gozi | 1bcc72682dc5b2652f2ca16cedfbb5b693c2e3b2443718e59f9dad4f7d566e29

General

Target

7525a0139f7b28d74affe5c9b112ccde_JaffaCakes118.exe
Size

155KB
MD5

7525a0139f7b28d74affe5c9b112ccde
SHA1

91a9b33517531ae03b3b05e44c721508890026a4
SHA256

1bcc72682dc5b2652f2ca16cedfbb5b693c2e3b2443718e59f9dad4f7d566e29
SHA512

7fb22d168712689d175ff64ad6c955dd5d36dbac1203f5f0fade793e604cee88154a29f322e1d2d3254303b48fef7971845f4f8a4e9750d2a681f113ab475837
SSDEEP

3072:4Wuk6BU7sniep/j4UswJiNsRI4EwR3WxUIuupo/KuXkwIEnUaTii5Qi37Gq:4WI2wiep/j/2sRI4E4Wx56hIlaMi37X

Score

10^/10

gozi 3492 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
214098

Extracted

Family

gozi

Botnet

3492

C2

google.com

gmail.com

lsammietf53.com

p28u70webster.com

ploi7260m71.com

Attributes

build
214098
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31108949"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D37572E6-1B48-11EF-BCA5-62BC6A84A035} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007bd2b5d2c6d91e4f8f2c8e8b7d41a41500000000020000000000106600000001000020000000ef464528ea31b79d29e00aeade02a854509aa8103a358b3c15ec01557bb253ec000000000e8000000002000020000000999450569d614cc22278ed19b8b367b14e9b910844c7cbb38548daffb6511cca20000000a8c5bb3d2ff93c1b0f2e33d2c19a54f3b0078ea868f24bd5b0e8c92f8df9a9da40000000e85551180deb67eff22bc6ea163f7b085cc86dfc445873a3f6fb09716df28d1f9fcfdc2fbad5485b5dc78b98d01d842e4b2e6cebdda63247d86c169c855d489c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{ACE6EAAC-1B48-11EF-BCA5-62BC6A84A035} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007bd2b5d2c6d91e4f8f2c8e8b7d41a4150000000002000000000010660000000100002000000092d581d049037f62d63ed8a1511dcea6b2914efae7e7df93c30f7d5837d02819000000000e8000000002000020000000589bbdd1590aaa88d20a070ff65ce74dcb0f20d3835f5306548b53424c93a87320000000ed941291f8c81166a1803d44acfd5a4693949a32567ecaaa7c0fe55b5faec34e4000000041a2df8773bfab43974131b010ac17808424c383e517f0734c8d260194fec4b0ba864355a0decf425b7233165dbaf87358126bc895c2028ad05b04b12053acac	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2169221504"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E06051CB-1B48-11EF-BCA5-62BC6A84A035} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007bd2b5d2c6d91e4f8f2c8e8b7d41a41500000000020000000000106600000001000020000000afc3202ff5f51adf955e44ea599fbf86ce6424b02a7f4682ee2dcea86987701e000000000e80000000020000200000007b30a8f880d607b7e6afc59293cd1266580334bf7c13259981018fcc5834fb72200000009bbae00cca1f28f3a3722ef2f59f553a1abe72806ecf28d2e7b82ccd81f5930b400000008973aa6fc44e1511424cb5a366c87f57381eadfc8422156c19cc140a1eca102d05734bfa7faa18555e9ead8e4e43e8fcd409236fbbcde618cd90bf5e1005fc4a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31108949"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007bd2b5d2c6d91e4f8f2c8e8b7d41a4150000000002000000000010660000000100002000000043447f68f0efc4e7f97c8a36164a338da8e0897c9c245c8b551350515873e6f2000000000e800000000200002000000047438c3bef9761b2a53ac8058a94444c924dd899d200ea66cb1590199305256c20000000d16c20e2c28d3fc7a64618cba0ade8dae8e5941f4a3cd07c1835abf18ff3e1df40000000cf0ef350aff47f5d49f55f392f1d1ccfa76f5b06f26cf0f6ff50b9da1c96ab0e3a7ba66cedaa02e485c827b92d1bfddcc028549730d7bf96e09bf19a57fe1998	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0f6328255afda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007bd2b5d2c6d91e4f8f2c8e8b7d41a41500000000020000000000106600000001000020000000908de36bbb08c1560e616bd710584c7f04ba431504b8f8672a7291465b70f7e2000000000e8000000002000020000000ba6984f8fe90a6d994dfa8a1626a10e9ccd22142f822766bf77536764e9252e320000000f1b1987524d0edb8ddc0c2f04954ec84cda93ecb2e1bb947340ef7837cfd00a7400000001877e045591e0aff80800026a459c42aa22776e6525662ca4b38ebf94d07084941a0c6bfd026e2132840234b9a83bc5571efc4941187ed0569d532b18519e5ca	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C66DF8CF-1B48-11EF-BCA5-62BC6A84A035} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a01c748955afda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2169221504"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 407872a355afda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d06c3c8255afda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exe

pid process

4648 iexplore.exe
3836 iexplore.exe
1044 iexplore.exe
944 iexplore.exe

Suspicious use of SetWindowsHookEx 16 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

pid	process
4648	iexplore.exe
4648	iexplore.exe
3052	IEXPLORE.EXE
3052	IEXPLORE.EXE
3836	iexplore.exe
3836	iexplore.exe
3244	IEXPLORE.EXE
3244	IEXPLORE.EXE
1044	iexplore.exe
1044	iexplore.exe
4688	IEXPLORE.EXE
4688	IEXPLORE.EXE
944	iexplore.exe
944	iexplore.exe
452	IEXPLORE.EXE
452	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 4648 wrote to memory of 3052	4648	iexplore.exe	IEXPLORE.EXE
PID 4648 wrote to memory of 3052	4648	iexplore.exe	IEXPLORE.EXE
PID 4648 wrote to memory of 3052	4648	iexplore.exe	IEXPLORE.EXE
PID 3836 wrote to memory of 3244	3836	iexplore.exe	IEXPLORE.EXE
PID 3836 wrote to memory of 3244	3836	iexplore.exe	IEXPLORE.EXE
PID 3836 wrote to memory of 3244	3836	iexplore.exe	IEXPLORE.EXE
PID 1044 wrote to memory of 4688	1044	iexplore.exe	IEXPLORE.EXE
PID 1044 wrote to memory of 4688	1044	iexplore.exe	IEXPLORE.EXE
PID 1044 wrote to memory of 4688	1044	iexplore.exe	IEXPLORE.EXE
PID 944 wrote to memory of 452	944	iexplore.exe	IEXPLORE.EXE
PID 944 wrote to memory of 452	944	iexplore.exe	IEXPLORE.EXE
PID 944 wrote to memory of 452	944	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\7525a0139f7b28d74affe5c9b112ccde_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7525a0139f7b28d74affe5c9b112ccde_JaffaCakes118.exe"
1⤵
PID:388

C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
1⤵
PID:324

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4648

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4648 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3052

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3836

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3836 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3244

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1044

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1044 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4688

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:944

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:944 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:452

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~DFA3BD4E134FF18B49.TMP
Filesize
16KB

MD5
9e9b54d424b5c21d6ac4b9dc1db68814

SHA1
50c28499b28d3c9d526a86307aa97ecbcc2ecb0d

SHA256
6e18b70e1b60886bd9edf62e1d53d524b033deebab91003b76e42ca6142a153c

SHA512
5ac9ce43b17f945a9c5fac88d350cb9bd172b28ae59494aedb534cb7c02361e9be027fea33c28f0e4070bf417ef172814f5b76795f8fd7c9e5589e7b25f23bee

Download Submit
memory/388-1-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/388-0-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/388-3-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/388-2-0x0000000000428000-0x000000000042E000-memory.dmp

Filesize
24KB

Download
memory/388-4-0x0000000000540000-0x000000000054F000-memory.dmp

Filesize
60KB

Download
memory/388-16-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads