Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
26/09/2022, 19:00
220926-xnpnfsbgd8 126/09/2022, 16:07
220926-tkzsgacdhq 126/09/2022, 15:41
220926-s44ebsbca5 126/09/2022, 15:29
220926-sw34lacdbp 1Analysis
-
max time kernel
93s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
26/09/2022, 16:07
Static task
static1
Behavioral task
behavioral1
Sample
26fde1eb-5977-4d4a-a552-8267a663ed91.zip
Resource
win7-20220901-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
26fde1eb-5977-4d4a-a552-8267a663ed91.zip
Resource
win10v2004-20220812-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral3
Sample
ProgramData/McAfee/QuarMeta/26fde1eb-5977-4d4a-a552-8267a663ed91.xml
Resource
win7-20220812-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral4
Sample
ProgramData/McAfee/QuarMeta/26fde1eb-5977-4d4a-a552-8267a663ed91.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
5 signatures
150 seconds
Behavioral task
behavioral5
Sample
Users/kmlarsen/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/W4YE5R4Y/☎️ Voicemail Audio Transcription.htm
Resource
win7-20220901-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral6
Sample
Users/kmlarsen/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/W4YE5R4Y/☎️ Voicemail Audio Transcription.htm
Resource
win10v2004-20220812-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
Users/kmlarsen/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/W4YE5R4Y/☎️ Voicemail Audio Transcription.htm
-
Size
13KB
-
MD5
743bce526b069f0c70069210fbf399b1
-
SHA1
884b1d100def065ba2964f81bcea919a44a3a2f1
-
SHA256
2dbd2d653764003082326aacc9b1267075039f95446517cf6560a74785828e16
-
SHA512
e0b79bc1cb7be72282ce7373957c1af7f3e2333efe60b055a0acbb3fd6563da7c39e1a0520597797f99d7f28b898e19f2957103a67cc954c549964fac24c26eb
-
SSDEEP
384:KbcrRYCh//If1GdYxNAPoIIklxYq/KxnppHltlfKRLWcwgWwaThTZbKob7/:KbcrR95Qf1EYxNAAIzlxYGKxnppHltlj
Score
1/10
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{27162F9C-3DC6-11ED-B696-72E07057041D} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2728ad8693e804caf0ad2c227b14216000000000200000000001066000000010000200000009d7e8edc0757893b26e0c1bb0cf50eed5ab9b8e7ec59889dbbd5ef0ded500a9e000000000e8000000002000020000000b262c00526f09863b31445325f99c2a9da2a7409ac7bd9bf1671db61fc335ca22000000088125bc6bd197b9e81e2b25a06a9f6f41643629dc5461203bc25e26441de3662400000000ba314a94a4e6a87a1e359f7fb377e87918edce7ae6e15745cf9c6a32574d7f912f7dc9f4983e9a8a7c9ddf8fd8751d5ca41e3aad3780bd8b7a6158c2c7d9974 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f06f0115d3d1d801 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0feacfdd2d1d801 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2086260ed3d1d801 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2728ad8693e804caf0ad2c227b14216000000000200000000001066000000010000200000006622dfe8b2956617b4e0ae683b5e238e72ba8947eabd8f3293bc77007400403a000000000e800000000200002000000028073bb8d0291ee69058c6768840d97d90d3d136c5e9b776cd29a74c0ab213e120000000657d17066710d3a3bfc96d7eeeafd1b8ffea3c937ba74c8e92cec00d6cc6282440000000dd0fa10145080fa01af35c305b478818c9a2048fa75194f65511ce3d6ae498cac98d288a77f136dbe28f3dcd9cfa082417283da14feb60aa523c40b02dab676d iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c043da15d3d1d801 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0c0af1ad3d1d801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40e97af5d2d1d801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 502d67fbd2d1d801 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30986706" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2728ad8693e804caf0ad2c227b1421600000000020000000000106600000001000020000000f25a833e9a6e2361f1e8b16b324a463301125ed3cc575ff860fa39dbe0665613000000000e80000000020000200000002457bc65d1f93c34f89bc53d60a384c13a22095b1283bdb73d7f89e31b9578c22000000076af56eebbc704ac4d0a95aadf911bb4da9f60464bb37a443fb44eeb6638b70a4000000071add70069dc63a5a059c7d172f4b244e675dd06e69756258e744af8db2d66f2ce20042c654a06168a353ee66ef561cb7b0522974457c1d1ba31f559d5ba71a6 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 507ca315d3d1d801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30966fffd2d1d801 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "370980654" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2728ad8693e804caf0ad2c227b14216000000000200000000001066000000010000200000000f8deeb76d821515e8afa88103328b126fab86c998ac049b1398f4594bf7dcf5000000000e8000000002000020000000b5d347e8e070d2905fd9d64e7bff6479a58f5e0a4d787a4618251321a7de272320000000452cf15a542ad974e14972ea16b4c74a5f742bd343c10d2e4c472b9c34180e0f40000000ce70022ab451afe7f6cb438606b86409158dd9c93c21efd385d6901970b40a69e13e8be203b67d347438efe932e6bd26a2d27b5352db20cb3ddddc3aa23a7cd4 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4029981fd3d1d801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2728ad8693e804caf0ad2c227b1421600000000020000000000106600000001000020000000897344e1d28087b52171067c7ca07f76fd46ec4811829d0c6489a0afe442f6ad000000000e80000000020000200000004bfab9e943edd24d42ce3776b57f0e5a6a1022bb6f374f15907e89f22164a295200000000c4bbf1fd40a9e83454d6bf4b3ee4ffd59d7a6908d25b40dd309a6c96f8dcdf24000000027a963c36b8fcedd7c51a747c6b33accbcac24c04030853dbcdcedc74a251b76d118ce9d3569457be84a9e26cd57b9a0141c6e331b8c9088878a6a7b0217e550 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2728ad8693e804caf0ad2c227b1421600000000020000000000106600000001000020000000d05dcdf9aeecde3cb403311d517f596c99da555694fba7fd8fdf786bd3172116000000000e80000000020000200000005e902d726e218359992eb1edf0503722bd4a62af6638be8d1c33a691e473d8b420000000b8a7d16183d10df9e1f0338b2b2a189c2588de20c491852d705846f2f528c30c400000004a153da043ce8961494db3d94006cb59d7068f6c7c8d3e22b419cff15e3ea6bd5175d4390e70a31b94586caee184bbb2197d8640d7e3a7eeef6e13b4fc94b8bb iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30986706" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2728ad8693e804caf0ad2c227b1421600000000020000000000106600000001000020000000b962bbae270948b875c1456a1e2b337f615dce627b56b70f8ef2e91a1fc18b2f000000000e80000000020000200000001d2a5004b244f99b70a557c3b18c0789c3a5437e6ac2804cd7e9359d663920cb20000000b6318c94742349502fe37b02b58c1f59c9351073c94159855908170e1a3ea8e7400000001acd49c18439d690340378be7814e8baf1a093cce7f829bc6e9e50bb90f9a3c7fb9df929598021397bb8d484402f94da7c64d0ea10a52e17bae30996885065e1 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2728ad8693e804caf0ad2c227b1421600000000020000000000106600000001000020000000955837876ee47c59f02900124f7a220845d804ed213d0217f71ce15e38c0d3f2000000000e800000000200002000000063540c881949cde0139ca7b1a41529c6b3f6def9e60a3d695c7e98cd36fb9c12200000009b3498878972556ad17b42836d7776f26f843ee37c20a0eb8778fee99641fc054000000005fa3f1efa006ccd7bf613b6f236880f75549fb8e561824911ca98ce765ed4d7287945dfdd5c688c1b54d55735d726c910250d9807e479ecc7e17e19ab0dfe4f iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2728ad8693e804caf0ad2c227b14216000000000200000000001066000000010000200000003745cc2c963cd521956732a651e575ffe732ba8012f3017714608834e1cccb57000000000e8000000002000020000000c99460b9152715c64bb37a8f389ad8a2423412da50ca0cf939b2a36351e9ec7d20000000b2aea92270a8e3ae1094c305b66a7da8c4745b10bfeddac5ec18e993f11511224000000053760dc7e53feb78b5624a0e60f6851b35cc92f85620593bce6a1ef0e42d76d6f5e97955c41bca803e6433a650896e786d19ab91a78482b5a8e2476924dc3994 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2728ad8693e804caf0ad2c227b1421600000000020000000000106600000001000020000000d802a4fd1510a42c92d6cf72fcf031910d296114821be2c716498bc692b1ec81000000000e80000000020000200000005483bd45f9413adee38298457e1cfda8c17d72a97c0a9387c26cce2ec24f9e0a20000000ab3045f67852c6049f3a41b8f6d44c15e3f92e750d6d2954127a268d76aa8b5c400000001aea5424f901484dc705232959fd7717331634bf9e7ddce1c31e24e23d17407675eedd41d9ac217c40bdf0159431e874a5b26013dc46e50ae7dec6d657482925 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30986706" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2728ad8693e804caf0ad2c227b14216000000000200000000001066000000010000200000007ff2bc3526bc74505b5554f9252f8845ce5734e31f359a2a70a541fbc85c7396000000000e80000000020000200000007d97857d044b0283adf0e1ef06d284a9f5865685c4d4022c7755fca58799904220000000fdc660632f6193a445572bb7cda55e62a8546cb17fe2c9239dde52867c054d6a40000000f2981d143c13a80dc457515c0e5f3ee2a093b15f53306d0eba4e62e29556f7f637f581c238ed31a3d3175337bb276a8997aab871ca76388efbfcad28bc2c670e iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2728ad8693e804caf0ad2c227b1421600000000020000000000106600000001000020000000d7b58abbb460454b07629ebf5faec6197b806df94c9e71a20108561c723d26a4000000000e8000000002000020000000168d6898fee7d917247db4ff6fdccfef968ee08fa79639d98bd397e2d29cbc8920000000318db8a065dfb10716ab0c6f1ca89fb7486ab23b601965e4bf6fabeb8d54e74540000000d9f6008cc9b73f5fa410fc315d65541ce55dd55c1dda655723d1aff187dda6eba06cd4b1d39f6308aeb0db57358d836e681eb34202f94ec744dd42cff2235c6d iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2728ad8693e804caf0ad2c227b14216000000000200000000001066000000010000200000006be80e4dbb39d75a6a34bfc7b60f91d52fddae46825f89870248699bfd407a2d000000000e8000000002000020000000919c7d307774f33df895c2c6696f5de37a30f2970db385bbaa1941ca40fb43c420000000b79928c35b075c1205912bcdd4d0e3ddc9f5112b23a252d61994487a92d5858a4000000026b96e4a52159bdf6c5f4f8ea56ec0bb2d3dfb10d7f713ddd298c45deb171a6aab66d4d8a7480f498a961877f84ebef2108de5c158d56a84db7fff2147c1c365 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0076ab04d3d1d801 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2728ad8693e804caf0ad2c227b14216000000000200000000001066000000010000200000008d9f29536adc7c6aa249f3868030939dcd1ab8751cab37c6d5a0b6833414e6f8000000000e800000000200002000000032a9a7d91394347f2debb3e5d77a4e6824c401aa5d97c98e44388f71cb84dd5320000000df0f21ec7c75a2161e5e8b6dcaa65a21a2a96c39da019ef38a95834c335209c44000000067fcea786e2c3d3243e045886f477cd879397d93a5af894124f9cfb89c72e3b82379325bc416a2786d2b21af05182257702c2d925657b8a01791d0fabb8557b4 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2728ad8693e804caf0ad2c227b14216000000000200000000001066000000010000200000003d4adc49ffd56dc0397e9def7c517d76f8433bc9b73d34edfce6ff80c65ea34d000000000e80000000020000200000002974a54f1fea492203f9e7a44380c56f8c0e2cba1b5e33edb38131ef5706570020000000fcdd457399e9041ca01c296f39ead01c6b5fbdbf01ad9a061c5718959cda6a5640000000b2e3cb98dbf9fe03794888820b283856847d8535ef0373b5f7bb33417c5a672d732b7d0f340d61e08a1ccbe1f9cb27c09d7ae4455bcbdc3c60c2ebc7ceacaaf7 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a05dbd10d3d1d801 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2728ad8693e804caf0ad2c227b142160000000002000000000010660000000100002000000018fada41c7594ab1cd469e6a3cee6dc15a245009a61f9e5b1f5867a7338d9cc5000000000e80000000020000200000000326f890525012d915b395b636064b29400e1147c082893e19bcd4ce58224f472000000080e987e30e915d374b454df2b59bd69419e9d5e93563c7c8794976d611036e4040000000c8ac26675a6334345da5e905036d2803a6727f7339f19e0f5cb890144aff278280261021cc2b6bb8e4014083370ad0b12c7c7eea51f7ac0f5e8de56af2299dcd iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4222701675" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4222701675" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0a177fed2d1d801 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40bb510bd3d1d801 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 702d251dd3d1d801 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2728ad8693e804caf0ad2c227b1421600000000020000000000106600000001000020000000a254c49fc72b1bea30d12798eb0ac223098a0b88ac4f417b65a18386714f5518000000000e80000000020000200000008a84578865f9a0dcd140cc08f0ca448edd5ec1fbeca8d03d0ada56be4ded8db420000000759de345590bce8d058df602e74e6cbdc33a50e9a066beec0fb443f0d05921f240000000d88e47629a74a384b7968b6037fd4400da6a505743069f91c39e1ff5aae32d4b99bcb6981d83cda67a1935bf88761e7e2a0a79d3be5fc0d815f2bbf6aa507873 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2728ad8693e804caf0ad2c227b1421600000000020000000000106600000001000020000000948512405796cbd99d843d4327f32b00b15129a5d4de040b31618dd5443ba561000000000e80000000020000200000008bd99997c7b452f5aff613d856c01dead991447db2153d0b1c12a51ecf33270920000000367365084f1fd4fb645c07c20d845cc19dd768acb5446933f4954aee2af0cc1f4000000030a2f425fa0f29cddb4c586375658a5d7a6e7b792c0ab3da632648e936067e96d7213426e0d8ed96eed55e0ff0f863d366d4b51290e7cfcf90a90d4102c2c6b5 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80cb5c14d3d1d801 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4232696519" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3948 IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4692 iexplore.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 4692 iexplore.exe 4692 iexplore.exe 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE 3948 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4692 wrote to memory of 3948 4692 iexplore.exe 77 PID 4692 wrote to memory of 3948 4692 iexplore.exe 77 PID 4692 wrote to memory of 3948 4692 iexplore.exe 77
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Users\kmlarsen\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\W4YE5R4Y\☎️ Voicemail Audio Transcription.htm"1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4692 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4692 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3948
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5ec21d7b0db946b7ecab4c4ead789e338
SHA1b708c1a90566be72204ed5340bd05d7224e51403
SHA256e15133cd7594e706cf5141df1a4780c26e101c85c68262346f91b38d546cd47e
SHA512d34772501233d31566db776e19b58a4d5b0ee4a76613ac0e9960edaf42bcda35af3d83592f71cb53a1ef9f428ea6e67e0624bd1c84d29f04c7a360ffbc03d1fc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD578071a7734b579972f87a295745bb8c7
SHA1328f6244e1e1266f97b1a8024ac211ef3f08e1e9
SHA25692ccbfa6f8b1463fa4b62708959eb05e0d4c96fa07e7d89017982e9d206417f0
SHA512eea41684f6946cc709f1a0cd794fcc87773b6f589d1418005ce79767faaff233dcbc9030818ea6c255ed4ddf3326a61a5406549cdbc9b0b943734d9b514e2eee