hxxps://ankltrafficexit[.]xyz/trafficexit

General

Target

https://ankltrafficexit.xyz/trafficexit
Sample

211007-qynqkscfgp

Score

6^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1020 1864 WerFault.exe IEXPLORE.EXE

pid	pid_target	process	target process
1020	1864	WerFault.exe	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000143354e5b0aa8e4fa6f7fa4cf8aeb3eb0000000002000000000010660000000100002000000059e2072126d9ad52db83e20ac93a33a7184297a49bc04d490870c1c00c98603a000000000e8000000002000020000000f05465ea440da0e611be294688cfb3b80ee0d732fabc11df49b0dea2fba7dc0b90000000ec67bdb761c72f9bda27bc247c58edcd200a2469661d467aac20c9c04c6ed29d828767abcdab1c1d6fd7f90eee5b9faf87ef838cebd7c76611c312d582320cbd3779a7aa960203d6c1cacd634e782b0d81892741bb9a481238b534343e4c85f84d388fd536a084ed2a4142abfdf2961c7919c41bdf92dc3cb256057db529e41a9acd1b2fd6cfc0cda8a321cf311c21e340000000c96f23e70ce8c6eed6d2122f5520e7cf6aee414a7956a98da2e2cd9ad03d53f2c222eab2d16c3ef2bbad0bb66d70f0b78839c78b58767dd1a5e14732ab8ccfdf	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000143354e5b0aa8e4fa6f7fa4cf8aeb3eb000000000200000000001066000000010000200000003c3ce7422837474457bacf7ee9a8bd5442726a701ca513e51af919e833ebff8b000000000e8000000002000020000000d651fd5ad14eb9dc13f483ca055c772a63b989946a83e4b7a187e1871d0274fd200000002769b8551069fdf6713563aa880284fe90373c28a88a6a661f2a9057cf28b98d400000009ccbd18feeb41975c575862667ddbd8870e1772175ca9df77ac8a09a11f7822c6ce0eaf9aba67aa902e4921ceb193e361c798bc18d5079e5aa31542f0b59d065	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "340386249"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0fe4ede91bbd701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000143354e5b0aa8e4fa6f7fa4cf8aeb3eb000000000200000000001066000000010000200000000adbd4ae533ad05324aeaeedebaaf2a1c52ef486502d896d876c7c6ffab27dc5000000000e8000000002000020000000aec2fa3b0fd2ad19c990d2b9d73c960537db089eeb781418ff9a88c0063e52a7e0040000c9bf705b6b23e9fecb9cab0d28d692169e980b17fc2403c357c99a9f90f5807399bddc0686bb9842b8776bc8e806a20b1ac239c984a43b0f6533a44a90546be6e4f951d2083eb7cad1d6e29d7b172db90ad536411796381e4873f24316656da0be2e19c51f0406258b8c9a27d326f559ab082e92c06881a8944d454612bc7f34bf8da8151e0a358eecb3eb74328a17b6e7e757018716d10019d5983a21f9fa5aaaec017846e00554e4bfed16ca55b7b6dc5a11bbc19f0abb88ad6421f1163764807016694f30915f6fd58352131668018645782e0efed272c06e9e351ca599855f2f2cc50a77c65cfe70013149489715da4969b1979cb6055118d6dfe45c3199c7f88ebe0472736e561ea99df833732482f060d9491dfdd258c0a584e4f74d5259aea435efbd188658f2797a5b543f3c99b5da08b4e4fe4bd65a6fd4797efd34aba5f33f9c62ce386ab26a61a3644a2ad3467c9d7b3b465358d6d0f55a387257bc7bc9c45d71a4617c4ba8c443c2d30a43ab87ed5682a98369f700c30bb7444d42bfd498c8ccf3d94ead9c32a82d853ecdf666b3d85ab95e1103a744588fe1f38cfedf165836d48dd5df9df959a1f0700f52dfb4e2a169727b50796e475eee520a3b25586c81b59c0b87a445c9f9e57f89155764ee334aeec3e432bf6711b76adfcddd0f059b12a7360b1a6210503a8dcecb1a3e3fcbdd751d1b49a0919007487ebed4ab62fa858efc9a68b30b965fa89b754cad4254ff9755e0394e27339167859b1864965edf2f3e64d48a09e11d67850e05e23af824df444890309b2fd226e81617e8775d5bacca5325a632cc61732f351cbcf2940826443139fbe761fbb2091b3745341d7f1bd34f5833b71e03b9b96c1e5a7e8bc6832e9d28b8d88ebf5f75fe031eec179cb8755c267d7a1c947114a00b4d23422f7f2e38e0cb424eb8488b9e4e5132652322c7099ce9694b50d59878ed4aa2f674610f1acd42e2e6860e244b9ef022544b241a6457c1fa9c84a9ee4e57f9bfb20bfc27de7e0319693b326cc337676296e9a8cdfedfb5622aeaac8bfc8613f2abe243433e6f014d4ddf3c0deebaf8a0e2116c2bcbb8c8f4db7df9e36780f28fe47a4b16beb09e159cc4edb88108b85a0ce1e4657f10dff70d1a0cd3bcc885dc54f22d508c5c1b84d1fe628f9158accc8f441af1c63505be69c19b262fd6125a80fddc1eed7402156c39ffefcb53498631ed6dc0a503427d607e197328a37c0982642c2a5d4aad83fb627ea1eef674b574be15fa3311eae434d013009f1f70ccbdb378559b10e516bb1046a73fa6a9ef547019b917df965ca6dfe07d3ac0a40fc32a437e70e5329471a99bd8a98110cf2cf30b3182107d877f4068337e04ea92cb9082fa5c79687010e2622fd6128d82af3a98ba3ddd18139d3fb16449c44dce51fa9fae20eecd3c9b6013e3db0b3bfb49ad094c9eaec36d14740911719298271542391c30f82c2cb789edcbd7a58787f46d55f17271e02edb74caa40e001de57cc242012b36b6734791eee1192c53e4312fda8d028f47706fde3b0362ae20de630a8afc66a1e8086a44ce364eac7e1d385a739ea9c742609f4e58ec78b5f9e45c348879259e14706a84047dcdf051ce6a301b9a0f7ebe3616eea14c8a9ffefad84ad495f8709527d15e24cc28ddaa7744b6aa12ecf193f5d419e43037bc501a10db3a6abed3aa833651059972a2e86bc8dd943c0b23c51ea2e87cedda7e03fe882cdd98c28f3a41ab1b994000000017db51f08041295978ebf95d3f9cbae21bf7c7d5526a8d031fe3d73bc1a259a395d53967474ee95668bdcdf96b76a5ea1e7533045922f909a53240299c6efa5c	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000143354e5b0aa8e4fa6f7fa4cf8aeb3eb00000000020000000000106600000001000020000000980212c24ce4af5e2b0b4bbac51c9e60f0aaf525b0e9f4378bab9b74bc639658000000000e80000000020000200000007c3cc86839f14590ccb1d506ae558bcd57749b762984f7ddfd08bd8bd4a002d2e0040000ca4a1a4e65d1cd708a2109c5e48a43a31ebe62023b6a279bf646b849fae1f4ef6a9c6af0a7c88fa3ace869be499948fc785f4348c16167bf1582a0ecd869806d4c3828e4d788f16e857393037e3c2c1e6ec8dc920182512bf104a6094d302942944b85e487bb3dec96b8b5dcd4bfb9822bad0b6c0e4e4e4d374675db4c27f120820b92f4de8c110543ed901ea4de10df8d491a9bb2fe444f5661d1fd051e21779282959c8b47fb7af4f0da2766b0785495462d857471a85c3e77db917ac946979a73986d0a4923b1f23fbbff79b6d4c760f9d7ad39f0ffea549fd50b09ed20359430b86e7f55550d284e7721d2b66be7f9398db9f826845f4804acefb6455fd3433e4ae5f066bf2037971821954cf2bf734b5501f270393e6699e8baef2a9bd069966f82d32b58ce6d4afd4ae7eeb971c5242eadab6819aa7cefdb4c278c8097b5a0e8810d5b7841036c81befc8f83c84f7fd54e4ffd0d9c79932781bf4687caf0e87579bfb490d2333566fa2e2959a3676ad0a27e8e899f0e602515754b1590192f228927ea2d4f90e631b8d6066c67d77b7e4648eb25f2a647efa9b4111acf4a0571592146755e31e3366c361d7d8ff3ffa5b172b71ee4b465246b54418173a4a088522bc3c0a36cd4421617c91a934f00e7f936a4a278cd8e509131cb87cefab59f5cf6fdaadf4fd930d59c8c417862f3a6cfd7c3ca6caccaa4fda77d24d9ea94318a42f0da4a2d9619411da3fe5c9edbde5230cd57bc2aad006c8d0bc0ef0db5f783a1fb021f85c6e179a45785992a80056215bfc021c8be9fcb576cb3b4e1fe01917d57b427d2ee21d71b228646d64e2657f16ec21579b2fe94cd74d4d34cb5517d37d1e131112576505d8e7f34f55976fd73360878c3f9e7dc87052f729f60da3fb964603f3b5e4b325d3fbdcd6de7a04c63a97215621b712cbf0e7b980b77c68aea5ea324bcb78d4f8dab1a058b1a5ec2177fd9b747d03964e292a4f8f768cb9a89e541f9dd8fbd3288385f779142bfc390cca262e577e4f4487238f65e347b0058af18a9ca886cb738d8d5c1d8725e9d6114fb0a8d76148fd8efbaaee367749f87d1a85c138e5c0ab83116f610d7f9fa7127b429d1820f39f40ad7fdb00e2b5d34c470439275d8e9e696baa886aacd350df82f44a0a218730398c14e4e86f944e71265afe7f067080d879d5f6c3bf4bf3f766640757a69387321070bd2e55471812e78bc8d93d128d2e4bbf6bd4f12c7ae4dba53f772bfb41152b36462a197694cac48939e42843d0078230a645729668479d95b320e245537670a902f26b8151db112f9ec02255a54ec5a027bba9197f690216fd78c9cf0c4b211c447598cb94556e5c81c089c80e76d93acb174d865467f6841c89fdd16dc61db2c8c875017db672d43458e69082ccb9690d719ae0d91b4d8c79078fccb4178205848105c4ce0dc41d40164c78727451691dbbc6f51f5a77e42fd5799b8c03c126737cf59f9e1d14ac8511bab2b82d0dfa31ce12c667ef69b72a329b6b53476179e4ea8c11119f0e098885987b5d4d366eb850dd3e76ceb8ff916493c430ce29ff78d3b3cd55c68d5155b3eeff13e28953fa0020b8587e44fdc54eb0e422b75744021d7ec1fc184e2eb627e1ceb4128dd9cdff1009a74566c58504331e67f2b21ba5095ef29340bbef635e9dac5b9c14f61ae17c1babff672f35574bfc7559901e5f193695973a1cc2b60a6eaa2fe21ff52c46b15f014c3a95c5eee10de44f34d7140000000b38bf7c28942c7ca51fcfa1a9d15a2e10f362ec7d5864fe7635ec1da0b9c0587565fee466b2cb0fbbfe56fe45214af526b6afefea6d20ae55bb9d4967c3eb850	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FFA4AF81-2784-11EC-9984-DABA49B2525C} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

WerFault.exe

pid process

1020 WerFault.exe
1020 WerFault.exe
1020 WerFault.exe
1020 WerFault.exe
1020 WerFault.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

WerFault.exe

description pid process

Token: SeDebugPrivilege 1020 WerFault.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1728 iexplore.exe

pid	process
1020	WerFault.exe
1020	WerFault.exe
1020	WerFault.exe
1020	WerFault.exe
1020	WerFault.exe

description	pid	process
Token: SeDebugPrivilege	1020	WerFault.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

pid	process
1728	iexplore.exe
1728	iexplore.exe
1868	IEXPLORE.EXE
1868	IEXPLORE.EXE
1868	IEXPLORE.EXE
1868	IEXPLORE.EXE
1864	IEXPLORE.EXE
1864	IEXPLORE.EXE
1864	IEXPLORE.EXE
1864	IEXPLORE.EXE
1776	IEXPLORE.EXE
1776	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

description	pid	process	target process
PID 1728 wrote to memory of 1868	1728	iexplore.exe	IEXPLORE.EXE
PID 1728 wrote to memory of 1868	1728	iexplore.exe	IEXPLORE.EXE
PID 1728 wrote to memory of 1868	1728	iexplore.exe	IEXPLORE.EXE
PID 1728 wrote to memory of 1868	1728	iexplore.exe	IEXPLORE.EXE
PID 1728 wrote to memory of 1864	1728	iexplore.exe	IEXPLORE.EXE
PID 1728 wrote to memory of 1864	1728	iexplore.exe	IEXPLORE.EXE
PID 1728 wrote to memory of 1864	1728	iexplore.exe	IEXPLORE.EXE
PID 1728 wrote to memory of 1864	1728	iexplore.exe	IEXPLORE.EXE
PID 1864 wrote to memory of 1020	1864	IEXPLORE.EXE	WerFault.exe
PID 1864 wrote to memory of 1020	1864	IEXPLORE.EXE	WerFault.exe
PID 1864 wrote to memory of 1020	1864	IEXPLORE.EXE	WerFault.exe
PID 1864 wrote to memory of 1020	1864	IEXPLORE.EXE	WerFault.exe
PID 1728 wrote to memory of 1776	1728	iexplore.exe	IEXPLORE.EXE
PID 1728 wrote to memory of 1776	1728	iexplore.exe	IEXPLORE.EXE
PID 1728 wrote to memory of 1776	1728	iexplore.exe	IEXPLORE.EXE
PID 1728 wrote to memory of 1776	1728	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://ankltrafficexit.xyz/trafficexit
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1728

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:340994 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 1672
3⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1020

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:734219 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1776

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
MD5
ab5c36d10261c173c5896f3478cdc6b7

SHA1
87ac53810ad125663519e944bc87ded3979cbee4

SHA256
f8e90fb0557fe49d7702cfb506312ac0b24c97802f9c782696db6d47f434e8e9

SHA512
e83e4eae44e7a9cbcd267dbfc25a7f4f68b50591e3bbe267324b1f813c9220d565b284994ded5f7d2d371d50e1ebfa647176ec8de9716f754c6b5785c6e897fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
MD5
4f14e4bb5f261273d5f4b2bc0acb1a4c

SHA1
5372789f3e2ca07ccbb8376e8c8a3163e6d859de

SHA256
94f1ab49892d3449e00e56ef7e519ee9d8e14cfa94cf56f6060a9117c999135d

SHA512
d4be4eee037903bf2ab1b265206283d07a073c09b87a642d3b5201febc09ff9520716f5152665926f1695fbf88a891f74af8cbce09631707d9d79489b47478a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
MD5
7e5c9adf8eeab99abd53e8154b25a309

SHA1
0b1976ef56e26f328a63987e73c5a7e9d092b0ce

SHA256
d676e38c03eb5574256f525a765420e3a40de10401a37f8751b965da11a3bd75

SHA512
ece769c5feda1af309724d73d1cd1be74c2f8aa2e9b616289666f478c723e7d962eb65f416967c7452f0559791b5caee12ef003536bf5e70de0a1d9b5053566f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
MD5
69308e9b3f67d942f2808b9c24f324ad

SHA1
4ea007ab159315e71a6508e7f006f2f6bbc1b4ad

SHA256
8584c2d31cd61ed658c0ca544ef6ed80522d2f6682e19830bd55ad3cfdab2642

SHA512
e3cb80f8015fb27784b782244d61510968748b3cdc7a0eff68a4d190e5d2b75a1b75badcc023ae3920c3c8e32c2e9fd43483f399f959baf254f877165ae1be31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D4X32ZLU\SSTQ6WGW.htm
MD5
bade3297e78ca15cab2d2fdd28fbb5d7

SHA1
187aa72b3fb9d8a630f9f019aa5816225ad265e7

SHA256
6d0b0ae8596cd2941f1e98497b5679ccd8115425be836e2006d9307598858ab0

SHA512
b3df03da363e236b8a488919f6c242ed3a42a4ac78a63821269260d70b4c6b7f6325582b0ef77068f0ab33292883b4f95fff5b897b3f9d99d6837e32d4446081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNQMQDEL\4UCCAZN1.htm
MD5
fbb9171e0c4c815a7cede7513e732554

SHA1
4213b274969b5b43f91268c9ac0efad022c571cd

SHA256
8ce42202e20f627689d73c24a0f4da7f3994c32802336191ae5b4813e88e4d38

SHA512
c5256f203204e5c6eaaa55b5a7763654ef7357eec28f18d618fc6f0a4c30b267ffec51e00b294cdb1989483d5551c01d325b468ec38abcf4940b5a41381411c0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\J1D02EA7.txt
MD5
0ce976ad5f964b50cfbbe4f7acb549a3

SHA1
eccab7d4ff2e3901a35d9d46118cb7721a937d75

SHA256
c19f18c7c2e500b2ae01d5127cacc120e3949e764b9fe35a3b99c7a9e88f552e

SHA512
b1ba4b3390e4cfe0f786522428bb730fbf1e4753ebb197cbeb0da7c3e2f2fab2d5c8980f831ebc3c37e89962b2115629effd36555e8dc10d0b256c636185c0bf

Download Submit
memory/1020-70-0x0000000000000000-mapping.dmp

Download
memory/1020-71-0x0000000001F50000-0x0000000002014000-memory.dmp

Filesize
784KB

Download
memory/1728-60-0x000007FEFC031000-0x000007FEFC033000-memory.dmp

Filesize
8KB

Download
memory/1776-72-0x0000000000000000-mapping.dmp

Download
memory/1864-68-0x0000000000000000-mapping.dmp

Download
memory/1868-61-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads