Analysis
-
max time kernel
160s -
max time network
159s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
30-01-2022 08:37
Static task
static1
Behavioral task
behavioral1
Sample
75ae7bbdbfccde37a545a6b316e885e9a6d1ecf3c069fa48594a6db6f30c41d0.js
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
General
-
Target
75ae7bbdbfccde37a545a6b316e885e9a6d1ecf3c069fa48594a6db6f30c41d0.js
-
Size
19KB
-
MD5
835d94b0490831da27d9bf4e9f4b429c
-
SHA1
4d97d776c40daf28201bac7b09ec199353f52059
-
SHA256
75ae7bbdbfccde37a545a6b316e885e9a6d1ecf3c069fa48594a6db6f30c41d0
-
SHA512
adbf433c5c5959e6d203b582ded180e86caa3259daf0ffe5650cc225e3397223155d8da5a415d4ba407c288f79803ab558ec70f40179732a41637c8ed48a7e95
Malware Config
Signatures
-
EvilNum JS Component 2 IoCs
resource yara_rule behavioral2/files/0x000500000001ab2d-118.dat evilnum_js behavioral2/files/0x000600000001ab28-119.dat evilnum_js -
Deletes itself 1 IoCs
pid Process 2664 wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer Automatic Crash Recovery 1 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\Recovery\AutoRecover = "2" reg.exe -
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\PhishingFilter reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\PhishingFilter\EnabledV9 = "1" reg.exe -
Modifies Internet Explorer Protected Mode 1 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500 = "3" reg.exe -
Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\Main\NoProtectedModeBanner = "1" reg.exe -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395205209" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d02d01afdf15d801 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "350315288" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\Recovery\AutoRecover = "2" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30938591" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2871702519" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f044c0a9df15d801 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2871702519" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8db62ff13956941acf514a4778508d700000000020000000000106600000001000020000000585a312033e659a2f94877cf33c0f1d46cc6bc6698b1a1ab546aa2dcb9767719000000000e800000000200002000000024f20b024b4a53dd5551d9feb892186dfa731c8532bb911e78069762ff5422d46001000052997d7bbbef23f793c45641bef2c16faa5e67a3c2558194b78b7962021e74c696f2fb4091c4e5859724fe5f1045a61f8c635cbf89beb047e46147d93b1274be5eb744ef9b813621d20bf2308dc76a2626f015bc9a1db96cdf172b77b0b284ce55c8e02e8a1cfeb5d375a4be6f17c7aa87b52f9a993b3debeab8828f1ad5b66255efa5adef8a8c2bd9dfd56d00b382e8ce521f29fb1834551c9f35a1770233761d331946d2c1d0a6776907a9a72ff99902a4465c5699067bd2ea8ce0c3f5ef80aa8a897e6813fe8072b35fcac5a86c4c96f868e5cc88248100b15b2ab759533d4366d474f708bd3b89a47855b5f6287f36754a38b13e2b76f2642be67a1db1fd400cfe653ab9829e09bfd30dd3a85ab94c018223802c13ab6036ae5ee8fae11d4d4b24eecd83f5c2eb355a30d541cdeaeae9db2de862b3ac9de12700a9eb79b4173044acd880fb78f62cc6ba8a0ba6cbe2ba297831f8881586fd96aba86a22b04000000015a4e755d7c1c791210dc4573738970aebd21e3ef6471afa923fa7b32780243a5aaf1865a3e362343531dbcc2a7c4769f7f8b808971a08b8393bb55b68b3deb6 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8db62ff13956941acf514a4778508d70000000002000000000010660000000100002000000004ccd608eb96711e74eda315c574743b6f5767f97a27a0518403914ca10fa188000000000e80000000020000200000008fd860cf585d38c88db837dbfedb4b07da1e920b93d5041339effbe469a9777920000000436fa191acd5e7cc62385e73d09b66153cfcd83da632c39f84a3dd4fe3904284400000005428ea626974808707c649a4ed6620cd6a5730e9cbe1d16930c6e514b979b9a8cbf2a6eab0818b472c379f5c5daa42ea869bb03b6a68759d801cde6cbd00499f iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8db62ff13956941acf514a4778508d700000000020000000000106600000001000020000000166ddb6df85f5e2d0e47820ed491066236394959c1ebf9295bb26537cc45d958000000000e8000000002000020000000b56610577c13e4ac23ff88404799300a769380e1c02271a95033ed9a394252bb20020000bed8ec12b2492dbdf29fbfb8ee69fa42ca35f37412369c369c745d98f86611682a30499b38f683c736bc916e75b0e991acc9355bb16390219b86c2b44f1f98229083146d33e333f2bd053b10020cb1f459d010cd2a9fbb72a68ad9d6d53154bc313fdcb47257b2e21b309b2ed4ee997b2c7ea225faaa259d1804ba679f521173c68a09a725ebc28d87d4d9db6cfe14752c6d6ae6c79462ce8a56e4795caa7f1034e631363373f5dcf7d2ffaa3204e6a80f3f0208b14158959dac8f14eb60f6d45a7541da5ccc96a55f6ad3b745e0f99f728cba9516d14442155afc7df920556248c7e0d158374e87bba28a5fab63f462885384b5d26d4c85c8776f7c9ef340ea1186deff44ca7f0947f5ae43ebcf0c504f9a0482db7c295bbf66fe34166a612a9d3e5ae4dc0be6f125d89b82752cc990377ef30456d692be19d8d4556548213626c9fc3938ef34d1c1fe5738522633327d2d135fb79416bad905358a5f101d05e0cb3c474a4c9eb3a2522249c608bec105d79b2be19aa50acdc69d85452666110ff9a6bb4af1ddeeceaa56c81597d85df17bc24fd947d0baf324f5f9c9ff98d216255b5f9410efcbf1645a12b534a97d747a95844d318e062f97fb91d0d98da0f851b45361e694fd43ac23baf4c2943bd4016bf92e9428ebfd3df3cd254b5ca2fd1b5d4afda6bbc6c636dffedbbcdfe07966020d2ad723e228e7bc6c954a3d29003a3916931243c8424f4a58bb5b5f93aea30f05834eb7f301751d476f76e35c40000000284514020d8dd6e354823bb1288046d7ebe44153a0df514b8d7a33fb495438cec26f57d41ad85975a938f0427d3a6c2599653fe4b27d22284926edffb8c2c704 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\Main\Check_Associations = "no" reg.exe Key created \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\BrowserEmulation reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8db62ff13956941acf514a4778508d70000000002000000000010660000000100002000000014f391ac573f150eca66cea087617270da0af794143513c6d20631120e680909000000000e8000000002000020000000aa391490de512f01c68598a4956b4a62a1cde6248faa7f092f3a38122afffbd520020000deeed776e08805d3710a8b0998220603ac808f271e4ae447defb390de64ff56375cab981bbb6b644eef1dfea8f92d061e89a9a39543dcff81c2e6400bf046fcda1efd64450743cea0ee696f1c0b5329d28deff59d9c5b3495c64fb182fcebd54ac0c2c6d47eb4ad2464527685324e0fc69ed7336b54a4cb56fb2adb2550f190605657adfb6560d834628c10228d572a6d48dd9978519a20d6dcaf1e3a209cd918ae899ffa227d2ecf5688035a95a928c5bfcaf236e801d99fdfd37cc3e99804b1f56a554fdadd0fe3f7852f90ef3974ab289b5a7e87f4a4c879663e4d897076822725977e06bf4c1f7b36e80756c7f2221d87030eb1c0ad9d15420bd0c4a884cc4412c43fe97769c3b3d4ef0517215c1ca231dbb73c173c6dffebaa97372a302d29eff2d9aea1e9db40cc4abb609db6d0bc3989b891ded1e005fa1037ae99614d512c549ae4d70c45f3a467ddad30de1297c8b7c063b97c8f579e63c5e9bb978efb86cebf8d5c3367ed6c8b90e4a148dd0dd2a1c144c326a8e1d6a7d2bf998851d4c2d1eae574e2db564afdd134e0d85f48f45a40eb5da5b1a72773d895a15be3053179346a9d3d5763a0f87f3e5f5c07577106710407196fb503e198b760df1e07e7ecb05bfb30b75b734cc55c52ec225a62ef578df3bd4721ced5f945efab0e42b1716349a06f6cffc97d6ad7211de158c1fd0d77f165b9de61df56381b88be5dc05e33c4cbde22957a53c1b4d68f537037a3305f05bd8cd8795d2e54e59c940000000e824cebd23c7782b3097160a9feb9e8c76089cc9e95499db5aa301d0cfc3776c8f5aac6ee8ce031aa6aae25f0eae134477309a6f151a09367c043279d2a5a3b8 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent iexplore.exe Key created \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8db62ff13956941acf514a4778508d70000000002000000000010660000000100002000000081c25d19768eb22b438640e4f693f07e018f1a8d9fe491b52155a81a1b356b6a000000000e80000000020000200000000c6f68d16d196bf2a20b07583bb2389752eab564f66c0e9f39190aca66075dbe20000000a941b4ac53e736991250bfb5ef7b49c7ad34b8d9b56f0e9a382032a1a4a78fde40000000fcc72a757cb592c1a5a87acecca1efeedd7956d05271dda0786c55e2a960d5727ea68a6d9b5e68e0c61342746faa34da81e6d91a268920fba89e2b5a06451212 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\BrowserEmulation iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListPingRandomizedBitmap = c20000000000d73a iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8db62ff13956941acf514a4778508d700000000020000000000106600000001000020000000059da52e30ecdff08ff748be464009f47396c1b79c254ede8b25a3a7d3999f73000000000e80000000020000200000006d1d01b4ba050dc95ccdebf6ccb322631be451f5fefaafefc976bcda0d60c8fb20000000aa04404819f2e4ee436155ba60b692e7afe054d5e8ae8a46d8e77fcb1c63754e40000000d8fa7366208636d7ae386eaa6c1bfd2807fdb9b5e0f592fae6ea219e0ebe6ae02bd58b7619af95962b2ddcd48921c299361817e99820798629f01c52fc126dde iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8db62ff13956941acf514a4778508d700000000020000000000106600000001000020000000761b81f0d8312d9d9d57d9bc679ffef28f1253ed0f30546534cc7af814329b7c000000000e8000000002000020000000b94291b5afa0f9f9cfc54cf8923fda3b94df16e4bc6e86a2f211d0591f70a09720000000840ab53deb2fdd770884b7d827e48b371aad90f395c63462b335fabeff9fc90a400000004c96705ce7e6da1c9d14c4a8f951ae67a0f144e83c1efc63186707957802254804b9ece0f95043c41bbcd668340e1e990bf1092fee4d33c93ad16c86fafcfc0d iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8db62ff13956941acf514a4778508d700000000020000000000106600000001000020000000fe3dd4ac3dd46316b64660698bca00f32bf542d2297073718725431be0b83f68000000000e8000000002000020000000c2e8f7b6acd0af96360ab548ec01ab2b2c36e05fb8f984a2b924e9ddb7c446a9600100009a156d879f9ee59234916ce05c946e9ce9ee5bee1089f6363e86e321c478cedb81e6c0e2bca87462c4676f6ff2ce797a5f874228384b1779ed45d698a70a8069f4e1a69805113a9bdfc2df00e607c613aa593461aed9f6a8eab8b4184ef3551047f79dce9de3142ada72c2ffd402976faf87e09876b306e459587baa51ae20e6d9e3dd195f0300404fab48a1558413be6fb90b2a0c899df9b8118224972433e21b7ad3306c516c13d6811f23bd1274330a34d70c35f0ecb36a6e6ea9d519029477707cfc035b1a70108f8fcb1ce11882a043ecc5697915db625b4be573fc591240589760217f423c31aeae50314a0d1eef60a14fd1eca2851d86ec670dee386a73ce8fa6a6f5c586caacfb45a9eb70b0b078a601176b242c29ec2547736b9c82f12cf46a123f0ef198fc01cc2d37e96819f0e49bb06cf42989a19f1df3cf7118f09c5eb32570af720138488731497de9847b184c771ccd20c17c4750b14a109d40000000042196267c0fc79135cda011f36edbcdc2fffa0d704cdbfdcde9c53e43eabffb40e96fa73dfb34745b3c52eb2f4434867ad6052cddab8897de48654f5b8b0b80 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D62FEA65-81D2-11EC-9231-6AA886151C16} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8db62ff13956941acf514a4778508d70000000002000000000010660000000100002000000084fe7ba63db7e526178d258dc5b8605006027764e86a7bd59c608f3a1a4a640c000000000e8000000002000020000000743d128a8b619762438d7324d92794e0de4dcc324c6f4d34ae3bc4ec85e5312420020000f1e42160ec0ac4006b54f1e6ebfcbdf6bddd0bcaa356cc58c65c01432fbb9b4c2eddd2eb57fe5489be8ca69616af1b5ee1dc3677f9bc67281711feb60c02c94a9520e1ebeced612de39c8150cf9cf91254b3c4be88797b7537ecd728e8923bcb03da92451e85da67d902f1be990122f4837fd877d4ac493d60b19f8c171a4f613749131380aa2cfed198d628adb348b66e2c4658f556aee33a8bc2308ef3bd3785a0c53a6155d2a2e79a05603a2994152eac9f18adae070ff613eb6ca0ea703a65d7438478cf94960992d05a0f353dfd444928a4aeb712cb10c49574e776c04e2cb9b294dacc4b6f44ffe2e36847f998db4e1ba6ad088212cdd74bde2df021de3db27300f27711512ae3088d580cc704a28de538c45a8afd28e8efe05ada19d604a38698f74f2a3cc00e9813cd172fa06f96e400083fa9be4a308f5c3c4f456de75cdea6d85ae52a7467117526e6334543211319e3bc9f850b160da5c23b5add0042a1981b2bb6db1a1a556cad34aa7678eb79afca5a9cfec386d7bd6f1de7fa1dc957b6f38825feef6cbe20da558e859454394531f24bc53ccb883470bc1d91c322ea6564af1251a35e27c69e10cc45afb2666bd35a5a9c6aa254ca8ea5d55ac7a71c46ba423f6895478806b4c8d3fdfa8fc053fce7d0d33059f50edb56da0b0012571cc224863008a3208560890150c2906b7d7cf326b3536a3695bb785a8fe3affe19314077c963e18645683bc0a4a8e3eddbc4b706648e1099865025e2944000000022511a66c4cbb71c406aa160438e0ba93e2ed4f6e158c00c0cd36e8a6b7eaf930222d0c4dac388715a79207052e9c461c19ce8d9c56438f488d18f532ea9f0db iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8db62ff13956941acf514a4778508d70000000002000000000010660000000100002000000008dc6d68ae6aa69e6a281f01fbca9fb2f4972c8710ab34a83be4353b28a2aa1e000000000e8000000002000020000000b4f420432748b87106234d1dc87e5727860cd1b1250e16796450af8af987f1922002000027c571db9480073ddecf045910c8377f4ed8e32703344825f1406f331b80f8bbb392f3156f87aa31ed5907a90231d861ae0bb4bbe4e34e379c9d42f42c3e7314b1be29cdf68cb0fa4b7fa771db880ee76593594a70cd01184da167d04e50fa97c04487fdd6ea2c496055e9d0cae5f1cb00533a5b43532487f841b5db46bc8c909da7cdd83e3ad4eca07418276af6cb9dce730dbd4585dae751545ea2aa3354673b44a7aa232be2c1ef3a5cb781f141d2348b87a758fdb509281f06a8e0e943b6afc9a24f8d4880df471f667d7b50a504d71efa7afba80d90b404465266de71fa5a288276dc5d7bdb346e6577cf18bfbeda7090209267f452f1ea5de6dc317c4f73275f6bf1b8dd2668939d6747c36e2980b148632a745da95394e4c606889fb730da9cd00e47010b066093486765eabded09ee86b9779f5425c9d321795ec5f331cf0c018c46a451c6d6d6e6375a4d8d1ca7c37c7f900cd10f7b9e216488830aa5c99e6eb7ff79dfa613481a641ccc3a1721475d0f2e47361e5622dcc8ef365b5e6ad53d6e80d12f921c1b1b617a1226f0b829405dd6bbbf8adb103c5eeb60701d2330a97cce68fd35883434604a26954f551d6e3bb1ef4088acc6fd2d35b0ee1e7cc0ad0df67f3246fe8d111f5a47fc29614fdc1b7df8274d4bb575ae57a39b2708cbdd765fcc621f765ebf082f210f1e31628504e68931b7e96239e72f8c14cc174eb70cb7f5aafad86dc1ab2f5722201c95426339cc4517867f468519c3be400000002f737a016df2a34ded2173e8e6bb2ce01b4056d1b3e26ef7caf6b1e5d5efa371a31d313135219b8697770d37d053c6325a4c7f39ad1f242aacda9a093234d7bf iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8db62ff13956941acf514a4778508d700000000020000000000106600000001000020000000d90db02f551dbddfd5b2308c9e661b28b3cd72b87e40e6b599314979fc392045000000000e8000000002000020000000855ad17af842a33735b7bfe333934205d6eadbe41494a488bdbb7f0696d342532000000022264056ed4680162db594277e6d3d539db1f998e3b1072b383a3e9178457cc9400000000a88ae5096349784aa5f2260ca1ee2d790855282570d028059308454388e51d58f54321ee1c68a41de8ffa72e9cc40cea9338423056ff473919f174d60469159 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListPingLastYMD = e607010000001e000d002d002b007102 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30938591" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListLastUpdateTime = "3691117" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30938591" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8db62ff13956941acf514a4778508d700000000020000000000106600000001000020000000af32d664c865fb84fb64ffcb400d21d0672df3c027a62d427f9d523d0ada7ebc000000000e8000000002000020000000600038a203303fddc3eb4a9cbc3cafb76115cf1f62aebc3eb2a9cf8915d8abd720020000d6de343b57fc04aa361d69b953c3c95f0b07c99100df90e5160b27bc7da37c648d6de1ff95d7bbc876b56f193f3e1ffa35d0e6e8a6a87678ea86598d551faaca2be8e760def1561832424899b798875408c3c77b1e30308c99a04bb26d5dcdf82ff695a4b5afca2005d72e2219cee0672e05befdcdca490617418756bd184b77c232a3fe35f46bdfc1a295c7c282c352910b75d71e34cd2530ce2febb15142e830baa728b6a6a3178ba9c2d1811b07a206b572d9b0f92a4afdcce0443ca45f886767e8d866297ba8787f6029f9740441de812bdf229ffa769576117793516821908ea12df770473826543981445c0b2fa00f06127de4f4c456a0a0086a7dffb24b7e620ed979fed8f0d717433cb2d4fbcbc4cad84ce29eb451245823fe65faafe3500170d68205702a2e84dbdbc9586cbd2047fde01d70c99024ce275fdab1dda03f22207d2e656a8179d94f14b7b850f19be2d1804c2bf0dcd99de849669745810c679aff4fb250ca7cc1657ad60421633b2c55a30f6c6584a0a680d108182b05c3381c6b1e11bcf6f38371cf410db0fdfdd7feacc0d57fd35a82f9503c7a90c67c42260fff32ed3a7b3c9f4b18ece4e5177e8e852085ed741b7ef73579e58503bee4b4dd03c68e75035ed440b5144035789feb6372bfb7b9fd25b19c834d4cffaadf99a2be9217aaabddd8ef3159e8e709184ee78457a0ff49835290d439b45faed3d1da1f4d912409091920a1c47a8138ad01e95c9cdb435ce8f50c8c08e340000000c14dab242b4581c836088edbafc01c6b9bbdd825a67679d0172a883fe4d69f1b2d5b9dc8dff543e614e9d53d0fb27f3a7ea8e8b7f329bc9da2965c5028c122f9 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8db62ff13956941acf514a4778508d700000000020000000000106600000001000020000000aaec418669b6d201d3bdabf34c09d1ba5a4eea2e0b79db2b1d300c4032e56026000000000e80000000020000200000001c260cac52f59c8f600e77164f73ace43341423ddb2bbbc19c6a2890fcd454fc20020000ed9caed148c3ced80f1cfe70f1a939677916a477e7e429dcd7ddac0e4ecff9d1c18aa6342f875adf5926992e928407064a969c0d3d734d166659edc304c91001bfba7e1581b4be906f7e6e54257c7220e9fc7b92254da7ba4fbdec58697e3a22203be267578ae1358b299a05f832747e2cfaaba6916f19a6356874ec51342639a55d50997c3ad02e4347562ca6d72142f700a551d7723d0dab5ea58ecd968c0704537c94530ca7ba45bcb5690f410f0aa15506d8f5a6a6bfdbe5019826addc8672156b66f42b7c331260c62a50e58a407512772e75a4a0b47caf79fc92b593ab4209ffe67e66a8e1029e8c512589ecfa01879d801062767bb0d91ffdaf6121e4402b1597e6fb8d4e1b39ac89b8fcc88fabee670fd1d1022c7a46a7a6f19abd32281073014af582d34a2474892c7a2d02ef85fe35176b55c73b5e394dfca08533be7d589175167f81c5faacf3ac378a6949a38ce3b2d09498167265394ede6f7c6c5ba0e15d84864bf2d8f92775d7ce9f8c3edd3c72e375fabc39cb56c13940452a9b630176e4bca88db4156be723c70a05b5da897cd5fb0bd35936d0bee2a56de8109250e6c1c3867ca67499d1b14332f615a2ca6d3711a2333fb6169e711907b9f986d1d42a31cfd987d3634e55f9e091d477d5703379ea4cf19b394930f826dde84fe6c45556428b7fe9015c4b9210b4cc6ace362611287e6cf967718649bbde7e1d98c1703706de641ff944e8e8ddbf96f40c693487503aeacea690d3507b40000000dcd05580d7fbbc3864df2247d5e28d5a95d4b8b8da514396466498753f40e54cc00b6d59ce494ea1f1825147fab49fedf7a6286f837a60938c255f8a324d35f1 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8db62ff13956941acf514a4778508d700000000020000000000106600000001000020000000aa4542e8bc2864ef3db9c8777e4e832493142f6351795a49a0e9d77af3105c62000000000e8000000002000020000000e9124336a8ae88879cfd10ee7ed198fe2ba7b8ba235fbfe438434a07890c4b7b2002000029cc6b5c04586417e8e3c9ba1a2128630fe33aad2cf73d5dad737969a999571bc726f9acc3b967aa1d32514b0b1433dba8c20c8c1acfbd24cfd960f07260250a9fe286f24d5e8a0c310332a00bfceb7df31726ac1cc2387a1ab3b5195376cacc127277262cde6d2dbf76f3ef9fe7bc30b81fc3a62c1ab9e936f8b5d4459598801f6b9e2cc8a70e07236e493989cfe5d2a9a6d05c2652550704829ce86776a930d354b12c7b8439a378e609744eac12b2a2faf034a5e0ce7420f0fe0ceed956b2b2cdebc76d07906b71eb0528510c59bb7bce6ec369cfa4c4a562fcd86d57dea841b5b7aa9c112babadca8a6ed676fd6a37e86bbc98f0ea8f806420a41275e8d2c6c4279abd29d2a5644548f9445d156beb0ac0fc6d9e61f6ac81288b112584428c866d7e4ef93860686eba1fa03aee4cc971b1d32bc1d69110400fde021712cf4d1c0b17207ec3c8b72e399c9d398e58573d6342e0249b27303c069a80710c5450b199dcfc51e7303cb74cdca0e11c43bb150cec61660ca995c664429b39b267a58b9635b4f280d32cdde103880d3ee61fbd33a40ffd01947f9410805a8d2808a2614b7fdbb87448954944fba6f239608571d79b9abd9a6556cd1e5e8dec608ac79a9f7c2c6c715155bf2a17ea3aeaaf843c8d87ae0a23c445bae3bc53a1c5a68fcf622abc464ca91790e44647323e8ef7051cec9c08d27c1c86b66136cc3dd4145baeff78c3d4ad927c6d89021b163d58d8fdf49a6dd894dc82f4361365c50940000000ee0da5945d25b74c082bbde19d956b1e5f07fc908d552e7a17a7ee447a7455520ef71e17c1d03b141c2ce7555d45905e65d420d301daa8ce616afe45e2918df6 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\Main reg.exe Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0e536a8df15d801 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8db62ff13956941acf514a4778508d700000000020000000000106600000001000020000000fe63177164d9e57ec89a0d5397738b6b268cfee65bc593ba65da234c71fa2f4d000000000e80000000020000200000003287f9b89920d6d0cb98fe3277d8bf52e72adb172353885f18b7c8e3fb222b6a2002000098e72b8aa0ebda9a424b838075d47e47437f40688e48cd70669ce483e764414455beb784d6357113a7637d42975efe0621d11531e005b7600ed271b95754769d0b0be55a8f085dd0581c74c62289898b7da6a15a28c72042df2a820982519dce0160cc28323670631752e5b7711404b15198d5d1dec56e768d56ac6d89aedddb7c033125ae42134a692acb3fdf33ea8fc81a5791e5d7cbed1fe83c27457a7bd1200a279b3f3b63d14971de33b19f307cd38a51741f1f2ff4db399f8a896f69ed6bc41c21343ab078245a342b078ac5f090fdf71d0e8878011c16d9e5356cecdb995617a61e336929e5ed9a687062449f3f3c60bf05eae6652f016ba9eb0914132a8787d4b4ea44d76e9ccf32c6a276983e70f45c7970f315ba287ff0569bf99d61045f1e5e58c610c5748d3549b29cc6edb0f6b87a07c2ad05441b33d8837afd7a5665c94177e4f6a54122f068e05334a2f3c39024ce94cdb01361547dcee71f72c8a047de82d9be4c873b2f93937b79b52f2e5880e596cce492beaf7490f54879892e70a011cb608f3a46e4fe20460dec1475ae41329f6f80188e04a3deea41db6f1a0bb588552d79e69a28079d5173730af6d2d0ad31e46295d2d160c60d662546ead6a52c618d057cf8ed31dfc29e9846096b8a1429e6cda14d0068d4bb1cb0fd64a5e05228c48b6bbcba5fd789b9faed7c2b0949798acda5ca4116e3d632f09a6b8746946f13b1171b002b5252bd1566037165503ca8de7b5a4f10d280fd400000004c5ee42b296a7565cdcb713166d76ee81c854182a52331e4252ea2609ddf0925378bddca0e3127693dc1575273a178c67d0ffb2b7790c253a0513b7486d3782b iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\Main\IE10RunOncePerInstallCompleted = "1" reg.exe Key created \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2907893070" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90c950aedf15d801 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8db62ff13956941acf514a4778508d700000000020000000000106600000001000020000000363e22bb020624bd3331acc05e36700d218dc18079939d285dd7c13e8849e759000000000e8000000002000020000000d75e4320d2c5124a40deff16712d28d15998576178f336d52f5d3110155a746c200200002c398577f368bd7def1949bf0595a68d95445f744f599fa050534db850d3299a05d4bd91216decc6139c2ce1d751539c4cec9d2825cbe646f94ddbec606477c150cf3cd34451493baccfd1ff46e572749733ef51b65e5247ce5e924553129ccced1ae87f475f814d7029266a3daad9a313e61adea27f62b0cdc7536e2e8e6a97eda90376060a88f7e03b5acfba1ecd9a6e6bc02238f7d722914f2bdca5c5909b65d4d1698681313d71312c7961dfb8866c1a3d942c478c0b3287cd6f66fa8d8e1ef58e4cb22a6e173ae8913029331306cb5262c774c7f385d1be69774a5269a9bc5dce01ec73600010a0e25e057426a93d52a7628b67de5fe54da05719f97b206008fcc6dbc380871b1f7bb7210f42accd33309021777081f5d32467a27ad89660e829baf7377695ebae202921e7aa1922eb1e995dd452a583d568eb86a44fc42bd686e93ac3b9fa8d0bbc78f689ddf12470d081fa4db35a8ce180e4176e748024aecb63c3ec566d1f200e8ec8b8f8259c8cb3d6669e286b07b809628591bd3730ac60bd4980a7483e7e4512bac560c13b638bce88b34d5e8184703a7608f90b769a64db3bc4b6956481d476173af8d399982ddc3c52c86efcca07cae4d0bde281a2b925d8b7b268bc6d9ce695e5836a53564a256589d6cb75de75d24bb3d836c8f43556bdf0b69d869965bb37c5c3c979ab128f70eb3153ac32c4af4913e348e0f0379d8b7f1f898e60e39e61fd9cb7d56980335219ef3a514ecc8c2f370b8940000000ce24d4f698a6d699dc3f04c2d7e6434006d4df53c709d0f62b252d516ed7e1ef4b8bd5ce2963c6417f5a23860c59690a06469c7746e039bda001731e023a1d93 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8db62ff13956941acf514a4778508d7000000000200000000001066000000010000200000008e2f7c28d698912331c7b2246d348a97fbeb3c3802fbb4796ef34e94d3c4c90f000000000e80000000020000200000004e4e55b54319698376412d8300d95868b23698f0a4eb607aa9ef53f4cdb660da200200008ff827de6ed95cf3923397bba22be6b3e9822f517329e6ff20d1ddc7f9858819627c2d21fe98942322b284283757741545e698727feeeb88b9d89e8df2db5c7158d16a8b43bd0892e3bde0a7ea6e2ae3e076c746191f69ccf5fbbc5f9661cf7997fa9bbc715e6cdd7a4669498b76d19a42e814b5c2c0823c2a42d09b73550cba34b232c8393d9c26d8775232656ae8182ed74be6e14da194b4056dabbbaa81bff4e8f4be76669061e04e0cb211a06e757a83dfdd42809cca622b2962b1bdcb3df93f0ccb6ebeb068800cdbdb6857704f8f14866058a7652fd402dc51f1e73b4267c48b269951c1df6a4f4d2ef7bdee1af80041658bd0aca90e77892ec7be98b40e5b0edcf930ba67f3f5bdb64922d2e78239597c4d128d9480325fbc05f564490c0a895a4ba916a72f65a9615d403de24284c80a6415a0375f4769cf29aec2b2a5fcda827029c8ac9aa46e47244b5eb351e25bb1ccb2712cd71abaad860843b8e998c1f1dbe6682ad5f1cf970b8ed04bd73a45c1f5373a0eef645e5cd95f59ff47d39e808f9947aecbea2676823b5d38baa02c3bafc2a4927737a9a1f69fc328cd454713f19dd00676252f533eff87d992c1600ece0928ea259a5ff34975cb9bfd6e4631760260f752aaac841c1db5ac9acac852ebd63e616e92d75324f2b2cdc6747de176c7dc322cec43503dec4b84b40e5eae0b0f20f114f1db637a32b74604d39d6dcfdd7dffcdf409620c975328b40223edb70eb15a6d72d6ee2d9196f8400000007accdb3467aeffb021edbaff3afe1f2ac16d4129ec18910149a6d536764b078456e61b5d25408a7ba56bdd11e8c5f2aef1b799b94437e3a0ab314afc4411ac97 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8db62ff13956941acf514a4778508d700000000020000000000106600000001000020000000fa5a16ce376b349a851dca29793bf4c236922694a4fdb6b000967fba108c41eb000000000e80000000020000200000000e0ec39c3ab4119349018b6e987049b12d44c2b84617020c9541990de3dbdd6920020000a12ce96f088ed04acc396cf8ce8fa7e296cfb98eaf00f6a2acbb018e1f78d9bcb001d3b0d3411a2ebc77c07473172bda401194d6cabf3c2c361bcdc3fdcd2e1ef6d449251835320a3df8d66999072e693dca2ade914e718b8405f96a7b925df9d772919579118901d8a35f7c0676c5170e9adacf50eef50e26bc32ed7335a76302e75974c3bbf76fc03f43722387ddb044587e78bce1412c2470f2aefdae3e9ba045391ebf072f03231e18d58cb2deea7dc5e6fddba8fee7fd4f2b4c126b5b5931f030cfae3147bf97f35fe732b5878b49730cb2ef5c6a11cd3fdfc3ea1c6de9e711b09ffd9dd51906245a84a72077a05dd61b23ffff3f931e0bed6fc9b24ca282ad118dececf027ced831b94aa57c6d0aab6119dd37c361d343d9e0c8eec567d44a61d05091393bbb7ce1b0c8c5b21e1834ff84de3fdc3dbe09cd226e010f25516e351cdf3f567f096abb8c7aa51be9f8074dfb06d7397915e7678c9f3b90966ae89b3da699940a89dea9e5e8906f5bb206f60dafa33d86e7a7540fd83b57f79dea6ffc8f031c77ce9c238abc31a8ba9273981493001e27c1a0de942ed1a1524e95ccf5843860e9577c9b6262d3189129557786dbec5a580fb3a952119f58b2c592ba6f5e8d085a678e4d84dba64c902f5eaa1a420777dfddf79df7b4aa0525e82863328f4360a8469e5814ca205c8877be7386bca3696dadac04ff0ce32ff7fabfdbf45086595cdaea93ce7fa8b0a8661b91d76b208c412b6b5a2d94142c434000000052b748419dab1458e0fe9fac1750b384fced8541a96ccf64ea71f64807e75bde55244b7534225c80b525717c1deee821e6b9ac00eae76f4f7d6b4bfdc145fa24 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Internet Explorer\Recovery reg.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1008 iexplore.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 1008 iexplore.exe 1008 iexplore.exe 2324 IEXPLORE.EXE 2324 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 13 IoCs
description pid Process procid_target PID 2664 wrote to memory of 3812 2664 wscript.exe 68 PID 2664 wrote to memory of 3812 2664 wscript.exe 68 PID 3812 wrote to memory of 1340 3812 cscript.exe 70 PID 3812 wrote to memory of 1340 3812 cscript.exe 70 PID 1340 wrote to memory of 892 1340 cscript.exe 75 PID 1340 wrote to memory of 892 1340 cscript.exe 75 PID 1340 wrote to memory of 2788 1340 cscript.exe 77 PID 1340 wrote to memory of 2788 1340 cscript.exe 77 PID 1340 wrote to memory of 920 1340 cscript.exe 79 PID 1340 wrote to memory of 920 1340 cscript.exe 79 PID 1008 wrote to memory of 2324 1008 iexplore.exe 82 PID 1008 wrote to memory of 2324 1008 iexplore.exe 82 PID 1008 wrote to memory of 2324 1008 iexplore.exe 82
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\75ae7bbdbfccde37a545a6b316e885e9a6d1ecf3c069fa48594a6db6f30c41d0.js1⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
PID:2664 -
C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" C:\Users\Admin\AppData\Roaming\Microsoft\Credentials\MediaPlayer\MediaManager\media.js2⤵
- Suspicious use of WriteProcessMemory
PID:3812 -
C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" C:\Users\Admin\AppData\Local\Temp\reportapi.js3⤵
- Suspicious use of WriteProcessMemory
PID:1340 -
C:\Windows\System32\reg.exe"C:\Windows\System32\reg.exe" import C:\Users\Admin\AppData\Roaming\Microsoft\Credentials\MediaPlayer\MediaManager\media.reg4⤵PID:892
-
-
C:\Windows\System32\reg.exe"C:\Windows\System32\reg.exe" import C:\Users\Admin\AppData\Roaming\Microsoft\Credentials\MediaPlayer\MediaManager\mediaIE.reg4⤵
- Modifies Internet Explorer Automatic Crash Recovery
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
PID:2788
-
-
C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" C:\Users\Admin\AppData\Local\Temp\reportapi.js4⤵PID:920
-
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1008 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1008 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2324
-