Analysis
-
max time kernel
142s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07-09-2024 20:18
Behavioral task
behavioral1
Sample
d2c2434c6b9bbf83f922d31d3a3e8308_JaffaCakes118.exe
Resource
win7-20240903-en
General
-
Target
d2c2434c6b9bbf83f922d31d3a3e8308_JaffaCakes118.exe
-
Size
908KB
-
MD5
d2c2434c6b9bbf83f922d31d3a3e8308
-
SHA1
56dfe39a47ff46eda0aa0d691bfff4e4177b209b
-
SHA256
d3787d8d0b8e4e6db017b9420c749273f611e378887caba77a50620f2039f5bd
-
SHA512
948089e820f0075d0859a400cb3fed16f209b9a51652f8fdb5905c6b00092ff60aafa52f9f2c62a2989f206040c674e06a2a9acda2784de3af997a9909fc6200
-
SSDEEP
1536:tV7RSS9YSCSISCShSCSxAGzsCTXYtFBo45GQG770gSvc1RIVLmyLmRgRLuLkutb+:JuAGBTYzGHsNv6xgRK4VljQaeA
Malware Config
Extracted
gozi
-
build
300854
Extracted
gozi
202004141
https://devicelease.xyz
-
build
300854
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
12
-
url_path
index.htm
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 9 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
IEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEd2c2434c6b9bbf83f922d31d3a3e8308_JaffaCakes118.exeielowutil.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d2c2434c6b9bbf83f922d31d3a3e8308_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ielowutil.exe -
Processes:
iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{BE3F774E-6D56-11EF-818E-7221D8032630} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{850E304C-6D56-11EF-818E-7221D8032630} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 603021676301db01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{70E93038-6D56-11EF-818E-7221D8032630} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00dbd1346301db01 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B11DC64B-6D56-11EF-818E-7221D8032630} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 609e22486301db01 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000009bd7b3d01c72643a6b4d24d0b709570000000000200000000001066000000010000200000009faa4bdf763e525461a631db325c5c2287fdb973230f6931db27fc2ca39c098c000000000e8000000002000020000000cbed2092f417642939fbfffcb139c564b57fa0eca1123d3951ed450b5147b077200000006e5e3b791d3c8d683c864c05f07185ecd57551fb3929085f363219300dec3d3d4000000060986940f626aaa051f6b22b37e0614610bc984794d1914890a044972268efd159805fa48c4e65af7278db8b464765f67dcef2f0f9f59dab1eabd18a804e4318 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000009bd7b3d01c72643a6b4d24d0b709570000000000200000000001066000000010000200000007022ab13a5ccc48642d6985724981cf93882198522eb106fb1715215f17403ec000000000e80000000020000200000000a12b7ee66f04c03487f3986ddc938d0a4e7974b9e69fec66f7778959bb0ddd22000000051caa0a60bc31bcf2e7c7f6efca6d5b84a1e1b759f1534d2a3829bb5a204e461400000007e2f718288c51132607101e5db7c3793bfc920b3bcb7b1d8da0b860ab8914514fde2ebb61bb9fca83e1b85c1e533bc55784d55352d55fa9f67eaff0f09c0a2dc iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{A1A33E84-6D56-11EF-818E-7221D8032630} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000009bd7b3d01c72643a6b4d24d0b709570000000000200000000001066000000010000200000005d68be986353634ae5c2d4c8347e6f17f41913d505d54e494dd3312736ecd4e0000000000e80000000020000200000008a1ddfcc679e23786433555833a5eb13f8d5b409355a9568f5586fd40f2e2c4a20000000df012e8eac23a02e5175208a04022efc9552fe001bf1c4f77b28c5142d3d5abd40000000f670062492be5b32a35b1eadeb35aaa21a73096bc1a0d627acf9ec4eae661cbc5a4f86a3d04ee508303162a05a936ee8b6d14e09c1a31ee39b602b209d79ddcb iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9242F4C1-6D56-11EF-818E-7221D8032630} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 600e5b816301db01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31129955" iexplore.exe -
Suspicious use of FindShellTrayWindow 7 IoCs
Processes:
iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exepid process 1036 iexplore.exe 1036 iexplore.exe 1168 iexplore.exe 5000 iexplore.exe 3508 iexplore.exe 2012 iexplore.exe 1896 iexplore.exe -
Suspicious use of SetWindowsHookEx 28 IoCs
Processes:
iexplore.exeIEXPLORE.EXEIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEpid process 1036 iexplore.exe 1036 iexplore.exe 2452 IEXPLORE.EXE 2452 IEXPLORE.EXE 1036 iexplore.exe 1036 iexplore.exe 2168 IEXPLORE.EXE 2168 IEXPLORE.EXE 1168 iexplore.exe 1168 iexplore.exe 4364 IEXPLORE.EXE 4364 IEXPLORE.EXE 5000 iexplore.exe 5000 iexplore.exe 1468 IEXPLORE.EXE 1468 IEXPLORE.EXE 3508 iexplore.exe 3508 iexplore.exe 1224 IEXPLORE.EXE 1224 IEXPLORE.EXE 2012 iexplore.exe 2012 iexplore.exe 1192 IEXPLORE.EXE 1192 IEXPLORE.EXE 1896 iexplore.exe 1896 iexplore.exe 4048 IEXPLORE.EXE 4048 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 21 IoCs
Processes:
iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exedescription pid process target process PID 1036 wrote to memory of 2452 1036 iexplore.exe IEXPLORE.EXE PID 1036 wrote to memory of 2452 1036 iexplore.exe IEXPLORE.EXE PID 1036 wrote to memory of 2452 1036 iexplore.exe IEXPLORE.EXE PID 1036 wrote to memory of 2168 1036 iexplore.exe IEXPLORE.EXE PID 1036 wrote to memory of 2168 1036 iexplore.exe IEXPLORE.EXE PID 1036 wrote to memory of 2168 1036 iexplore.exe IEXPLORE.EXE PID 1168 wrote to memory of 4364 1168 iexplore.exe IEXPLORE.EXE PID 1168 wrote to memory of 4364 1168 iexplore.exe IEXPLORE.EXE PID 1168 wrote to memory of 4364 1168 iexplore.exe IEXPLORE.EXE PID 5000 wrote to memory of 1468 5000 iexplore.exe IEXPLORE.EXE PID 5000 wrote to memory of 1468 5000 iexplore.exe IEXPLORE.EXE PID 5000 wrote to memory of 1468 5000 iexplore.exe IEXPLORE.EXE PID 3508 wrote to memory of 1224 3508 iexplore.exe IEXPLORE.EXE PID 3508 wrote to memory of 1224 3508 iexplore.exe IEXPLORE.EXE PID 3508 wrote to memory of 1224 3508 iexplore.exe IEXPLORE.EXE PID 2012 wrote to memory of 1192 2012 iexplore.exe IEXPLORE.EXE PID 2012 wrote to memory of 1192 2012 iexplore.exe IEXPLORE.EXE PID 2012 wrote to memory of 1192 2012 iexplore.exe IEXPLORE.EXE PID 1896 wrote to memory of 4048 1896 iexplore.exe IEXPLORE.EXE PID 1896 wrote to memory of 4048 1896 iexplore.exe IEXPLORE.EXE PID 1896 wrote to memory of 4048 1896 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\d2c2434c6b9bbf83f922d31d3a3e8308_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\d2c2434c6b9bbf83f922d31d3a3e8308_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
PID:1352
-
C:\Program Files (x86)\Internet Explorer\ielowutil.exe"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding1⤵
- System Location Discovery: System Language Discovery
PID:1936
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1036 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1036 CREDAT:17410 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2452 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1036 CREDAT:17416 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2168
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1168 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1168 CREDAT:17410 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4364
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5000 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5000 CREDAT:17410 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1468
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3508 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3508 CREDAT:17410 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1224
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2012 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:17410 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1192
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1896 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1896 CREDAT:17410 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4048
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD52dc61eb461da1436f5d22bce51425660
SHA1e1b79bcab0f073868079d807faec669596dc46c1
SHA256acdeb4966289b6ce46ecc879531f85e9c6f94b718aab521d38e2e00f7f7f7993
SHA512a88becb4fbddc5afc55e4dc0135af714a3eec4a63810ae5a989f2cecb824a686165d3cedb8cbd8f35c7e5b9f4136c29dea32736aabb451fe8088b978b493ac6d
-
Filesize
11KB
MD59234071287e637f85d721463c488704c
SHA1cca09b1e0fba38ba29d3972ed8dcecefdef8c152
SHA25665cc039890c7ceb927ce40f6f199d74e49b8058c3f8a6e22e8f916ad90ea8649
SHA51287d691987e7a2f69ad8605f35f94241ab7e68ad4f55ad384f1f0d40dc59ffd1432c758123661ee39443d624c881b01dcd228a67afb8700fe5e66fc794a6c0384
-
Filesize
748B
MD5c4f558c4c8b56858f15c09037cd6625a
SHA1ee497cc061d6a7a59bb66defea65f9a8145ba240
SHA25639e7de847c9f731eaa72338ad9053217b957859de27b50b6474ec42971530781
SHA512d60353d3fbea2992d96795ba30b20727b022b9164b2094b922921d33ca7ce1634713693ac191f8f5708954544f7648f4840bcd5b62cb6a032ef292a8b0e52a44
-
Filesize
4KB
MD5d65ec06f21c379c87040b83cc1abac6b
SHA1208d0a0bb775661758394be7e4afb18357e46c8b
SHA256a1270e90cea31b46432ec44731bf4400d22b38eb2855326bf934fe8f1b169a4f
SHA5128a166d26b49a5d95aea49bc649e5ea58786a2191f4d2adac6f5fbb7523940ce4482d6a2502aa870a931224f215cb2010a8c9b99a2c1820150e4d365cab28299e
-
Filesize
1KB
MD5dfeabde84792228093a5a270352395b6
SHA1e41258c9576721025926326f76063c2305586f76
SHA25677b138ab5d0a90ff04648c26addd5e414cc178165e3b54a4cb3739da0f58e075
SHA512e256f603e67335151bb709294749794e2e3085f4063c623461a0b3decbcca8e620807b707ec9bcbe36dcd7d639c55753da0495be85b4ae5fb6bfc52ab4b284fd
-
Filesize
16KB
MD5a2005ec647aa7a0764639d88c8851fb3
SHA1a0299fed76da3f261ae78b3e4f785d5020589c4b
SHA2560a62075c884c14ebcc2e801e541cc033174595658604e48d5a135502ad542030
SHA512892f36806a152cec1ba62d7b244ae49b31fca0fcd9ca682017e3c13c0fd59556b653612980df591b03f78c1f35e26d3637f5449b66435ff5499d90267ae0200e