b2f24dffcb879ff3e86cbe41dd7dfc25bc919a7b8aa59f358cfa8512967224df

Analysis

max time kernel
149s
max time network
138s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 12:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
Size

817KB
MD5

b82ad4e40bc3421c0dbd6efce3606c50
SHA1

37dc56d3df5bb2ccec11fabb547feee6dce950a7
SHA256

b2f24dffcb879ff3e86cbe41dd7dfc25bc919a7b8aa59f358cfa8512967224df
SHA512

31a9b8553df1a05606ab7f0a7e537f72f32375539e297677a35ca3ae1c0721ddbc9a17193a9a30d64e6abeb618b2257f8ec56593e5510585d066f94dc64e0c47
SSDEEP

12288:LCdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBgaujzQ:LCdxte/80jYLT3U1jfsWaujzQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom\ZoomFactor = "100000"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F8DD3EF1-1125-11EF-9CBB-52ADCDCA366E} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000000700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009acbbc286be63c4682a409f320de94d7	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421765894"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
2504	iexplore.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
1192	b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2504	iexplore.exe
2504	iexplore.exe
2572	IEXPLORE.EXE
2572	IEXPLORE.EXE
2716	iexplore.exe
2716	iexplore.exe
2572	IEXPLORE.EXE
2572	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 2572	2504	iexplore.exe	30
PID 2504 wrote to memory of 2572	2504	iexplore.exe	30
PID 2504 wrote to memory of 2572	2504	iexplore.exe	30
PID 2504 wrote to memory of 2572	2504	iexplore.exe	30
PID 2504 wrote to memory of 2716	2504	iexplore.exe	31
PID 2504 wrote to memory of 2716	2504	iexplore.exe	31
PID 2504 wrote to memory of 2716	2504	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b82ad4e40bc3421c0dbd6efce3606c50_NeikiAnalytics.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1192

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2572
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2504 CREDAT:472068 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f30f65d666ee67c0b6fe8d55a24d7cb

SHA1
8ad9d6b72e6f581ebd073779f9ec43b4782f723f

SHA256
e64dc2f5967d71ce0a58a46f6449b5addf2e72f4eac3e78a12ae15f5e0d467a9

SHA512
be3c1d4b8cef368428c4c57e1fd7372da264abe97015f1ff645a25904ba8596018db81c0a0c1c4b5ae01b893dd88e0d236735f88026ddb5e8e79148cb6419b85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6ce7579d8e8102712955058a66bef12

SHA1
64e9277a17f1c1268e53e8668fbc440ae99c8b8f

SHA256
d9fe5c94e6429a903e3a958857b8b1ed14d188c7544fa9d9358b3fb0b43d2d88

SHA512
579cd52dfe39209614a75ef80655b7be3f6dfd82c04cacfc40137acef61bccbcf9fb3bbf0d6bc844e786bebfa9df8fbcfe1bf716b521f383ba0d893e5b320eee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ae163ff49868d03c74890d576b8cbe4

SHA1
9a78364b263c20f6d3a48fbb09c9d584d183fcd7

SHA256
770b3b9126ceee9ad7d4cf3b63c3f85ceb114310418dc9d471b2c2bd102fe780

SHA512
80e4705fcae35074b18ca4597baf1e6030f53d15962cf59c94560d7d0b790545ee8efec41c557b992d3c4f52d90ef4d8eca7a03ed351aa368e7f585c7dfdabfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c57fce6535e97c4716669c76cd61350

SHA1
17fbeec07bfbe71535c3ffee041f2b4ece2c1a51

SHA256
8f6fd240d52c5e2ba101e8af9b350463c0418d92f4970c13d769f44189ccd2a3

SHA512
7251ea72037dba7c70a4c6d3e00e67da25e60b6c26f177a3458066c8decff3b84002194f7c3d7f3b68e29867209227370fd0d0e2b3c70eca9f54cf267d144b54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1cc3875bfc5d51a00e55ba4339e1fe13

SHA1
dd8988bf66105a6b927d83a44005af37b0450e29

SHA256
40cbe31c97db07bb4ed7720c39839637475eeb32ea89f727f78bccab054f506b

SHA512
a4b727d528760691c3fe842ed60e0d01fb451e7e4c6116e280b11590f214f996963274fc66a0771f3eef205391b1a6c57a7d132f5a72757fced985e8e597598c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd0b98db651e403a91937791c9e073c3

SHA1
39afd76088cd98cb6e92b54d97f118787f637bff

SHA256
000c35ccdfabf84a3468c54955ecf91d1b047c8757468994382ee66931c9944f

SHA512
6f833bec4be52f9e888cab59808d496511805cce629d4271df033a6defefa695f9ce99b665d26c53cdb5114cebdb335ece3e8581724648577cd5f30020cd654e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
642f4a4a53a44e54ab1d6a23a4f0b5c7

SHA1
9321fbf7cfc1154bfb112f595d36355d7a681221

SHA256
21b86f434810fa6ab95d9dd357869e905c066a4d59ef0e1a5ff74e86d3a146e8

SHA512
3673c5f30ae17dce3d7899e819110585fa3ee39caf72099de31a7eafed90af405ad1a499ee8d89303e41debfc8f6b77acbbb066970b42b5301aa9b483581d7cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ed88feb4e32a236781c260ac94d1166

SHA1
8b12c8a69509c20f2851bfa754aa14ca0bae6cee

SHA256
e643985999d5bea8014e10f74b4f0d86c7fadb386dd553f3b759f8e6d942aeaa

SHA512
130a6366ad1c0c50c1bee025729286c723b13002c574ca1fcc823fb6ce5e4bd5ac837b1410557cf548eb6165c18fa81ac93c6013192369826545fbaf08e5c068

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ee9fd63074aa745fb4b91936c094661

SHA1
87db130a75094f830fdd1ebaeabb6ffe16856b62

SHA256
be13f1376dd482ce352306da854c44a9345624f439f2313026d5762cafd549d9

SHA512
7a5ef664a04e1d2b4803a3c4e62f35732f5028a0b86a96a832e58c836a23647d4dd6a791ef2555fbba798e68f7b38e57b014609802c06c4033e3a89e561e1317

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c0d27f39b1bd35a55d9569ee54fe39a1

SHA1
9f283e284b3312f6283ef1c4e2567397562f43d1

SHA256
6a4bef360fa3cbc615ec6feeae872936bb3ada19232584177e72c6a66ab9cd47

SHA512
f2d044f0dd5881832582260d2f38771d8c0cf11cfb2a95e178c2bfb55ee476404f47700729155ab05b38ed70b936ae48423889ed3e1bab88af384e8dd8836434

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1edf02400fbc70620a20d764bbd854f5

SHA1
e112ef0cbd9924fc6d6c89a8f4b9b578e4cfb3b0

SHA256
5616158e21ba293a890821127919534157b5f31654e9e6f2c5cf5e51d0baca77

SHA512
a2cdf2d1e86a923afc0b21236a7b51db5f1b2acf2188629f8af50c10d5c4b1ee0081edc0734f33feac083c19d7f4de40868f66b409f4e280482daa2420fa7e23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8bbe74ba4e87ddcaf2513c1d0210c595

SHA1
8e23894f5df999fb0e451e411dca2fc233149a53

SHA256
057ea64c47ba0342ffc42a647e642f221ead6f771f0232d982b250e130a36d3e

SHA512
d6a796b5cf1b4deb5cd0696e9aaa246ef49eb58e2fe9e676400b19ba4a201ef23adf7c80cbaf9378d6481b956d4e406a7b6af8732ecb78ef3936e61453f65e3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc80a830f730bb8535fcca9976a76cf9

SHA1
d900b9e07ef847ee68159a8656c63801e2fcda92

SHA256
6b97c448bb7d1831498bba8a3a410ad7d8040993dc7972db67a5bea27ee726d5

SHA512
5c6f3bdc4ecdfdf99a0197fe7679e96dd424158f8b9058ab7c8e83abb51e0255a3f61eea1168e9ff4d5914d4b64464baa792cf8ad203b7b98ed238c2b060af57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
174e1099c42513c8d1da8dd8fd041fc4

SHA1
c2d6e20c9e9882472c8d5bcc0083fbe35b7a0154

SHA256
73fef0eed07b84352707a5fd66c77c52aa6d6779092b8fb4391173abee758293

SHA512
a523e46ab1628e3dcb60bc4705cf60ff6d7e842ae4b96b0bd967368d0344eed9dd6af697b9a353e7d7aa93ba3d515e42384eae43a794536488996457b02af409

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5256814e356071528607a23fb0978ba1

SHA1
6c1fcbd615e6cde37187da703f257b6551e9eec9

SHA256
4aae1b960225143a796ff49ee6e4fde40918b89d74a9eaca6b97c27992f0269f

SHA512
7e175bdfa718b6ef8534eb3fc8903733dadedc17efe2ae02a829e45cff91dbad0abc1ac3965127ddd16c1825bd10a53d911bfeed3dc2067a10a9fee0f8936d96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
730cb3b49910c985a326f4fbd6186952

SHA1
3e3de0e8e8699a2620286837c76c5ae7f86b8cb7

SHA256
e52b53cb56fb40f37502b389efd1503b146806ddb4055dcac15eae37c929f9ce

SHA512
8081699a81a7faf39a42c73028bf95dd5a9685833d55df1b5b023ab54823aa9af449aaf86603b42cf6ad9d56825341f2156abd2d8b10ab51262da75be4262cf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a490836fba4311a40d825d4557da4c8

SHA1
e7f2a77e74e8af8ae1faf9cecf38ce20b431ccd4

SHA256
8ba21731e73b57fa5ee54f80b9630325035c21a7bcdb53d670f015d627614b5d

SHA512
bf55d8daed2b518ef7049e0a93f33e9722710a84bdbb03a632bd2227951cd1187eb6dffe1732e993d5b8bad4e56e03786b312d39f9efb36046162c94174fc125

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad342ca6af4a17a70736faa78e9167b9

SHA1
5bc18a31eab7cb9114179df5f33e226280f64bdd

SHA256
93153b6a5553c6236eb8db89e562fa09113062276ed14493291ed7697875df81

SHA512
2c8b1ec1112f8e0cdd11b67f900a4be237869b69e1a9a7abed5d8860086855fe9f054309930b8461a2a7b5fd82d4a07b36ee77804adeb68a72f90aa5ce798b81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
045f31ff2985f5edff4ba55c3e48de9c

SHA1
cca1610caf73fe74fca9a778a1040fec2c32e73c

SHA256
ed7d9638218017b96ca41934521b33b5c988421d0e40de1ca25a867569b27562

SHA512
79780e4f8023fbe839633be6023651d4d284559df3278c6a4e42585e2f4124bbe783847d28cd21c1465319a1aeced51ee9b09fb8871c0a04bb5c9de6fb56b259

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB379.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB45B.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit