Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10-05-2024 23:37
Static task
static1
Behavioral task
behavioral1
Sample
319f9e10658376d8925ca870d35e1137_JaffaCakes118.exe
Resource
win7-20240508-en
General
-
Target
319f9e10658376d8925ca870d35e1137_JaffaCakes118.exe
-
Size
648KB
-
MD5
319f9e10658376d8925ca870d35e1137
-
SHA1
23a8fd02baf0cae25c98a89fb76196d532ed1767
-
SHA256
915dc55b4031def7064312e56c9a9effa21ad124366df54fdc1215ef1709bfd0
-
SHA512
3689a92b44fbdf5077f5dacde8967754488241571c74dcb9cb15ca6dadc0541bb32362b7e7525ec9fee6dc0b7dc9568930fb28141a4ccf9b6b5c34ccd49de8e9
-
SSDEEP
6144:Q5mTEDUok+1NjIjODnupJnMZLrSPm4JZM1o7SVMVVadETPjSjCv4RgSNY5v6:Q5wED3kEDnQdM9rEju0TH4l
Malware Config
Extracted
gozi
-
build
214062
Extracted
gozi
3189
hfmjerrodo.com
w19jackyivah.com
l15uniquekylie.city
-
build
214062
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
12
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEiexplore.exeiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEdescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 706d9e4933a3da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000006633b135c95c54191e4d28dd78c8374000000000200000000001066000000010000200000003ab2b4b135bdeb84b4afddf99afb9ac8d6863f29e789ed7e5873b6bc770223c5000000000e8000000002000020000000989306c46cd2cb0acbf9c86bb69ffcc505d4bcb61d579bf390a62e82acd371dd20000000dfb617a1eb94e879cb7eda042656143e525f56d4e951f382f940bd32de4ca78940000000b895deb8fbd74e0ff42e63e6e1fd35d4e10677712d1f5c0bb077df7bef40ede57ecbb22ae0a6e250c36c6ca859d5d777b66ce7cc955cba5332946ea9c09896d5 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9A9E3A06-0F26-11EF-A084-F20C5DF75BB0} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1222624070" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000006633b135c95c54191e4d28dd78c837400000000020000000000106600000001000020000000e211bca3736809c8a6df66084b17d6829ff6676838584542ed0418726ef0a84d000000000e8000000002000020000000f95979e1e9143d3395a0963bb41e045f7bacc6560d2d6955460519fd5ba63b0d2000000082d9b0bd3e6a62a69d666434fe0c2b47ef641d965010839aefe09498e95776e8400000000c36ee8746054620c0c3242ca9f1941c20b405d78d39851ba018505a50cdbffe209c162eaed39134b0add1946c7016baee81e5a13b113c11ae1447c0178817c0 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000006633b135c95c54191e4d28dd78c83740000000002000000000010660000000100002000000096775989e9f6bdeb06a529b635e72b434396033bbd46ec8dab0ac1d64eddfb71000000000e8000000002000020000000a874d4bf4351d27697841e781f9e34641857a30f9a69f545758fd00875dba47e20000000ec265f9176e09f86d7ad8e872d5221560ea2b16918e9a30a5ae322aa3ceccd2740000000f5325f45ce2c94a990b5c2eada3da4c1e24d2bf31d1fa0df730ac38f4eae60e4bfb690cca29e4c8b4f5e8799722b1f0e8858d8d4e12e751723d7921c2149d81c iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B4B6B78A-0F26-11EF-A084-F20C5DF75BB0} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000006633b135c95c54191e4d28dd78c83740000000002000000000010660000000100002000000077be0f451a9b1549b075f386b65dc7febe53a907cb2c562868343e4e54b1c356000000000e8000000002000020000000ce95f6d43389e158eeb5e3ce4d23e3729118f6f399b1d948cb39799a821e4dce200000001fc405014705b0e194386a91d2dd1145f4543434735d71ddbdd71e3f268182c8400000002f1b4c29e2476324ada1075b72e5a93dab4592f3c4fb8379e2cffd75548f6708d412807df5095a3cb34efb7d4ba7a0d93dfc176e3e877370d38b1759fec07ef6 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000006633b135c95c54191e4d28dd78c83740000000002000000000010660000000100002000000033828466acb846695b6509d4072d54844b91cf9fbd72ba7d571a302f7fcfd7c7000000000e80000000020000200000004668218805f6eba2c39651b28c79a0e0dd6944e7ccf116ce36cd4696ef8c563020000000cf8b056f128b3b10c65825bd20967f3abf9e32f190a177945b263065c607ea9e40000000aad1912dd9d72980aa51065434cf34afb4292bcb4945e11e2ccb1f4b383ee0bfd7bd945fe3f3fa1f8d2af421522d106f096a62ee2609b9405217a15b9df0abf6 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31105843" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{8D9DE71B-0F26-11EF-A084-F20C5DF75BB0} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000006633b135c95c54191e4d28dd78c83740000000002000000000010660000000100002000000011482dd4a6aee4c5a6798989434675b3dd33f4a6bf81b39df87ddbbfe578972c000000000e8000000002000020000000aef03be3604a1f4b50137fdc17a8a2497220eead198716f91f4e2c885035f5d420000000b9af777c06e667dc74f196e3afae26e391b8249a6577eb0dc2e096236c76201a40000000541283850961c62487ae18d39682953af89bd18445d92059091d64ae26092aca2d3aecd6fba0fdcd91bc6eb2d5097fe36d029bc34ec1979e50dfda06f1ac038b iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0cba85033a3da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1222624070" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{A7ACDA57-0F26-11EF-A084-F20C5DF75BB0} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50a5c17733a3da01 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20c9b76a33a3da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe -
Suspicious use of FindShellTrayWindow 5 IoCs
Processes:
iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exepid process 388 iexplore.exe 4908 iexplore.exe 2184 iexplore.exe 3716 iexplore.exe 1912 iexplore.exe -
Suspicious use of SetWindowsHookEx 20 IoCs
Processes:
iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEpid process 388 iexplore.exe 388 iexplore.exe 2392 IEXPLORE.EXE 2392 IEXPLORE.EXE 4908 iexplore.exe 4908 iexplore.exe 1536 IEXPLORE.EXE 1536 IEXPLORE.EXE 2184 iexplore.exe 2184 iexplore.exe 4092 IEXPLORE.EXE 4092 IEXPLORE.EXE 3716 iexplore.exe 3716 iexplore.exe 3988 IEXPLORE.EXE 3988 IEXPLORE.EXE 1912 iexplore.exe 1912 iexplore.exe 1120 IEXPLORE.EXE 1120 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 15 IoCs
Processes:
iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exedescription pid process target process PID 388 wrote to memory of 2392 388 iexplore.exe IEXPLORE.EXE PID 388 wrote to memory of 2392 388 iexplore.exe IEXPLORE.EXE PID 388 wrote to memory of 2392 388 iexplore.exe IEXPLORE.EXE PID 4908 wrote to memory of 1536 4908 iexplore.exe IEXPLORE.EXE PID 4908 wrote to memory of 1536 4908 iexplore.exe IEXPLORE.EXE PID 4908 wrote to memory of 1536 4908 iexplore.exe IEXPLORE.EXE PID 2184 wrote to memory of 4092 2184 iexplore.exe IEXPLORE.EXE PID 2184 wrote to memory of 4092 2184 iexplore.exe IEXPLORE.EXE PID 2184 wrote to memory of 4092 2184 iexplore.exe IEXPLORE.EXE PID 3716 wrote to memory of 3988 3716 iexplore.exe IEXPLORE.EXE PID 3716 wrote to memory of 3988 3716 iexplore.exe IEXPLORE.EXE PID 3716 wrote to memory of 3988 3716 iexplore.exe IEXPLORE.EXE PID 1912 wrote to memory of 1120 1912 iexplore.exe IEXPLORE.EXE PID 1912 wrote to memory of 1120 1912 iexplore.exe IEXPLORE.EXE PID 1912 wrote to memory of 1120 1912 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\319f9e10658376d8925ca870d35e1137_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\319f9e10658376d8925ca870d35e1137_JaffaCakes118.exe"1⤵PID:872
-
C:\Program Files (x86)\Internet Explorer\ielowutil.exe"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding1⤵PID:4480
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:388 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:388 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2392
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4908 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4908 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1536
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4092
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3716 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3716 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3988
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1912 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1912 CREDAT:17410 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
PID:1120
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5d65ec06f21c379c87040b83cc1abac6b
SHA1208d0a0bb775661758394be7e4afb18357e46c8b
SHA256a1270e90cea31b46432ec44731bf4400d22b38eb2855326bf934fe8f1b169a4f
SHA5128a166d26b49a5d95aea49bc649e5ea58786a2191f4d2adac6f5fbb7523940ce4482d6a2502aa870a931224f215cb2010a8c9b99a2c1820150e4d365cab28299e
-
Filesize
11KB
MD59234071287e637f85d721463c488704c
SHA1cca09b1e0fba38ba29d3972ed8dcecefdef8c152
SHA25665cc039890c7ceb927ce40f6f199d74e49b8058c3f8a6e22e8f916ad90ea8649
SHA51287d691987e7a2f69ad8605f35f94241ab7e68ad4f55ad384f1f0d40dc59ffd1432c758123661ee39443d624c881b01dcd228a67afb8700fe5e66fc794a6c0384
-
Filesize
2KB
MD52dc61eb461da1436f5d22bce51425660
SHA1e1b79bcab0f073868079d807faec669596dc46c1
SHA256acdeb4966289b6ce46ecc879531f85e9c6f94b718aab521d38e2e00f7f7f7993
SHA512a88becb4fbddc5afc55e4dc0135af714a3eec4a63810ae5a989f2cecb824a686165d3cedb8cbd8f35c7e5b9f4136c29dea32736aabb451fe8088b978b493ac6d
-
Filesize
748B
MD5c4f558c4c8b56858f15c09037cd6625a
SHA1ee497cc061d6a7a59bb66defea65f9a8145ba240
SHA25639e7de847c9f731eaa72338ad9053217b957859de27b50b6474ec42971530781
SHA512d60353d3fbea2992d96795ba30b20727b022b9164b2094b922921d33ca7ce1634713693ac191f8f5708954544f7648f4840bcd5b62cb6a032ef292a8b0e52a44
-
Filesize
1KB
MD5dfeabde84792228093a5a270352395b6
SHA1e41258c9576721025926326f76063c2305586f76
SHA25677b138ab5d0a90ff04648c26addd5e414cc178165e3b54a4cb3739da0f58e075
SHA512e256f603e67335151bb709294749794e2e3085f4063c623461a0b3decbcca8e620807b707ec9bcbe36dcd7d639c55753da0495be85b4ae5fb6bfc52ab4b284fd
-
Filesize
16KB
MD557ee514a3f38da27735820e38c3972f2
SHA1b9cce120d7fc778d7c000b4b5cba14a1b685e96f
SHA256a82fb274a0c044e68bc85efad57c6be3f0322714882134cd5dbcb58974ae4360
SHA51295b2efd0b8aeeb6faaa460f25d9937c642c3e39ff4f101e908ad0430d0ebcbdf0881f7a33af6a108d209a88fb7ed4423d27b7c6f82557d8692349bfa7b8f40e3