hxxps://app[.]box[.]com/notes/1055994000450?s=oztyu0fdzqzksivql63eo7fxqeoqnxzp

Analysis

max time kernel
239s
max time network
246s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/11/2022, 08:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://app.box.com/notes/1055994000450?s=oztyu0fdzqzksivql63eo7fxqeoqnxzp

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "111"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\box.com\Total = "29"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "21"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "133"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url5 = 0000000000000000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url6 = 0000000000000000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\box.com\Total = "907"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TypedURLs\url1 = "https://yooomisaa.s3.us-west-004.backblazeb2.com/yooomis.html"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\notes.services.box.com\ = "124"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\notes.services.box.com\ = "907"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\box.com\Total = "124"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e0f3d159765a7f43b6bf060b4b70c9a3000000000200000000001066000000010000200000000b2713eb7fd0568540e7b34504b2bd361b05de763e90c9950f836a0c22b564a5000000000e800000000200002000000059f87378b93b874952ec7d297d015ecbbbe5d8c756b2b1384942c2daf3b2ffc4200000005f6fe793bf6602294949611bc4cedaada32a49281ffc754082fb947a38ec7407400000007aa5fdfad43f4dca3ac924b172aa0d18983e1926940e9bcd028dad19e7533a53c9b8c9d666ac6b6904e52c25c2fb65342e6f3ad2582d49a35168d469b5211336	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20b49b5368efd801	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TypedURLs\url2 = "https://yooomisaa.s3.us-west-004.backblazeb2.com/yooomis.html"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\box.com	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url2 = f82e277068efd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "133"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "244"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "374233369"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url3 = 0000000000000000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url1 = 38420b7568efd801	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "336"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1132"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TypedURLs\url6 = "https://twitter.com/"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "21"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "29"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\notes.services.box.com\ = "29"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TypedURLs	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url2 = 0000000000000000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "167"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "56"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\notes.services.box.com\ = "51"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\box.com\Total = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\notes.services.box.com	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e0f3d159765a7f43b6bf060b4b70c9a300000000020000000000106600000001000020000000fdf252986a26e99fa33bdfec00118e9a48d1336ff92a22c75d0a6f0d2a763d82000000000e80000000020000200000002145bc6b382fc94a9471f53dc6897c8775f7a95f0fe102bb5d0e8a891f54682090000000ecd7481115852e7727ac9b591b5eb8b24e70c4c91174c5f972ad90eb4368bfe06a305444b1ce3d7f19633bfee6def22dafe8675c8ab44c3642065e2a658a815951296b1ed9c45ac61f25b43777cd3986617243b757b2486b843aae6fc142832ab8bed87cd954a39cd5125679d618782a9c6bff5ebeaa8eb0de73be87c1789494189007fb843a610f72cb60da9abd706d40000000590e1f8d8a95bcc2785811aaea19dc0b6aa447b29d9c8acc2b0aee7f0b60a1fc01fe991d4bef8008f086dc7bebadd67b175f3b5464f82b44dd1e9335ddfe18f9	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url1 = f855f46c68efd801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e0f3d159765a7f43b6bf060b4b70c9a3000000000200000000001066000000010000200000003a4814e8bfa040c76a5d450444636f4be43def8d35ac47682782d52f94c3a854000000000e8000000002000020000000df9742711bcf8a91afb0814cd1604041352143ec615a27bb75c8c97429d40edbf0020000f32c3541fd6e99b60961960617fd0654717ddf1bc3752b42a02431cbc67d520c98188d047fca3ac0765515107fe246a32b0a14d24bc653186bcedfe430501d6df0596b71556c87cbc1d048bdf56c8f389f693e3acb37d9b5081478bdb2f87ec7934ab977142d1baac72b1eb18ca4536234a1e0c228d7e5ec61c1c465559c637effc743b7e88033df85a829040c8d07109d1f222949a15774163a5342c414a4f91aa3dc77bba3c74e0833573fa0556b430ace8d10bfad6dba7e82bc50b061265da155d34a67263eb1e6adcc669caf10d204f22df464a5baa9a3ff664c6ca73ae809d2c604f240b24e87d2b3cb9de3bfcd5dbcbf8b64bdacb291528ed87636a8ce30e52c5e59c76ce90cce616e9f43becfc9e334911e26162dfce2929df08936fc5bed6d451e71bd3e429c4ca3dc219bf9bbb8e3a4b964422a047cb9ba74747d9a3b3cc1d19a35f23620f7c7f2ac6e4a6f7068bac9262c05fbc87a7c4b72c01a5db5cbf41dac0b7da17df381dda7d7415c56024b659e3fcf5a8b5c6d4dda2daeb25190510e2d34554130cabc67d80c1cddaa2258aaa775cbacd397d96b4d3f199b057f69fd87edadee7e43330f33b7a471500713693f49456ae4edbe18a78e29ed2425276464f5561f709541756e4e94e43e86d1ba1d1dadd444b88cca5e418fc9c17774a9506a4a39a73cf4d9c8ab35300ec9ee8fdeae60cbfb0063395e724b99e6a924541563cfa9c4c5fc0aa9c898bc296a23da0766a0f694102ef0aa7484d6bf5613ab4be731b8837a354bfce09fa40dd69f0c5fb58e4d7c1251758bffe0b4cbe0e4e049bcddeb6b6ce3219e078a0105ddaaa1bdf432a79db5af6b73c4739b8e9f5e2597d773f40c605d4afed2407cb305149172c508edf5e742a6347dc76ab32cdef263c93b2d8f94a075cc1e3ffd9eec75866eecb7dc6989bffa29f8ccaff6d728958d220ec3f72ccb6b04a39a8e040a5cbd3a7389dbb84d10d86124ca5a857cb5fc83625858b84c191ff7fb99c4fd76a1ea6bab4c28fc06f042697d7abd00749ce4bd93f4a73d91c0493da390034000000070b15108e700e5777be97d4b7e1ee106029b009eab973126aa23017e6482ebaf04ba69b12bb859236e0b5fc9d68e9e7e810043f1730bc714b65941aad4279d78	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\notes.services.box.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DOMStorage\box.com\Total = "51"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TypedURLs\url3 = "https://login.aliexpress.com/"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url7 = 0000000000000000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e0f3d159765a7f43b6bf060b4b70c9a300000000020000000000106600000001000020000000f5f28e890e3c12e40bcc29052f454ed04077229abec37fa5b4ebbf0e494669e3000000000e8000000002000020000000fcab6348906dd1498ec84166fe837db5f3311e8b71b316348d680bb57bb557bff00200001fcabb5cfca29e157829e80dbfa77706bb6a95cd6442c491cbd5fa1572823cc411d2f95d55e20fa41e324a49f5fe75914315a58d9deab7cb143e7a813181a3e8159c81379c5efc9d393c057ce1dfbee4a30089b10c0a24bd7e3f9a827843b9c4dc27a4d5f33342ea57a824d8bc926b6e3619e58ab862185c0ea6bd64a04cd11b917e657b03022e0bf6818ed94be33474087420e96ddbce2d081f9cf780204ee4558e9515cd1460c06931eb8f52b8c1da5308f7f3e505142267ba2ec2fccd36aca8e21d83cc08a5f6fbe0ce53807eb9700135e3ca0d121aea51ea61fc52ed228be5091431320152aa60e06fb21dc557f55fd5aefca6046fc014cfee06313ff75e9fc0a74b219546b137035e87e11433522e4da60affdd93f6d0136845a6195b19310cd15006f871b98fa44a557b4bdd19a13459f31fc71dacd5b4a652adf22115cc03cf774ea65f7e6a9953c6afbf73acc739a55178577e973a73d77e6b69418e706e67f79d9f28af79fafeda7c6d234867ca248a609828fc8b902c4b0937a58b3566826281e62b089155df655286402984f77c2967e19c09b3536e22b2716970419e236057ee9e727f4fdbaf5b004478eb1ded932648afd73e570c525c412b8dcc67c8da1697cbd6e39cce875458fd66131d9d6af90449b378f53c16391e1a4854007095d97c5e6682fcb1240f5eabdeb0f0fe02f9b304f4f76779a2a7f492fa912803c93acc635cee3d47dc420f010cbb2a8baaa2933783721849e90fe3c8eb64413a806316f27f5df93e2d5704f99e4f9244a927169dffba16a66327f7865975a7d98bcfb561ba64b8d1ef941a1494929c18d2bbf98d1099e66bce2f0ca762d1baa322fe9f2239bdeb5e10f5bf3b62d3b532001d00ff4a61f9fc953f0866e1cb48ce1d5bc4a61c4b7313f39bbe1f702dd53ad8fc6697c0c5af78f5f40684ebb40dde333694e5db65efb0ba3b3d726f50b70a1b83b5d402d294d86c56d8f960ffe216bee59e93a5a0a9a8d4c94f2a0ffc8344d3212710a610c8e4b006dee5172dff22c388e4d7d429720b2bd0d1bba040000000d4b49b219317d2a36aaa122283852b8339290c12e046c72af5735b34da2f48b482d4aee97539e37a469d282d0bd382d4c8f7af73dd1cdbc0cb00942718778652	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1972	iexplore.exe
1972	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1972	iexplore.exe

Suspicious use of SetWindowsHookEx 30 IoCs

pid	Process
1972	iexplore.exe
1972	iexplore.exe
1516	IEXPLORE.EXE
1516	IEXPLORE.EXE
1516	IEXPLORE.EXE
1516	IEXPLORE.EXE
1516	IEXPLORE.EXE
1516	IEXPLORE.EXE
1516	IEXPLORE.EXE
1804	IEXPLORE.EXE
1804	IEXPLORE.EXE
1016	IEXPLORE.EXE
1016	IEXPLORE.EXE
1516	IEXPLORE.EXE
1516	IEXPLORE.EXE
1516	IEXPLORE.EXE
1516	IEXPLORE.EXE
1972	iexplore.exe
556	IEXPLORE.EXE
556	IEXPLORE.EXE
1972	iexplore.exe
556	IEXPLORE.EXE
556	IEXPLORE.EXE
1972	iexplore.exe
556	IEXPLORE.EXE
556	IEXPLORE.EXE
556	IEXPLORE.EXE
556	IEXPLORE.EXE
1516	IEXPLORE.EXE
1516	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 1516	1972	iexplore.exe	29
PID 1972 wrote to memory of 1516	1972	iexplore.exe	29
PID 1972 wrote to memory of 1516	1972	iexplore.exe	29
PID 1972 wrote to memory of 1516	1972	iexplore.exe	29
PID 1972 wrote to memory of 1804	1972	iexplore.exe	31
PID 1972 wrote to memory of 1804	1972	iexplore.exe	31
PID 1972 wrote to memory of 1804	1972	iexplore.exe	31
PID 1972 wrote to memory of 1804	1972	iexplore.exe	31
PID 1972 wrote to memory of 1016	1972	iexplore.exe	32
PID 1972 wrote to memory of 1016	1972	iexplore.exe	32
PID 1972 wrote to memory of 1016	1972	iexplore.exe	32
PID 1972 wrote to memory of 1016	1972	iexplore.exe	32
PID 1972 wrote to memory of 556	1972	iexplore.exe	33
PID 1972 wrote to memory of 556	1972	iexplore.exe	33
PID 1972 wrote to memory of 556	1972	iexplore.exe	33
PID 1972 wrote to memory of 556	1972	iexplore.exe	33

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://app.box.com/notes/1055994000450?s=oztyu0fdzqzksivql63eo7fxqeoqnxzp
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1972 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1516
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1972 CREDAT:275470 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1804
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1972 CREDAT:3159057 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1016
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1972 CREDAT:3290142 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:556

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
ec8ff3b1ded0246437b1472c69dd1811

SHA1
d813e874c2524e3a7da6c466c67854ad16800326

SHA256
e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab

SHA512
e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\212C18CD59F576F072F7D23F91E819B1

Filesize
503B

MD5
4ea21d5422f83f96076936542741f176

SHA1
977123401482426854b8a561cf67210051785692

SHA256
6b27cdf7a10e69d410a43205dd84f6f898be3408be00b0ccb665e880b4f8c4fd

SHA512
0778c902ab6a3ad30b230ac7081c52fd33c15b95821a70537d61d6edfe5bbe0baeb3aee029f2bc3d2537bc4248f35ebdc66e5568aef33dbfcecee8d1add10c32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
3dcf580a93972319e82cafbc047d34d5

SHA1
8528d2a1363e5de77dc3b1142850e51ead0f4b6b

SHA256
40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

SHA512
98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
8ddd8e1ef6e969540838ee2c3f5cb07d

SHA1
d889a9306176ab6e7af71fbce1bc1f6383254566

SHA256
89a3055ac6fed863e0984a1b8afd2a5abc96c8c7eb702da0ab90e5a3258636b1

SHA512
20e91f652ac05ca5ddecb6508831ff9383511b8b1bfd1bab206e2f3a39994f33b6e8004afd7977559ca63413531efd305fb4e185f4fb99a487a5ef81cf831c78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\212C18CD59F576F072F7D23F91E819B1

Filesize
560B

MD5
b7e7f7c3e29f6daaa78020e070cda19c

SHA1
097808a3c80f0c220cd85e98fd3d5cefe4b97c0e

SHA256
e0434aa2df59c2e4856a59b9462a93998eec5cdb148d6c7372f5707cdeaeada2

SHA512
0eefcc9f42714959bf0f109bda14c79a6ea411521216b238c4e4e01349bac92c653e7c74fdc9574856140b0aaf9d60e2b21b482580d9b36985fef3853f2af2f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
340B

MD5
0e2e6268203a34f9aa16f545d670b129

SHA1
667a5abde505841f45ff08901fc3bb03cf107604

SHA256
a8798f75b0b0bbfce75ac3ec6a67e77c18641b40f3217db43ab6a2ccaeb25084

SHA512
b7df28f6a303018aa2fa7b0d77ebaa9bae81a152c880bf9dda9816dd10e7d5d62a535e760ef8cf8b4a6c34bba273af05d389d3bd0fba41f83b81821d34653669

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
377fce6562bf3e17d5ba6c2ee1777c74

SHA1
7b1a68fbfd4d3177dd06f007f52e91cc2f6fa4c2

SHA256
b029746fe064294462b34565e6a97146520b2ec002818d4e4ca77e59988b494c

SHA512
c9f7242019ce324473acf374229f2e1da28d21470e5523c6d7c029403b35d8bd6645b48f182ddb026c74dae46860dfe88e3994eeea0e9bb734c5a16f1d123fda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56f13a8cea25aa2798b40405b8ae6601

SHA1
510ead63041fd1acdb5bd5056ed39993d400eeca

SHA256
491ab752ee5020b9444eb4425f5ebd15a1b485afc6247f9ad4d9d9740bc56969

SHA512
d1a679e5ff2d393b25c8d01cd51e1ceeaa72ed5c6740a3f009f9a75effd5f3df3a5a9fbc6094827eb4d7c4069856eb84b6c364cd7366fc92bb1eee3f0ec5a0aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
babfb04e462ec412f22731b9c6259605

SHA1
6b2e0a596d9a7d816923145e478cf721139a322b

SHA256
9d4a9b3558941c1ad055b8137f26df9dbf09ee366e57c8e7542e0caa68e1e409

SHA512
51227091e6ba11a1c0606a6f499a2d6d9099cdd633d21ca24f0cd3a34ae5c0815cc5e1172e44a8fb1724dbbd553ec2795e58d76dc5a77d685d8fdc362afb9c33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
5f3518ec4cfc3382e6e3b7830f0774a0

SHA1
0bfd99ef3633b472a28975071810e880998a95a3

SHA256
967f6459053f91d34fe19017a2f0e9a99b828c39a4d69f70e1d6c32ae746892c

SHA512
95bdd60364244af5796ef3dc7e0eb9be7597024d0a8a01860ec2853021d9851feddc1a97fc0120e8fe21b17e4054fba07a9ca48e24770b065ee5608b007a91f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\tcz8fqz\imagestore.dat

Filesize
9KB

MD5
2d5ab395d2be8ea9f05682216282f3a1

SHA1
3f2dbc1e2a3b891b837f135bddc010a2b53e918e

SHA256
ab326352a47e616f518feaf86aca6dfdb2361bd399b9534eb6373828a89cce80

SHA512
4067d4aee226abf2999d0d9b7440640e58122995d991227f4e59598781ef66a5cf3147037fb1500fe69244f2285d5ec318d8a0f6a25e9eda440d7c97c4c4f1cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\tcz8fqz\imagestore.dat

Filesize
13KB

MD5
bbe9a6c9c9a535a9576df89e1b62c8bc

SHA1
7ce7b0bdb66dc8dcdd0b03db51734bb164890afc

SHA256
f5ce77bebd89b45807c8fbabd105feb43593669dff0488153bc91dd099023210

SHA512
56517d651ebd2cbca4fcb7f6e292658cf37918975ec279e504b58d1ec5a15d400f0de981aaf4bd780664fcf0592c0665c875a330af59d7b38a6f6ce1d968014a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\tcz8fqz\imagestore.dat

Filesize
19KB

MD5
92b57e4ca9aac52889be89a8a7a8a8b6

SHA1
b1c7db5e42d2420188f2a30892c2dd0c2c5809a6

SHA256
880172c0848dee8ccce91c22b5528e31a63c31b47b41b3a5f12ad7970163a6aa

SHA512
e6ba24035f19d2bcddd825b37329abf9c81745a95efd1da99bfce7c7abf093a6f8ee7b51bd250a829d20ac1f21f19773c29ec02c0a173878c668b5cf3dca879a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CASMTSF8\favicon[2].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\1BEK69WV.txt

Filesize
608B

MD5
b56f15517165d5ddf2e902cc860915c7

SHA1
e8c48a2c3123e892eba1bf3c1a35f9690724e3a3

SHA256
27fae53efbb5544b2d2a39eeef679f6de82b2c6a9490fbc57f56ec8b5d565950

SHA512
b8232958d2c405642c5a9ca8c1d64d8acc79db9935efcad74f57a33e22434d6d7ec208d667553503006ee10e6b5989f154c14d39010623561322081426a5f831

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\O623PAJ0.txt

Filesize
449B

MD5
6a69c8939883aabff2a77ad9d75de70e

SHA1
3e874fd33e021c1f3aacd57480aee40110e4b831

SHA256
d9ea921fc49efade90685cf36bdb189c8db22984782b518d3ce46462fd5bc43a

SHA512
11926f2bc00cfc1c69584c319a200d2e406dcb2a1196138d551f908716f23abd7f3588a9e951789ac5bd2744ddde75110a9232ee37acd366e1ff3a1a4b0e491a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\X2T4MRLS.txt

Filesize
139B

MD5
d810586fb1eccea48e8c32543ba9d31c

SHA1
ec7f93f5c0a975ca7f725989b59336e2940e5b13

SHA256
0eebb28ab3f124d81c1e51a6ea02ceef7f72895eb6c0976176da0adbb0c438cc

SHA512
2de1043d367457f173d1a5e56ebe5c5b9e2800d9beeefc07c1a6f1aa4d5fea79088948ff81238d04ca120b83a8e16cbe248975a7dd6b98f10bf480f6e5d86aaa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XYVIS23Z.txt

Filesize
569B

MD5
5e5a37ff83e2e15c21f81e742d046f0c

SHA1
1c15e8d81f9f95eccfb51f1a85d05866db24df32

SHA256
7721c799058c8c7ec77b6f601f646a0f1e82e62030c755372f135f76c0a5e712

SHA512
639c962cde92bc7456e968e29c3c31a9c6e03fa33d4b4755aa55f922c93f008ffa1d9ab73c07637793f1b55b2d7fb825d74ff74de109cefdffa0e5cd16c7191e

Download Submit