description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusOverride = "25600"	immeaxox-eamid.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "25600"	immeaxox-eamid.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "25600"	immeaxox-eamid.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "25600"	immeaxox-eamid.exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5350444F-4846-4d41-5350-444F48464d41}\01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123 = "a"	immeaxox-eamid.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5350444F-4846-4d41-5350-444F48464d41}\IsInstalled = "1"	immeaxox-eamid.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5350444F-4846-4d41-5350-444F48464d41}\StubPath = "C:\\Windows\\system32\\akveakup.exe"	immeaxox-eamid.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5350444F-4846-4d41-5350-444F48464d41}	immeaxox-eamid.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe	immeaxox-eamid.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890 = "a"	immeaxox-eamid.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\Debugger = "C:\\Windows\\system32\\eadhison.exe"	immeaxox-eamid.exe

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\eadhison.exe	immeaxox-eamid.exe
File created	C:\Windows\SysWOW64\eadhison.exe	immeaxox-eamid.exe
File opened for modification	C:\Windows\SysWOW64\fxopig-doot.dll	immeaxox-eamid.exe
File created	C:\Windows\SysWOW64\fxopig-doot.dll	immeaxox-eamid.exe
File opened for modification	C:\Windows\SysWOW64\immeaxox-eamid.exe	immeaxox-eamid.exe
File created	C:\Windows\SysWOW64\immeaxox-eamid.exe	a0ee0d5b996533cc5c66f5f328f3d1576fa94e19b4c93986de6a89f64581b130.exe
File opened for modification	C:\Windows\SysWOW64\akveakup.exe	immeaxox-eamid.exe
File created	C:\Windows\SysWOW64\akveakup.exe	immeaxox-eamid.exe
File opened for modification	C:\Windows\SysWOW64\immeaxox-eamid.exe	a0ee0d5b996533cc5c66f5f328f3d1576fa94e19b4c93986de6a89f64581b130.exe

pid	Process
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
2988	immeaxox-eamid.exe
2988	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe
4948	immeaxox-eamid.exe

description	pid	Process	procid_target
PID 4220 wrote to memory of 4948	4220	a0ee0d5b996533cc5c66f5f328f3d1576fa94e19b4c93986de6a89f64581b130.exe	83
PID 4220 wrote to memory of 4948	4220	a0ee0d5b996533cc5c66f5f328f3d1576fa94e19b4c93986de6a89f64581b130.exe	83
PID 4220 wrote to memory of 4948	4220	a0ee0d5b996533cc5c66f5f328f3d1576fa94e19b4c93986de6a89f64581b130.exe	83
PID 4948 wrote to memory of 2988	4948	immeaxox-eamid.exe	84
PID 4948 wrote to memory of 2988	4948	immeaxox-eamid.exe	84
PID 4948 wrote to memory of 2988	4948	immeaxox-eamid.exe	84
PID 4948 wrote to memory of 612	4948	immeaxox-eamid.exe	5
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56
PID 4948 wrote to memory of 3540	4948	immeaxox-eamid.exe	56

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.