e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 04:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
Size

300KB
MD5

7149335ef0bbf3bb00ed73e81733c900
SHA1

fc2901e58bbd79c16adfeb94f9c0342dd0a0381f
SHA256

e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4
SHA512

9d7d84d4ad0d6fe20dbe632f98a7692b69544668fadb3f90d08a90b8c0bc22c06b808f201fb543429eee0ce5003b05478beabccbb2769efda8c00796a2971eef
SSDEEP

6144:caQbbFhjLoqmVQP8C/ldsGKQVj5r3AFIF2jq3VfRD9oOkO/uvvX211:cTxcwZRKO3A5uRfWvvY

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Control Panel\International\Geo\Nation	acrotray.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Control Panel\International\Geo\Nation	acrotray .exe
Key value queried	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Control Panel\International\Geo\Nation	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe

Executes dropped EXE 4 IoCs

pid	Process
2236	acrotray.exe
2152	acrotray.exe
4344	acrotray .exe
1444	acrotray .exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Adobe_Reader = "C:\\Program Files (x86)\\Adobe\\acrotray.exe"	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\acrotray .exe	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
File created	C:\Program Files (x86)\Adobe\acrotray.exe	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31117352"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31117352"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000619ef3ce8eac2e4594667861bc3cb6440000000002000000000010660000000100002000000051d6eaed9059cb02e4e7b60c667e77674ea4d7a69c26c7174aa99889d2609d60000000000e80000000020000200000000e6b236b933b32d47c79d9a090f9e7a1bcd4b0e488259a47a3b21d4dc766fb74200000002d54ba936f52dafdffee2971f43e55f237634720f0c4ac4997b5b124e54ef9ec400000006ba7234bc5b023d31e1be77722b310168c512c9b3aa5b3ccbb88c362ed04a1f9fa52f1286c2028480d349c5be183bc14128344766e6ae378bcc5c44d44fa5dab	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3550482894"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000619ef3ce8eac2e4594667861bc3cb644000000000200000000001066000000010000200000000d6d84bdf08524575da301e008850a16d6bd9932875f6192b23c8fbdfd6f27e1000000000e8000000002000020000000175864ef767cbebd762eb058d687c42e2a2af006f3dc28c4c8b79303726a3a6a20000000ae88d96c60457cccd6992ed5f3ba54ffb804e6ca3f5b9e427409c8682058fa5b4000000062377e02f36938eed73ad653f13082c078c513f99f40d46c7e0e6fe972be1be99f704f3e29ec5370e77670f5c889acb08c498b57f8809967cc17b4c2bc30eed5	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff5800000000000000de04000065020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0e7fdc228d0da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c06a3fcf28d0da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3550482894"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 008e08df28d0da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000619ef3ce8eac2e4594667861bc3cb64400000000020000000000106600000001000020000000c20ffafe54ac7426c284673e19e2b31dd8f28d0df95ad639d68c9cdf1d044685000000000e8000000002000020000000bb188a615fd23ff19db8b8b3ebd5e4ee9cfb9f7ae86985d81d41bbf1c72b53222000000082aa5124ae3c6662382a70339f59a90ac87a725e4ad4cbbde078e10cddfa5e2d400000007b337304c9a85f25286aa031fb0a7ae4aecb2270e1e5a7acea234f35acce73df1d02e74e64966e927cf7160b94fd54d341fae3a02c7b93d166b9b17f4a3ad98a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{FF38E935-3C1B-11EF-A824-DE15711ED1DD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
752	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
752	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
752	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
752	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
752	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
752	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
2764	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
2764	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
2764	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
2764	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
2236	acrotray.exe
2236	acrotray.exe
2236	acrotray.exe
2236	acrotray.exe
2236	acrotray.exe
2236	acrotray.exe
4344	acrotray .exe
4344	acrotray .exe
4344	acrotray .exe
4344	acrotray .exe
2152	acrotray.exe
2152	acrotray.exe
2152	acrotray.exe
2152	acrotray.exe
4344	acrotray .exe
4344	acrotray .exe
1444	acrotray .exe
1444	acrotray .exe
1444	acrotray .exe
1444	acrotray .exe
2764	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
2764	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
2152	acrotray.exe
2152	acrotray.exe
1444	acrotray .exe
1444	acrotray .exe
2764	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
2764	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
2152	acrotray.exe
2152	acrotray.exe
1444	acrotray .exe
1444	acrotray .exe
2764	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
2764	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
2152	acrotray.exe
2152	acrotray.exe
1444	acrotray .exe
1444	acrotray .exe
2764	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
2764	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
2152	acrotray.exe
2152	acrotray.exe
1444	acrotray .exe
1444	acrotray .exe
2764	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
2764	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
2152	acrotray.exe
2152	acrotray.exe
1444	acrotray .exe
1444	acrotray .exe
2764	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
2764	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
2152	acrotray.exe
2152	acrotray.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	752	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
Token: SeDebugPrivilege	2764	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
Token: SeDebugPrivilege	2236	acrotray.exe
Token: SeDebugPrivilege	4344	acrotray .exe
Token: SeDebugPrivilege	2152	acrotray.exe
Token: SeDebugPrivilege	1444	acrotray .exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
5000	iexplore.exe
5000	iexplore.exe
5000	iexplore.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
5000	iexplore.exe
5000	iexplore.exe
3480	IEXPLORE.EXE
3480	IEXPLORE.EXE
5000	iexplore.exe
5000	iexplore.exe
4036	IEXPLORE.EXE
4036	IEXPLORE.EXE
5000	iexplore.exe
5000	iexplore.exe
3528	IEXPLORE.EXE
3528	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 752 wrote to memory of 2764	752	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe	84
PID 752 wrote to memory of 2764	752	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe	84
PID 752 wrote to memory of 2764	752	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe	84
PID 752 wrote to memory of 2236	752	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe	85
PID 752 wrote to memory of 2236	752	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe	85
PID 752 wrote to memory of 2236	752	e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe	85
PID 2236 wrote to memory of 2152	2236	acrotray.exe	89
PID 2236 wrote to memory of 2152	2236	acrotray.exe	89
PID 2236 wrote to memory of 2152	2236	acrotray.exe	89
PID 5000 wrote to memory of 3480	5000	iexplore.exe	88
PID 5000 wrote to memory of 3480	5000	iexplore.exe	88
PID 5000 wrote to memory of 3480	5000	iexplore.exe	88
PID 2236 wrote to memory of 4344	2236	acrotray.exe	90
PID 2236 wrote to memory of 4344	2236	acrotray.exe	90
PID 2236 wrote to memory of 4344	2236	acrotray.exe	90
PID 4344 wrote to memory of 1444	4344	acrotray .exe	91
PID 4344 wrote to memory of 1444	4344	acrotray .exe	91
PID 4344 wrote to memory of 1444	4344	acrotray .exe	91
PID 5000 wrote to memory of 4036	5000	iexplore.exe	96
PID 5000 wrote to memory of 4036	5000	iexplore.exe	96
PID 5000 wrote to memory of 4036	5000	iexplore.exe	96
PID 5000 wrote to memory of 3528	5000	iexplore.exe	97
PID 5000 wrote to memory of 3528	5000	iexplore.exe	97
PID 5000 wrote to memory of 3528	5000	iexplore.exe	97

C:\Users\Admin\AppData\Local\Temp\e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
"C:\Users\Admin\AppData\Local\Temp\e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:752
- C:\Users\Admin\AppData\Local\Temp\e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe
  "C:\Users\Admin\AppData\Local\Temp\e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe" C:\Users\Admin\AppData\Local\Temp\e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2764
- C:\Program Files (x86)\Adobe\acrotray.exe
  "C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2236
- - C:\Program Files (x86)\Adobe\acrotray.exe
    "C:\Program Files (x86)\Adobe\acrotray.exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2152
- - C:\Program Files (x86)\Adobe\acrotray .exe
    "C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4344
  - - C:\Program Files (x86)\Adobe\acrotray .exe
      "C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\e117aee9a31901b0865be8c2e3f36c7009b7d325cdbff77829ea81cc6654daf4.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1444

C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
1⤵
PID:820

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5000 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3480
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5000 CREDAT:82954 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4036
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5000 CREDAT:82958 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\acrotray .exe

Filesize
329KB

MD5
5f853ede3e0346bad34986fb6c1fd01e

SHA1
9e6a87ecd3a141e8bdfd4e66d777d52be49a544c

SHA256
e8a7b2f50ac80f2a5a22c25ee625e80e7c00cdd3852f462f09a8424e83597257

SHA512
6a45a519f02d1c910061308218c7c18fe108eb50fa94b2f6fd8f2605096e9d9dacb65ef363024b05c378cfeefcff660123b06b15c3b234c71037a47641f4b100

Download Submit
C:\Program Files (x86)\Adobe\acrotray.exe

Filesize
308KB

MD5
81b5176be0d7b1edbee0451aea7a1a48

SHA1
8bd21ec940d430c6ba5a5f942b870e523062bdb7

SHA256
55b5e45e6e51d3b756462de3e794f77cdad44521d745cff4b2135550d6714dcd

SHA512
9f29d182de13bb0fb46efeabb0346620e4d49e07afb6d4d03921d12c54b76273f82237f7adb080542dace31d20e485ad6991e9920bc9c50533d982e9acadce5e

Download Submit
memory/752-1-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download