gozi_rm3 | 6b11b8d34d9b5265cadd6a24300e4472672c3260f1927c7cf71f1e293affee35

Analysis

max time kernel
145s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
20-05-2022 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b11b8d34d9b5265cadd6a24300e4472672c3260f1927c7cf71f1e293affee35.exe
Size

908KB
MD5

e448ad197a51b7d2efe4f53477ada67f
SHA1

45f7ece622159605955892c1c10597f46d026954
SHA256

6b11b8d34d9b5265cadd6a24300e4472672c3260f1927c7cf71f1e293affee35
SHA512

94b3e081979141694e8843ac000257486291959e38cd0acf2086801fe5eee174d70a61b311004b33ad5f07add5eae0cd3743f42c009d5cd62ac405081004d78e

Score

10^/10

gozi_rm3 202004141 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300854
exe_type
loader

Extracted

Family

gozi_rm3

Botnet

202004141

https://devicelease.xyz

Attributes

build
300854
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Signatures

Gozi RM3
A heavily modified version of Gozi using RM3 loader.
banker trojan gozi_rm3

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b09150000000002000000000010660000000100002000000005a54ece051e374c8b05b2fa4150ffade997ef81ce97c74c3e3e60a1cac81c4a000000000e8000000002000020000000f5db64f1e208a284c411992a0deccd06e214c00457a8ca56ff0f987969deee0f200000008dd0e85ac4aee64e20c98f14ea2ffb8352d3f96ee42f8db0035f5c4354660fcb400000001d75326b97997ca22d326ee0398a00a204f2df67d6bb46592a1fab56adec0ef1ae8ef45cac5c8877c3409716fa17aa84c0682d7954eefdf1ffd378da52f9de82	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{75197553-D87D-11EC-AC67-FA9902833152} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10a742fe896cd801	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70c231118a6cd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b0915000000000200000000001066000000010000200000006a917cc51a7bf1396a00a01942274e312a5f23e8a515b700c38322b208fff8d7000000000e8000000002000020000000596183c03136ec64bb6046aa3d19f3397ca518e69e1e44c4ac3f3844bf5e9e61200000002953aba5cef066f11c4ec80f7d9c2c2cdefbaff0257ebfc27e2d086f38d9dab6400000008cccaca712bae11a8baaf04dc7b0d96604ac8366d3e874b75beed54e62d20fc4fc236f930fd54de32db050eeab5d827fc0b123a5a955fb2a7fdfab63554e6f38	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30960778"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{4E64C9C5-D87D-11EC-AC67-FA9902833152} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b09cc0448a6cd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{8206B80C-D87D-11EC-AC67-FA9902833152} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30960778"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0008131e8a6cd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{39EEBB00-D87D-11EC-AC67-FA9902833152} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "242854196"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b09150000000002000000000010660000000100002000000011856191128c990f255413a86bcfaf1f68084a5b6bd4eab2a65588c4d76a9202000000000e8000000002000020000000e0ef529c9afb721470c1110b3151647c61c95e06d0886877e7b57fb75ff3711c200000003bb861bde9574f4dc915b8a3ad6eb58a7a29fc34e6f4a2cafa353daed8579e1640000000c6fd407651e59ddc495a3fb1c13567b45b6024524ab9e37bb20d0325de6a07c85566fb50f7d014aa581fa3d4f58e8ccada37061fb202bb40150ca07382616524	iexplore.exe

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
2560	iexplore.exe
2560	iexplore.exe
1552	iexplore.exe
1556	iexplore.exe
4568	iexplore.exe
3992	iexplore.exe
4248	iexplore.exe

Suspicious use of SetWindowsHookEx 28 IoCs

pid	Process
2560	iexplore.exe
2560	iexplore.exe
1740	IEXPLORE.EXE
1740	IEXPLORE.EXE
2560	iexplore.exe
2560	iexplore.exe
2244	IEXPLORE.EXE
2244	IEXPLORE.EXE
1552	iexplore.exe
1552	iexplore.exe
4088	IEXPLORE.EXE
4088	IEXPLORE.EXE
1556	iexplore.exe
1556	iexplore.exe
4620	IEXPLORE.EXE
4620	IEXPLORE.EXE
4568	iexplore.exe
4568	iexplore.exe
520	IEXPLORE.EXE
520	IEXPLORE.EXE
3992	iexplore.exe
3992	iexplore.exe
1124	IEXPLORE.EXE
1124	IEXPLORE.EXE
4248	iexplore.exe
4248	iexplore.exe
996	IEXPLORE.EXE
996	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2560 wrote to memory of 1740	2560	iexplore.exe	84
PID 2560 wrote to memory of 1740	2560	iexplore.exe	84
PID 2560 wrote to memory of 1740	2560	iexplore.exe	84
PID 2560 wrote to memory of 2244	2560	iexplore.exe	87
PID 2560 wrote to memory of 2244	2560	iexplore.exe	87
PID 2560 wrote to memory of 2244	2560	iexplore.exe	87
PID 1552 wrote to memory of 4088	1552	iexplore.exe	90
PID 1552 wrote to memory of 4088	1552	iexplore.exe	90
PID 1552 wrote to memory of 4088	1552	iexplore.exe	90
PID 1556 wrote to memory of 4620	1556	iexplore.exe	92
PID 1556 wrote to memory of 4620	1556	iexplore.exe	92
PID 1556 wrote to memory of 4620	1556	iexplore.exe	92
PID 4568 wrote to memory of 520	4568	iexplore.exe	94
PID 4568 wrote to memory of 520	4568	iexplore.exe	94
PID 4568 wrote to memory of 520	4568	iexplore.exe	94
PID 3992 wrote to memory of 1124	3992	iexplore.exe	96
PID 3992 wrote to memory of 1124	3992	iexplore.exe	96
PID 3992 wrote to memory of 1124	3992	iexplore.exe	96
PID 4248 wrote to memory of 996	4248	iexplore.exe	98
PID 4248 wrote to memory of 996	4248	iexplore.exe	98
PID 4248 wrote to memory of 996	4248	iexplore.exe	98

C:\Users\Admin\AppData\Local\Temp\6b11b8d34d9b5265cadd6a24300e4472672c3260f1927c7cf71f1e293affee35.exe
"C:\Users\Admin\AppData\Local\Temp\6b11b8d34d9b5265cadd6a24300e4472672c3260f1927c7cf71f1e293affee35.exe"
1⤵
PID:2980

C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
1⤵
PID:3512

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2560 CREDAT:17410 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1740
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2560 CREDAT:82950 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2244

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1552 CREDAT:17410 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4088

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1556 CREDAT:17410 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4620

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4568 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:520

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3992
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3992 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1124

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4248
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4248 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:996

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2980-130-0x0000000002240000-0x0000000002251000-memory.dmp

Filesize
68KB

Download
memory/2980-136-0x0000000000640000-0x000000000064C000-memory.dmp

Filesize
48KB

Download
memory/2980-137-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads