747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e

Analysis

max time kernel
153s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 11:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
Size

1.4MB
MD5

10cd97fb158b9aa8d8a2372878f79c9e
SHA1

fd5ab73f7c1a275ffc802af98531e6f9b580b86a
SHA256

747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e
SHA512

f06c7b19c5a0fcb7c369e95408c14aaa6f258713aaa31e7af16d8b9cac77e69cd4a2f1627464ce46e393cd082d3c12abbc65c1779c67b07ad8de1eedd5eb6b6b
SSDEEP

24576:fayGQeN/7DSBfWhlwMnN4iwFx2iQeN/7DSBfWhCr59Ms96H0j:ypph7GBfW7wENCjfph7GBfWqMRHk

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe-	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe-	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\misc.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.exe-	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Windows Media Player\wmpnetwk.exe-	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Windows Media Player\wmpshare.exe	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\rmid.exe-	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\nbexec64.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE-	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerElevatedAppServiceClient.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\notification_helper.exe	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\javac.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe-	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\dbcicons.exe	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\notification_helper.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe-	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\jhat.exe-	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\wsimport.exe-	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\xjc.exe	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WORDICON.EXE	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jre1.8.0_66\bin\pack200.exe-	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe-	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotd.exe	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pubs.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Windows Media Player\wmpnetwk.exe	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\javac.exe-	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe-	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\pack200.exe	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.EXE	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\jabswitch.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\misc.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Windows Media Player\wmpnscfg.exe-	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WORDICON.EXE_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\jarsigner.exe	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\jstatd.exe-	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\tnameserv.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\lyncicon.exe	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\rmiregistry.exe-	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe-	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\jdb.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\rmiregistry.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jdk1.8.0_66\db\bin\setNetworkServerCP.bat_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jre1.8.0_66\bin\javaws.exe	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jre1.8.0_66\bin\servertool.exe-	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\java-rmi.exe	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jre1.8.0_66\bin\jabswitch.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office\root\Integration\Integrator.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoasb.exe	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\eqnedt32.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\VideoLAN\VLC\vlc.exe	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jdk1.8.0_66\db\bin\startNetworkServer.bat-	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\klist.exe_	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2429607744"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70cfae9ea4fdd801	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2219608085"	IEXPLORE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b4cff00559575c4f8a5b0232766fcb2400000000020000000000106600000001000020000000a158ad4605255b77a7a94f93dd466a4257680b8459c1b7f5ef469ced19fe44e1000000000e80000000020000200000001042ee5e63d45d2d0270ed94c90807504f2afa93b23d41c138494945b76ab27b20000000f91e0ecba32ac9deec3a47fcf7871b005de2c9528a235bcbc840062b6a8bb47b40000000fa578ad2a6fb53ff7695ac8a0889b4ed4b7366941db1d60810a6849791d3f0244f607616eb7c6d744761d5c0c4eb05ba98ae0f7c3e19140ca92bea84aa7ec618	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b4cff00559575c4f8a5b0232766fcb2400000000020000000000106600000001000020000000e3cb9773a84f6871d3473af1666badf7d73d5f9a80ab8bcfdcc6c3cb5fbafd92000000000e80000000020000200000005388d2f0d2a19e693dc799269f14faba9a6d9d2ef2a1e97637af5b5724e56b5e20000000c9c143575118cf8bafe0ec2ddcd6757a1daa4e012ebf2c4409e8d32dd8d659c940000000a8fafe248d7f47c6b21f2c6d0b982c6103add2501320c573fd07dff7ec87f916acf527e0bc50eef54c312c278597bb51ee558e9edd7bcb25ccd300b91b40f368	IEXPLORE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30997924"	IEXPLORE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b077309ea4fdd801	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30997924"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{AE35CCD8-6997-11ED-AECB-F22D08015D11} = "0"	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375798564"	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30997924"	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2219608085"	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3480	IEXPLORE.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3480	IEXPLORE.exe
3480	IEXPLORE.exe
3768	IEXPLORE.EXE
3768	IEXPLORE.EXE
3768	IEXPLORE.EXE
3768	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4264 wrote to memory of 3480	4264	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe	80
PID 4264 wrote to memory of 3480	4264	747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe	80
PID 3480 wrote to memory of 3768	3480	IEXPLORE.exe	81
PID 3480 wrote to memory of 3768	3480	IEXPLORE.exe	81
PID 3480 wrote to memory of 3768	3480	IEXPLORE.exe	81

C:\Users\Admin\AppData\Local\Temp\747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe
"C:\Users\Admin\AppData\Local\Temp\747d9de59bd0fd7c884cbef4de3b8bf63f9daa5a0a088932f61a4780ce95a83e.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4264
- C:\Program Files\Internet Explorer\IEXPLORE.exe
  "C:\Program Files\Internet Explorer\IEXPLORE" 212.33.237.86/images/1/report.php
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3480
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3480 CREDAT:17410 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:3768

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
cb295ed32b0acd9eac87bcc961fb315a

SHA1
a580f2d38c9d1611e25b6aaa3d79b54eb34d3ebe

SHA256
980abeaa872503211925db8acf8bdcdff0bc3c6deb2182fd698f6a444d2625be

SHA512
974f48bdfb8ea90a49cfa25cacc98c9a145702f4e4967dd6ffddd5eaee6144189499682e80b342708e04f812006314b04e5715492170d0f63c7b0530e9cd399a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
434B

MD5
345e22bdf519fc41db3f3c13a0500679

SHA1
fc4b13d6e9828b116064511004c6884100434719

SHA256
fb6ae976853b987c42957664ac003d1605ab3014f4b236cf8b6908372c0db43e

SHA512
a9a9ea8ad4a614bc4db46060953ca08f1e661daf562dbea2daa605165cd5836605bd8137ded62710035019d7dd4156b64cfde1fd26c7ccc3e05274e63445325f

Download Submit