bc7551e9106ce385869205a1fefec870354116eae3e795ee544c7c481f85a1fe

Analysis

max time kernel
120s
max time network
153s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
08-06-2023 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TeaInjector.exe
Size

6.2MB
MD5

416cc52db42c77b0533d9cbe4762757f
SHA1

2a5e262da03733533af264201eee138334f56e93
SHA256

bc7551e9106ce385869205a1fefec870354116eae3e795ee544c7c481f85a1fe
SHA512

28a5b6410380c322fe6c467879535cf6ac0db26d337d7fa9a5c2558d36a28e2c4dd368ea1cf0a47426ccf0ce03a69020c0d12e18fc209806b4b9d2913772200b
SSDEEP

98304:VOjXE9C+YbsiOU/ILCFWujXE9C+YbsiOU/ILCFWB:UaZU/IOWuaZU/IOW

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\DOMStorage\bymynix.de\Total = "2083"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\DOMStorage\bymynix.de\Total = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\DOMStorage\bymynix.de\ = "2115"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\DOMStorage\bymynix.de	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "32"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{146EAB01-05FA-11EE-9C96-EE84389A6D8F} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f00eb1dd069ad901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\DOMStorage\bymynix.de\ = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{14736DC1-05FA-11EE-9C96-EE84389A6D8F} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\DOMStorage\bymynix.de\ = "32"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\DOMStorage\bymynix.de\ = "2173"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2173"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\DOMStorage\discord.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "392993189"	iexplore.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	TeaInjector.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	TeaInjector.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	TeaInjector.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	TeaInjector.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	TeaInjector.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	TeaInjector.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1320	TeaInjector.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1604	iexplore.exe
1888	iexplore.exe
1760	iexplore.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1760	iexplore.exe
1760	iexplore.exe
1888	iexplore.exe
1888	iexplore.exe
1604	iexplore.exe
1604	iexplore.exe
804	IEXPLORE.EXE
804	IEXPLORE.EXE
1580	IEXPLORE.EXE
1580	IEXPLORE.EXE
1584	IEXPLORE.EXE
1584	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 1888	1320	TeaInjector.exe	27
PID 1320 wrote to memory of 1888	1320	TeaInjector.exe	27
PID 1320 wrote to memory of 1888	1320	TeaInjector.exe	27
PID 1320 wrote to memory of 1888	1320	TeaInjector.exe	27
PID 1320 wrote to memory of 1760	1320	TeaInjector.exe	28
PID 1320 wrote to memory of 1760	1320	TeaInjector.exe	28
PID 1320 wrote to memory of 1760	1320	TeaInjector.exe	28
PID 1320 wrote to memory of 1760	1320	TeaInjector.exe	28
PID 1320 wrote to memory of 1604	1320	TeaInjector.exe	29
PID 1320 wrote to memory of 1604	1320	TeaInjector.exe	29
PID 1320 wrote to memory of 1604	1320	TeaInjector.exe	29
PID 1320 wrote to memory of 1604	1320	TeaInjector.exe	29
PID 1760 wrote to memory of 1584	1760	iexplore.exe	31
PID 1760 wrote to memory of 1584	1760	iexplore.exe	31
PID 1760 wrote to memory of 1584	1760	iexplore.exe	31
PID 1760 wrote to memory of 1584	1760	iexplore.exe	31
PID 1604 wrote to memory of 804	1604	iexplore.exe	33
PID 1604 wrote to memory of 804	1604	iexplore.exe	33
PID 1604 wrote to memory of 804	1604	iexplore.exe	33
PID 1604 wrote to memory of 804	1604	iexplore.exe	33
PID 1888 wrote to memory of 1580	1888	iexplore.exe	32
PID 1888 wrote to memory of 1580	1888	iexplore.exe	32
PID 1888 wrote to memory of 1580	1888	iexplore.exe	32
PID 1888 wrote to memory of 1580	1888	iexplore.exe	32

C:\Users\Admin\AppData\Local\Temp\TeaInjector.exe
"C:\Users\Admin\AppData\Local\Temp\TeaInjector.exe"
1⤵
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://bymynix.de/discord/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1888
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1888 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1580
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://bymynix.de/projects/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1760
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1760 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1584
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/ByMynix/TeaInjector
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1604
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1604 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:804

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
60fe01df86be2e5331b0cdbe86165686

SHA1
2a79f9713c3f192862ff80508062e64e8e0b29bd

SHA256
c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8

SHA512
ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
5f0490003c5a7c8d2ab10371c792caff

SHA1
f27f238e4f83831ec9c1ad7dd62342189188d713

SHA256
457079bec957558ed1ff45019da2986cbd1baae8eaf81a6ed364258c41e88505

SHA512
15ee2ab4ec50637d9f779a955937a09e07a977792d1380d7166431754817ea543cef7a3fff139dcf96cf4160600e24c768440f24f73e1e3f24317986d7be8d43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5B323C718A00F818B96D77B70515EB2

Filesize
503B

MD5
681f44d144d1f78059a5d33809818a26

SHA1
133964b4fc4618ce77aa1f1055d668620cfa6181

SHA256
757ef95dc6b320c598a8dd23681f98868df49153d93cf33c461e2a9ef0b31685

SHA512
3a85d79db637fd8d7a4e06adc0c3bb969230c0e9c8e2eea13fcd15b64e42ec0da3465bea49ef7a0eeb1a2c36d17d1fb2f55d4d828142b4086bb43604304395ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
6c205a5d777997d1d9458c41f1974171

SHA1
90eb78089f228de52998178983fc36c6324f644e

SHA256
5b7f6b11652d078fc36f7699eac5c1adacda7988ed10364755f048ef15f3deb5

SHA512
4245e75658e1dd1b4d27f554343bb314764dc2db28527619b59ca9f20d00e1a4357b4b442fc41f5910f3841544153281e2cd8936add06d415ab1ac2ce99836fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
bcbde3ee6b23870db7fa2dc46c37ded2

SHA1
209be79687007aa665df1b172683102f3e453920

SHA256
8cc28f710d94977c614fd6ecf3b715f6fefc3a0b742a2afcc62ab3928bc41f6a

SHA512
09c734cf7da0538bdd9589593b53070138bacde3a3825990ad809b6c1100c75c7db31c603738fb387d957d2c4cd13f5115863ea1fc5d8371e0e83bd6f90a2110

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2941a536beab0264f24677045943263

SHA1
4c5843158a291920c5853f079d8de5b4a6218e73

SHA256
6ebb01d887cc29ab527131df83440189b734b0102faa933b0747e5556ce89d7c

SHA512
e786fd81a1d5cceca438c6d74c611890b7156c5cd34c557322e573c7574b94f14746b552c11ed9ca651ad2c858c1a55c3e736515d4f96db804065f40780204be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
36366a65783043b31e75305ef24eb31a

SHA1
5cdd2d09dd71b7894e19afd1851e49182f6d9d20

SHA256
1f0946d70420b288ca72819041edd40f9b9d72f7f83f10583da2a6fdb43ee271

SHA512
a528ea7e644d71474b4a194839ad6df85d95e4a14951dc3d6494094554407b9dd2aadef0141f83ed435df25b97aa7fe557372a1f1686f0982aea97e0a3753ed0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b287fe3019c9aad993aabfce557433b

SHA1
61f3c0a391731b8660a78de666508b039ab8ef96

SHA256
bb43f8d4fa458e36cf67647c5284863c4884057395bea7409136c36282b50011

SHA512
26706e0c63dfbe6157929f95762d4647f6d99c3a7e20a8a21bcb9d83747cc95aa64a5f2351d729f24e2b7a0012879f6e003fb678a710ac6ec96499693fb47958

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
162abbee72798cb255e0b14703adeaa3

SHA1
5a8f82a380106f21533a48df1cde8926018c0d9b

SHA256
b51e6195c29a50b8df64ffd00ce798f6b1b65adb4441ab4c4d00571034504445

SHA512
eb6ddeb6170e93a95fadb9ee86cbc35858c3a82d05477e7de4a198364728720692392246d6a1344cedcb54f80a69ef908121aca8fda330f770bb35f0e6578de8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a0481563229b4dad783790b0389ea9b

SHA1
40f451d652d0df138bc3940982295ac7a58d1fa4

SHA256
f219ab45c9bbec11d0d58dc59e1959c89474dc96c09e279a006508f38dcb0dc8

SHA512
269accb805b202d1590b8ecd24e8696b33177601f0213e0b5830a3e60ac17cc6587cbb8fb24c308940f17ff51c41010ea521c9b988359f2098d09acb0e8b748f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8fa559596e34a6d8c8a2fe6c68f3c03

SHA1
2c91bb4dd0befc9c08a18f986b3cfc1991a62000

SHA256
5d63c7ca129baa8cc75d2c4e864fdca6d298486f290f65f887b55ef4ce90a7d9

SHA512
6a83de0ebc8546740234d5c078a1a84b218e7219ca7eb662db51d283393d979284b6f21f6090dc84b5ef2c2b166c950662443a8da8cff4c95f345d2ca8fcd4fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
40319b38179677be9bdca1766302dfb3

SHA1
e3e3fbfdde9756436f3a4be03bb371b8747a5a3f

SHA256
b810618032ccefdb34c4f4749075354fb117e22c1fc6403c115ae0335fa9910d

SHA512
3fada11ccd0060db7f18eba885cbbffc12876b871064c9f4f3794ed475bf5e9ae0ca11ce2c3aeeffe01e2bd75dd811010dc6903610b4564b45eb5bbbb58899c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc044020e2c9a7cc4ad1806ebdd77324

SHA1
54cf3a6d57219062c036037916414a8bf9050ac1

SHA256
4307ac2f269290886a57d5fe3b284b91a92751928d34f8e5feba3dd9c00ba10c

SHA512
9b2dd58d4f11843675865aef2745996913389a48b8be3f8b2fe198a6e0cc5be6b213869285049be1797a86f8b178f3631deed0dc3a058065c4eb20c3e5b1370f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f3ce69c4af2ba82c0d2d2f226fe59a0

SHA1
057ceb89e9e83de696a5bacb0b55b7807727718e

SHA256
2446ae9a7e10859d8d7f11e450d72ba6f36ac317661eed4c9638b3574425e72f

SHA512
4615b0dbf979bfd14ed5b1c9f94101973adff82ad410009fad353f2dfac8bbb91f458359c0766fcb79b20e228d531672321e14beed7178a3206e3231167cdceb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27220a50c71117bd83c7a7a24462b4e4

SHA1
7be55343ec2e962fc5c087ac7df7fd9a98ff3be0

SHA256
eac2ce7c695de966467873e24f9ea5a0bbbdd78a9a5f2566fb4ba53e7237aaa2

SHA512
f9cf458ad17f08b1f6258353cfd8783c9954c8b71de83b5fb7feff87490941ad7dd80ef9420110ea31c4402fe58bc5e2cc7d2c41199d374d447a7b4b332e1150

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a2f784d451dbb5f7542e53ca7658458

SHA1
68e64e44499bb24578db6e00913e222c761e20b3

SHA256
9598897b2dcbc023ad4bba46a7229ec9d664457a20d48c5958eb51902670fe0e

SHA512
b1bd70e8d12086aae40ca85e0cd98145e239172ce3424e2b02f2c834428f7607bf657331ff919a5760ea7d95ae72c4491781deda1c0759eafbee466ccd22d169

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b08c7b3e28d8cbae7bd754af51c4754

SHA1
ac6316fc637e423d1203411bebf4bf0d94fcdb1d

SHA256
026f6e86900d0fc6cd96baab0cdc5ce35cd33d135801117891f04f47ed606052

SHA512
20e8e037b8c57c5e4afe844146cb6287d92eaca0dcc1f5c1add9c5db74abab54b9251b1db9367887d641af1335eb3ebe5eca9c159eb4c4ae84fe31275d74b4ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55a1f57e23f5db30da60a7003fa109e0

SHA1
77807f414e51510647626b6f4450d397193eedde

SHA256
92f0b851b1009eaca2e4a40b99dba07ef4ea2d4e03c41f83e90f99737e50ac5d

SHA512
eec1e83f9f0bd2c8b79c04885e5ed957f9f8098fef9e4cc7173e1710bcd30da53f9d91083d1c05d9a0ca2543054030b9365a2387f1aab0217dadd9c9e81b7dba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e1d36d4012b65d372e25771bc96c192

SHA1
dc494acf843d679176c2870a5d21f7ba0f94ee41

SHA256
60aae982f5a6bd8ff39c8c292267ba9b453171b5619c2e2ab172c29750fde10e

SHA512
5946636834e5a59b917812e3b29f43d68cad5245e9ed15744496878cb7af5b384f3b37a44e661d4c4764ff61a5c862dfa940d3d5448d70969fdc8eac5c013b12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01524cdd2d9bdb9fcdb2ba1ca32fe7df

SHA1
d80cdc72bcf65ec57bad9e3d2757d4923f2e8938

SHA256
032c14abc18da90a3c9f00da51bdbc2d6bc104c83ce8bd53176bf75122ae553e

SHA512
69f62bdf5de548080d2343a9cbc05a46465f3b29b37fd3d9a82484343fd1df8dfc50ad7d904ae3b35b73ebd4b0fe309f845ac04e9bf6eca9624b80cdcd97c0a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a9694472e690b919e2f8331a6c28905

SHA1
94995aaabdbed65c579f2e42ee8b57a3e91b1a2d

SHA256
cb2cc44e406680abbed25a2d59beb27d0e41b8cfb7aec2362ee1403d51049c53

SHA512
af27a0a57288645c23943a23f53c37fd4b235481bca6d4140e76c27a2b12baa7643df9ec6b01c6496f638fa138a5b9c6990dbcc151b4b2700b623e807ab5cc49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae75cf5427b1cc0049989b1b6c4b6bde

SHA1
4665be78a1f08eef9a05c320b46444569c394cf5

SHA256
078f18576ce04c28f1e9371202d4e536b4312f0b837bf28c95017c83277d96e7

SHA512
bb1d19a033cfc661049e6559bf838d1a415cbcb7b1c760d638269e55cb2ac48fb5a422f1f1f76a6c6b5f850d126a99685f88ed9ba3179798fbf80ac2ad551c29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
939f0b01bd33eb9bdf563dfc283707da

SHA1
9fbbbccfd4eecf1408e2579df44a79523b5bbef8

SHA256
e1761cd6b2ce155c445193d3bd42f7c0998fb3296c1cf2a1545b6bb1022bc575

SHA512
cd020e26e2f74082dfd32e71bfa25a481b52d3858955d89420077967c83e3922d4df4776e535455f9bb86450286206707a38cf1f07a57b60c7c75f8fe2bc47f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc5d7d1e8b590a415f929f1b075b01a2

SHA1
4083dffd08360afafaa8bd469653239dc32dfda7

SHA256
94f9500d1f8a28e72dea17761cdcbd5fa2da9af740039c5a1c14e7c4273cce45

SHA512
6b41a0ef617517fc78151b513e3aa840531630f5acf5f794be04f93aa8414f9cae23c8c4808fc4552d4f07cf39e6a20dc821c7502d94dc03e81be6e020b135e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ec3b56cb6ef82f4ebd0d382c632d57b

SHA1
3c89f18c9861757188acbf3b389283c02074ef5d

SHA256
0085d04155a63f687d017ee6f99fd4b3dff42f24c95196946fd1c32b437c2b85

SHA512
700cfb507b824ba5e2d6075a0a0ec3c3c8cf9cec06f0b3a8e6667eeb14974359e8b55d938e5dc5ae9551561d6f0aee177eb0d1d0c90993b453374ab8a4071fbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09a3c2f407fb15806054d2cfdadc5efa

SHA1
49a4fe4ee67d6ee20829f43c1cab79c64eec6eb6

SHA256
73913345b854d31c8a131874a9becf30669ed2ef7a649bb1ea4c6ca3ef2a0680

SHA512
949a8322b309e1364f943d204bfad4d7c68aed90c13c1aefa37191125441d2526768489c5591358fa16d30228a4416db76da907f872af4fe9eb172a6539e10ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8523606ca0768a210465264feca9dfb2

SHA1
b1ac7430b284450519ac578fd60ed004b72385d7

SHA256
ff8c9cab5db6ea546675c615f1bd10bd75d35e986574089094b658b88e06a2ad

SHA512
84a49db8cd7d7fd61cf57e47c67faf025ceac1b57578b1c2512ee892036b64036129c0f5a4d7de20dc376eb18f8a8c6eafe85d5a73fd6e3d94c80c6204d4aec8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
502fa697479c2f6ce7987c1bbd2cd8b7

SHA1
e41f70230267261ec15b6e1f394fcaf05ff86f54

SHA256
85f353d31061ad72fcadbdc58efcd7cf600f3da93617595325d9c6bd7f120c15

SHA512
dfb3110ffc12426376cb5609e06636b970c16e8d58cf9c0789a2cc743445440bb48c5adc16f3e0f1470f342b990f9707de3db9c11fc0e39e59aad267354fb7f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe8f4f2d23cc4f94121d956dd582db09

SHA1
c2eff29ed09b2afc356baefcc41b4dac9a67af5c

SHA256
a75045586833ed22327f4a1d4dd160296885ed277fcfcffd0e2e8cef5f23c390

SHA512
e59e48047a119e1d7b61f0d1558bfbfe397ec4758cc5c064334422e405ad861d08aa638292ed7905b050ad0a736b76f6641cb955fce7d7e6a17c9aab18b72373

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2c4b2be1a40bc2dd6a76f963bac7959

SHA1
62d88c93d0c8e8e29998e9b5f8be0fa3f4f7f573

SHA256
1f6ee3f6096d80a9d9f295d2089a7abe742953f676478aa2932ac0b8b5ebdb8f

SHA512
ef53a745262a42d7cc0e4d35b2acfbcba3bc94668c7eeff4176b4c9d115603792044eb0c3e29b349c16c25f4a2c0ffc17af6b2e6c95c523e5c271c1bb7da6d29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cded2b902a97a7035e506727eba5c9c1

SHA1
d912c8c0f71e4ae59e398d2ebef65eded9f945ff

SHA256
acf27cf5f4ec17073d073449149ac05eb2ac60c78483cce6aa944a8b0db114c6

SHA512
be268aa800cbcd3f2c89efc4f684dbf8225e522b209500380c8b8614bba15536d8e54f0afd9fcba1f99ad5028e95700c7ed8be177747c0a27177e22ef9142668

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8af467062798fbfd2515d98e722a3b98

SHA1
8598e3dd04ae55d5aeda1bc9739971df24744220

SHA256
d5f1d281fa237c84ef7c02afd8cb9cb6057cb14743c983afff1b14f15f3b07cf

SHA512
f55b153fef2983596f943580c5dfda1270aeb1968ce530199811851a6d0fe831bbfe16d5caf953b0e2e134d25c961913b140b6896d90948f08dc7732315939e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
a5528cb972e5e6f6876966cbc8f5405a

SHA1
46d2a03f8ac45d33c830c4924a351de4ea892d68

SHA256
e64a317cfaf4dbb309274fd4fb9864a9cdec2cae7f5bc725aa0a28d03e2cd983

SHA512
a25059d740f1b84b3717f320323d84703b74f75c843e91f0b3c8baa19bb4c583dcbdc0659472999da217d788c1fd1fd0ab74dc2b6439faa90ac7a856d5879c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C5B323C718A00F818B96D77B70515EB2

Filesize
552B

MD5
2fd2fa07af6e2074d76c9a3be6d70154

SHA1
218d7c451b58f745347e5a45a2c68918a6725376

SHA256
ec07e50c2e25fbfb8230a930690be9be5dcd57b11d3ca1a447db967caf861c80

SHA512
2a8c0fa43eecbd55dea615d50c6b9249a070db91ca51a63142c4e956be8c9cb13bb717a665b44097454eaecd8342c5b6007ceb2d42c0c978f991d71ba45e0178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MLDGJQ0B\bymynix[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MLDGJQ0B\bymynix[1].xml

Filesize
2KB

MD5
91904901dff330ca82c9ff93ed8abb6e

SHA1
f20786aef096dcae9d4be533d540246ca60a2df6

SHA256
173605bcabf00261fb39816e9a82616b70a5ac38c52a102260a97497d3771b50

SHA512
1ab97ba9a411a218b5b4fecd64f7dcf47aee7bb5c1f76d3c3ac75f077419ccee2caa8999a7d5b606dffe53e2184318089dafc3276aab4e99c28e3fffae01808c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{146EAB01-05FA-11EE-9C96-EE84389A6D8F}.dat

Filesize
3KB

MD5
5f35f921c25d6944aa7b4b8412780812

SHA1
d6ec7074f134423bae2f8ae8baf288f128365374

SHA256
7430fd7f08cb5da9c7161dd52a5709abb711ad3ab6966980397cd3747bdd5cf8

SHA512
60ccf4b50c9c76099c5a440a4f5bb8d3d852b3e46eefd1ef1340225fc4e74a94d5bc0c2babcd2b49f0ee126af1a3476bdcadd7e1c729f4e5f95b8fd6c950aed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{146EAB01-05FA-11EE-9C96-EE84389A6D8F}.dat

Filesize
5KB

MD5
8a200956ce25e577df71dc3930fbb611

SHA1
04b746192ac031a01a5577ecdefb6f78fb7baa7c

SHA256
73d6b5a11490c7a9dc3092a7e6c69012d499f71c4da02c7a972b9504dde346aa

SHA512
5146ffad52b1366e2ba4ff99004eb24445072e714d5a2718f084108b1fb3cc2cd9daf7d043600ed95b72a168b581ea8a38c547dae3ef0081bf2ed536e73bd0b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{147394D1-05FA-11EE-9C96-EE84389A6D8F}.dat

Filesize
5KB

MD5
f98686facbade9a5a770df56f97c3618

SHA1
fa7ca005e54ea7eeaff2cf989ac12a75f2164f3d

SHA256
7a91c4bd826b50474be925ef08d3ee19225df6138effcd8ff8c1101cf21a7b65

SHA512
162e3dad7ca043240c5f2d97cfbd80a6e89a0a535b1bd5a6e76945cdcd7b2b3b4d63fa725a0a309c29e48620de9d960fa339199ed2cbbeec03c0631c137187f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\62yy7f8\imagestore.dat

Filesize
149KB

MD5
9d89198ee424edeb714f902cac13eb94

SHA1
3d37fd84c5f539bfa6503879d8f2b2873c3fabe6

SHA256
230cf018bd924b64e7899573011716bbc724d5008c26cd24ed0db01dcc579b92

SHA512
2e69634b80b48bfdfe4a9093b642ffa48cb237517c9bfddfb8ccc4ba9b6b5d8fbe56f24d22555f7b9f8340a850f56e36ced05f2c8333c0902137f9135289a3d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\62yy7f8\imagestore.dat

Filesize
150KB

MD5
39c6951476aa79a46b21ec62d7934130

SHA1
1f227ee12fd6f52542fecb6380bb3c824fecc7e3

SHA256
04f0f4bbc31e08f5d4e985de4d2bb92ec348bd2eb2fa396e5e42691dde3d6b40

SHA512
48a508cfada420578b9f0de99bfc197006502f8d0b4211b8bfa5a521359b32dd2a0ded9e812b11e64386bcf1422df5ee3b8cdf0a4f5075a9945cd08e5ee1ec54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\62yy7f8\imagestore.dat

Filesize
124KB

MD5
3492f3ab014b30bab52632c6c00f82b5

SHA1
ff200db843f9efdce292912d1e8bf4ddfda87502

SHA256
f2b591e9dc3eaafa244e4039a07de228fcfb78da6db283b643bdd54bfb2ebb04

SHA512
b5abb83788990bb9932af52559bcf4982ca6bdbf943ee0b8671c42e9c4bc3db885d7c41907b4855507f11765d7bc0e7f1683758630a6c7dda3e5d9184068ea87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\62yy7f8\imagestore.dat

Filesize
124KB

MD5
3492f3ab014b30bab52632c6c00f82b5

SHA1
ff200db843f9efdce292912d1e8bf4ddfda87502

SHA256
f2b591e9dc3eaafa244e4039a07de228fcfb78da6db283b643bdd54bfb2ebb04

SHA512
b5abb83788990bb9932af52559bcf4982ca6bdbf943ee0b8671c42e9c4bc3db885d7c41907b4855507f11765d7bc0e7f1683758630a6c7dda3e5d9184068ea87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T22XS5WA\20892902[1].png

Filesize
27KB

MD5
4897b57c5e1f9f51e696e625c63e9b29

SHA1
1d909348f88e5c9b28e59cae1f4bcfa1bc21a624

SHA256
aec5cfe0491d02ea617f4202669835b691a52439bac0e99543a791412c78cc41

SHA512
b5d39bb3165343f9704ee30b01181d14ac202938ee45f9ebaf17661a947cf9388ba3e3b9d2a5b69442539401730c5363b1843eae18af0d1bd63ee0a5a423bbc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T22XS5WA\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIC7WQYE\ec2c34cadd4b5f4594415127380a85e6[1].ico

Filesize
23KB

MD5
ec2c34cadd4b5f4594415127380a85e6

SHA1
e7e129270da0153510ef04a148d08702b980b679

SHA256
128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

SHA512
c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIC7WQYE\favicon[1].ico

Filesize
119KB

MD5
49c4d9b52691b00f4e6c3566af335c7e

SHA1
855f1cbc0ae741ac9255ddf960419e1894ef3816

SHA256
d121d1c128d964d5faf1bb500e581091cbff5eb87ad404fff40c60de5a127e5c

SHA512
f4434d399c1778e3c4fc5bad1d786f7315addebc343053dda1ec4bf51760bfdbd4237b8600dcae863e6318d84f40829aae86c16caf8098a18ec1b29b5a613dd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIC7WQYE\favicon[1].png

Filesize
958B

MD5
346e09471362f2907510a31812129cd2

SHA1
323b99430dd424604ae57a19a91f25376e209759

SHA256
74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08

SHA512
a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ77JNZF\kMeHH_DpbiawEkJTdiNrDpxHSQh7Pu54DViZxiX5Flg[1].js

Filesize
38KB

MD5
91e89eeafd8422904f5bfc66eff8e446

SHA1
7d22ba4422589289dfad6c28ed96d138ff4ceead

SHA256
90c7871ff0e96e26b012425376236b0e9c4749087b3eee780d5899c625f91658

SHA512
66f12e38260d4d52a74c69a132b1b6aa9c1ff9ed0e8df72f8e8431cc61002cd0387373c9adad1eefd923cac3b76463e96bc7ff07b2a9b2355a8293995b5ae254

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5515.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar56C2.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HWT7GFRK.txt

Filesize
604B

MD5
f18fb759eefd1ff119619ca030254e53

SHA1
c6e167ba7c873e8dbdd051f8f82d253b90371f4c

SHA256
0a21921c173cd3bd0a25a5da94ee77d3389223fe7e1e5be8e84070b33b1fc989

SHA512
5eda00d8e0afaa1eba4ac045ce2af8ccdda30391907ecd0cad85ed71544ffddd92beb1617a3c01cf79b00b08147b900e4f70ebf83ed9ba13917c8a663f3cdae7

Download Submit
memory/1320-1222-0x0000000005390000-0x00000000053D0000-memory.dmp

Filesize
256KB

Download
memory/1320-1223-0x0000000005390000-0x00000000053D0000-memory.dmp

Filesize
256KB

Download
memory/1320-58-0x0000000005390000-0x00000000053D0000-memory.dmp

Filesize
256KB

Download
memory/1320-57-0x0000000005390000-0x00000000053D0000-memory.dmp

Filesize
256KB

Download
memory/1320-56-0x0000000005390000-0x00000000053D0000-memory.dmp

Filesize
256KB

Download
memory/1320-55-0x00000000066B0000-0x0000000006C8E000-memory.dmp

Filesize
5.9MB

Download
memory/1320-129-0x0000000005390000-0x00000000053D0000-memory.dmp

Filesize
256KB

Download
memory/1320-54-0x0000000000DD0000-0x00000000013FE000-memory.dmp

Filesize
6.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads