Malware Analysis Report

2025-08-05 17:32

Sample ID 221101-mqek6abhdl
Target http://www.bicdata.com.br
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file http://www.bicdata.com.br was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-11-01 10:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-11-01 10:39

Reported

2022-11-01 10:42

Platform

win7-20220812-en

Max time kernel

155s

Max time network

179s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.bicdata.com.br

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F9059F81-59D9-11ED-9172-7ADD0904B6AC} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20b6d9d7e6edd801 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062e6ef0d45f4454ab79548c962d74cdf0000000002000000000010660000000100002000000001751453d0583cd0ae1e8ebe11f905f120e2a18bee7e68e4b47b3e0cdd49fa1e000000000e800000000200002000000063a7836b6d48067244d8bb3f3ab9670cb0cc697e510036370e538a6b58abb1ef20000000295d4540cea8be29e61a480f1049121aba1e018a5d83125e03956c65e4e96f12400000003ff7a249178a591018a1158a7be4dae461cca6f30b0ea01722982eae1a2e0fec1497d7de24b3ed660809dc77328af1587a7a5a61f66e50a5b1a8496bf1ac51ef C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "374067800" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062e6ef0d45f4454ab79548c962d74cdf000000000200000000001066000000010000200000004423a5cd28c9c2574c8b75eba6b59540e4c4e80ee81297782b42f76224c100f2000000000e80000000020000200000009003b19e8ae88606314e0b5960cc14b4aefd62ca27f3c0d022e8bae1a649aaee900000001f13fb6374955850c669a4ee933f13a41469568549c872f15c950e8e9229cc61f612da8f8661db8c406b680ec6e85aa81b2c54ad8fd8380b11df0424d9f1d71adb106cdba52c50cdbeb6834215ebcab6bdaf49cf7e74848f35dda1a9eed616819cff1e45403fb7aba2b28cab74b252f7b32a68af45ec95f4ce746caa6c38939c28bd920d3cb52dc9b9196f6adf2897c140000000c1acc46fc0c31191d0216231114b2d4ffd3b2d0b9cef77baa761fb3420ff0d9b1a9202d4136ae28669583d9d2fdf425ce41134614f75603ff1f66ae8962b842a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.bicdata.com.br

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:872 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.bicdata.com.br udp
BR 186.202.153.170:80 www.bicdata.com.br tcp
BR 186.202.153.170:80 www.bicdata.com.br tcp
BR 186.202.153.170:80 www.bicdata.com.br tcp
BR 186.202.153.170:80 www.bicdata.com.br tcp
BR 186.202.153.170:80 www.bicdata.com.br tcp
BR 186.202.153.170:80 www.bicdata.com.br tcp
US 8.8.8.8:53 bicdata2.hospedagemdesites.ws udp
BR 186.202.153.170:80 bicdata2.hospedagemdesites.ws tcp
US 8.8.8.8:53 bicdata.com.br udp
US 8.8.8.8:53 jigsaw.w3.org udp
BR 186.202.153.170:80 bicdata.com.br tcp
BR 186.202.153.170:80 bicdata.com.br tcp
US 104.18.23.19:80 jigsaw.w3.org tcp
US 104.18.23.19:80 jigsaw.w3.org tcp
US 104.18.23.19:443 jigsaw.w3.org tcp
BR 186.202.153.170:80 bicdata.com.br tcp
BR 186.202.153.170:80 bicdata.com.br tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 142.250.102.154:443 stats.g.doubleclick.net tcp
US 142.250.102.154:443 stats.g.doubleclick.net tcp
BR 186.202.153.170:80 bicdata.com.br tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.nl udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
NL 142.251.39.99:443 www.google.nl tcp
NL 142.251.39.99:443 www.google.nl tcp
NL 142.251.39.99:443 www.google.nl tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lwrmjt1\imagestore.dat

MD5 f947034b1551c01934a8f4d93ee5772e
SHA1 4d4b19086c34adab19d312e50a9e200fd13c41b2
SHA256 8ae9c56a2701d75e81e91722dc3081c4de30526e7138d577aa11954896eb290c
SHA512 2ba5f9b060a6d08cfc9f4ce468a1eefd40fa23b20dbc7f3caf344256ce582d70063b0d8a8c9f263dabe555a975393e8dec134d70010e42b2853679ccbb7abd3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51b837e384a238359ad1cec3d605cd24
SHA1 bdd7fce845f4db8f9412034217557c6c8f2c1599
SHA256 20e19488307973f46cb9f529204b9b6b889877e2f41a0ee1cdc91c14cb042fbf
SHA512 464543d3b86d787fe84ca182faedb06189db1b8728e10de9c10763757c011318b28d9c535f1f5bee64f7514a729f4d926cd21643eaa396d78e02c1781934946e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\D8B1O6L8.txt

MD5 04c61d00866da8b0fe01c6efcb13eade
SHA1 6ae93c013606c7f7d148598cf9679acd3360d19d
SHA256 879599789d0866c97c5005deffd6536b1a1f9361f02750aafcd56f4231a51028
SHA512 d201267a9f7584d52b094b146dd95ee718c1be0e34fd90c37c385a974e981a35b5fcc94ce5dc0bedbc0570a46301f902b8bc54b4ddd03701f986dc0e2c285929

Analysis: behavioral2

Detonation Overview

Submitted

2022-11-01 10:39

Reported

2022-11-01 10:42

Platform

win10v2004-20220812-en

Max time kernel

136s

Max time network

171s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.bicdata.com.br

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3443349183" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000975fab978604b14697eb522259e91a1000000000020000000000106600000001000020000000897de923fcf054476e8ab2959218ed8fc2945dbda0e15fbc584a8c37a104a7f2000000000e8000000002000020000000c444aaf079f6d3214b1da45f994e47efab5a860984fd2bb4dcb60206b4971a33200000009cbc8f4caeaadf08ca5ae66d909e49f79eef0fde6c53e182bdc05cd74eaa200140000000b4f51fbfd94752d6b2488f03c2af57a564a945eeb88007e4b631ac4c0288b1b0f5590c6795fccd6a042201dc68437a019b86dc7fc5e07fdaf262196367f3c24e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "374067799" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3443349183" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30993894" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30993894" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000975fab978604b14697eb522259e91a1000000000020000000000106600000001000020000000636bba885a3201c5905a0e316d599c2cd15c08fa2c708074d72bdb66cddc96df000000000e8000000002000020000000f6b47eebab83e56bd3a3d2b1631cfa152f40ed4a97d1c43de7095bdd4d84967a20000000b1dafcb65d2a8cb41e4deeaeb341e6e31960bd63a3c18969419e0bffecd806a5400000004d1352a93fc55d732c9a1a11b7153651c865cd19f7ee9cd94dd779d9bb53e12a9143d72a7f65980099e07efcbcfbc1cff8f861bcd8f4c8cfb1136b13d41e0264 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 203128d2e6edd801 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3456006622" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30993894" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 001834d2e6edd801 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{F5654C3D-59D9-11ED-89AC-DEF0885D2AEB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.bicdata.com.br

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4696 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 34.104.35.123:80 tcp
US 93.184.220.29:80 tcp
US 8.8.8.8:53 www.bicdata.com.br udp
BR 186.202.153.170:80 www.bicdata.com.br tcp
BR 186.202.153.170:80 www.bicdata.com.br tcp
BR 186.202.153.170:80 www.bicdata.com.br tcp
BR 186.202.153.170:80 www.bicdata.com.br tcp
BR 186.202.153.170:80 www.bicdata.com.br tcp
BR 186.202.153.170:80 www.bicdata.com.br tcp
BR 186.202.153.170:80 www.bicdata.com.br tcp
US 8.8.8.8:53 bicdata2.hospedagemdesites.ws udp
US 8.8.8.8:53 bicdata.com.br udp
US 8.8.8.8:53 jigsaw.w3.org udp
BR 186.202.153.170:80 bicdata.com.br tcp
BR 186.202.153.170:80 bicdata.com.br tcp
US 104.18.22.19:80 jigsaw.w3.org tcp
US 104.18.22.19:80 jigsaw.w3.org tcp
US 104.18.22.19:443 jigsaw.w3.org tcp
BR 186.202.153.170:80 bicdata.com.br tcp
BR 186.202.153.170:80 bicdata.com.br tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 142.250.102.154:443 stats.g.doubleclick.net tcp
US 142.250.102.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.nl udp
NL 142.251.39.99:443 www.google.nl tcp
NL 142.251.39.99:443 www.google.nl tcp
BR 186.202.153.170:80 bicdata.com.br tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.194:443 googleads.g.doubleclick.net tcp
NL 142.250.179.194:443 googleads.g.doubleclick.net tcp
BR 186.202.153.170:80 bicdata.com.br tcp
NL 104.80.225.205:443 tcp
US 20.42.73.26:443 tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 34.104.35.123:80 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ru1r3yf\imagestore.dat

MD5 45d534b14ec3b277d1ca6d3f16d26de6
SHA1 4c70b33836392a101ad4991d1a4677af82d43935
SHA256 c35990f99756257040e28aa633c8b82100e69e58d6e938a6589d446e20c4c0eb
SHA512 d76e8abd2c0050f0e967c40cb3bf4e8f12d6a083804a0e37c06af7096a2c7fa2a0806f7925dc4cda3f58120791cc81136d608f3fdee85cb4b062e18d448bdc40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 f96f5cc4fe29e16e576a10f0d731f764
SHA1 a24f0e59653b954741bebe8a1612ccacf59c1efc
SHA256 d36259b892a35873c19e5b65172a5f37e7df9bf4d1c614f862d76ff3617eef57
SHA512 12c82768aa942c2b8a803971fe8fb2355262df94fb12db1b8c4d8b550a028c3ae7a34dbdd29817803dcd88f5f915594e43b95c474e3295412227e97deb2edd5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 f32ada5ce1a5bfe2e2f256b0ec79124e
SHA1 b3446886fbd3c908f81bb1a8c6932b2cab2ca506
SHA256 88cbfcb7cee60fe84366221b6785cc0ca50b22183a3bb0807103988fd7ad8f72
SHA512 0be7901e09c95fd153b5c6db9c84c4d2b7f94e627b1727f5639b2672a58a7bde699a2b04d8ec18a5a80e9b9226093856d2571959bd12900545ae66f1168fbc42