hxxps://nawa-store[.]com/shopinside

General

Target

https://nawa-store.com/shopinside

Score

6^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1836 1920 WerFault.exe IEXPLORE.EXE

pid	pid_target	process	target process
1836	1920	WerFault.exe	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 46 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb601b266500a1439caac4cd216a44ab00000000020000000000106600000001000020000000ff44aa58c11ea227fedf006063921ef8c1bc14e9f1b1cc206f20044fa6bddfcf000000000e8000000002000020000000928ad16626c32615eb328b59f502cbb746bf0e7e3204837f61c95683d84c569a2000000033f3514f4f1529ff1728ef6c23f407789f35cf52113300690a84e3d43d8cb13d40000000ce475bb6a8a707bda4b18ee1e427d6bf41fd13e1a34b548760b9b9d6896bf9c8baa0bce6cc635a15834c94806aaf53c92c6107dda22678f2565797beb993f13b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb601b266500a1439caac4cd216a44ab00000000020000000000106600000001000020000000482231591b2a6460de4a8fbe9fe6b92dfa7cf2c53f90d53c3f4849e52d1bda00000000000e80000000020000200000003b46c1bda76f24a5960a48562cfef73aa8d32b0dc6a64bc2c7c8e98a156e4002300500001b73bb85675bb8de7acd6d36485dd929d00c06b87f87758346fde410026077b8627562a840d5832cfb8074cf0cfd77e1b1cbbf0f46222e46d98134ba188f67b584ee5496260466f70cf5bebbe1ba21dfd50f2cf3eefa7dfb6a5bf1debed35caabe615a26e288b52fd8c290a4eecda0534e597bdc9682c23d14b77b28b2d900f7022885fdb61d76b6ecef02ed3b0eaf30b50ce799c0fa02b36d2216788dc96a3111e4dfb20dc6a9cf646b25bd8a51479e1cf7dcd2e94813d4fc3f117139b09701ad93350159369124fe73fc3af240480edfa94104df34562b1db0094eb6a163c48ee334262625ab7e8854b8a14f7f38721b97400c94819504c728260059f6c3a8b020df27717977e2c64ac435e9a39f738fe0ea68f5dcce7e6cf350f87c393688b075609d3cec60d5db2851a5c28efd10640550e9aae7f4275108707554839568262dd58ce7de5402668a31884772653fc4514ddb412126c9a0afcd06442d20e73dbb699bf1d72e7851c1df09bec6695d4be199d36533353432ac25ca19b987cb12e8f103b64f7d7bd2177a2e0f4245efd4715e925bbc1ccbb0237dd44e33acc4f5b95c43bab9b3358b6663b748a717483d5b8778e026cb614dcb33c5c42319347d3e2d0b94fd9f3af50e41ef517e427a9c0d0683541d9dadc96d17311a4d3dafde66882d608f6bc96fd6763f83ce112ce77774c817124da168189072c28355f2998671c62f9875a9eae2f5af1966be9e63aeb51e922e049c51072a352d7b5fa8a8f11ac4650d6144754e1f2a26f504e7434b9c2492a967454416ca45a47646401944f77ec936647b86cea1efda21edc787f0e8fd0edd98c8b53e76ccd4802a6cdf8f9d4a9ea2e471e54a6e238db6abef8b8a79e6b79299ae84eda79d1e4ed1b433a1a0ad2b41cf7b10cd41f9fdad90ac228b4f58beeeee0c5941284965b02f8e037f43e69e6803273dcdbd507884af5f3efa7839ad2bef8b7734a1902593abe13ef6c143c427e9c23be2f48c991f63256d780bc95a506cfc00e7afc9da12104d21610740f9c729b2d9175f846b657a0ab1f778554f9785f16dd0fac2788aeb5a682f8afcc61a6c38140cef33d3b7f81f5f6dde353f66bb451a5245e3ca4a1f1909834796fd54cfa6330def3e3e7566e0b47b97542c09c01eda886e53ceeb254c3a708d498d20a335e0a463294edfd6ac4f6ba75429e149ab4594edd8de85cc0c71e2811480e79adef8a67e6f9f77720275fb5c6b04524a07c1a02372be3d7ad7b739e947a3309bd6d00e752b39ea8ee1d711f268ea126afcb77ba2e178333c2eb635c6691c768290ce252936dd62a3677eefa39768891ab404e1286057127a2d4a8e2cd46d953b733a97e7ea87f1347bb33f3d7b3a6877414776a69fd7e2771592f8504ef83a777043d0812dbef5510149eed98625c46093ced87db8b4f793aa9ca30f1bfd2b6c1cf0c97ff9a505fcdfb5df4b2d345471d3f3d2c4bd14392c84e226c1dc414089f9d91e9a28c383313c5b70f28da4168f9cd67302d468ef076ac0cb414a444fffab09ea66d58d768bc9805e19c5c1a9efd7e71ef1b4b2411e537c9b5e42b35b3c65ed8d2525bd0f847c1ea63c6d854faeebdea98f5b89e3597d369a57cea28207576839b8f67ab1936a9ec15a52e64fa7f22c2f3c068d2ae4c0b55b82fe690951039a9b391f57d237d0599ab2f2d9b62e17b9aa9d6c59c19e8237a3dc524637836554fc8024df06eb96c9477898732873b9323697c91236a1d3ff2c5e71dbe07e83289d2860eb9e2b908aed9d005ba95a3fe28eb157452d7c16133533339581c795df9284dca314e50b331731db0fbbc3854b0c95b4f92f2f4cb92e52d4c9dc4ec5cbe9806a0838970540000000d395884ac9a9608395a215eef04974c97cc92500224ff22eb4a16fcaeee932aba03001ebc1f3e12333049fb28dabb1cbf223215415165383d5c67e16bed257f8	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb601b266500a1439caac4cd216a44ab00000000020000000000106600000001000020000000efeec99452ace077fb74e7cce887b5e214c2e405871864daf0c6699607f0a8cd000000000e8000000002000020000000f529e58235cc0c3960e7eec05ec19fc39f91b98c94b62abbf240446f844dcebb3005000033ebbfe8ff8ac22525439560ec82871d832836ce0a0535745b3475e4ec3c623be9247593af0bfb0988f226ec3b30bf9bff91c0197b1c2ea96275d14ec3dfb11adb8612003a25b2f4c9af9fe3d2df2505e672ef9a07678be8f27f8640609f872fb0eec784c1d59219bde5ee6eb713704aea2af5451808d44f056c34000cb7c6a46bf0685b5d276f45125690ac8e30ab913704c5b61b469adfadd276d1043230d8834fd6a77da704623bad9d494a455125996aa16386849d30fe8d888a4ffebff7ab425992378f94248daa856b76dc5450dcd6080a397f540cf9ca6f2232610dc0903e08b5654712fdefe180d8b465125fd70e92669eaf0eeac8c96ad8be0a15af944c4764398da5051b55ee839cf801cc2c78106abb97b45d734cfb099fd2c068bb5e7d2bf604a25a3ad1487ea1956f01d408cdfd1c34fcc3bb3c2a2b50e34193187c8212ee574cc7bd541edec05c14c76048449dfa87e01f470e87542ffb7a15a31c17050544fcdb56199b958dedc1baab765013ec8f80343ceea4baf25643eb179e56f88850760f8fed8099daa2def425e8445077d5820b0c753e3978ea716eef044a88eb14b32fc2b183e14dbd0062454121476f814316eea7af3da035692762b3c4e89b454179fa5a25b1f57782ac65f56a7792ca5e13bf2b1603aa30e5f7e901a526edd2a96d5d00107592eef49b19a3981bf4e7965385f1fdb7fa4bca8b0af6f1c5f2c3a007f1ebc1aeaf23a29605b3930774bb9e094a908a9fd3c7eba59ff161965d5460a02796252339e3b9e8925e7b2a8f3506e5750cd6fc365672b668f8d3897d826df10ee954fff88fc8286cf9bf832e2e1595501c5fc87d6f77103176d33fd37aa0cc1483ac5c0626faa40c8f188c19ca0d31b3e27680f6fb587ce65091215f4954c44df4deae1720e4d7c18f9e4e0f73f8e4a837f7be5b4607ecbc2ad174b587ad0c9ff997952056f14a11f2e7a34e459f9132c971637d1f0465b19a415eed188622cb8da88b4767625a28158ed012d6653a4316f23249bec126f60f5f8996850cc11bd106bfd8f4a40ef389091d84020b678c630df7a273eba7d291fc9af13067c04f8c097c2fb1417178eb786c84fed54e099cead3c4aec26918f1cb317c2a7b83fefa474931faa553dd3097624ce58193604e2fd284b4e166dc80bf8d6de61d60c0dd2cd143a6ebc4485a6fffd98847efb93ede06141b2d3a52a69630c107a61c008d42e44813d74a73a8d64864a89d91375b0948770a317942be026934b62000fb680c8ea86ef1bc1d05c32953adb21591b78e439639acfd6757ccd2ca6899b600552509fc2c7d0186bc7704ca2335b0ca530c1e03c0e6dd9dff05355ebc3a05fa857713cfee4c36d807169480cc35edfe935e2ebb62cb8d72d4473a56591f52893ab031f71cf68d582b102e6106f9183375a759c1e48423c8db973dbab4c7129476448bba6cb033f5baf2eb08c57b9edcf30ad19b1ebe0d12066e8f573e17681654942e72cd542a56660ccc09fb874135f8aaa91cd45dfd358678a612849f3985e8a439f50ac71ac1cf4c734b34b7c1d01eb855ab1bfedb7cea1b746abb1f6e72804a501510cec2d65e3cb3e0a76f911af3e3b91c86268f0106096064f12785c45e2b1aff76ddd0c763125a9f44d035ca0f18d972c64c9bc15603878d569621e18ad53e3bb4ee5166270ee0012c5764727074905649408ce850149dacb95fa7e8b99eb71cc0655dae4364a33bb012926c407d411cb67247c2e1a3c4c923fc8868e7db551c6c2773ffaa6e05be6d1ef685492085894a7708e94a03f284c056fcea2c01efb4f6479ec3a2ddc9abb90cfca0cf75d9e4e5ff61c913b56b305a60a6675332428cb9fae640000000d048355a5876454b91929158bdfffcd16f8dc1b30b2b6b21b5e90de75ee36e3fa6d76d75e6c211a9d1b0cceaadfffbef316df3baaed144e7872934e271093329	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb601b266500a1439caac4cd216a44ab000000000200000000001066000000010000200000001c25b6b521b50fc42e17775e1df752a592aa85fc46ab6593ddaae2b2a5297251000000000e80000000020000200000009d6575b5d66d4bb56bbf367ea6cacc60e1c817694df0ab75eda79185c9caee1790000000d7dd339d1609b6cc2864cb39eeb04664a7e2a820d9f95720f9e4558bf3ef254d574c2c5e347d2dc88bceb3300c7253b4f5c4aa39faafe5f469c75fe524d0494ee0440f97d22c6a93d2cc93038361227026aff6fc82816be8ba8422128e4755684e85799af5ff494693376738bd30a390ab46012674c3e2f0bb6101972be5a9017adf1d179268b00998050d2262ebe866400000000094401f56a0dd78fefef4d09b375ec05803abb89019ac9d2db9f0fcd1850be9dc6a0ea880d920bb88d14c15ca2e9fbbd5fed556189795f0ad221225f0877fa4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\de-DE = "de-DE.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{73C8B621-523A-11EC-9550-4A361EB08AA7} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20ae254647e6d701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "345082133"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-103686315-404690609-2047157615-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

WerFault.exe

pid process

1836 WerFault.exe
1836 WerFault.exe
1836 WerFault.exe
1836 WerFault.exe
1836 WerFault.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

WerFault.exe

description pid process

Token: SeDebugPrivilege 1836 WerFault.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

876 iexplore.exe

pid	process
1836	WerFault.exe
1836	WerFault.exe
1836	WerFault.exe
1836	WerFault.exe
1836	WerFault.exe

description	pid	process
Token: SeDebugPrivilege	1836	WerFault.exe

Suspicious use of SetWindowsHookEx 18 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

pid	process
876	iexplore.exe
876	iexplore.exe
1540	IEXPLORE.EXE
1540	IEXPLORE.EXE
1540	IEXPLORE.EXE
1540	IEXPLORE.EXE
1704	IEXPLORE.EXE
1704	IEXPLORE.EXE
1704	IEXPLORE.EXE
1704	IEXPLORE.EXE
1920	IEXPLORE.EXE
1920	IEXPLORE.EXE
1920	IEXPLORE.EXE
1920	IEXPLORE.EXE
808	IEXPLORE.EXE
808	IEXPLORE.EXE
1916	IEXPLORE.EXE
1916	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

description	pid	process	target process
PID 876 wrote to memory of 1540	876	iexplore.exe	IEXPLORE.EXE
PID 876 wrote to memory of 1540	876	iexplore.exe	IEXPLORE.EXE
PID 876 wrote to memory of 1540	876	iexplore.exe	IEXPLORE.EXE
PID 876 wrote to memory of 1540	876	iexplore.exe	IEXPLORE.EXE
PID 876 wrote to memory of 1704	876	iexplore.exe	IEXPLORE.EXE
PID 876 wrote to memory of 1704	876	iexplore.exe	IEXPLORE.EXE
PID 876 wrote to memory of 1704	876	iexplore.exe	IEXPLORE.EXE
PID 876 wrote to memory of 1704	876	iexplore.exe	IEXPLORE.EXE
PID 876 wrote to memory of 1920	876	iexplore.exe	IEXPLORE.EXE
PID 876 wrote to memory of 1920	876	iexplore.exe	IEXPLORE.EXE
PID 876 wrote to memory of 1920	876	iexplore.exe	IEXPLORE.EXE
PID 876 wrote to memory of 1920	876	iexplore.exe	IEXPLORE.EXE
PID 1920 wrote to memory of 1836	1920	IEXPLORE.EXE	WerFault.exe
PID 1920 wrote to memory of 1836	1920	IEXPLORE.EXE	WerFault.exe
PID 1920 wrote to memory of 1836	1920	IEXPLORE.EXE	WerFault.exe
PID 1920 wrote to memory of 1836	1920	IEXPLORE.EXE	WerFault.exe
PID 876 wrote to memory of 808	876	iexplore.exe	IEXPLORE.EXE
PID 876 wrote to memory of 808	876	iexplore.exe	IEXPLORE.EXE
PID 876 wrote to memory of 808	876	iexplore.exe	IEXPLORE.EXE
PID 876 wrote to memory of 808	876	iexplore.exe	IEXPLORE.EXE
PID 876 wrote to memory of 1916	876	iexplore.exe	IEXPLORE.EXE
PID 876 wrote to memory of 1916	876	iexplore.exe	IEXPLORE.EXE
PID 876 wrote to memory of 1916	876	iexplore.exe	IEXPLORE.EXE
PID 876 wrote to memory of 1916	876	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://nawa-store.com/shopinside
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:876

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:876 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:876 CREDAT:340994 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:876 CREDAT:406538 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 1584
3⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1836

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:876 CREDAT:537624 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:808

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:876 CREDAT:275500 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1916

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
MD5
1c39749190992ef47eecaa87f05aa46e

SHA1
f3a6ee9ef91142f57ea6c688c83c2af86296dc4f

SHA256
d4622556239909f14542ab41999efe01d2f186eb03b20cb84e59c2e95f86f1af

SHA512
3aa4f7e9831b29968ada6e8ec9cb56f78a53a96a585289995929b871013695a56a502f7d75e3499566f59f416f51dfc771a7fb882bc4aea2cfc6881845fabc3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EU9ERU9I\4OMPIIY2.htm
MD5
ac47f7f20e86a6519ec3d3e11c2c90f9

SHA1
c7a380616693fe84626ad4f1c2a17d8ec3f621a5

SHA256
aef072c4b676ece347c0baee348260f9feb3fdb593e6bae39d07bea6fce74735

SHA512
195f2d8049fa5ceadd2ca61f8add6ca8c6c2399e7c57e2b3055d35275719dcbdaa6f3a558f28df5fa1ddd5dd375b9b1a3161acfcdb7412a54ab62a159b30e3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EU9ERU9I\7UWZMFAR.htm
MD5
3bb7af3855480af0ec75453e8e561f2b

SHA1
548a71602c90c1d85add636b792da7e39ac9a874

SHA256
516fadaa009b295a113450677fe4daa3bd931b1258390b5ee58fc2e949a48619

SHA512
ef5a3ea498eeaa7a8846aa193d238227a856835c55b105fe6aeee2a2f3c62491361ec8ff13911d3e9d5135a2122cfe6ee4df57c4ef65b33f1c96fa8ba2a9d271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H29VF4Q1\HOQ4U9M8.htm
MD5
f7c55eeb9776b6510829d11a8b95e3bc

SHA1
a93fffcc18ddc876ff709fcfaf62409104740c45

SHA256
54cfe078064e5b806429883430fb331ef4798d1be96e585930263e821b6a4998

SHA512
6e5e508b6f76588d531dcd515958045b556edb9b19936016f5c8966690d45e0f6a3d4b596919376327055615620bfd2a696ff1eb93eff5426d31adcceb1b7db1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6SA50I93.txt
MD5
346fdf076a7b6eef2e3a27b82fb0222f

SHA1
54cb4a3959412b533aaf1ddd3d073ef9a0527def

SHA256
563e3d18186318419ef5ee8c1f0a3b88736541a366d940c13a986206d697d5c3

SHA512
963929f9ce7a9787e1f172d8fa339a36493f13fbdb9d52bfe7f6b4bd70ffcf2041c9e3036f24fef0206bceda553e9e6213a6cfa217f65eced88ef426451bd76f

Download Submit
memory/808-63-0x0000000000000000-mapping.dmp

Download
memory/1540-55-0x0000000000000000-mapping.dmp

Download
memory/1704-56-0x0000000000000000-mapping.dmp

Download
memory/1836-60-0x0000000000000000-mapping.dmp

Download
memory/1836-61-0x0000000001B20000-0x0000000001B80000-memory.dmp

Filesize
384KB

Download
memory/1916-66-0x0000000000000000-mapping.dmp

Download
memory/1920-58-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads