Malware Analysis Report

2025-01-02 11:47

Sample ID 230110-j7eeyabb5x
Target https://bisq.network/es/
Tags
bazarbackdoor backdoor
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://bisq.network/es/ was found to be: Known bad.

Malicious Activity Summary

bazarbackdoor backdoor

BazarBackdoor

Bazar/Team9 Backdoor payload

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies Internet Explorer Phishing Filter

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-01-10 08:18

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-01-10 08:18

Reported

2023-01-10 08:21

Platform

win7-20221111-es

Max time kernel

134s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://bisq.network/es/

Signatures

BazarBackdoor

backdoor bazarbackdoor

Bazar/Team9 Backdoor payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = d8688f92d424d901 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "22121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "1492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "10594" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "10710" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "6128" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "15192" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "23658" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "1343" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8415" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "18632" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "3787" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "15192" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3787" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "1377" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "8415" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "15192" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "18632" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "16613" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "10709" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "10594" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "13019" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "4097" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18715" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1377" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "15307" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18632" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "1343" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "1344" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13019" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6243" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10710" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "408" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "15224" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6446" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6128" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "3874" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "4947" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "1498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\es-ES = "es-ES.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000256ed27e8919d04f83812f84ee5c95da00000000020000000000106600000001000020000000f0d415c3f5a84f86d8323d401fdc3365a8abb652e5f98cb68b3280e56744a4cb000000000e800000000200002000000095e2354300d80dfe155b926fd30bd4d74fb500942fdc763e1ef5055aa61ed5cc9000000091c0be9702af29775b77110a13aba2ae2b566b56a55599304eb3ae57095379b8fe34a19c2375d1726916c8ec6979fae546509529e3349b3a274866105e39e1b92a71ecebcc3b8f9e82f266ce70a38035e2ec5543fcd2486bb2b6d2aa9285e8dbef778f10cbb811ec0e3d0e8753d091ae648b84bc4148a95d44084511303317a6f68cf09e80d5589b2ba80c9ec4e280cc4000000025945c4b5147674b55ebd669a4d6022665d7f55820c29bbbfa0c8c77d312bc248e9a541c70d47e8a965b2da709af70f2dc61cad7054eadfbdce5b67810a52e9e C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "23658" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "18765" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "4947" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "4009" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 980 wrote to memory of 1828 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 980 wrote to memory of 1828 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 980 wrote to memory of 1828 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 980 wrote to memory of 1828 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 980 wrote to memory of 892 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OB1Q09Y\Bisq-64bit-1.9.9.exe
PID 980 wrote to memory of 892 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OB1Q09Y\Bisq-64bit-1.9.9.exe
PID 980 wrote to memory of 892 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OB1Q09Y\Bisq-64bit-1.9.9.exe
PID 892 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OB1Q09Y\Bisq-64bit-1.9.9.exe C:\Windows\system32\msiexec.exe
PID 892 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OB1Q09Y\Bisq-64bit-1.9.9.exe C:\Windows\system32\msiexec.exe
PID 892 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OB1Q09Y\Bisq-64bit-1.9.9.exe C:\Windows\system32\msiexec.exe
PID 892 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OB1Q09Y\Bisq-64bit-1.9.9.exe C:\Windows\system32\msiexec.exe
PID 892 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OB1Q09Y\Bisq-64bit-1.9.9.exe C:\Windows\system32\msiexec.exe

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://bisq.network/es/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:980 CREDAT:275457 /prefetch:2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OB1Q09Y\Bisq-64bit-1.9.9.exe

"C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OB1Q09Y\Bisq-64bit-1.9.9.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /i C:\Users\Admin\AppData\Local\Temp\7143535.tmp\main.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 bisq.network udp
N/A 104.21.79.211:443 bisq.network tcp
N/A 104.21.79.211:443 bisq.network tcp
N/A 8.8.8.8:53 d33wubrfki0l68.cloudfront.net udp
N/A 13.227.211.76:443 d33wubrfki0l68.cloudfront.net tcp
N/A 13.227.211.76:443 d33wubrfki0l68.cloudfront.net tcp
N/A 13.227.211.76:443 d33wubrfki0l68.cloudfront.net tcp
N/A 13.227.211.76:443 d33wubrfki0l68.cloudfront.net tcp
N/A 13.227.211.76:443 d33wubrfki0l68.cloudfront.net tcp
N/A 13.227.211.76:443 d33wubrfki0l68.cloudfront.net tcp
N/A 13.227.211.76:443 d33wubrfki0l68.cloudfront.net tcp
N/A 13.227.211.76:443 d33wubrfki0l68.cloudfront.net tcp
N/A 13.227.211.76:443 d33wubrfki0l68.cloudfront.net tcp
N/A 13.227.211.76:443 d33wubrfki0l68.cloudfront.net tcp
N/A 8.8.8.8:53 www.youtube-nocookie.com udp
N/A 8.8.8.8:53 matomo.bisq.network udp
N/A 216.58.214.14:443 www.youtube-nocookie.com tcp
N/A 216.58.214.14:443 www.youtube-nocookie.com tcp
N/A 103.99.168.90:443 matomo.bisq.network tcp
N/A 103.99.168.90:443 matomo.bisq.network tcp
N/A 8.8.8.8:53 apps.identrust.com udp
N/A 8.8.8.8:53 apps.identrust.com udp
N/A 2.19.126.218:80 apps.identrust.com tcp
N/A 2.19.126.227:80 apps.identrust.com tcp
N/A 216.58.214.14:443 www.youtube-nocookie.com tcp
N/A 216.58.214.14:443 www.youtube-nocookie.com tcp
N/A 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 142.250.179.170:443 jnn-pa.googleapis.com tcp
N/A 8.8.8.8:53 i.ytimg.com udp
N/A 8.8.8.8:53 yt3.ggpht.com udp
N/A 142.251.39.118:443 i.ytimg.com tcp
N/A 142.251.39.118:443 i.ytimg.com tcp
N/A 142.251.36.1:443 yt3.ggpht.com tcp
N/A 142.251.36.1:443 yt3.ggpht.com tcp
N/A 8.8.8.8:53 github.com udp
N/A 140.82.112.4:443 github.com tcp
N/A 140.82.112.4:443 github.com tcp
N/A 8.8.8.8:53 objects.githubusercontent.com udp
N/A 185.199.110.133:443 objects.githubusercontent.com tcp
N/A 185.199.110.133:443 objects.githubusercontent.com tcp
N/A 216.58.214.14:443 www.youtube-nocookie.com tcp
N/A 216.58.214.14:443 www.youtube-nocookie.com tcp
N/A 216.58.214.14:443 www.youtube-nocookie.com tcp
N/A 216.58.214.14:443 www.youtube-nocookie.com tcp
N/A 142.250.179.170:443 jnn-pa.googleapis.com tcp
N/A 216.58.214.14:443 www.youtube-nocookie.com tcp
N/A 216.58.214.14:443 www.youtube-nocookie.com tcp
N/A 216.58.214.14:443 www.youtube-nocookie.com tcp
N/A 216.58.214.14:443 www.youtube-nocookie.com tcp
N/A 142.250.179.170:443 jnn-pa.googleapis.com tcp
N/A 216.58.214.14:443 www.youtube-nocookie.com tcp
N/A 216.58.214.14:443 www.youtube-nocookie.com tcp
N/A 142.250.179.170:443 jnn-pa.googleapis.com tcp
N/A 216.58.214.14:443 www.youtube-nocookie.com tcp
N/A 216.58.214.14:443 www.youtube-nocookie.com tcp
N/A 142.250.179.170:443 jnn-pa.googleapis.com tcp
N/A 142.250.179.170:443 jnn-pa.googleapis.com tcp
N/A 142.250.179.170:443 jnn-pa.googleapis.com tcp
N/A 142.250.179.170:443 jnn-pa.googleapis.com tcp
N/A 142.250.179.170:443 jnn-pa.googleapis.com tcp
N/A 216.58.214.14:443 www.youtube-nocookie.com tcp
N/A 216.58.214.14:443 www.youtube-nocookie.com tcp
N/A 142.250.179.170:443 jnn-pa.googleapis.com tcp
N/A 142.250.179.170:443 jnn-pa.googleapis.com tcp
N/A 204.79.197.200:443 ieonline.microsoft.com tcp
N/A 204.79.197.200:443 ieonline.microsoft.com tcp
N/A 8.8.8.8:53 www.microsoft.com udp
N/A 8.8.8.8:53 play.google.com udp
N/A 142.251.36.14:443 play.google.com tcp
N/A 142.251.36.14:443 play.google.com tcp
N/A 142.251.36.14:443 play.google.com tcp
N/A 142.251.36.14:443 play.google.com tcp
N/A 142.251.36.14:443 play.google.com tcp
N/A 142.251.36.14:443 play.google.com tcp
N/A 8.8.8.8:53 crls.pki.goog udp
N/A 142.250.179.206:80 crls.pki.goog tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat

MD5 8f82abefe7fc5f687b98fa57f04e5f5f
SHA1 630d31dcd3211a46a2edbcd0e63b4a7fb7bc11f4
SHA256 79a6cc814adc4f8b58138b1822e191ecf478c6e9f760b37db982aaed9c58abf3
SHA512 fd4b901d706724e280c079667aaa64ea038c4aafb2a096b481ad37b771c564cf45687a389672648487c72f629a6955863d183a61f8d032823f14c16022fde8d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 fc4666cbca561e864e7fdf883a9e6661
SHA1 2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA256 10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512 c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22ba083127d6ac7d2323fe8c3b95ab10
SHA1 7be7617ff5bf7867c4e259cbaac6c5cd77c91a19
SHA256 f907c53da2752952402f290be01cea13ed364de21197b90478d4cce4753130f9
SHA512 620d6c6f85c48dc9e326917e0f8889e027084f975b8fa3603d585e78d19fd553852194eff38ec1f36a3d42c481d21895a028514f1ff2afbd99ae3ae27958d322

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OB1Q09Y\Bisq-64bit-1.9.9.exe.nhollm7.partial

MD5 03520e812e2618d36de2ff1af56b2ece
SHA1 b92f42f0a268736f8521650e870de1197eab9736
SHA256 f6dd1ae9db598806ca1a26b514b14c44b98ddfaf998602967c75c40992b11d54
SHA512 db9946daf8b5afda7f8f0495d1614219fddeab35ee6ee0d5265da8e6e3d724274e99a8d0aafeb244e36207428e4eb9ad74165576a3e6380ec4b7c8fcd4f11488

\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OB1Q09Y\Bisq-64bit-1.9.9.exe

MD5 03520e812e2618d36de2ff1af56b2ece
SHA1 b92f42f0a268736f8521650e870de1197eab9736
SHA256 f6dd1ae9db598806ca1a26b514b14c44b98ddfaf998602967c75c40992b11d54
SHA512 db9946daf8b5afda7f8f0495d1614219fddeab35ee6ee0d5265da8e6e3d724274e99a8d0aafeb244e36207428e4eb9ad74165576a3e6380ec4b7c8fcd4f11488

\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OB1Q09Y\Bisq-64bit-1.9.9.exe

MD5 03520e812e2618d36de2ff1af56b2ece
SHA1 b92f42f0a268736f8521650e870de1197eab9736
SHA256 f6dd1ae9db598806ca1a26b514b14c44b98ddfaf998602967c75c40992b11d54
SHA512 db9946daf8b5afda7f8f0495d1614219fddeab35ee6ee0d5265da8e6e3d724274e99a8d0aafeb244e36207428e4eb9ad74165576a3e6380ec4b7c8fcd4f11488

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OB1Q09Y\Bisq-64bit-1.9.9.exe

MD5 03520e812e2618d36de2ff1af56b2ece
SHA1 b92f42f0a268736f8521650e870de1197eab9736
SHA256 f6dd1ae9db598806ca1a26b514b14c44b98ddfaf998602967c75c40992b11d54
SHA512 db9946daf8b5afda7f8f0495d1614219fddeab35ee6ee0d5265da8e6e3d724274e99a8d0aafeb244e36207428e4eb9ad74165576a3e6380ec4b7c8fcd4f11488

memory/892-60-0x0000000000000000-mapping.dmp

memory/1884-62-0x0000000000000000-mapping.dmp

memory/1884-63-0x000007FEFBB61000-0x000007FEFBB63000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VX44L776.txt

MD5 872f55371ad4fe0879be6e99e3aa1176
SHA1 33b830699aada97a912b82af7aa528b6c5909c6f
SHA256 acbd6e237a6d6df424f2567313a760debc87881e1ba4f7e8d67092e8e178559f
SHA512 3c24f20db5d8adfba6d452593f5fb46dcbfc4504a4f7b92acbb7c7a5b0d5f1d185e028daa91e6760cc9acfc82ea9df753e8dd3817df1878d1c7e1c92263bc87d

C:\Users\Admin\AppData\Local\Temp\7143535.tmp\main.msi

MD5 529ae77f9ef8d19468f5e12e5278e09b
SHA1 ba1fd0b46f3d08cd87f2497f7ec0bf231dc02899
SHA256 8b08354621864b3500ac49fd04fbf73a73a5db7c9232afaf6dfc81fb8e15ed83
SHA512 9f71eb35a78a54e9d7e698cdaa38f96ac9fa4aaf7c1559b3a16443400c9c68b3fcaaeb22d99d8d0ddf80c26220ff7a53f930fbc9f17701a32165e4e56f26cb51

Analysis: behavioral2

Detonation Overview

Submitted

2023-01-10 08:18

Reported

2023-01-10 08:21

Platform

win10v2004-20220812-es

Max time kernel

142s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://bisq.network/es/

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "1452" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "14700" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "18149" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "19972" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "27847" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "6399" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "19008" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "15581" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6092ea9ed424d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "8704" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "19091" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "4912" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "1452" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C035B3D3-90C7-11ED-B697-F2736FE3A3EE} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "19978" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "11063" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30a5fd9ed424d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "3918" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "19113" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "15581" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "6393" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "8792" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "11183" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "14699" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "14699" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "18232" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f8762b100a14e2439759dec3cf8e3b7100000000020000000000106600000001000020000000866b84c720d695eae45da5924f7ace7c733e2f762cb1e1dee400fef81673b0ae000000000e8000000002000020000000caa3e6c4f591e40cc49a7ca04537a95938dd3d300ee7ec89bc9f843470c859a12000000080f951f943dfabceb33a46cb925edd051010988b14739a8b845668e432aa9076400000007cfdde4a6a0bdd858c34bb5d39e5f244fc3da3ec83f14e69ea6158a8235603d983f95438defd1bd534a40c5ad1a3b8e5d58559469de39d14d0aede61461685b7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "14075" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "24952" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "19008" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "8792" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "19008" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\es-ES = "es-ES.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "1364" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "6393" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "408" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "13992" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "11178" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "6393" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2629973501-4017243118-3254762364-1000\{00510C9F-4551-4755-A75B-F0CB40331AA2} C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2629973501-4017243118-3254762364-1000\{79CFE995-0CDA-43A7-86E1-F0483DDAB96C} C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://bisq.network/es/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3628 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 bisq.network udp
N/A 104.21.79.211:443 bisq.network tcp
N/A 104.21.79.211:443 bisq.network tcp
N/A 8.247.211.254:80 tcp
N/A 8.247.211.254:80 tcp
N/A 20.42.65.88:443 tcp
N/A 8.247.211.254:80 tcp
N/A 204.79.197.200:443 ieonline.microsoft.com tcp
N/A 204.79.197.200:443 ieonline.microsoft.com tcp
N/A 104.21.79.211:443 bisq.network tcp
N/A 8.8.8.8:53 d33wubrfki0l68.cloudfront.net udp
N/A 13.227.211.76:443 d33wubrfki0l68.cloudfront.net tcp
N/A 13.227.211.76:443 d33wubrfki0l68.cloudfront.net tcp
N/A 13.227.211.76:443 d33wubrfki0l68.cloudfront.net tcp
N/A 13.227.211.76:443 d33wubrfki0l68.cloudfront.net tcp
N/A 13.227.211.76:443 d33wubrfki0l68.cloudfront.net tcp
N/A 13.227.211.76:443 d33wubrfki0l68.cloudfront.net tcp
N/A 13.227.211.76:443 d33wubrfki0l68.cloudfront.net tcp
N/A 13.227.211.76:443 d33wubrfki0l68.cloudfront.net tcp
N/A 8.8.8.8:53 www.youtube-nocookie.com udp
N/A 8.8.8.8:53 matomo.bisq.network udp
N/A 216.58.214.14:443 www.youtube-nocookie.com tcp
N/A 103.99.168.90:443 matomo.bisq.network tcp
N/A 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 142.251.36.10:443 jnn-pa.googleapis.com tcp
N/A 142.251.36.10:443 jnn-pa.googleapis.com tcp
N/A 8.8.8.8:53 i.ytimg.com udp
N/A 8.8.8.8:53 yt3.ggpht.com udp
N/A 142.251.39.118:443 i.ytimg.com tcp
N/A 142.251.36.1:443 yt3.ggpht.com tcp
N/A 8.8.8.8:53 redirector.googlevideo.com udp
N/A 142.250.179.142:443 redirector.googlevideo.com tcp
N/A 142.250.179.142:443 redirector.googlevideo.com tcp
N/A 8.8.8.8:53 play.google.com udp
N/A 142.251.36.14:443 play.google.com tcp
N/A 142.251.36.14:443 play.google.com tcp
N/A 142.251.36.14:443 play.google.com tcp
N/A 142.251.36.14:443 play.google.com tcp
N/A 142.251.36.14:443 play.google.com tcp
N/A 142.251.36.14:443 play.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F

MD5 0dde07d1896faa2873223c52515ca527
SHA1 3d9298f3f3b8c69e3c85b08e6ce0a827580040ff
SHA256 8e7e1e984156844ad3bf0017f9f8cc14a7af93b26addafe0c63418733a16e3c5
SHA512 cdb3fdb9aa04c857d36a908e081aa2b49b8447cd2c197ab65b88d1ad116e49467ab3005cb4939d7f04e23f1e4b8885ec7333948d93e0c303f77eea10d5d25456

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F

MD5 1c358f86d45925009966b470052c602c
SHA1 c13422dfcf63b1405f9d75d8ba8548cb28aae1f6
SHA256 f122fb43f7121c486980bee80555d36a9b9460da8991edebd1d4822324efca4b
SHA512 f4e574d15c61b0c36c458a2015bcba77f86019d7a144d64adf9e29e9469a8ec2f4de226748a6fcc98653e757caeda483269e70f4c9b1cfce5d5b45564a1b979d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dqptnfu\imagestore.dat

MD5 62e6c144e80f86c9c54cf1652988102c
SHA1 344ca82be0b1e78ae43cf24471cf08afa393c5d0
SHA256 b171f5b1ba40556cfd32922e36b023a24a5d7237511b1d6580c15d142af951db
SHA512 c04deb7919174e4fc4cf5fc1372c300c5f1bf07fefc737c4670cd6bf989853833c875ef9d0d881d7414d1d3902eee36d2a0e6c5bac69e81b4438bbccb5fdc661

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d