hxxps://nmas[.]miraco[.]com[.]eg/portal/

Analysis

max time kernel
138s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2023, 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://nmas.miraco.com.eg/portal/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 155e28e2e3add901	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 63 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044017"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 406523a8b1b1d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31044017"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1882595830"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000007ce7b7852422c48865386072e9a0d0f00000000020000000000106600000001000020000000befffef1fb950c0ecdaf43de1acee89677b7a5c0194e024c4503f19e9c7f6e8f000000000e8000000002000020000000dabfe5d0878213bfc13b6507db59505bffecf610f9eb9401bc0ed751a98c535e20000000d8675b572cb323aa939f12bf49540ec9a5c0ee5bbda5307d533e556290215ff2400000004dadb5e9d704656b372d72f617f1d076c4bedadadbf9c4b20ff820f163097770d68df879000ac9e37d5b26983bcb9d18d3c927319f32a68937d76bba7637e08a	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1872908585"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 900da99db1b1d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50cca1adb1b1d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\RepId	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\RepId\PublicId = "{E2093F27-FD43-40BB-B3CF-563F5B0B79BE}"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000007ce7b7852422c48865386072e9a0d0f00000000020000000000106600000001000020000000f1f960d4d976de8ec36e993cbbd7f76aaf074539bd74ed96e424f5bd3cb9ae81000000000e8000000002000020000000a202c02bd33a75549d140d34e01fbefd3f527ebe2f8d32a580b19740352cca1920000000d251a0f49af4d27b53da9e4c2e16a3bb3cfc89770304d5e90aea347f4885449940000000e801d0c30251a4f42e3dbf95f3689be9024db8475ca9a4f20fcf902e11d59250ad5d99a2b4040628275d82d0c9364b136ec7cc3d30895b5bbf93c244ae44e54e	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000007ce7b7852422c48865386072e9a0d0f000000000200000000001066000000010000200000006c9f6090590eb4e3f8532790a179178719f0087b66488e69ac7a984e266df4f5000000000e8000000002000020000000f2bb412af67adfe745444b60090689192a9fc10e249b3feeb669e54cf20fd5f2200000004963deb97bb982ca698339ce1eecd3d336566e6ca26e7d36257c946d1fbdadb740000000518f00405f773fcd77545b5bd2bf02f8742a07e943b4b88d3c6d969497c7d0a6eb8760d7906aa2d9369238cdd0e8e67543d4501d74e2808ecfa41fa8646c1747	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 001e5fadb1b1d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1055ee72b1b1d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60e4549bb1b1d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000007ce7b7852422c48865386072e9a0d0f000000000200000000001066000000010000200000001ac39470e05deedbda86a7023ea5ed565a049fb690e0b317f95befd1009e3c35000000000e8000000002000020000000afa1e725cd729f1c3eb6cf91065f308dd7ad1c45ab9a6c9aeaddb6dc3ec0527e20000000e1f960dc3e2c204f0d66ebb3685b0681e0e75a3071a08a6cc879d13e13d669b440000000d0d2fd8bb046f1a87710048ce2f86199bf41bc624743e25196d66a20488c56428863e3746c678706f22182dc64bc02be42069d6793204b87a20fc3cb25ead988	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395595306"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0967992b1b1d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 203753adb1b1d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000007ce7b7852422c48865386072e9a0d0f00000000020000000000106600000001000020000000f99f1a4a4d83a10ff4113824ca9302004120c66e53017d34bccc147374fe3ab6000000000e80000000020000200000005ca305ef32a6020293405c90e98bcc390aee5f058bd5042ad81924053717e0c02000000061009c7fa7c69e46665688f13a191c57bbfd743b8eff62ad1c590f28ea3a6ae240000000aeca18c6b121a1d54bf31ec45369741a1b429a9f26b8bb092fc682047aa5d1a573a1845aaae06a6083ab89a7d2e45bcec79246acfb1c5b8a83513d5d0fb8c950	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9AFF86D9-1DA4-11EE-A3FC-42E031024C9A} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0400173b1b1d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000007ce7b7852422c48865386072e9a0d0f000000000200000000001066000000010000200000008bbacff9d8530b7c2a7523277d22395f1328b69c9649b59b7a6b0f91a77d1eeb000000000e8000000002000020000000a956afce48e9acdf857ea9692020afead702cfb52d5b09a7d3c1304cc13e381520000000672416167f4a9bf6bb6ac9b8d1f6889dfbbc525716a1a42d640677a8b7dcb6334000000097a185db673cf9717b6ea2ddc6b55925d0f97660d41bca58aca80b3cf779241b49aaddd823066b241e1f917753c73cc8819d7003ddd2d9beabf5e15e3fc7ab5f	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000007ce7b7852422c48865386072e9a0d0f00000000020000000000106600000001000020000000e1221147cfb721dec00a2cc2445b8ec663b33a6f3efbed9fc0f568fd08ee0550000000000e800000000200002000000086eaa9f16e5a7908dfa050177ae224ac70f1882fa49b8677a11163ae488b2f5120000000fc7a429ca62a1308e69f2e7cb8f9ff565d179e523a7cb01c813b6c7fedc6d8c840000000bfef979eaa6ac85d928ecb360512e65fdb1420ac100e0378e1b19212796c03f33a4a6a44944d05945139bfb6777d1df48bc275a42a782b9f96f079168aa69c05	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\IntelliForms\AskUser = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80a3fda9b1b1d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044017"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000007ce7b7852422c48865386072e9a0d0f000000000200000000001066000000010000200000005dbeef28ffb5a608c56841200f2cb8c7928582fa7f3f6d3129f7173c962f7a08000000000e80000000020000200000007db9fbec51d2c1b1849ffbd6bd9937fb42073013bfdf5d4978cfa51ecdced6b820000000c1ba1950d8ecdb7d0aaf0056c9e1c93e95448209e34908ba8d77dee8b69b2996400000000d4c62c4a857b8e579a09546451523a934b497cb5eab14126d7a05ef237afaedb996d7a628b59da7fb9039c0747b996aecc543bbc439e4dcba727cdd4e5b860e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1872908585"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000007ce7b7852422c48865386072e9a0d0f0000000002000000000010660000000100002000000047e6c1fe62560826fe6bbb96576e1319e9290fcb10c024145f57ee052cca0350000000000e800000000200002000000088e0c942bfc4c891fb79cce2546c69707973076df4503e080e68b5aae46c1e75200000002adbba1b4855d657f6b44c425541e9d24fee076b8d74e45422b8fcfbabea4a834000000055dadc9de82c13201350fa1ce87bdf5226b9c20161d3dd38a39bbb2b13d28c179cdf939f7356b81850e0a93e1f6251188abefb074f61e01c31a162dfb40fcea8	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000007ce7b7852422c48865386072e9a0d0f00000000020000000000106600000001000020000000005ec8083a205fe17b7501892a20357185e16339ffad550c23fc68011d0d208a000000000e8000000002000020000000af4ed0e5a74de94b82ab2a36941f00de8603cbba2571dde7192eb7faad835c8f20000000a6540f4f051dfd601b6e9542bf2b906804d87a6d9be9eb7e6ee2897e2206ec51400000003832e5d21363b84fbd003dbaaafe43ad0bb29dad43ba7cfc30e2e2fe834b0071ab7633c21bed07451d1b02238813010477bb9f6b041340413143dbf4db4c80be	iexplore.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2240	iexplore.exe
2240	iexplore.exe
2240	iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2240	iexplore.exe
2240	iexplore.exe
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE
2240	iexplore.exe
2240	iexplore.exe
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 3004	2240	iexplore.exe	86
PID 2240 wrote to memory of 3004	2240	iexplore.exe	86
PID 2240 wrote to memory of 3004	2240	iexplore.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://nmas.miraco.com.eg/portal/
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2240 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3004
- C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IFS1FGNU\MCAC-Launcher_nmas.miraco.com.eg_en-us_MV9VTkZEQ0xfdW5kZWZpbmVkX1Rlc3Q=_.exe
  "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IFS1FGNU\MCAC-Launcher_nmas.miraco.com.eg_en-us_MV9VTkZEQ0xfdW5kZWZpbmVkX1Rlc3Q=_.exe"
  2⤵
  PID:4140

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\e863qdq\imagestore.dat

Filesize
467B

MD5
9c81f5794f194ca7de6d1b585e36396f

SHA1
541af37b75fe8197f491a70ea075c9396ca30425

SHA256
5106ffa6ad6f1e590bc5d4c3ca5cdaf4e35681c8cd38459228c4fd1d3edd39b3

SHA512
303b292c19e239b5e48f61d7cd802bb5885b3ed0b91c8c11a834478312a2e96a49d220e3fabbddb154338907b4e00e7733dc876fe75876349778f24be133647a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\682LH5TR\favicon[1].ico

Filesize
345B

MD5
bf1d42113c6000518b76370889b81c7f

SHA1
671b0af22431a3d9b964327ba311ed23f0702bf1

SHA256
ed3b587aa70629ac49b43e19083cd95861034a588757235395ce94c235503d4e

SHA512
a68b5c54e06e245dc3bea30b886b7b4070f80ecb5ce1c8ad860428a269fed16166eb52c9c90d3238bd1cbae498c116b5b63b036ad6a7c3e49bfb8be9917f9c1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\682LH5TR\styles[1].css

Filesize
4KB

MD5
d0e6a35bd918d8514ede48a8aabd9544

SHA1
0a5385883f4c8a43b6845b3ded11a7d8284a2ef5

SHA256
a8068a5e1fe4a9cfe776516a0954bb0a80da50b76fb2ec3cf0d10399648006b2

SHA512
1a50ab9e791f6e85fa3e12f69d1e0ac55207143025415cb7bc852e23563b88a0ab613ce89d425506d9734d2d4d0d1ee6a9079fb1178822280fb47f044ef90097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\682LH5TR\styles[2].css

Filesize
8KB

MD5
7070f72ef7793414e32988a6f6720fd9

SHA1
7fffc1e40adbd158de5b0acede0ce2b3b91710a2

SHA256
cfd301f2df2d39f9343b166d70474c96172709961057ea29fa2ed7f35be2b565

SHA512
95f9cabf6aa8800d69ab0d97951723b960c50ad4b0c0d97c8844147740c446c33cfba4a86321aba5d6b78e6fa1faf4dd9834675253bf039f137e1658818d8c7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\682LH5TR\vcs_awc_lib[1].js

Filesize
65KB

MD5
070bf51c440f040606f5a1bae5fc6b8b

SHA1
480edabfe6279b49dbf7c04e42d73641a3dd2d83

SHA256
ae8c31805923d61cc3b84a146152818040e154cbe436a92c6f3fe35263a5c8a0

SHA512
fe5dfc830fc9905d2828ba0465cb09af55c7f6fb64788b1753ce31e4621f4a6024dffff5d15a9a90ff39da68e85bb88ad860fce7a88dcc2ad14e62dc51896d14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IFS1FGNU\MCAC-Launcher_nmas.miraco.com.eg_en-us_MV9VTkZEQ0xfdW5kZWZpbmVkX1Rlc3Q=_.exe

Filesize
421KB

MD5
40b3d549ef0fbf55417c49d0e983fa01

SHA1
e14c91be7103e4dec0bebe415453b44c7360107f

SHA256
44a622260fdd2dcd894d07edc4fceaf9ecb74cf762224109f409965080a27b5e

SHA512
1da99a36cefe83f74d686a8745814d1276c791977b7e0a605e1b11e35205d9a7904af8252676e9862fea0badb45ef0ede79b9ea2de3322ae2adefb6d2be9b914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IFS1FGNU\MCAC-Launcher_nmas.miraco.com.eg_en-us_MV9VTkZEQ0xfdW5kZWZpbmVkX1Rlc3Q=_.exe.wrp6ii5.partial

Filesize
421KB

MD5
40b3d549ef0fbf55417c49d0e983fa01

SHA1
e14c91be7103e4dec0bebe415453b44c7360107f

SHA256
44a622260fdd2dcd894d07edc4fceaf9ecb74cf762224109f409965080a27b5e

SHA512
1da99a36cefe83f74d686a8745814d1276c791977b7e0a605e1b11e35205d9a7904af8252676e9862fea0badb45ef0ede79b9ea2de3322ae2adefb6d2be9b914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IFS1FGNU\MCAC-Launcher_nmas.miraco.com.eg_en-us_MV9VTkZEQ0xfdW5kZWZpbmVkX1Rlc3Q=_[1].exe

Filesize
421KB

MD5
40b3d549ef0fbf55417c49d0e983fa01

SHA1
e14c91be7103e4dec0bebe415453b44c7360107f

SHA256
44a622260fdd2dcd894d07edc4fceaf9ecb74cf762224109f409965080a27b5e

SHA512
1da99a36cefe83f74d686a8745814d1276c791977b7e0a605e1b11e35205d9a7904af8252676e9862fea0badb45ef0ede79b9ea2de3322ae2adefb6d2be9b914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IFS1FGNU\dojo[1].js

Filesize
87KB

MD5
5c9bd713ac3ad48b1268679eb9b537a8

SHA1
813d3e6c3bd6cf78010da4f778903d1dbb20f08e

SHA256
546d81a9bfeacde288ad4fd8cd84f76ace3c1f1546a3454109a65c2764420c8f

SHA512
7e2a17dc65acee230cec661692fdb4ed6e99b79540482c75459b0d23f8e4dc9c51c26a9da0078b11f83087de3a49b7b5bd365e4a745c9a768f4f14dbd7b0a436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IFS1FGNU\protocolcheck[1].js

Filesize
9KB

MD5
89c459be57d744645079f2ea33e9fbc6

SHA1
55e2b77bec4514b5f860139efd428308f3cf1c00

SHA256
95182f2eb41035c841d72255bc46c544bdd5434b9836d102cf29d3b1eb10849c

SHA512
9ca0363edbfac10fdb4e9b351f9debe888b0abc79116efc440b4aabf9a1183c971e85b9f8368f061973af3087fd4c54e125ef5acd93987557bc8810198868716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IFS1FGNU\redirect[1].htm

Filesize
25KB

MD5
5a52d5685eaf330eea33916dcff4edd5

SHA1
a0b1410e8a94e1820b5490e23d13cc70d016dc1a

SHA256
d15021a62dea2b812ba6c2ee7388d2779186626bb2b2da37649b20f104dc1994

SHA512
5cbe6ef76e084131ac33ed8b8f7dc22eaa75058088623d379bf70c50ee864044d1d67ead0a5ad913b0c1e662014c51c1c98125a85d4e42575700800e74d5a3ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IJIZWXVF\NNPCstyles[1].css

Filesize
26KB

MD5
20719dc16e53ace86f7d1a08b168a3ba

SHA1
a4074e1499bbb7f78f2691c399fd99abc0efb2e1

SHA256
e9ef301bd432e896440d499805d050c0a3c0e0116f662b6a1a3c00227e9a19e6

SHA512
ad4864400a13d2305f89e4eacba9e98e606675b4a2e59a541f07f1bbe4d56336caecc1c0ad88a74b7c6fe448011c6b6417b62a83312060a133240ed7fda37ee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IJIZWXVF\styles[1].css

Filesize
26KB

MD5
1d2af4264cc8b660ad5b55d9bf6de0b2

SHA1
8ccb543f2c4b0861ac3fed7e9b6f674ea9c2003b

SHA256
c18c65c14af82858c964ec745f53074c78c5d56e04d6d039f347a0a9d03a17d7

SHA512
818616521077712bdeb34a452788c98fd672b37689da0e94444ecb6aeb972ef93a4e67dc807d0c5a6b5d344c1e1465fb3c9f920c136d3637cb12edb06172dab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RSFEJP46\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RSFEJP46\vcs[1].htm

Filesize
21KB

MD5
37bf7ba6c780e83a90adbede93fd8b18

SHA1
2a252d1238b11dceae6a34349828cca0ce444537

SHA256
fe81a80d358142beb987e0808a9294909f9bdcdca191917c7a948f82ac282ff1

SHA512
c19f3728d380938be41ccc90804341ea83a4d62e338ea0fe417c336a640194aa745d1b0ea693bb24e719f3b79f80668c5e98965a59b11f2dd4cba9bd1962cf34

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads