Overview
overview
10Static
static
3eeeeeeeeee...00.exe
windows7-x64
eeeeeeeeee...00.exe
windows10-2004-x64
eeeeeeeeee...um.exe
windows7-x64
10eeeeeeeeee...um.exe
windows10-2004-x64
10eeeeeeeeee...ug.exe
windows7-x64
6eeeeeeeeee...ug.exe
windows10-2004-x64
6eeeeeeeeee...le.exe
windows7-x64
1eeeeeeeeee...le.exe
windows10-2004-x64
1eeeeeeeeee...er.exe
windows7-x64
7eeeeeeeeee...er.exe
windows10-2004-x64
7eeeeeeeeee...us.exe
windows7-x64
1eeeeeeeeee...us.exe
windows10-2004-x64
1MEMZ 3.0/MEMZ.bat
windows7-x64
7MEMZ 3.0/MEMZ.bat
windows10-2004-x64
7MEMZ 3.0/MEMZ.exe
windows7-x64
6MEMZ 3.0/MEMZ.exe
windows10-2004-x64
7eeeeeeeeee...MZ.bat
windows7-x64
7eeeeeeeeee...MZ.bat
windows10-2004-x64
7eeeeeeeeee...MZ.exe
windows7-x64
6eeeeeeeeee...MZ.exe
windows10-2004-x64
7eeeeeeeeee...ld.exe
windows7-x64
3eeeeeeeeee...ld.exe
windows10-2004-x64
7eeeeeeeeee....A.exe
windows7-x64
6eeeeeeeeee....A.exe
windows10-2004-x64
6eeeeeeeeee...al.exe
windows7-x64
7eeeeeeeeee...al.exe
windows10-2004-x64
8eeeeeeeeee...15.exe
windows7-x64
3eeeeeeeeee...15.exe
windows10-2004-x64
3eeeeeeeeee...al.exe
windows7-x64
7eeeeeeeeee...al.exe
windows10-2004-x64
8eeeeeeeeee...0r.exe
windows7-x64
10eeeeeeeeee...0r.exe
windows10-2004-x64
10Resubmissions
15-09-2024 23:12
240915-27aqvsxhjq 815-09-2024 23:02
240915-21efgaxake 815-09-2024 22:58
240915-2xypyaxdkj 315-09-2024 22:56
240915-2wn44sxcpk 315-09-2024 22:43
240915-2np2fawhpr 315-09-2024 22:42
240915-2m3k5swhmk 1015-09-2024 22:33
240915-2gqdmawbja 815-09-2024 22:27
240915-2de4gswekk 715-09-2024 22:15
240915-16esravenh 10Analysis
-
max time kernel
124s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
11-03-2024 01:14
Static task
static1
Behavioral task
behavioral1
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/000/[email protected]
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/000/[email protected]
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Antivirus Platinum/[email protected]
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Antivirus Platinum/[email protected]
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/ColorBug/[email protected]
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral6
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/ColorBug/[email protected]
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/DesktopPuzzle/[email protected]
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/DesktopPuzzle/[email protected]
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/FakeActivation/[email protected]
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral10
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/FakeActivation/[email protected]
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Happy Antivirus/[email protected]
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Happy Antivirus/[email protected]
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
MEMZ 3.0/MEMZ.bat
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
MEMZ 3.0/MEMZ.bat
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
MEMZ 3.0/MEMZ.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral16
Sample
MEMZ 3.0/MEMZ.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.bat
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.bat
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/NavaShield/[email protected]
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/NavaShield/[email protected]
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Petya.A/[email protected]
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral24
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Petya.A/[email protected]
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Central/[email protected]
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral26
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Central/[email protected]
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Defender 2015/[email protected]
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral28
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Defender 2015/[email protected]
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/VineMEMZ-Original.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral30
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/VineMEMZ-Original.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/WannaCrypt0r/[email protected]
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral32
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/WannaCrypt0r/[email protected]
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.exe
-
Size
12KB
-
MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91
-
SHA1
761168201520c199dba68add3a607922d8d4a86e
-
SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
-
SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
SSDEEP
192:HMDLTxWDf/pl3cIEiwqZKBktLe3P+qf2jhP6B5b2yL3:H4IDH3cIqqvUWq+jhyT2yL
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 MEMZ.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DOMStorage IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e07d8dbe5173da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416281626" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e0000000002000000000010660000000100002000000059c2043312eca1f26c34a2275aaeac745936779303fb2aab866c93c40c3205ae000000000e8000000002000020000000be38395a33c0ed6f3af61a1ff7002317396d1e9ad952b2c0618cf016eeae4b4e20000000b68ee219120629cd6cc9d6c6f5711aedb0b0a1acbc246d1551cabcd0436e3d7b40000000aa2011e76d2b2da147400b581febc95bbbb486b6848944ffc77089057468b1cc56c1db2627bb6d303f8a1368e7739a3b6b224cf129da10f16428b564df4324c7 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e000000000200000000001066000000010000200000009ede7ae07d35ba100465be52b1caa2e6b95c6d73b75335767e1c948244c05ffb000000000e8000000002000020000000c216b4fd7301d43c8b2315c3f78f8d8e325d5466627ac2b908c713df54368c4a9000000028eb74d0ab06859cc6cad2964ee2088a1ca1b82ae7743b3c1fd71707b8a45474723c3f745b4841ac64374a8a709c8bb3dfe0a6f15cf9b38b3fa7b5688ff5aee1c490a2e5e2aa85f6eecdd244fde38a3a1e48d4dc92de82d4ad491ebfafa25d8467928cd3676743b20c9d377e090c9464db71770b7802d384e5a630b29cf49a5f2f22a355d564adc5af6e063aee93b4cc40000000f7e66fab83dd0f1da529a67d7d98034819273733870bc84baa3df52355879ea7b0752438b730c52fff25f6e819aa1a77033e7370c355f16977506d56f25680fd iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5C10B21-DF44-11EE-9D28-4A4F109F65B0} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2732 MEMZ.exe 2256 MEMZ.exe 1844 MEMZ.exe 1940 MEMZ.exe 2724 MEMZ.exe 1844 MEMZ.exe 2256 MEMZ.exe 2732 MEMZ.exe 2724 MEMZ.exe 1940 MEMZ.exe 2732 MEMZ.exe 1940 MEMZ.exe 2256 MEMZ.exe 2724 MEMZ.exe 1844 MEMZ.exe 2732 MEMZ.exe 2256 MEMZ.exe 1844 MEMZ.exe 1940 MEMZ.exe 2724 MEMZ.exe 1940 MEMZ.exe 2732 MEMZ.exe 2256 MEMZ.exe 2724 MEMZ.exe 1844 MEMZ.exe 2732 MEMZ.exe 2256 MEMZ.exe 1844 MEMZ.exe 1940 MEMZ.exe 2724 MEMZ.exe 2732 MEMZ.exe 2256 MEMZ.exe 1844 MEMZ.exe 1940 MEMZ.exe 2724 MEMZ.exe 2732 MEMZ.exe 2256 MEMZ.exe 1844 MEMZ.exe 1940 MEMZ.exe 2724 MEMZ.exe 2732 MEMZ.exe 2256 MEMZ.exe 1844 MEMZ.exe 2724 MEMZ.exe 1940 MEMZ.exe 1844 MEMZ.exe 2256 MEMZ.exe 2732 MEMZ.exe 1940 MEMZ.exe 2724 MEMZ.exe 2724 MEMZ.exe 2732 MEMZ.exe 2256 MEMZ.exe 1844 MEMZ.exe 1940 MEMZ.exe 2732 MEMZ.exe 2724 MEMZ.exe 2256 MEMZ.exe 1940 MEMZ.exe 1844 MEMZ.exe 2732 MEMZ.exe 2724 MEMZ.exe 1940 MEMZ.exe 2256 MEMZ.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 1748 mmc.exe 568 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 9 IoCs
description pid Process Token: 33 1748 mmc.exe Token: SeIncBasePriorityPrivilege 1748 mmc.exe Token: 33 1748 mmc.exe Token: SeIncBasePriorityPrivilege 1748 mmc.exe Token: 33 1748 mmc.exe Token: SeIncBasePriorityPrivilege 1748 mmc.exe Token: 33 1748 mmc.exe Token: SeIncBasePriorityPrivilege 1748 mmc.exe Token: SeDebugPrivilege 568 taskmgr.exe -
Suspicious use of FindShellTrayWindow 23 IoCs
pid Process 2516 iexplore.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe -
Suspicious use of SendNotifyMessage 22 IoCs
pid Process 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe 568 taskmgr.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 2516 iexplore.exe 2516 iexplore.exe 2352 IEXPLORE.EXE 2352 IEXPLORE.EXE 2352 IEXPLORE.EXE 2352 IEXPLORE.EXE 2044 mmc.exe 1748 mmc.exe 1748 mmc.exe 2944 mspaint.exe 2944 mspaint.exe 2944 mspaint.exe 2944 mspaint.exe 1940 MEMZ.exe 2256 MEMZ.exe 2724 MEMZ.exe 2732 MEMZ.exe 2256 MEMZ.exe 2732 MEMZ.exe 2724 MEMZ.exe 1940 MEMZ.exe 1940 MEMZ.exe 2724 MEMZ.exe 2256 MEMZ.exe 2732 MEMZ.exe 2256 MEMZ.exe 2732 MEMZ.exe 2724 MEMZ.exe 1940 MEMZ.exe 2256 MEMZ.exe 2724 MEMZ.exe 2732 MEMZ.exe 1940 MEMZ.exe 2256 MEMZ.exe 2724 MEMZ.exe 1940 MEMZ.exe 2732 MEMZ.exe 2724 MEMZ.exe 2256 MEMZ.exe 1940 MEMZ.exe 2732 MEMZ.exe 2732 MEMZ.exe 2256 MEMZ.exe 2724 MEMZ.exe 1940 MEMZ.exe 2724 MEMZ.exe 2256 MEMZ.exe 2732 MEMZ.exe 1940 MEMZ.exe 2732 MEMZ.exe 2256 MEMZ.exe 1940 MEMZ.exe 2724 MEMZ.exe 1940 MEMZ.exe 2732 MEMZ.exe 2724 MEMZ.exe 2256 MEMZ.exe 2732 MEMZ.exe 2256 MEMZ.exe 2724 MEMZ.exe 1940 MEMZ.exe 2724 MEMZ.exe 2732 MEMZ.exe 1940 MEMZ.exe -
Suspicious use of WriteProcessMemory 52 IoCs
description pid Process procid_target PID 1660 wrote to memory of 2732 1660 MEMZ.exe 28 PID 1660 wrote to memory of 2732 1660 MEMZ.exe 28 PID 1660 wrote to memory of 2732 1660 MEMZ.exe 28 PID 1660 wrote to memory of 2732 1660 MEMZ.exe 28 PID 1660 wrote to memory of 2724 1660 MEMZ.exe 29 PID 1660 wrote to memory of 2724 1660 MEMZ.exe 29 PID 1660 wrote to memory of 2724 1660 MEMZ.exe 29 PID 1660 wrote to memory of 2724 1660 MEMZ.exe 29 PID 1660 wrote to memory of 2256 1660 MEMZ.exe 30 PID 1660 wrote to memory of 2256 1660 MEMZ.exe 30 PID 1660 wrote to memory of 2256 1660 MEMZ.exe 30 PID 1660 wrote to memory of 2256 1660 MEMZ.exe 30 PID 1660 wrote to memory of 1940 1660 MEMZ.exe 31 PID 1660 wrote to memory of 1940 1660 MEMZ.exe 31 PID 1660 wrote to memory of 1940 1660 MEMZ.exe 31 PID 1660 wrote to memory of 1940 1660 MEMZ.exe 31 PID 1660 wrote to memory of 1844 1660 MEMZ.exe 32 PID 1660 wrote to memory of 1844 1660 MEMZ.exe 32 PID 1660 wrote to memory of 1844 1660 MEMZ.exe 32 PID 1660 wrote to memory of 1844 1660 MEMZ.exe 32 PID 1660 wrote to memory of 2544 1660 MEMZ.exe 33 PID 1660 wrote to memory of 2544 1660 MEMZ.exe 33 PID 1660 wrote to memory of 2544 1660 MEMZ.exe 33 PID 1660 wrote to memory of 2544 1660 MEMZ.exe 33 PID 2544 wrote to memory of 2564 2544 MEMZ.exe 34 PID 2544 wrote to memory of 2564 2544 MEMZ.exe 34 PID 2544 wrote to memory of 2564 2544 MEMZ.exe 34 PID 2544 wrote to memory of 2564 2544 MEMZ.exe 34 PID 2544 wrote to memory of 2516 2544 MEMZ.exe 35 PID 2544 wrote to memory of 2516 2544 MEMZ.exe 35 PID 2544 wrote to memory of 2516 2544 MEMZ.exe 35 PID 2544 wrote to memory of 2516 2544 MEMZ.exe 35 PID 2516 wrote to memory of 2352 2516 iexplore.exe 37 PID 2516 wrote to memory of 2352 2516 iexplore.exe 37 PID 2516 wrote to memory of 2352 2516 iexplore.exe 37 PID 2516 wrote to memory of 2352 2516 iexplore.exe 37 PID 2544 wrote to memory of 2044 2544 MEMZ.exe 41 PID 2544 wrote to memory of 2044 2544 MEMZ.exe 41 PID 2544 wrote to memory of 2044 2544 MEMZ.exe 41 PID 2544 wrote to memory of 2044 2544 MEMZ.exe 41 PID 2044 wrote to memory of 1748 2044 mmc.exe 42 PID 2044 wrote to memory of 1748 2044 mmc.exe 42 PID 2044 wrote to memory of 1748 2044 mmc.exe 42 PID 2044 wrote to memory of 1748 2044 mmc.exe 42 PID 2544 wrote to memory of 2944 2544 MEMZ.exe 43 PID 2544 wrote to memory of 2944 2544 MEMZ.exe 43 PID 2544 wrote to memory of 2944 2544 MEMZ.exe 43 PID 2544 wrote to memory of 2944 2544 MEMZ.exe 43 PID 2544 wrote to memory of 2480 2544 MEMZ.exe 45 PID 2544 wrote to memory of 2480 2544 MEMZ.exe 45 PID 2544 wrote to memory of 2480 2544 MEMZ.exe 45 PID 2544 wrote to memory of 2480 2544 MEMZ.exe 45
Processes
-
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1660 -
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2732
-
-
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2724
-
-
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2256
-
-
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1940
-
-
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1844
-
-
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /main2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
PID:2544 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵PID:2564
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://google.co.ck/search?q=how+2+buy+weed3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2516 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2352
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"3⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2044 -
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"4⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1748
-
-
-
C:\Windows\SysWOW64\mspaint.exe"C:\Windows\System32\mspaint.exe"3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:2944
-
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe"3⤵PID:2480
-
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:568
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
67KB
MD5753df6889fd7410a2e9fe333da83a429
SHA13c425f16e8267186061dd48ac1c77c122962456e
SHA256b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA5129d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD503971aa9b245dfe2d6494f7ef82f98c1
SHA10ebf4b7938a70d05d327c18f176eb1875daf390a
SHA2569cec2b45e944057574ebe3d44a31a22399905fe44e1863687381e258f05dc077
SHA512704f5093de0a75afc8a8c06c655b51399b7dc42c55a82a5fca2e57b03697d0df2479a272c174d71ed7dec37dcd863ece42c2a1a5846a38569bdfd71ef1b1fb6a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d8e7002c810b33086a5e1f38c127fd48
SHA1d39a1022e8bdd5efae1d166b92cfe07f46dd9e0b
SHA2563dfd429918ab6839807e2c51a4b8a3a289eeededd660d32d941e9b2f3c67ecdf
SHA512b4adece88b7ec567cc70ad20b0d507fdbbc80be16dee2b8ffffa2675ea8d4aab24efb73e4151a780493d10649be98fc0207c7723007ac538d6badcf9f0be624a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51d4a02573556dfffe1f377fb28fc1b69
SHA1493b9791e15ac9f38fa5c86fcfad0d55560abc62
SHA2561e5cbfd05e94afa4281ad8ff52be4d91fb963ccf901047ace0e6f2a651a9f468
SHA512919ef2ee9e85b487af78043b83b5d50eb736b1cf31aa929ce27c9f96eaccbe15f02dd97c2fdca45eba346053dbbeea98e6d217817f7ff08dfdd60a7a52540e70
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ce4fc0a8adff2872bfe7211c9284c99c
SHA1026ce88dfc1427b5ac95e92c7f6acb6b4f5fd4e2
SHA256ad9e7126a1cef9678927bcf7665dc95a52c7a8618407563ae6fc64132059a5ba
SHA51298b872cfc1c9d94a3a1919ac4c85450fac83223d8986d7637f56cdcfd47381fd0a10a046dbde4d375047d162e31772b02c3b5ef20f3959bf254fc4128b493cda
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50c7108d2f2d7d8cb44eaebab1447f02c
SHA15d65882c487e0de5a66a0e5b2a6ef9b2338bf1c7
SHA2564d8aa5a9a2b4f2ef7597f041e9e778bf6c3e8d2a11fc75d27cad32dbc1cffbe5
SHA5127d27800684a504061ffd25fd39bcc1387047b6c3d2f06afa85556f65d904a7a3bc61a471c04ea2073e7f1fb2e9f4dab6c7fcd797d9dfd541531ca20385da9861
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ecfb66fccad5b2d0a907544cc8a95287
SHA14571d49e02b366b88516450cf3b8093ffc239cae
SHA25697dde5cfd345ca2a07ab80f1b46538bc9aeb77afb2123e9b8856f44fc66f920f
SHA5128075dad8f63fd3429e44f32795fcb8f39b56d5689a45157856f913decadbd87c4f45a33ac9742033fcfd8228754c7bc065f0c3a247b6af0ae9531c1c34be1feb
-
Filesize
99B
MD52678019dd2b9bc857fb5dd13d3eed1e9
SHA1be73be49785ae51da9b16130eabdd959d69221d7
SHA256991d1d8131b524d1b6b1a58ad94ce0d1cc7602b0f47aee575bc16ba689bd94b5
SHA512eb9e7251612b3c7238b1b7d4e8cf62ef203e2c5913aee4b9930c9b91606cece9f81051e98014474efba5417fdceee37a89ba953b919d35818a4ff2a763603137
-
Filesize
5KB
MD5127dd2d593c9cafb3f9319eafca0e07a
SHA14ce8b589ceabcd6839aff9303ee0b55c72f8a107
SHA256d62e75b9af6bc856468315adc778516815f03618ea3195ab1feb7b45778e5c45
SHA512bec830feb5a1d08ec1f3bf6166e70ad1c7129cd3848b97c95d33ef714aa094d810dda85e44dfde2c56fe9294e4fb92be43f3cf49e53e800e48091eeef259f5bf
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75OMIGJ7\favicon[1].ico
Filesize5KB
MD5f3418a443e7d841097c714d69ec4bcb8
SHA149263695f6b0cdd72f45cf1b775e660fdc36c606
SHA2566da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA51282d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4HDT8MX\recaptcha__en[1].js
Filesize192KB
MD5c41c746e61e864b8b9ea799276ff7a72
SHA13d09a1f801e744839b4edee6ae7d25292eb38d90
SHA256e15f4021881e9f13d6cf886be86e6aab2d749ce6174d83e79ed3be29d00425f9
SHA512d466911027119a79476d5fcdc39635eceab2fd31a3dbb83f0b47a687a32e7fd87156f23eb16e8b2ee8f4cda22e16ded096f92c7ed9c673affb1f7d1f9802dab5
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2GIJQ9P\styles__ltr[1].css
Filesize55KB
MD5eb4bc511f79f7a1573b45f5775b3a99b
SHA1d910fb51ad7316aa54f055079374574698e74b35
SHA2567859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
SHA512ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
Filesize
175KB
MD5dd73cead4b93366cf3465c8cd32e2796
SHA174546226dfe9ceb8184651e920d1dbfb432b314e
SHA256a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63
-
Filesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf