hxxps://www[.]docusign[.]net/Signing/EmailStart[.]aspx?a=1c618f3d-d2b3-4133-b2b6-2dc490c289c7&acct=b76041a9-42de-4c83-a80a-cd295cb004d5&er=cb31b637-3f4e-444c-9d59-a04a1ded3aab

Analysis

max time kernel
149s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
26-10-2022 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.docusign.net/Signing/EmailStart.aspx?a=1c618f3d-d2b3-4133-b2b6-2dc490c289c7&acct=b76041a9-42de-4c83-a80a-cd295cb004d5&er=cb31b637-3f4e-444c-9d59-a04a1ded3aab

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	DiagnosticsHub.StandardCollector.Service.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	DiagnosticsHub.StandardCollector.Service.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	iexplore.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	iexplore.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	iexplore.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	iexplore.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\docusign.net	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000975fab978604b14697eb522259e91a10000000000200000000001066000000010000200000001c5bc9aa9ef8f9c569c9dbcd152f03e55988e6ad2e468e02a522e5f3b7eed16e000000000e8000000002000020000000f532f856f46431d5a7c60522c1c6049d53e06403114f3088f0df171747be8048300100007032df87cef00757523332b4cb2a3530e9d075092dd0b15c8a2f0ec6d5438be2afc8b3d4c27b2da85e4dabc24ef4255486361b6b154749a20c669b6d2f4626188eb80fb1a335d784dc17377d3a36ccb9c4cf6f77e2ef9f9c0b198bd0e81523147d440945c3f0c565eff766bfe4a224720dc8e730e22a046c8e418a095ab0277c1c2a7b5ed6f1bafcd1435bd2fd77ef27392946b875474658a5efb66cf69d1e1eb9bf2f16ccb7910146c87cfba403b3713175331745809a2219eddcc117afb86ec3d111e55f6ec55b6356bc06a10c3e972ad197af952a887c9a84428944651c8249aebc335cbee62ad4311cf73df0213d22d26794de65a12b9173a7560037be05fb85cd7862fdc61149add1e21981ec5c1881f0c2895c7e844ffb11161fd95e78acf977351efd203147272b6477719ddd40000000f6f9da88f3f6ff93f07347b9b4909e9481815b15546bb2aeedd0afc79d37f7a7526c20d4e097044f0e4a4661bd36cbf91e297e458562338858d835fee4a7dfa7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "46"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "43"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\DOMStorage\yahoo.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\yahoo.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e07ab1ca64e9d801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "64"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "2097"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000975fab978604b14697eb522259e91a100000000002000000000010660000000100002000000044db3dc87b8e42697f5094b6cf0d96df65f445b735f926f8fdc58a3a380e21aa000000000e8000000002000020000000bc9703a7f143f6aba511237f7053f98612d5b18a689f2fa010d13493b3aed81720000000627b62fea09792a75544f85134ec207eecce39ecb2f9b3849e4eb0fbc4da0b1840000000db4fbe829ba37eb2d478b097dbcf4e805377ef283071654a136e073846ddce2b76e07e326c5b817ad8e8922f18bccac6036dc544c0736cb5beae4c687094c848	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "9"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "43"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{F0ABB8D5-5557-11ED-89AC-FA09CB65A760} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30992740"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000975fab978604b14697eb522259e91a100000000002000000000010660000000100002000000017305f3f3f21c1c82796954944866e740027bb29ad1ae1aeffed61f47b77a5a4000000000e80000000020000200000004faff472fc0bc497f46b4c362070f61e59d4b158e6c2290efe8f1e04588278eb20000000a40ab00d769ef56989a18505151aa7c0d0a038b2c22f6ff4b5eb36be4ffc120240000000d42e5277c1a5b2b99b11b318051049e6ba85960a2ee8418a0c56818f55443a254825e70458951a245431cc699754135a0a72f99adbcaa6d93c44e737e27533b3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000975fab978604b14697eb522259e91a1000000000020000000000106600000001000020000000c2d70687145d20e9bf184084f401df9d97a4e4b34e405f53b78a27a4c3965bb8000000000e80000000020000200000009686426c2efac1d8c8ff01095583fc9a87d5f6061e1423e21b01361605027a9120000000188f73f6c90d1cf08b3a677fe08906b9dc68ad61fee4c1e07c32e6b55bb46ceb40000000e774d9ef6fda6108193c1caedb1f85e2955d2487f4289a6f7bad7db557cd207158130ce1f4c5c5fd5232cb00e0633e526bd70066c657ffcea297d5b9e5e56190	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "46"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "2070"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "2070"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\DOMStorage\docusign.net	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30992740"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "23"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "2084"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "2173"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3316568081"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.msn.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "32"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "2097"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "373572145"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "2160"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\docusign.net\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "16"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "16"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "23"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "2084"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2295526160-1155304984-640977766-1000\{4BC07591-9550-4BDE-BE61-514858F0B042}	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
536	iexplore.exe
536	iexplore.exe
2416	DiagnosticsHub.StandardCollector.Service.exe
2416	DiagnosticsHub.StandardCollector.Service.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSystemProfilePrivilege	2416	DiagnosticsHub.StandardCollector.Service.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
536	iexplore.exe

Suspicious use of SetWindowsHookEx 27 IoCs

pid	Process
536	iexplore.exe
536	iexplore.exe
4904	IEXPLORE.EXE
4904	IEXPLORE.EXE
4904	IEXPLORE.EXE
4904	IEXPLORE.EXE
4904	IEXPLORE.EXE
4904	IEXPLORE.EXE
4668	IEXPLORE.EXE
4668	IEXPLORE.EXE
536	iexplore.exe
4668	IEXPLORE.EXE
4668	IEXPLORE.EXE
4668	IEXPLORE.EXE
4668	IEXPLORE.EXE
4668	IEXPLORE.EXE
4668	IEXPLORE.EXE
4668	IEXPLORE.EXE
4668	IEXPLORE.EXE
4668	IEXPLORE.EXE
4668	IEXPLORE.EXE
4904	IEXPLORE.EXE
4904	IEXPLORE.EXE
4904	IEXPLORE.EXE
4904	IEXPLORE.EXE
4904	IEXPLORE.EXE
4904	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 4904	536	iexplore.exe	82
PID 536 wrote to memory of 4904	536	iexplore.exe	82
PID 536 wrote to memory of 4904	536	iexplore.exe	82
PID 536 wrote to memory of 4668	536	iexplore.exe	94
PID 536 wrote to memory of 4668	536	iexplore.exe	94
PID 536 wrote to memory of 4668	536	iexplore.exe	94
PID 536 wrote to memory of 1116	536	iexplore.exe	95
PID 536 wrote to memory of 1116	536	iexplore.exe	95

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.docusign.net/Signing/EmailStart.aspx?a=1c618f3d-d2b3-4133-b2b6-2dc490c289c7&acct=b76041a9-42de-4c83-a80a-cd295cb004d5&er=cb31b637-3f4e-444c-9d59-a04a1ded3aab
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:536
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:536 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4904
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:536 CREDAT:17416 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4668
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:536 CREDAT:17422 /prefetch:2
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  PID:1116

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2416

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
1KB

MD5
146888564b333429b8f5d412491c88c2

SHA1
12e3bbb1a6f40c51e29f77651cb2a9c79e6b0d01

SHA256
e12280800910d802764c4c48b76ec205e1e6a39fa099912b24cfdc694bce1906

SHA512
5d48cbb4c0aa19364a7a4d7e91f060eda0f6df4624b7949d23dfbe06586e762e2176764515916e4c389cf867311b6c1170a5b377bca08e7ed6d4046104418673

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
9ebd7a0345cc0e64adb3c109997a2c1a

SHA1
76ebba7d659452c2f3cd86b589dfd82fc73afddb

SHA256
43f974eae1ff849eb1ba9afc5c73ec9a5f1b32aa7c07c0f9124f9a320ac76ac5

SHA512
ebe08af1f17b7d31e388136734618c3a4f46433dca14bb95fa0cd8b7c80f543e09f42013d925bf7c872ab0ecd7d3b12a81f265bd6c486b189910722e052ed6fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
0c1e4e95b3acb0daf50d9092322f5392

SHA1
e38a9b2adc52b598ed9a697380f7729f083ec2f6

SHA256
7ff3940b32d2a4f7d7d2c23a5b04dc671361ec0ff7fc5066258f97ac685e08d1

SHA512
fa3ea83cfce0d2609958bef32903d363ce04fe1dd66fc1c0a5a326b3fa5d6cf83eea5caff8eeee7b3c1e77db7be42af636375546b0283483aaf388a99d0d8031

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
446B

MD5
5ad20a12b78e6a8ad92cbbc513f61ac3

SHA1
fda72956cdb98d0942cfad9c015ce59007dbbdb7

SHA256
c3a605368cac2fc4b4bdcd8ca8c280e26219609143679852f651c9fcc0384b79

SHA512
131f50db53bcc8e76c48427b374466f37dcd3604bf04836d0121da152d62efcdd069e7ed298c85ba38246a67c0b2bc08070cec340a5f995161cb200f0ed354bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
434B

MD5
1f3f6d82f670adde3b12eadfab0047d0

SHA1
74696cf9794be09a85e06913509f02851658f89e

SHA256
41e5615246d4336c05d21293ba9b60e4f7bc1ee75b21ad55ae9bd6cde791b5d0

SHA512
f00517e51ee9ac2321e3a7fd4db4ca032e1b48c1eee655b46a2bd9826d8abf18d0caf2d90441c6d01ef07e4a6cd7f9b764ce892ac5f44d3d0d8ed1239ef97306

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
430B

MD5
78a7247208e04ff6c7d8e0a38231e14d

SHA1
3a64b13ed107121adad5e6de0c3f2eddb4624ca5

SHA256
f0517f556b51d91efa09239b26348ae0d07addad0fcd42cbcb092a20a3cc749c

SHA512
25425e3360ffd8ca306d56b5269369eaeeb98dfea1bb05ee63313e94a80e62ef42590e0e71fff95fd23b10f752a13d32b20e60881c287f0d9a6470e477e04539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ru1r3yf\imagestore.dat

Filesize
792B

MD5
c258c63e0896a2f81c2d93e6e5945fbd

SHA1
67bbd6271fea3bd3fb63edbacaa35cd59494a8c9

SHA256
da906b0ceedeefc0b324a04094ea4ecc55679347b782ccdce0218d4fcd46f509

SHA512
7c021ca6f1936c43d5b8e1d33e31bd17c756838af896c0525473f07dc67373a9e04dd296b76eb508c8e03b7a054da64ee41a22537b3d92e1a77bda3de01fbf69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ru1r3yf\imagestore.dat

Filesize
35KB

MD5
0472975eafff65e99321ba21932b5b0e

SHA1
14a2518d60f21d2deaca0c43ded08c5397f51878

SHA256
2346c68e615baf518114dc686845dc57619d971ec99241790a6b861bd3d85bcc

SHA512
b990f09d1696ece5fbe55223ef5c59af02a4285011bf8b28b206240db1b30937afec46ec97206accf8a0c0592f5aaeebeae1bb16b589e15d74a976a83363e655

Download Submit