Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20-05-2022 06:48
Behavioral task
behavioral1
Sample
054a65dcf128bd8c4fa0bcd39c076eaa81c8508e2c2f727ded17fb014005206a.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
054a65dcf128bd8c4fa0bcd39c076eaa81c8508e2c2f727ded17fb014005206a.exe
-
Size
908KB
-
MD5
6d6e4656e913a633f07a8e62e8f1a85b
-
SHA1
b34b780cb7d2a2107ac3df154dd7676212471361
-
SHA256
054a65dcf128bd8c4fa0bcd39c076eaa81c8508e2c2f727ded17fb014005206a
-
SHA512
34d775221ed499b443b0f45517a073f67fa4848557537bc99af23cd3107a3d63659f8f53f9abbc61e361a579a339d584261512d6c865499371aacc6177ffa056
Malware Config
Extracted
Family
gozi_rm3
Attributes
-
build
300854
-
exe_type
loader
Extracted
Family
gozi_rm3
Botnet
202004141
C2
https://devicelease.xyz
Attributes
-
build
300854
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
12
-
url_path
index.htm
rsa_pubkey.plain
serpent.plain
Signatures
-
Processes:
iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEdescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0fa76651c6cd801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30960668" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b090de8c1c6cd801 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b00ef9991c6cd801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{A26E6CB7-D80F-11EC-AD90-5ABF78284711} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d44f7c908017924dbb36ebe98e677ce100000000020000000000106600000001000020000000bffbb92ca8e611b6fd36c857b41446b80584c0779b5885d22dd22345c98d77d6000000000e80000000020000200000008325367a4859c01ba2b7477b3706e69294f4360ec265fcea3b352f9ce8aa6866200000001840e72065bf0643c9323e83860b8708daf4ced7c3002205f81fca4846c608ff40000000629a459a6b1aa6bebc25fe4b455b200340908220851af2d40aac378ee7a0c24b3a283e0d390fb9dc97cac271439297f354fd8d3ad6b25aa5b4e6cc4c63db6177 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{BCB1D82E-D80F-11EC-AD90-5ABF78284711} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D6F2DBD9-D80F-11EC-AD90-5ABF78284711} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{8D969E84-D80F-11EC-AD90-5ABF78284711} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d44f7c908017924dbb36ebe98e677ce10000000002000000000010660000000100002000000031ee045df39cc37e8010c53ec1881f3bc6a5269045c15c2e4c74dc6b8c51b0ef000000000e800000000200002000000084865de4e24428be9baf3bcb570563141f53618319f8a3e1bd1e1abc3afd5eae20000000b4d8f1c0fb648d29d3ff887e4580e441911a60c7dc2103c24f11fbe0d28820bf40000000c6bb0fb3450122cfe177f653676920093c525e295116848f9ad642bccc98bd54d059283ad420f0d7be8d093c2a82b2d75195d55da020af8b5ed317ab7741afed iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d44f7c908017924dbb36ebe98e677ce100000000020000000000106600000001000020000000e95d5b84da96679328ae3b6d1607ed060d564e679b1919ae53d8d7839713efaf000000000e8000000002000020000000f4832a1d4eb4e539e812ff22fb7c015ed30e0f84f05ff0424773b101b2b192e2200000009742eecd794e7694010424748d9cefe609af08807a5a984df174d9061e0e6b1c400000005018611d2dce40530f0fc74b66aaf50f61aba6743baea6122f839887c41d1ee36f71fdb3fd429d9310fde25f7cdffb00343c0761618142888512efbcb8e1eaaf iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1643240746" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d44f7c908017924dbb36ebe98e677ce1000000000200000000001066000000010000200000002d6a299f924b1f9d08ed80fd0ae2cf2ecf45f9775f3a0c562b00718b2ffd57ce000000000e8000000002000020000000a8b5fa09326496d5198ae929adaaf5f324ae8ff447d4c5ed7eb7e7dc9613c4662000000046c76133d9080fb19df1610f3d257923ec7f42999d20f3b6c01bfcf5ff50b4d540000000a9caeadfea87616bc3bc6aaa05dcebd3babc54f2edacb60ee20366f521cb6b78fc0fa006009bc7d98fdfd618af2e1503006f6348b454655009841a6e43ea9914 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe -
Suspicious use of FindShellTrayWindow 7 IoCs
Processes:
iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exepid process 4460 iexplore.exe 4460 iexplore.exe 1808 iexplore.exe 3040 iexplore.exe 1676 iexplore.exe 3180 iexplore.exe 4880 iexplore.exe -
Suspicious use of SetWindowsHookEx 28 IoCs
Processes:
iexplore.exeIEXPLORE.EXEIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEpid process 4460 iexplore.exe 4460 iexplore.exe 1384 IEXPLORE.EXE 1384 IEXPLORE.EXE 4460 iexplore.exe 4460 iexplore.exe 4416 IEXPLORE.EXE 4416 IEXPLORE.EXE 1808 iexplore.exe 1808 iexplore.exe 3420 IEXPLORE.EXE 3420 IEXPLORE.EXE 3040 iexplore.exe 3040 iexplore.exe 2276 IEXPLORE.EXE 2276 IEXPLORE.EXE 1676 iexplore.exe 1676 iexplore.exe 4524 IEXPLORE.EXE 4524 IEXPLORE.EXE 3180 iexplore.exe 3180 iexplore.exe 1996 IEXPLORE.EXE 1996 IEXPLORE.EXE 4880 iexplore.exe 4880 iexplore.exe 2120 IEXPLORE.EXE 2120 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 21 IoCs
Processes:
iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exedescription pid process target process PID 4460 wrote to memory of 1384 4460 iexplore.exe IEXPLORE.EXE PID 4460 wrote to memory of 1384 4460 iexplore.exe IEXPLORE.EXE PID 4460 wrote to memory of 1384 4460 iexplore.exe IEXPLORE.EXE PID 4460 wrote to memory of 4416 4460 iexplore.exe IEXPLORE.EXE PID 4460 wrote to memory of 4416 4460 iexplore.exe IEXPLORE.EXE PID 4460 wrote to memory of 4416 4460 iexplore.exe IEXPLORE.EXE PID 1808 wrote to memory of 3420 1808 iexplore.exe IEXPLORE.EXE PID 1808 wrote to memory of 3420 1808 iexplore.exe IEXPLORE.EXE PID 1808 wrote to memory of 3420 1808 iexplore.exe IEXPLORE.EXE PID 3040 wrote to memory of 2276 3040 iexplore.exe IEXPLORE.EXE PID 3040 wrote to memory of 2276 3040 iexplore.exe IEXPLORE.EXE PID 3040 wrote to memory of 2276 3040 iexplore.exe IEXPLORE.EXE PID 1676 wrote to memory of 4524 1676 iexplore.exe IEXPLORE.EXE PID 1676 wrote to memory of 4524 1676 iexplore.exe IEXPLORE.EXE PID 1676 wrote to memory of 4524 1676 iexplore.exe IEXPLORE.EXE PID 3180 wrote to memory of 1996 3180 iexplore.exe IEXPLORE.EXE PID 3180 wrote to memory of 1996 3180 iexplore.exe IEXPLORE.EXE PID 3180 wrote to memory of 1996 3180 iexplore.exe IEXPLORE.EXE PID 4880 wrote to memory of 2120 4880 iexplore.exe IEXPLORE.EXE PID 4880 wrote to memory of 2120 4880 iexplore.exe IEXPLORE.EXE PID 4880 wrote to memory of 2120 4880 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\054a65dcf128bd8c4fa0bcd39c076eaa81c8508e2c2f727ded17fb014005206a.exe"C:\Users\Admin\AppData\Local\Temp\054a65dcf128bd8c4fa0bcd39c076eaa81c8508e2c2f727ded17fb014005206a.exe"1⤵
-
C:\Program Files (x86)\Internet Explorer\ielowutil.exe"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4460 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4460 CREDAT:17416 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1676 CREDAT:17410 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3180 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4880 CREDAT:17410 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx