ryuk | 2e378545698485c96c7e46441c06427d7fecbc676ead41171abfb9b1d79caa3f

Analysis

max time kernel
143s
max time network
182s
platform
windows7_x64
resource
win7-20220331-en
submitted
14-04-2022 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e378545698485c96c7e46441c06427d7fecbc676ead41171abfb9b1d79caa3f.exe
Size

23KB
MD5

1be4fcf8919462ac615f44b37d1019cd
SHA1

e2793f992d74c422702b6213a2069ff0e5da5f8c
SHA256

2e378545698485c96c7e46441c06427d7fecbc676ead41171abfb9b1d79caa3f
SHA512

27860335a12d384e339d6c08fd26449cc97148a2074db6dce13c7b2981e309f8aadb3d1ed977eb01b81312a44d08eee1ca4971aeea19e41f4b1b9ec99c025bcc

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8TOASX2V\f[1].txt

Family

ryuk

Ransom Note

{"sodar_query_id":"OzJYYseJNpqczAao6Ym4DQ","injector_basename":"sodar2","bg_hash_basename":"UJBfonSFk1gNNMfSQua1Gf3w43hbCJT6_BAo1YD5fa4","bg_binary":"FQlhdc2oHjCSEyB2iaBxa9TM4dHLKxEd1UI5o3F1xXcWS1whl6wXlmX5h3OhTbCR7ajBnWFgiomp8rf6s2m8xQB3uB9yMqUHg6rFx4gG++KHsLy1pAbT6Z3bStklUhRP03DtnAaHE2uxbegmgdle8/NxpeS1P2LKy14vqqseY2FGKz8CrIaAsQGbR8yLQ5RiZfSusH9yy8ZiTXM8jZZJBh/YYO1Bi+YtAtsA2YgNLpWSXp7IH85zR0y14QXd6NdEunC++YVHH/sOUFCfmGXEaYdho7vi1eW0EDHlNlnVxlxonixB0c251VcrqMxt0zhIgh2KADw3+f6B8jE+B15nDR1rnG57tDcKqW8rBVdkF6T7UsdnfbKfAlP9/5PX0AEYERg97BD/VSYOuiOBx6RE7v+AfcyXTnjVRBzyQhBoqhS77SKgzFQ2sJ45tEOocO0j1j8tJWkLflP1EdPDIBt+iA19Z0m3DdfAoOGcNzcTqTblX870V1EqRah97PnozCQ3CO/4+zODsIJ67J50yCrkpVerMiIRQmI8eHMlVOBxZrGiS57sQMiP4SJlG8wgxM2P7gTFyoFei9YNkt1eB1jID1tll9QomBFThJYiWPj5Wm0lb1cEIAdNVZp6qA7PlTDVgRvVrX+3t7egX/WzKtQvhAg1odJLDFi3RXmKj8iIDJi8SeMEFaaqZcqAN0rDpCxlDwoaCnLmPko0pGBYXzbDpCjOTujkBZlcW9EumrC1wtKnNRD9Hc+UpvZ4DhuvDkVrYORv3Gt3i/G2Oed68QmZsAltuN9M7vUzlTojY6SuCahnUWjBT269TKPYtDcfhwFLH76UkIbmA/R1TgGyGYUb1jTMeLlg8BdemjCF5/6RIfnDDabAR1BbfB843TVUkmn8mtegp6xoy2ZsxYzBntdRDuqDYGB5bbVO5Z5AqoQMMPYaQcYliBdfbg5sFB4B0EcECJPgUW2LgkQk8QiCE4m+QeTf7QLivDP4HveANkL6ut+kSfCYAWLhl2TWKWnrKxTsOGIGpA/msRtwKOYFpdvQygqPNhQZVqJNeCsE5y6wbWdr4kYjKsBtVTSGhwZwL6WugYQ/Mdh3MhjiZyBkkVFjPzJobLsEMpRMxcHfmeO2cihRMavsr576W8jaxf1FgovRDHzVudfAHWzvHnlGKXomBJCZ1fX4usmEeh1Gz/qnuawtEbQh2dxX3LCL/sp20M4W7D+4SgFbipjEEMN87fo7dHgHhY5caP91RR2Vdr8S63Is4jN9NepvHNAAiYjaZlB2G00UU/TkFEA1hEQjVNuIIiA/Mp6PO9O99YqbF37cf9n1j7pGlxvmhPuarNzMVOHdXNowqu2Qbc9D1fEJFnTSF4j0foxv3DB70C75O3xm500QkxzyRaLso+eO9kC/GJSWMmcSqtq+Z+7B2KxoHsGU2F91fdRX3lKw+YKAgS7Omw+1fZP3Wl1qO0t06pYkEWZ+q2ktX50Y1ay/q0WwCnIvNs2KjBcd7yqYKcRQ3XHn6sUYuLc6kkkH7vX3KIE2IB8WY1eQRn7bYyiz7pMmK4UdmzHCn9HqB1Up1M8iHspOhN7bWwoKLKY2htnZSnJiMyLmrVNQBMfYRpmvQdrPGNMoPY3eOjQYDGE3z/EcsC0Udh0vtbqXL2qvPUIIEd/iPyESIpYswPQP4+XAm6e9yjFwUwvX8oe7sFWU41S8wC9WmEAHFA/l9WwkPnTohE7L9Q6EtZMfGyaHcj+O4EmF3ZJLonWBF5Yx+ZrD/+iLjtYq50/nZCnN+fix5DS5OrrC7lfFWvPeEGSZN+F+P3CbZGnd2iTVDx01LS1AaEPa82RCKMjjj9H5E/ywvyHZJpDNlRKZ2W+mErP48QoeLvhuG7mi4T5An1oS0p9YSDkAdbADJSwUjDGqOZmjLj3AFxutM1qT8vlj6a7vbCO0xdo4xKH+TJ503jlJciIwVxTZ80QejSXT7U8k6drR7+yd1+AznBH21lsKEo+nkywWfFt6BCrsNqBIdiEqfIpWYCQhwTtRWSOm9SJskHZihgL+4WbeN2xaVY+LETyXayqIDw186udFiF8S1Ly24cGgiiI9g6WX/xWJnwMp2RteAmy8JSuxb/U+yAmq4d1v1erxytJOl0g6n3yz9vrZ+qeMvh3o0dGhsgyVKLqLUtZ0DYyolN3l52MRxAgdqLblQR6Qq6AuEo2zt+ztGMp1UQ4ZYlNQY9ILE/Dcx/JimaqOxvVaG3zfXLxii3N5+ziN+qxMF03F/SYXLVeUJXrPiaekIWAaOBguW2AmgV9b35RQqFDbsiD6bI77vvroFDX40kw7p3sKV7JtpcVs71qrnipP42Q04dHVQiGEhaieEPhFvM8q3qLYP0oVyW0bGI6a1zOgJR8/Tgbp57XKNIVGqB/ONrtixQtG7JtVnP2mqs9QZJCEmcRE7s+oAx0MbdavQUe+77ora7VPiyzpZSLMs/VKqYIDWR14W4YoXJ/5c4wLWJzReGR5DMevQCfMT8nha5oIbhSuSaWxckfCAahu9qFJYicnK3rqFmYT03g7h/LFBgZKa8axOzk3qO53jfq0brqN5tjilDaC3U1Ptv7I+UL0u1YVvXnaGoAqSDm3F+OkjvhKE/jBqae9J4QEuh9yFMpVbwUxmOLweml4R8uKg+RxX/PB6ScBj8xNKmXXkmQq5JqNsM1yaIyF4GSBc+Aje5Q9+M4iiSWDJYfsNyhutIrNluFoOQ3F02nlrnafZXFGtRTag9sDQYLg75cXiiyGghxpMCcyyKuoQqw5r4PoZp0yTa2HUVuetMK63rsYef/KZuO40aLwrnEDN8Az2CH7EW9tuy0nnJz9CiTzPHEffW9k81O1G2zW5xgg+tD3PbNRtu5Sxfpk87B9Gch58ZvVPr5ctAvFLXPKZrY4vdBLVdPIfQx2TIZxH96YbMfJlBQq70R5DiqNj0WWgwrdcrXFd5S60HH+YuYzFW8XUmghWxm1Kxf9OTacZMO5BsdEBdrKlk1qNftOpln/40bAjKAc1YgB4NZ0klZXn9KFGnDkPtd+Zql7SCn7B8pJuXD4CdMNm/BCItQc4jR2XWRoSNaBHLGdaEvclrXYM8b6gk+VBx1/EQNS0nSOr6usjrg+dczRRqA6wFcr+HU1edTUJAlnrXvPKdES3PknpApLNnKLf+A9HIkOS4/qqY6aqWT7nCZJHB4e30dojqPx2tDMv1AXISgv/IgXPxL0SoNAQvee5zgAsUClMQsTduOXQm2+W0ZD52XevP+bNL/h3iwiWcNM8Ak0rZOUqrbkLqyvsxsgA8N8diQ+WM11QNEmN2gvMMtXyZpLHmIh+Pvb0LjffVyzmqPnbNptQJyixFobmpiikv/RjapBj9A0fIyPWDtiUBU/aj9cRmmzKZTiMbG2OAViDZRo8i2RDAoJux8Cn163kfT9fsYz2V80JSG4ibgqnu46AOZJ7cyUSeUDx+sBCGkw1wbNr4QUILWZe80NhNU4CsL2XvsrfzMVeaEezMHys5Py7jC0dsIeD+T71FyD8Cv9ukKoVXNEy7Itesr3mEkrr2mRh+W3RP0oc4nWJHzkJ9C54XYFCRKch6adKIgNxxHCUG5WWDvrGwLTBrpymJvcGfC1cYanxpqNvu9aw0Sc1zQf90ZYyl1TyldOm0r+VXq+votSCCt7wE/A7JpbmyjXt0aGUn9VDIG1kk4dgtQEbuS966DMwwKqBdexqDNPAY33o0BpDDtfu3e1KAl+6Hmj/K3qsRHCwqlM0mJlQGKcjWNcqDcZFEurokZjEH/Wyka7Mao+os9cDwZ3rbbGgJE4sz6+Op6yaxDqzKJHSEg8CeeTwfvda1G8+Anck6oTboUj8Uw2p1uByq6PuTR7S8ivLw8IfK+VJBsNmgScXB0jhMhpC1jSNQrJfEq5hzV5uCkGU/dnPrxFoWQEHIV964/w4LedwTYJC/BHyJlWUUyCT5fkmY30HkSsItnYO+K0xoAEYn5Pbfh27gu/Pb63YzY+5mtUw1YBb+gSmVNjpl50rCoD0bvVYWp7quR7tXywBeV5MXDCGBvvxntQR+E10ahXslcEIEXCoKIGvhafRHmKhO8c3QVlreMM4IK2zs+vKOzcCV88opGXmJQTHuMXVrRYD8J6ON3DvGEuwuNQCNrXx0H+ElldpNNDI4BTlLzQ6J4n6QuMZ3Ks2roq0oPbVQjsUkzci3I0lLD2hXPxVw849C/16fIgSV0B5I7XcE+Pey1Zn9JOKFMUqlj6y7EyXNTSWGcH1kwCerSc8vugETXeytBqHHxi4zWA0pVFU0iTCWSIqdke7uA9tsYvpFT1cI13MOfD9DrG+f2OL4aSK6LmSDXQHLrwdCG6PV5NunR/AtD0/tfZnWLduQXvxyzRz5OWUx4jRDKwDcP2PDuCFjoc1HqO8z2gN8YtI257n1FCzOl77pjvT7Cn+7kOAYpbLeMBhOumOHmAvKbCmEyEChs8L54CMSq8xlNTIRJ9Z+LoqFW0eVNaoagqVifPAjKlARPi3ChKhdpZUWVTKYeAMUoRxymxK0FCDWkcn56S9E7tAoaRWwqLopfdkegY58WF5Fol7QEVwMN4P8b09vfdcJFXFOy0vfkLsD9jguBposVVnOh5YzcN1HgGwVVgV4uCQho2NVB5Ga8wXdtANEc6yknjc9GBz1VtvepqBnuYilpd36BN6xcb1VHEQlm1gvrc7ARfOv64TeUBcF+Ha7JMuK3E6N9jivXS0FASfMa7aIlUnEnAijCTfXxNzIdBpI52BBnOEQ/61O/B6tCIvl/jUAy+2Mf6cG0JfUtuP9ufAJchfL4B0lz0Phe/CvRmbDxzDX/F/ZkO4G7Rj5Ne9278viGhJ4EyZU4ObisCrdutAfQ4n8kTgOLFZNv/Z26zWZnMEpo08Nou0CxbfJow3l15nl98qSGmQsV5GJbz1eeM6qO9sVOjzRF1wyU5vguzS7VFjVlpZBsrDGBZIHI4wSpfQHr0M8GRKdVbJwtFeBW7NKmp0PBSTVvn9YCo41dc7fPgKay87oNpiMtjsu/voFOsBm2c7mqSbqrWwdeaSEngi227wgAb3yr/ZFm5MfNwsDSzO3j47/oO6gqgHGcgjaDzTMdUiIB3CWquHCJnjJttGhRBGIabeolN4MoVE9i/QrZFGiNR+ksE4OpBcSSW5csbUr/Kg/PsjQQJBfgEqvX9PntFo2ZY7c36wNCqcHfiPMQKMlaNn6/7q/2EXB72pmNI8WK03esi6DcC9mxfOPTwLVlRK9xS84jG2Db1ulJBAer2p/xG77Lv9oOeoGRw5iGyw4MxjTQbOXeTPlvP8QTzfr85PrSzZ3aZQsNkgLrcweK+Oc+hJdkUKBv6l1sxs0KnVDk/b8ArsdvnajjI8f9KRFOCBjTbgCcVLiuXVT0k+N4GHnb48XXfno5PP34C8apVqniO6jPT7yKLoUEVb64T8fkDDrMeI42d24spPUxZnFxBu9PvfSxotyXdK5rMoZkyKvdc44MsUMnJEFMlmQe1FZ/taRm1c7I2vu0Ek2M4pvQl14YvDQohetPrFMyuIbPdsv3xWGUSLXOC6P1/io6oJmK82+ry1qNIBCZ2eQ/RrRLgLODe4URoYtS0bOIot1sPFY3zpX29yYqJMIcF6M0wICVyBRj+HHORnlReB7I4pYYmOJOu6BC/OEVWGMV1BIlbF2m+TzKMMiyTiAIMBBLqlPKGyy94m4oxaYKO1t0TjXA2bRLEatZPuhDvPa7XetnFHAP1dykG864NgYnOqvkYbI19C28dA+UtDYORhBzA/C5aYQtWIRpAL/+6SI0NxINMqXbuZ3cxg+FbnCGAKS++AB9FMsuMbImR2Yydkp1faSjJaxF+o12/CD73L3jaLAVun23NudmGgzhaq03/rthzWIHHKW555yH7kf0a/a1cd1ppsnRD/JMJKZO7ShbZ0GKYsIUUkJkLPkQZQMQyvHxNMCkEZGghxzt7MxOVNt7k/aX1Z1TyDuMOaUNTm1H93da6fhKDICKMjoU9AvKMhm45FKK9OToNJTd+9ZbbeT1CvGuwJGbjsOVDKrwJhf6oxMFOV+jrKbMLhgBrZaatvjBOkkf06yKBlkgN4G4ZahLItVZ5s/CfTg/3lh4gWfF0dzkJkU0963B6WIKAk3IWZ0LgKWgQ5pZKNHynBYWW06f4khRxBd3ichBWrC0c3S0+NJ6KclkF7uo+tlcLCt+5idNOuyeJ7j0/7iTCJaJiGu77iGzCcQrXs+KRg85CuASXPy7r3RyCVXl1TMewMp+8NROyI8jgBPWCoYaHSFGFK0Bo4a3aZWyxa3haw3CYrUq4dTn/FNXwyhqP5fTjEtMImDs2ltkP/bK7LWBlIkOkaHGu+N7gg+oDwSGSU9ZE5C08jdTznz++EO6XJi/X4/9IZHbhsdm+QKVedMzDfaM8LoUSDaGOoxuWg5bncDqxTLD+CQNRR9/ZGZVbVp752TR4aO4W6iuuCJpP8THv6JfjJX1hbquq3UMj7mt4vrFNj+2SdZU/V/kg0T7vdzVpL0XO62l+rHlXCWEkERfr4iHNsKjIR1jfepFF+XAE6/wZFvdbImyne+Pf9ie0YfYEwdTzkkrcDrLCdhe52RRXqXS2RRpmD31FhdgLBOTau4c7U+8SfyFODvXqLCakdg/ladKbGy5Zpl48bIYd/8cx+HMvRA2qmABiQBP8I/byGvXaIbPncZxZXoDNSHwexSz5QTPjE4s4SMWR4t/OxRlLdwICNP9ixkVR663JfR/TayA84a7exkAKajXegViiOMrZgVY3jSZJDCSnCn8epluIFtf/1um6vGIP593wK1UKVkgs17W9AHC/sQpbrrDKlKp2nqkbmepo8/qaTZB47YDa9x9uFt4Sz114IWkfeFhG2MPGBCBELINIWnabnu7sekoCEpMhGHsrqJlqXHbq0mqvbtt/FykS1ku6yGI2Hqs5+KPRzIXwFeqRsaqJS9qDVOBCtMhAJmblaYgkumu/j7NSjgojQ0/HSZEz0bfzUzh9G+KvVzW49Nr2wHONYYRCGwh0NQnrOBSlrhiT5O/6fcw5Z0QbOHjt1NL/jfCr0KksjaTvTex2ZQX9B+x/O2jTbor7oHCxhINa4QGX4ihjBy/E5TAPCbizEnsVPzEVlKjFlN1iQg9jjWSwCZk96xIcouzVJkRl7Euunu7dYbOFg5Vl3LhktT3RLfEqNe8mV34FHT4fzXS57avqCI2dD5+ufUstPsqQZJIKbX7pi8cdhhqgVCkExV3qj0UPer5jQFgPvHyxIc0kzaTSlumkpH56Aq64HnVmoZZo1UA79d14KcAO7b68w171S7Dk2y+YLkPMDq+y9SfZXFrCML+VD8ft2buWCpmWxxgsA2r3sjqRuCFefbHIFbwSofcZIrLmYfSrq7Wq7QYfSioKC88SqQBnUifXw6HykxAdfDKA8njSWMtxB1RGdB2w/g+ojxPxyK0+84+1xfWTKy/n8LYYQLzZhx/glYAY6KV5vP6a049eWkV1qMmHD3AWPjItspuX3yrWrxLVQ42yNS2IRXKkXrYT7FuTzOjnTyQh28EEU3tfH+R9Q0IHi0RgBX/mkzfj1MDY93fzYm8zyzEs4jmWaVZVrCBnMDzf0VXUkOowGwindKorQ23ShtwHRf1XzrmRo7+pcDZ9VLy/JazgqqBjRMgnGN7Gh82K5CZmLRL+2XRLAR60x5Bsy1b5lOfcMsOU2ePdUz88GR/JtNhrF/N7fOG03Y7jn7P0SOfEIEnLRSUGmNCJezpx/IvQQHtvLO7xFYTLTOusqT8gg2dOk/vSsiBGnmSLJezOvmrbG9T38/Xyb+VAuOmEP+oIGI2GRjRuYkXkAjr7SYT8X4k1AOgL27atGiZ5t1WFkH6msx5yA9IaoP+28arHf7e7nVoU8PUfZv1Jjflyeq4aC1ElCjixP71YuCcvy2BszK8+YmaV1ekJh43OBWrbsD1EUYHpF9kzLuOHLkGMgfUs5UNnd1DIXCkijcMOh+Jev9P+KCEFz1v4Xi1u0mhSqu/VKXMRH7MkRSkwPMvgihQlUxtIdKqF6HsIiLzQdxLdKM7AtEdnhU15jtgnDbTT99z1FA/ORGG2XzLvNtyijuhYI6hPY4iN1r+ajtiBQiB4LfcKkVw4nGa9PEbLL2WqxELKobQWSAoTZzMre4GyBl5UF7XyWUc5RKGufqezqb8LgtzzsQNy7xc2jAXPZDjt7PJy5QG9fIJxOhtT6mY4VjTuEOPD7eZxg4R0bdV6Vzgbq1VRNbSobLRtMJnA9Hmk+ZvIHewBm8Lpt0vshkJGhGkREQRWCWehYouw3w6+yegk1d5H0JG9wy0ZhnAbPd71IYO41BNrA23vClzysAbGmYRhmh5Iwv8d0Wubs5S3/XahMsrbBRa19O308lmZ6vz557GOBzjwOuxRbw7SS7D6t6J8kbp/KDuNESPiIOI5ih4+JjEHBkWB5Awqe8E0sqOZMnABMVJrMSGXyLje9YGtlkFyGQZrslqC/7ldUnXlketJYnjF5b6LA2x6n+Jyv/TDzqkqsIIV0Pxw40eeQkJ4gXgrvv1q2NmK22xwXhTMwsc18DdAGL92AE5dCNtavV8SIUkf8mFxNjMhbrXVa9QGpL3oJuD29n27aX/npS2NPRMO7D6EAlVlEI49g6OwLbhtaWYx3jS5renoU/dudKTaGP4UdXRU2luV901r6gHCwDge42FSxxdDu0lsO+RI0M3A7SRZNnWEAJQu57UjRs270XFHNHH+VeyPhvsHtRsGncy9U+EToy80SHsGPHWjfigHoEcQthTWzgb9w0pZU9lUq7wxgcQtnjjwl8vvuM7qOD33jWXuqLUXcpNLCGKUvoYZs7LWCs6rO7wrjJ+kvFvBhMDoSkumUUcNyax+aPbyTmJSvGto9qofJNfkTWTeSoxmCXg5d03M1UzjcRsHyz9OK63v3qcVEZuZ2QJaDg/pPtaVoR3CoQne2agjmQcSh01882DFPYAr4No61fOzzJGLtWrvoxpTgxPF7HVWLZlFOQ5fII6ULDI5sXNMlVj8VB4ZUnoKDGcTw4LSnY3niFppz1iQ3gADOboncUXA5QHnwDdou7c1qaq8wD/we10TcuVUWSusf1rbdZucjCbuzMOKsHClmZldx844CXjlbLaLJyWdAyDy+we8ty8KaqgycReTRAP7vP80V5VvSwtQQn8ggzhWUXOMwRcngaFSJE21bSdQECufUR83ab7QjdvmktdqRMO3S1jr+4rzHsCybdvmYHsg/XKfCoCV0BopLR0a+mBMxFRo2GHHjAhBb7nYdyZEFVgmj+Hh6F3Sbc6cAyjYXXnQRBuEb9YD/11v4QROJ92TdRNNFU7gzzmje5uUR4Ek8P+5cvj2EAkvVoQ+rn4Skv6MGhjiE23EvJL3KoOEiXakbfJeSP4fV/8tjCAko5BPd7y5aRCflqrdhCbuDB84wTK6qovWHqonF8370c/BaRW0SGWLMcx2JhHNxsC6yFie81mjW7HuPxtj6qfNvb/LMGoH5PWWWYiSxFm7Kf461zO+ZqT/6vLjLHpJTEp1ucYwOivUBd+xX2OM3sEuqvel+c54hqu3pMYKPz3/nutgo0QVRssf9A8BM6xsmC9OeI1W6s9HtOw/GMv3Il9es90jDYnr02h1LdDEVuv+IKfqrnZYuJ0eiEd7hgNf6YM2VMGbzYmACjKrBQmvBsByuLyANG4bUpExilM3LCeqKbGrSMmTGiUW+gqceLLjiRvQFaVX99JCdtzGrXSztFdl3dNFlxc7Zkpk08LW7bJGGqiUSoXzTLkNHQm5v3O/SFgfEvrMA3sm3ry7xWYc7J3WnRBzyK40xTbkIvX8FuN86sCoIR9JNvbhfk/UeL8tLAx06T42fQmcAydvjSHo8CMXurQOA4mi7yzhkg7/KL/PLJjn+Udv/l+ObIugsZXOrUt946PMYL58DEq+YH4NckQ/EPFF9334lxekdmDYg8Rgqoe8uQ1whSi9H4jXDmrjyYuDOCvPQrmAAMqunCitL20EV0wt6GYeIEHAYSigpRsIosPyiTxB8+HpifFliAbEaDnGp5PDtaZELbYNOpKGvBNTHUDU7V8GGgoDUlVRmCN9Le2uGIxujsY6WnLcWSAG4QouzCMpn3Il8EAz0CkGfZuM9vFij7ETZiky+JlAw1XiFTdx8z4G02oT5dqwqLtiQGl7C4L+8vSwEDNItPABFBTZWViEctEqSZ+t7Xk+IMrP8EuOUAZ5+CeL2Lr6NSMzCVB0JqeuLb5DANjsYLQuQdtC2m7HGGxCEYNt3WzrGOheoDLhPcq1lbIzL+NhgdmrhjhXdCi0M2+jVx1JF4A5+twmiQ3sL84edYVArqYaVAO3xiDXWjPGt2RcK+85PPa+kkmQSwXGVU/f1SzzXSYYQ7TGediah4BLhTMXENqt2Dg1BJcv5bkelbo4ZlHWiS5zcVaxRy0f0C3L+lDw7ADOaVmb73Y5uEGr97IACrwIYXOkaoODdMKtrnkKcSoDteIkJupzwQvSDlFBv7oghWaIZTumcZFSwctJedm/zehy2BMAMRKqbsjsXMfcRDts03oKKjd31C7cpO609m8zRlVP3MuSgpjljvgLkTqUlU4zb2quzd9cgtjaVRNczlPQMgDE4zL+8hWyqJVyVvw/3CQ05cB1n7UNUOxVHitBci1DETTawYpdWQghSYCjwjwlwezHrpnp/ndLaeeksFB+HF5ab3Qf91VrKDSpClSTUpRdHduKX7O786Knoyo783CpkLvWn7MBBKlp96JWnjHrD0NA4HWLVtLC3CHN5DxCKA7qVuQw8CyP1w5qhElmjTgQy/kk8QMYAG1uQSkeKaUguG9lj/jgTiEO0XGUnw0qZn9o07dNa9ZChSW5yKPiNvsZlqSDZA9mIcm0t2t+TRKIv41l0qwEiBOzc6GshkCq3XsalbyKIFKeEp63fEOboSvUa5y0dTvKs3qVslYwxLc/Mfj3+LVq/AE8uikO/NtbF8b9LOGA1/ATz+DqrJrr2Oq09RhCsBEv9e6wlHKaEBPVWRraXJ/dUoYya2Wc+ZB6ypPL3k2hUd8JfUEQW0AjKfrbp0lwv7F4MCWWAt5U+Skrzk6fET6mU2sqFfL/H5nASgA0yWl2Zg8ucRtu1zabTexjen08M62oiB9ehb0U3FztCqF7WlTJaVJPW6Ltd+NYosBZexndYVhCZnd3eD4KKSChI1e08TfeJ/0DPkn/iGatpfFXM5LlLnQCse9IGe9zpSwXXUnux6bvK4IvL3Mo8Qe8Clz7WI1epmVYZHXkA4AStMySIZAEnxXgMyjdta++eDZ+9e2FymC0vf7sX9WxuMUaHS3kA2g9XrS7P2sbNfUGXswjIKmVwUrybskeWLQIQDpgH908LVu+vTvGJn9W6AArmRFuYru1UuTCVR5Tit+wL2dH34FQ73k6GB4/UlWgqprype11hs3s1YtiqbZ0FmRDVcmFfaLR5Buv/dAmlYgdn40sPtHwhxZbedf1PhK6HpbnEuyiTbwN3hoYLQL1QP51Y8qrb5uFSxK8mYf2/myG3W4occ/XVJQykMf6avHJ4XA9SYkNZ4tbFXE7VBmtKKPFx+JPEByGkbRK2iBzPnrx9Bx1bifMeoPSTUiOn4CZMt4DyGZJOxHFbU1CJOWJWlHp428efeaX4uRZmQgdlP0M2vI1FMTE+d6o/uIYtGCdWlWXqpn4H7uINrVDdGZ9KGvrT2BSDXuRC2vvPSl2E8+LlyrVWE660jxu5ziogY0VNooEhB/dHnGgds01+DQUe1GwaeZwV6LA5lLlh7K017D6ZIgu6O0GQaqIhL0WYA8KlWPFSbNx8C2RyukZtJgBQij1u+SQlJMJdrw7EEj0qLiTHrMwplUQi3qg4/ptxABco7L8rTOFXATGa8gFIJ60FmHFy//0CoBPLLRqa5xEyDAoYY/UNXAZoo26TrhIz1cYdFzt4XqJ4ETprceHYtFipReZzw0hJxlEEIiKFcc3ZGtYVO1jEJu1vu4i6uXH4M01yxXK4z0pgGJOhRUI/2OWg3x3NAM/ySMEHGGHd66IryRXHets8ySQ5pk8YM4QA8+cBRyLsiP63SGlE3N2W+oRoP/uBwg6dpU1VDLN3YoeClxSIFbtbXcNAr21YVRfwBAXR4xfB5I+c/TrWd8Dfwm7L0cLHdsrnrLwkmVm0unJnqlHFXFl8kG5Oelri3pWxkv9AdfQs+VyZyfRtKTs1izHdky03tuQB9C+lQTtvKjTe8wNjGLAGgSYdt/jTDlhwbxOjQqNXpVuI9sbtmahobsWEK3sd2tXXuRfKsqb2OK9DNrzzfnlaQakqZA+RfvwWh3WRw6eHppDhhnf/BcHJ1HKrvqGEYoTgdERpxW0WNsEw6637rubkINzQbkesu60oebczQwttKlvAepsPJDuPqqC3Q+WbRtGRhK6ZDR+316X9Xx4wGuo4ujwrSOgw2eixnBt1lLdyTCRV8YbjWZxQQZcTX+LidlsI4+xT7/IGj3BreExBNIPHtAdl4HPb2ndBPt8br/j+tE1xYEoZhWXliV0rtrqT3ysRViJokz+PFOl+L3eKPb/zTDpL9jJQ5g26GXgzLHyPaXG3NToX96aBESxUqIS2wwGPFedWvDwcCn6D89g4YXKkCUiadTg/td88yRUn+vRqEOpjMsoOdYwaFNxevCR+kAB4FtlaWpEzlFyQ2DRsE7b2Yt8Bwvd9ldCN+DOOGTVEn9k3T/fS2XHUUVlxw2p/LD54fhs0wPu/Ij+gw4gRgO3pdfU0rStXCqwcFhva/W8XfEMZI1dbroaQKNdizd5V73vNk+Il8V6g7mzcJ5IhLTk8vsU6jmgILSvCDDhsIz8Eo9EpCtac2prqd8DOO939BGv+cG92ivdwQ9BuPfAGWPC/Hi4G3/Fxb1H8+GVguOCSRPvFS/iic5mFxEZo5POSsyvOPE1DeCWwwWTaMf3vk93dtE890Y8Ha6s+pG5QrM/NczuvioiDIkdT74dm9YRVLELwO9272k3eC24QjDEe28mBCk6dAJ9vz4Sk4ae8pIV5SAUMkhvqertH79LBrNleurnoOh6F8QrBYHOYsgJKtcO350ordtLMt2BypGVA9XlBVL3Aw3uOgfX9gwSZWaUjxaDDiffpqFEan24ubXy/xJsu+R7xdMTrn5V2/AwlLRaB5uxhcbOQ86MjCvGBYlcDYbkmCgFi3v8KaJj8SxR1LhgRQgVgzvw1bPE5qulb1SnhovraB+T/DJ9EJ7E5d87+fpll2Lw5AM9Z8SMC6YtSbnPepPMF+eob6mN4u4y0SMN7Sg/6O6G4vScvSoe7X5v7K3jjb97/rp/DJJTyVLcb/MEYG5iCSf69x0RWm5YvD5yqCDomw5HKLJvJh/qctxfYWvbDTbozaej/jjzFW7HkW3RL7ONZXW9IUIdfC1IunujJRwOrCIBPSq1UttTk3PBOuS2vxX1zr8V9Va8LZhujujdie6RuNLue5anfbC3zMfmtUDpztkP1SemQbSJ+yJbuJpEIiUeN6MDUxmRs+UIMnD2BXnXsyHEXa6pwtsmRt7n9sMVEfkJA7yfq1MJ/BWON/6rNj5rrGKQUDHzVitujekvU4/yoLPuAp2s3g+KuH0yY/VeBCJhKefijl2mjQYOFVuxm3FO3rkEUolPtUue+dXhohOWa+rc/1gHQ8t5o1ZLFxmfNV0Ks88FRVe2GqumcO0I+PMvLd2db4JYbQxA3QTPcZOUX9rbfJzCKWTEQsyUjFADR9ULmFxKlkhDOeibjsfrxEsvZwCcKNbR/FFObUp8tjJ3kjJC7hy+iTsFId6Pz44qUFew0c4q2gO0szlBmvmaS7I4P0mxGQk9W5CytTCYwKJwlhtowqddrO1ZKLKsEkLfODbc7SRGMPCa3nco6BIjEL5gDcrErF/0j3D0Ip3wyxq+XRMr1+4Y665OPTdQ5Ti90T+X+TxisBKgRjF5pALgCfOjxwdwUiSoc260CtYq3dWn+DrFNp51QsH2hr0emhQh6UNTxroS+8VD+znanWzf2sPJJIqR/AcNDyDB++79Edjm3p4JOhHFFPnBnrxMmLiBWMZhB1Cc1nyHa47uOQp9ZhsxYOoArgxN5V4lLsaQoixkVMndmg0xjPDF1vci5LcZAsMcLGWKDbBSOKdH39VlRle6jHIjY4dq47viH0u/hhk1i7TgRi83EUAgMNsAhs5uYCJ9XVl80QpJQ6K6cbbOC5zFF/Ic0/bLMIYqlmR1DUfBpLnQEu40ow6kWJMQsKyLZfUJmLx4o20+u/V0Yc1QKAqMu48aRw3ddyX1I+dbM9j6mHES0DYXf+i+OJxUGAP0JK7vff9quRjrbUjk+VciAI/aiusx6gQKZ6zXKvaB2NyTjAjzdB8m8NCQk1nTyNWJfWnz5lyFOQTkefdXhI+8FTtFcXZt6hc4/3jIiyf9g94txQtbOrkeTvkjLnRsTi9f7IHhf8yNOTELj5EDFtgALIpeC3peRsCWQgUBb6spvMKx9o6KNVRBy5SEjqovFrF7N1SLMZHzSuihoGgLyt9K5m6rYxDJyKzOEiq4bDGnJkp7GV+RA3qU7+2wv+dgF5rTdTK2twF5iKYqNYfNj7rKIh+ySra7X6g0cauSwpcd9lmu2fP3xmHh9RL1ofRe5QQmFTS+Lc6V+bx/xCaO6fr7ZP9qyq2NxgWHZIsWpHFsC1prmpYVylqSsBhhdSBWUPTNoNypwQSqNJwbjhhnEvY4TW84+t6H8WVx1fVvPimcyVbS+Rw/3K+DQozJbIktJujA8OgbIwECHiRV09Vd4352EPUSBCx15dLR5ObCINFHI7i6abq+rOj1+ux74eWhsJKtfpYzhPAtTWBcchNhTuyTrbv/1nvgh5NdG2tVJbQ6zZrdqj56iRI00CxZXhddQ+w1s43YwMeBWexqcgiCbcQZp9GQmw6m9PDMTc13DJFpGf992QB+/LAROLJGx6Byy6iExXaFy7EhRBC41kW2itoXPRerdWQB9BGZe+wlR7DDs1VLHpJcATcu+mewMv1eP6ZtXVDos498W0OcTasBUg/FJ/XEB4c3/yEHnOVJiKgSHv4C9t4X72nlrGkBCon+a9XCih4qghUp01/MzqbnwwwW/Q1xPDgjvElg0xyWL+lhz7AQ7pWH/C7fS75EvRZnCSOPmylulpnpljNuErwOPZTfLIDyUYsJg5i6YsFz42c83qrNIKrvMctVMlUJXPRme/L8e+BJPoUT3g/qPP2kMVMJ36TwiKwlBVPe/F4o3GaohxE8yb20FHvWFw3dOuLJIkw3dKSM+xOwRajcr415SRo2Xy3Rgs4NiogMx8WK1VjJlsGJJvqhNT8UqvjJU6ai+MQmsWfWFeMWRLFGBo1QnQcoAHbiMpQLj+QONZyYvJslOYzlT9nZ52TFDko5+oQELbpMpAhPGKzopLE/NoQ3O0FRQkjDKoq","rc_enable":"y","bg_snapshot_delay_ms":"500"}

Signatures

Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
ransomware ryuk
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 61 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage\adult.oo.lv\ = "93"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage\adult.oo.lv\Total = "41"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "356719350"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "15"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "93"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6E9B7B01-BC11-11EC-BF55-4EE2981408BD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "154"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage\adult.oo.lv\ = "154"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage\adult.oo.lv\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage\adult.oo.lv\ = "15"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage\adult.oo.lv\Total = "15"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002ac970f6e21c8045b4ad45959768992c0000000002000000000010660000000100002000000031c164953761c04ac67ac65369d13541edee27b83024c3db1c1c6232ac241f22000000000e8000000002000020000000d3b9122aa82ea245f0780c37c1ae7021301f9b537fc621b75a396719741b9a8f200000002ebe077620b95bc3e8e813f0677a1bc63943b8c8d8b76033e333e7164cd4015440000000c076f0d5dd60863efe807e6422dfc471d61c8fe58301ddc340726c51111076024d1e8a2ede2f7e6d7793164596669c97bf5d6c88b387d955b8c715445c8a07ba	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage\adult.oo.lv\ = "67"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90d4c8571e50d801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002ac970f6e21c8045b4ad45959768992c0000000002000000000010660000000100002000000001ba5570a64ec62773c3fe2d03f90a973c1257547736a5fd55c06835c5ba20cf000000000e8000000002000020000000504e87c8ec69f164ae2127075c1d2c55f8b99d1cdc427a3bc549f15b6ec3cf3f900000005b0fa827de1f11d412b46c620d26d1ec8bbd2dd3e2d2d45290e26bc1cb24add9c4cad49f32d22909723d9630944801d3372327cb0b089c2ed6b186e68b35b9109ff9d31eb9ab41630cc5b1ecaf7b150eb1cac15f1fdfc42f2005537c3f26560b205ad7b011e46c5090b32d4a2bfa8f81ea66d6d2d47dabba097505fc1eda44bdf5f86990cf599fd6ccd6a4792f2f139c4000000066e85eacd7bc0858a31d98a23b383f1756bc76a6648853ee38e5883cce525ebd511a05f51cead8cfb24af420caf3b8e0df42306dfb65dfb4f4ccc58e8b495b72	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage\adult.oo.lv	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage\adult.oo.lv\Total = "67"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage\adult.oo.lv\Total = "154"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage\adult.oo.lv\Total = "122"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage\adult.oo.lv\ = "122"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "67"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "122"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage\adult.oo.lv\Total = "93"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "41"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-594401021-1341801952-2355885667-1000\Software\Microsoft\Internet Explorer\DOMStorage\adult.oo.lv\ = "41"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2004	iexplore.exe
2004	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2004	iexplore.exe
2004	iexplore.exe
656	IEXPLORE.EXE
656	IEXPLORE.EXE
2004	iexplore.exe
2004	iexplore.exe
1156	IEXPLORE.EXE
1156	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 892 wrote to memory of 952	892	2e378545698485c96c7e46441c06427d7fecbc676ead41171abfb9b1d79caa3f.exe	28
PID 892 wrote to memory of 952	892	2e378545698485c96c7e46441c06427d7fecbc676ead41171abfb9b1d79caa3f.exe	28
PID 892 wrote to memory of 952	892	2e378545698485c96c7e46441c06427d7fecbc676ead41171abfb9b1d79caa3f.exe	28
PID 892 wrote to memory of 952	892	2e378545698485c96c7e46441c06427d7fecbc676ead41171abfb9b1d79caa3f.exe	28
PID 2004 wrote to memory of 656	2004	iexplore.exe	31
PID 2004 wrote to memory of 656	2004	iexplore.exe	31
PID 2004 wrote to memory of 656	2004	iexplore.exe	31
PID 2004 wrote to memory of 656	2004	iexplore.exe	31
PID 2004 wrote to memory of 1156	2004	iexplore.exe	33
PID 2004 wrote to memory of 1156	2004	iexplore.exe	33
PID 2004 wrote to memory of 1156	2004	iexplore.exe	33
PID 2004 wrote to memory of 1156	2004	iexplore.exe	33

C:\Users\Admin\AppData\Local\Temp\2e378545698485c96c7e46441c06427d7fecbc676ead41171abfb9b1d79caa3f.exe
"C:\Users\Admin\AppData\Local\Temp\2e378545698485c96c7e46441c06427d7fecbc676ead41171abfb9b1d79caa3f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:892
- C:\Windows\SysWOW64\wscript.exe
  "C:\Windows\system32\wscript.exe" //B "C:\Users\Admin\AppData\Local\Temp\WpMhLmMEn.js" "C:\Users\Admin\AppData\Local\Temp\2e378545698485c96c7e46441c06427d7fecbc676ead41171abfb9b1d79caa3f.exe"
  2⤵
  PID:952

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2004 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:656
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2004 CREDAT:668684 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1156

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cec25495b8a5b46f8fad7d5ed7855638

SHA1
749ece920106b8dc9bb7e5d385f83a9c5869c821

SHA256
e9155455afc2155c998fa875aa3cb88db551cefb46faa5737152d20b573fff2e

SHA512
30553aee7cdf907d776ca76eab9d50fc3855ecfbacbaecf4f48f9ca22372bf0d336aea27f4df49aa7c0a8dd42818fc8d59aa8416fc957d1e9cc501b6d451ea5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\WpMhLmMEn.js

Filesize
10KB

MD5
e0c6db81a989c65dd5c8052876c92d1e

SHA1
dc720fcf0892a53b714329138335c0b0ed800c4f

SHA256
f0236eb32cc5e39f8ce70ab7ebeb2a91060c5ffaf8ef61224451805b75a1b7a9

SHA512
595a5b5b65a8325b5d8df8af9a90e490ca526da09c62b058290aef5e95bb9ce1fa7f38acb6e28f97bae6b4690a7b865e1581854fff6f7788c96dd25cdb458540

Download Submit
memory/892-54-0x0000000076641000-0x0000000076643000-memory.dmp

Filesize
8KB

Download
memory/952-58-0x00000000001B0000-0x00000000001B2000-memory.dmp

Filesize
8KB

Download