Overview
overview
1Static
static
&iNE.t.html
windows7_x64
1&iNE.t.html
windows10-2004_x64
1files/adsbytenmax.js
windows7_x64
1files/adsbytenmax.js
windows10-2004_x64
1files/app.js
windows7_x64
1files/app.js
windows10-2004_x64
1files/boot...min.js
windows7_x64
1files/boot...min.js
windows10-2004_x64
1files/bottom.html
windows7_x64
1files/bottom.html
windows10-2004_x64
1files/f(4).js
windows7_x64
1files/f(4).js
windows10-2004_x64
1files/f.js
windows7_x64
1files/f.js
windows10-2004_x64
1files/index.js
windows7_x64
1files/index.js
windows10-2004_x64
1files/jque...min.js
windows7_x64
1files/jque...min.js
windows10-2004_x64
1files/jque...ion.js
windows7_x64
1files/jque...ion.js
windows10-2004_x64
1files/jque...min.js
windows7_x64
1files/jque...min.js
windows10-2004_x64
1files/jquery.min.js
windows7_x64
1files/jquery.min.js
windows10-2004_x64
1files/login.js
windows7_x64
1files/login.js
windows10-2004_x64
1files/notify.html
windows7_x64
1files/notify.html
windows10-2004_x64
1files/replace_ad.js
windows7_x64
1files/replace_ad.js
windows10-2004_x64
1files/request.html
windows7_x64
1files/request.html
windows10-2004_x64
1Analysis
-
max time kernel
125s -
max time network
190s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
15-06-2022 00:07
Static task
static1
Behavioral task
behavioral1
Sample
&iNE.t.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral2
Sample
&iNE.t.html
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral3
Sample
files/adsbytenmax.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral4
Sample
files/adsbytenmax.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral5
Sample
files/app.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral6
Sample
files/app.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral7
Sample
files/bootstrap.min.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral8
Sample
files/bootstrap.min.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral9
Sample
files/bottom.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral10
Sample
files/bottom.html
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral11
Sample
files/f(4).js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral12
Sample
files/f(4).js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral13
Sample
files/f.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral14
Sample
files/f.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral15
Sample
files/index.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral16
Sample
files/index.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral17
Sample
files/jquery-1.9.1.min.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral18
Sample
files/jquery-1.9.1.min.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral19
Sample
files/jquery-fieldselection.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral20
Sample
files/jquery-fieldselection.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral21
Sample
files/jquery-ui-1.10.3.custom.min.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral22
Sample
files/jquery-ui-1.10.3.custom.min.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral23
Sample
files/jquery.min.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral24
Sample
files/jquery.min.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral25
Sample
files/login.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral26
Sample
files/login.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral27
Sample
files/notify.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral28
Sample
files/notify.html
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral29
Sample
files/replace_ad.js
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral30
Sample
files/replace_ad.js
Resource
win10v2004-20220414-en
windows10-2004_x64
Behavioral task
behavioral31
Sample
files/request.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral32
Sample
files/request.html
Resource
win10v2004-20220414-en
windows10-2004_x64
General
-
Target
&iNE.t.html
-
Size
20KB
-
MD5
ba3348ede1d4a67f677e5b2714bf5250
-
SHA1
080914baea7618f64d3960d087ed6f49798ecaf8
-
SHA256
5b00f37170e39bc837d2f4ffaa887ba49110ba50290691c09f19a3cd5c3b1363
-
SHA512
b6a8d27be1ae4609b5a54482a06464bf75e984b0080a59b1cf4971b925c9bc27e15469282f1c98a6e1463eb7fe1981d34d08908b51de60a7d24320240698cc2e
Malware Config
Signatures
-
Processes:
IEXPLORE.EXEiexplore.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2509588835" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{BC58BC9B-EC71-11EC-AC67-5EDCC15D6134} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30965886" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "362038363" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\User Preferences iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b091500000000020000000000106600000001000020000000c2e1bbb2ab8cbe9a2dda6da75ea6bc8e5b7130910e0c70916574b897e2bd0aa4000000000e8000000002000020000000584eda7f34690ba592908417dddee61ea16d132b622b06395a6c92f8199b733420000000c91b4e41781e47f25dcb864601a521d04f47d1c6aaf92d227dd690e5a5d6cacd4000000079d20cc2699a23b8372dae2c8bc22707efa863c1d9480929270d07d8fc477748175a15a83394e407674fa814e5e2a3c9d9812b93b3af65bf06b88045a84f1377 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30965886" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2509588835" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = f982cdb29d50d801 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IENTSS" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b09150000000002000000000010660000000100002000000045cad28fcbf60829d596394f3184fb1979c6acb831c8c7afbea315c93b03d79b000000000e8000000002000020000000a3f29ffb23f04453ba669f1d1fc5e82f3e6fdd01263b0c5dd20b4e71f21d39ac20000000f8c1ad9ddedeee890b6f98e30d7c0ad3917b9a66c43697585401097fe60e9d49400000004c1b915343db79785c522d1bbda036b680688e751dca0949eea5f84fe7c3ae4f953b327a17656a70e855f1d0105846a9282564e2f05947ac6ea4a0c8edf60641 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = "http://www.bing.com/favicon.ico" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b0915000000000200000000001066000000010000200000003dc5ad66b46b68b065adcfca0fd71188f5bd131f94006366560f35876fd36b3b000000000e800000000200002000000020a3e2baf40dd437befb74a39318dd35797fb2b14f22ab0ea9e7b171f0eb860f10000000b96e1e10cde38d92e730d283712e5813400000004ace6bc23f47804571054097c2f31e5a5b361fe02db35385907778f5d2a8d24fa76604d4ce7750f571825cb86ca463d420afc2c2845a5cca57daea8036adbc72 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b091500000000020000000000106600000001000020000000ab490aa3fc42ed55d606ad0e096e6a659f5c3b6f82773aae9444f95aca9a0cd5000000000e8000000002000020000000c7f72742724f57d69c412a4fd4eb50d1ceb6d6bae6480905164693f30b0142e950000000203fd5a46cd3313cb46f2ce1158b1c8116bc0bc2bac62c6048e1559b3c6e94e970937f6168b2de468eb1cb028ced273960db188607160d7229867aa9eb5930eae4b8fb2b17818d984b26874bb212891f400000006a6e796aef8a71c388c03d010723e1a9d51e7cd31ecbe046c7318c9036c5a7dddc4e118e93dcf542d09b81fa45728f99e94b21b23b77aa91772806d2ef66bbb1 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90c623ac7e80d801 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version = "5" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80b01db07e80d801 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 1916 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 1916 iexplore.exe 1916 iexplore.exe 2332 IEXPLORE.EXE 2332 IEXPLORE.EXE 2332 IEXPLORE.EXE 2332 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
iexplore.exedescription pid process target process PID 1916 wrote to memory of 2332 1916 iexplore.exe IEXPLORE.EXE PID 1916 wrote to memory of 2332 1916 iexplore.exe IEXPLORE.EXE PID 1916 wrote to memory of 2332 1916 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\&iNE.t.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1916 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx