 iexplore.exe 80 PID 1788 wrote to memory of 1736 1788 iexplore.exe 80 PID 1788 wrote to memory of 1736 1788 iexplore.exe 80 PID 2300 wrote to memory of 1300 2300 iexplore.exe 82 PID 2300 wrote to memory of 1300 2300 iexplore.exe 82 PID 2300 wrote to memory of 1300 2300 iexplore.exe 82 PID 2352 wrote to memory of 3964 2352 iexplore.exe 84 PID 2352 wrote to memory of 3964 2352 iexplore.exe 84 PID 2352 wrote to memory of 3964 2352 iexplore.exe 84 PID 604 wrote to memory of 1640 604 iexplore.exe 86 PID 604 wrote to memory of 1640 604 iexplore.exe 86 PID 604 wrote to memory of 1640 604 iexplore.exe 86 PID 1488 wrote to memory of 500 1488 iexplore.exe 88 PID 1488 wrote to memory of 500 1488 iexplore.exe 88 PID 1488 wrote to memory of 500 1488 iexplore.exe 88 PID 1300 wrote to memory of 2008 1300 iexplore.exe 90 PID 1300 wrote to memory of 2008 1300 iexplore.exe 90 PID 1300 wrote to memory of 2008 1300 iexplore.exe 90 PID 2992 wrote to memory of 644 2992 iexplore.exe 92 PID 2992 wrote to memory of 644 2992 iexplore.exe 92 PID 2992 wrote to memory of 644 2992 iexplore.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\79267d6392623e9a0ae504377252545990ff860c3c5498d3e32825de8057cd7f.exe"C:\Users\Admin\AppData\Local\Temp\79267d6392623e9a0ae504377252545990ff860c3c5498d3e32825de8057cd7f.exe"1⤵PID:3260
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:404 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:404 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1220
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1788 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1788 CREDAT:82945 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
PID:1736
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2300 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2300 CREDAT:82945 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
PID:1300
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3964
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:604 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:604 CREDAT:82945 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
PID:1640
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1488 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1488 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:500
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1300 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1300 CREDAT:82945 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
PID:2008
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2992 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2992 CREDAT:82945 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
PID:644
-
Network
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
-
Remote address:8.8.8.8:53Requesthaverit.xyzIN AResponse
No results found
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz
-
57 B 122 B 1 1
DNS Request
haverit.xyz