Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20-05-2022 06:47
Behavioral task
behavioral1
Sample
73612043a674b8517cac8826172863b790fd7bb93976ee5560775e3af2903022.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
73612043a674b8517cac8826172863b790fd7bb93976ee5560775e3af2903022.exe
-
Size
908KB
-
MD5
eca33a42894dd00992d624a207c5521d
-
SHA1
4b48b7f2b8d3b6e6084943d063218da776d70082
-
SHA256
73612043a674b8517cac8826172863b790fd7bb93976ee5560775e3af2903022
-
SHA512
add5c2a9219c76b15cc38d4aa190427ae0aea347226fcf5cf932c475c180f4ee6f25792ad110484d7f27618136e8f5890d8d3e8498dd2319ab911a647c22872a
Malware Config
Extracted
Family
gozi_rm3
Attributes
-
build
300854
-
exe_type
loader
Extracted
Family
gozi_rm3
Botnet
202004141
C2
https://devicelease.xyz
Attributes
-
build
300854
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
12
-
url_path
index.htm
rsa_pubkey.plain
serpent.plain
Signatures
-
Processes:
iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEiexplore.exeIEXPLORE.EXEIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 808d5bf21c6cd801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90f1a51f1d6cd801 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d44f7c908017924dbb36ebe98e677ce100000000020000000000106600000001000020000000a6b378bbcdd6bb7f10765bc14372fd822cb9e9c29aa087603e3a45c4a88baa79000000000e80000000020000200000000d82d0970d4d13b58148342ab0267f07546eb9653dfbf9ff73229c121ae6b1a520000000044c02c88855b9f6484e6e55c744c410fb977124226ef4897f58a965bf1046554000000006236c58373095874ca5500e3225eae6d958845a73090ea3a17fc8342104d24011dc8c3de26393a6057509f0003fa08c27f16c1b0584fedfd8278a4aabd00eca iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d44f7c908017924dbb36ebe98e677ce1000000000200000000001066000000010000200000008dc412e07fa672dd5b6df95ce77f95ca7ff05b3336067b41ebf6222dc5d75e4c000000000e8000000002000020000000f5f2baec5b82d70a5a5f405f880079e869a4b9b4f55df48188c108e9c12ab2e520000000fa630e6816d3f3a3b6b7c967cc55ad9d67ea19a5687ac72dbd169193b9ae58fb40000000e412b65172b05a10c86a91b5f33bbf4b3ebc48b8661e460846a0075f667f13aa10e78d3a55c1d6f7dc1821dad949f58895a9dfe7a7a93f30fd354b3184691c77 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60b57c051d6cd801 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30960669" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d44f7c908017924dbb36ebe98e677ce1000000000200000000001066000000010000200000000060ed0b8eaecb34beaa432959c3cc0ced253740a1efe2a638e5e62df07c5f60000000000e800000000200002000000080190122141f3abdda67bba182d806d1e813beaaa6d43395f8ed92dd8aa94100200000000facda14ce9fa67043b9625be1e8aa9002ef8ffbe03dc0f90c2a27ebeaeb07ac40000000364d8fd171ddaa3ac07474d2f6760d0ddfd3c3d2dd34b3ac1fd48465b3e5cc3fa5e1ac80d381df1bcb199d752d0b9d2270a2a365b09f424140fdaa685cb2c02d iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d44f7c908017924dbb36ebe98e677ce1000000000200000000001066000000010000200000002ffea935c3a2a74e6a261e71082f93fb2e5aca8c5eee486839db804a6b1353f9000000000e800000000200002000000043d52d6459c189a2cef3ffeb09211cfbd3ce6af914940b6e2a8157d617634f272000000097a84832848d2859415e535e93a1bdf5257bef509b09141cfc3f0acaf97d1b3c40000000696422da2e15de5c5442728635ae93fef5d6896522ff91186ad155b1a9d1259de7fdae36f4b9ee85c0bb6a1677dbbe570ec497e236c094cc369aebb0d828de13 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50d0a0121d6cd801 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{2DBDB834-D810-11EC-AD90-FA63415F8E77} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{426F6492-D810-11EC-AD90-FA63415F8E77} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d44f7c908017924dbb36ebe98e677ce10000000002000000000010660000000100002000000028f70d4530dcd40cf0c66ae85ec3440273cd42a247d13621957d7cd91c4c23aa000000000e80000000020000200000008aa9425020045f02c85775eb0078e83acbef7164592880e04a33df5d54d5df2620000000ddebbb4d13986b7ff8b4d20c36786880e22cce9e30c1b210e35d1b866f24fff340000000722735d227ab7d9b82e49380628a64df93af3b279ee9262dcf6ba575d98578e3c904d74f54a3d362f24eec0760737bd21f9ada2d6acaf1c0e5e040881c380dea iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{4F8C4BD3-D810-11EC-AD90-FA63415F8E77} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{76CB444C-D810-11EC-AD90-FA63415F8E77} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d44f7c908017924dbb36ebe98e677ce100000000020000000000106600000001000020000000e98b1430b1974a80b5e0bc6b279a68216ed6d6b36f7e8302ba19e5446db6fc98000000000e800000000200002000000056b0e9c8efe4ccbbfb7553bc305601db1f281710359b777fcde9760a85be5b05200000000acd3fcf7d5e1c18ea8fdf4f6cf39a0d67b876f5830f74d2b571f2a3b16d413d4000000026c4fc4e1bc3703bab9604a4d22a3c175a3416476f693ba791c22faf15bbcec6a1a071ec48898ef5e281f81f6cb8834dbf607db6327a043a5fecfc084c205656 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b006cf391d6cd801 iexplore.exe -
Suspicious use of FindShellTrayWindow 7 IoCs
Processes:
iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exepid process 4756 iexplore.exe 4756 iexplore.exe 1408 iexplore.exe 1964 iexplore.exe 2760 iexplore.exe 2216 iexplore.exe 1536 iexplore.exe -
Suspicious use of SetWindowsHookEx 28 IoCs
Processes:
iexplore.exeIEXPLORE.EXEIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEpid process 4756 iexplore.exe 4756 iexplore.exe 4364 IEXPLORE.EXE 4364 IEXPLORE.EXE 4756 iexplore.exe 4756 iexplore.exe 2320 IEXPLORE.EXE 2320 IEXPLORE.EXE 1408 iexplore.exe 1408 iexplore.exe 3632 IEXPLORE.EXE 3632 IEXPLORE.EXE 1964 iexplore.exe 1964 iexplore.exe 556 IEXPLORE.EXE 556 IEXPLORE.EXE 2760 iexplore.exe 2760 iexplore.exe 3432 IEXPLORE.EXE 3432 IEXPLORE.EXE 2216 iexplore.exe 2216 iexplore.exe 3172 IEXPLORE.EXE 3172 IEXPLORE.EXE 1536 iexplore.exe 1536 iexplore.exe 640 IEXPLORE.EXE 640 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 21 IoCs
Processes:
iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exedescription pid process target process PID 4756 wrote to memory of 4364 4756 iexplore.exe IEXPLORE.EXE PID 4756 wrote to memory of 4364 4756 iexplore.exe IEXPLORE.EXE PID 4756 wrote to memory of 4364 4756 iexplore.exe IEXPLORE.EXE PID 4756 wrote to memory of 2320 4756 iexplore.exe IEXPLORE.EXE PID 4756 wrote to memory of 2320 4756 iexplore.exe IEXPLORE.EXE PID 4756 wrote to memory of 2320 4756 iexplore.exe IEXPLORE.EXE PID 1408 wrote to memory of 3632 1408 iexplore.exe IEXPLORE.EXE PID 1408 wrote to memory of 3632 1408 iexplore.exe IEXPLORE.EXE PID 1408 wrote to memory of 3632 1408 iexplore.exe IEXPLORE.EXE PID 1964 wrote to memory of 556 1964 iexplore.exe IEXPLORE.EXE PID 1964 wrote to memory of 556 1964 iexplore.exe IEXPLORE.EXE PID 1964 wrote to memory of 556 1964 iexplore.exe IEXPLORE.EXE PID 2760 wrote to memory of 3432 2760 iexplore.exe IEXPLORE.EXE PID 2760 wrote to memory of 3432 2760 iexplore.exe IEXPLORE.EXE PID 2760 wrote to memory of 3432 2760 iexplore.exe IEXPLORE.EXE PID 2216 wrote to memory of 3172 2216 iexplore.exe IEXPLORE.EXE PID 2216 wrote to memory of 3172 2216 iexplore.exe IEXPLORE.EXE PID 2216 wrote to memory of 3172 2216 iexplore.exe IEXPLORE.EXE PID 1536 wrote to memory of 640 1536 iexplore.exe IEXPLORE.EXE PID 1536 wrote to memory of 640 1536 iexplore.exe IEXPLORE.EXE PID 1536 wrote to memory of 640 1536 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\73612043a674b8517cac8826172863b790fd7bb93976ee5560775e3af2903022.exe"C:\Users\Admin\AppData\Local\Temp\73612043a674b8517cac8826172863b790fd7bb93976ee5560775e3af2903022.exe"1⤵
-
C:\Program Files (x86)\Internet Explorer\ielowutil.exe"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4756 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4756 CREDAT:17416 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1408 CREDAT:17410 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2760 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1536 CREDAT:17410 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx