hxxps://zpr[.]io/SLnbcjd3T7Gv

Analysis

max time kernel
148s
max time network
146s
platform
windows10_x64
resource
win10-en-20211104
submitted
06-11-2021 17:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://zpr.io/SLnbcjd3T7Gv

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\DOMStorage\splonline.com.sa\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\DOMStorage\splonline.com.sa\ = "41"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30921771"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002b5b008aa2024f4581a8e5e30df850c300000000020000000000106600000001000020000000ba63faf508c3fc1a33e40292500fc6908b483c50c55472a04998c6063069597b000000000e800000000200002000000009ec1c687a3d6a77de81ece35059725917a130bb1480f144fdf1909ad1d83e2820000000463d7678954e157e45d0b837fbcb229794ab78c3c9a2ae256814be32883a39bf400000008996e49549c738a63b631493d2a7fe47185d8648f4ec837aca65d80fcfbfa5a201e6fb0d0709afb6d858f9d790c18d485526093f1b253238f8cf8255cd8b5dfc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50828f1e2cd4d701	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002b5b008aa2024f4581a8e5e30df850c300000000020000000000106600000001000020000000b3b434f9a330f85a6eb5968e2cd5d77f92dda7bb21796250f81ded1d391445f6000000000e8000000002000020000000e27a55377e9a45e5f2282d022e59498b5001ceccf62c7725154c202af7fb8b64200000008884b86693f78489fc7be02c18dc58d3bd06a832fb268db83fd50badb888204f400000003290f997811f5cfb4f837cfde8957f3a6e5a6807347584c30fc3ff55da1bfcd918bca811ddf3f0a55bf67f6ca112b67c985e03b091a11b53b666fa190d4f7fff	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002b5b008aa2024f4581a8e5e30df850c300000000020000000000106600000001000020000000171a45cac5d122abf5b65a84e5481d2e06be5877d41718e5fa6163209b22a911000000000e80000000020000200000009667620879dbd3962e0a1262a328c337323536d1e18392ea8a2d91d955cb6a0520000000d1ebb3f533d2d6b011a955d9cf5a9b41068e9c80bb03abdf92c352427eb4b24940000000f5689acd829c651643389fe0a7faa18c39326ecb00c93569837d4e33e6afff3d6e4f35b65dca2e9469393fe612fe852d0bbb9aef553709a781e65845dbbe6819	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\DOMStorage\splonline.com.sa\Total = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\IntelliForms\AskUser = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002b5b008aa2024f4581a8e5e30df850c300000000020000000000106600000001000020000000253c05089dc1550b77640a920c111c576fed03f73e60e90cbf7fb21267dd088f000000000e8000000002000020000000591c858de1253ff854aa1d08e6e0324008e6a219a1c4576617f5426f6c1324ac60020000fcbe2b8cad334e234eca7a3b5d2d1b713c9161107d1a86d545c8af5b9f0c8623b5f7065f5b548707f4caac29bcdfb37ef28f77aad9e07ce221d43b3c924162db947f3cce5a8e03ed0806fdd0cf2e0b5c37dd663ef575fbbdda4c6c2f63dc3a344cc98fbba09f85d3ad4e6559ffcb6ebfdf7fa61a2286ce37d4f81a590338daa7a97dbbff687a5ca079fd5946311a04fa95660eb42594515ee5c0514583cc010140acd629fb26e883369d4ac8a7f20169285c803264b22c2b5772076d0a75bbfee34f2ecbde10a213a182edf321a4aa9363b05f6a63f8f81aa176d3f969efa29d6c00c62ce4cf5b1b9845228ff1d6711348648dda012c7fee760c0dff8d39f630948c25b780d40dfb0d09a1d08df543db1bea373fb5a04302119ee03ea69e7dac58539e038c6fcda7fd0e027f51ab79fbad08852f489c9e675ad876518b1753508b00e9c75752918c5501622d307ec123ffe9d02c7b056802da20ed1dfee71d71e49dbf5220e36adb21dfca4d275fdd24d1d2b28122f1cf290fd4cb9ba4b5f1ea170507bebfe3e253ce1dbf1d45ab69c1fe9116ac49ddc72c8e713248fbd829b245ce97c6f04d4008a13893b097625835c61fd89b937ecbcf5ef4d1d21bb2c188b0830ac546abdafa4ff7412b31cce5c3427f94fe036d1e7d53f4a85ad176d7f2b8ebaa8cbb0e067f5750b36f5c49b86ea0b44a1d3d04b8a55268ac6743585a76ba11a5d6142a0492cfb765bd04363f314145244b2f1e12c0280578fb71c8ae44ce2e5f46bd24c38a461d7c2a2588b923f9da341ece5a44cb64c0b2d5a5b70557ace2b4a575d83606f99c12c6a4f142cebd39b91488425b0285973b0fd839c5be400000003b92c62e07dcad5dca87725cd4141483d3a245545e05c2baff14e9cab8ac317178b769a16ad69bf04b722829ac1a16672f600dcb286c69f5f0606e8b9b1e8850	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "343107842"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0ef4c0b2cd4d701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\DOMStorage\splonline.com.sa	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002b5b008aa2024f4581a8e5e30df850c300000000020000000000106600000001000020000000c4d5569613f58b9d0e7bd59a3beacc87fa0875abb6938e668a19ebdf628da00f000000000e8000000002000020000000868702ffcdbbf1cd4609f87f2c0ed5563689d3e7400c22a3e668d99700d81fe320000000be868aaed3933fcf968de19622e15f2bd5241d1624606e56e41a35e195b7d08640000000f0c2249ad70e53928e835c15237cd92480424def5522ee9a2a3650e2a3ebb5fc7bd72fdcbf154e80332c64049d2f7103cc3b57375e360a83849809926cfac6cd	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002b5b008aa2024f4581a8e5e30df850c300000000020000000000106600000001000020000000a59d0c933d2012bacc8fa0bfa7522ba5474d88a64a4ee3712853ddb324992f19000000000e800000000200002000000043489c9e25ca52e55d9415271e5f7d5178b51c03d7c41e32ffd6811aac34653320000000245e1191e23b12666dc6a0a0647ad4374378f3798b9ea193a23e156ce08f7fea4000000054d265a8748fb5dba341a2753d69c48695a5889ccede7fb6b04282f7a5a576e75bb2ee746512d319ac93df1405f6aebd375c6e0cab0e9f0754d667032e7478b0	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30921771"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "343091248"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\DOMStorage\splonline.com.sa\Total = "18"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{114C5E03-401F-11EC-B34F-CAC9D714C1FC} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30921771"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "343139834"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 902791282cd4d701	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 000aa40e2cd4d701	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3864491971"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\DOMStorage\splonline.com.sa\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3877148200"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002b5b008aa2024f4581a8e5e30df850c300000000020000000000106600000001000020000000d2aa46dffd1b9a5a86c0d568b1df7e7568838657312822d67955d2da82952c4a000000000e8000000002000020000000209e37e8d3260a4c90225327ae43c832db3fa02e7b6f00f708125eda4fa6f9e72000000019886c40c5ceae78331ba3e883f508740d9344d69cd70ff5f6183efdb6d8cebb400000002f71020ee21415224aa711a41f1f96c56ab89655393520d7e2805afc180044911e491005bffcc7dd87090c64e0bf83f00c7b87b9a7cb5d81d934bad4e26b260b	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0475a1b2cd4d701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

IEXPLORE.EXE

pid process

3404 IEXPLORE.EXE
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

3348 iexplore.exe

pid	process
3404	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid	process
3348	iexplore.exe
3348	iexplore.exe
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE
3404	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 3348 wrote to memory of 3404	3348	iexplore.exe	IEXPLORE.EXE
PID 3348 wrote to memory of 3404	3348	iexplore.exe	IEXPLORE.EXE
PID 3348 wrote to memory of 3404	3348	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://zpr.io/SLnbcjd3T7Gv
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3348

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3348 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3404

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5B3BCDA4F252B606121609C103A3A1EE_635419839463C8DA5676767714DFEC1E
MD5
1c56a1df3d8e9988293eb427477e0c08

SHA1
6702cb6b097d2a309aa2686fad684b50ed1570a4

SHA256
586d99947d190e91e35432a191c5bc5ff0e9b6a5dc6bc1a21c400b071035efa4

SHA512
d4881e0fb142209c89252792e2f84b142c011f4aa4eee46fa6cc8a6b7570559e7bd76ef84c20fa4208b1911344928746adbeaba5f5ce492b39fe13e463073cf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_A30EA9B4E1BC5DBF09A8EF399E086D27
MD5
ad2de74e56aa0e01a4743ff628ddc559

SHA1
72f7e004bd99711a73bf83aa570dfd41dc8658a9

SHA256
86390846cef09233d8b39ec95e166aeb291a851dd9137a8441608f2957b50769

SHA512
cc41c26131b4f917cbed3d27e36f0d1c42fe2fa1f52e4ee5738c62219980cb44133e9ce6f1745a2cf308b937bc5395c6ad0b57e8d53004a874ab8568a20e7af1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
MD5
03322900fc771c0189375abaa76ecbb9

SHA1
f8d7a3947584c501e25b20848cd1f2204d842c17

SHA256
1c93f58700902b9c270d656d5c1b6cf4365efcf325b2bb4030adccec26ead56d

SHA512
30513247d1ecee892b9b11115bd07fd317510388601f4cc4f2860b1701bf188a03cd86506423a21abd3bf80c1b4f45dbdfead30b13a7a273d5ca79529194e530

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5B3BCDA4F252B606121609C103A3A1EE_635419839463C8DA5676767714DFEC1E
MD5
80fda1c979898e8b84d0f052d0b1f45a

SHA1
e6391643ff35852b57534a549b6781bced2d28c6

SHA256
318d5f656c5d4804ab4bbaa51f61d12bd2e816de059bd1ad446c312fc4cfbb80

SHA512
cffe6ed278a260d3c9809635030ddc5aa71eaf841e93b71053a9946d4051a01a396e5e5a6a508ba941a2db38904bfa234116c87ea758e1bfb7803bc1939d3f26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_A30EA9B4E1BC5DBF09A8EF399E086D27
MD5
8e2bedebfc310c93918fbac942350c13

SHA1
94a609075fdeedf593ac94433e7047dcb098fade

SHA256
a7cb8ee3bb3c9f53736d51e7a00076d8a967860c66e1e0e6aaca6c97dd468a8f

SHA512
c596779b6767406f0c6d0795bbe51190c7d685aecee3cbd92d9edcb7532cd352af984a3933cfac75acb2220440dab78b71435c886a3c4f24305eea6e857e58fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
MD5
72b072d397ee665af1bc5a4fd95734a5

SHA1
a7ab3da79bd19fa79a4dc0cb838d1fe0d69ccf3f

SHA256
d58012afd04e583f9d2049843503c7e7607d5d95d6172b1fb3330c12e0025d83

SHA512
3ef23fa015daac00675f9c50ec4ffece9e96a470d23dc5a5e09422e132e23ba9a086212009dab86b4dd54e81c44a703521615722839c4631d83a511c57103733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\02DQJRR1.cookie
MD5
f5624ed4b478e87049427caeabbe820e

SHA1
a0fa5f7bc2bc6a417b27ee7619bb386816508a22

SHA256
5e652bd62302eef70f9ee31c14cfdb6163b2d2b4267f9fd39d9f9f38b825e17d

SHA512
ee85cc72836e4dca9edc3a32d35d875001b3ac3af8183fbfa5897c137a898b041e58d1ddd5cc7dfc7aedc5c0b115950e1877c0d15ef7bac206f6dd1423fa8e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\SS1WI7W0.cookie
MD5
f15c65fa4884ed4fc00f42c4b7209b1f

SHA1
e06e7e7542761581cd7524eab6a44afd6dc03fd7

SHA256
9721227ca882dd12dcac92a95c883646a323ba81faf75b5f7de5f343f4ff5eef

SHA512
fc18a4c99cdeb8aceb36ab3f963f96ef87306a3b0165eb3e3f2ea18d227bcd586e707f85bbad6d48f8452c6a84e826685045a227abfb4bf1cc4271da0b942320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\TGZ6DKNU.cookie
MD5
68b312cbc1e499332d3638994054ac6c

SHA1
f575590cf08f70a068bf7593635e28a141c5579b

SHA256
95870e6e2a442cf8adc8201ea7eeb9b70b5eb99d8d35ee15d3aa712e7e762b6d

SHA512
1c1ca5b9850ff84525536c7020d75e6021a868e99c8687be6f40c58699e8e51e7a20d83e0dffb6f0882efade3752154d6a9320d845b36c5224c59b28043b35a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ZXX8SNPR.cookie
MD5
9854aae83a2f33a528824c069e02adc2

SHA1
d741b5fd83282ea8e74f4294bc89824c88ac5fd9

SHA256
b22ec4a0cc8d1c0772346280b03d26cb6a2e4225a6c83c9461f464249de00e1d

SHA512
8caebf9b68325d580205904fe2a00193b20f4d068fe5cb1f700e6798c82ea5ea97a94344142cc66da92c4918d1acb1d3b80ef0d001cf326ab85b5154d0a05dc4

Download Submit
memory/3348-147-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-154-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-127-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-128-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-130-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-131-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-132-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-134-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-136-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-137-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-138-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-139-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-140-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-141-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-144-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-145-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-126-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-148-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-150-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-152-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-153-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-125-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-158-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-159-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-160-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-166-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-167-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-168-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-169-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-170-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-171-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-172-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-176-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-124-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-123-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-122-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-120-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-119-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-118-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-177-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-180-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-181-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3348-182-0x00007FF82C500000-0x00007FF82C56B000-memory.dmp

Filesize
428KB

Download
memory/3404-143-0x0000000000000000-mapping.dmp

Download