Analysis Overview
SHA256
44fd5e974fc5c7903d67233ba9e4718b7cc63627a28ba8fe1d2c7ef6eb5f74c4
Threat Level: Known bad
The file AntivirusAI136DZAPKCOM1ap.apk was found to be: Known bad.
Malicious Activity Summary
DiamondFox stealer
DiamondFox
Requests dangerous framework permissions
Acquires the wake lock.
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-07-10 13:24
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
Analysis: behavioral11
Detonation Overview
Submitted
2023-07-10 13:24
Reported
2023-07-10 13:27
Platform
win10v2004-20230703-en
Max time kernel
128s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20c403f331b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4053055685" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044401" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395760451" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31044401" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4066651701" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1D0C2D9B-1F25-11EE-B651-42E031024C9A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043db47ff6362a24abd0df5a96fa93c4600000000020000000000106600000001000020000000479855902ef0ba69d7eb1302f00480e02e2e372ff1988b257878cbcf6f67ee6e000000000e8000000002000020000000d8f4e68979b67fd74011ad7dee2f4bca4c1c540f7fa83705f75074765d74c15e200000005459e1a22ca8124a0b631825011374f7db6a543b062de0885f6a03c9bc495baa40000000581b173d01708d4ddac7a4338af3a02e1e3a7e2930ea2e6dfcc591214c6e7b555797c16e2265e7966330aa5d2a95eb8186c84c8e080f2491d2f797aa5c7ae931 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4053055685" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044401" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043db47ff6362a24abd0df5a96fa93c4600000000020000000000106600000001000020000000950bf32bed4e7a42472cd5dacc734d1d79c143f76b10f9fa131223696783367b000000000e8000000002000020000000219870ab2e4be6d6fe4c9b8f54453c1771decac66c7b8389f9162881bc3ce2f420000000a901e3b754f68a92606efdc2f42a10d67fb0f683e0317941ee24573bff3b5b4e40000000e17f97ce245c7511fa9a9053f77544da529bd5b264f17418bddfad6234b5e0df5d6590c9912f61f7ce065e715bf22d3ca77a42616a84a758feaaecbdc8ca3c6b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f04719f331b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4528 wrote to memory of 4092 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4528 wrote to memory of 4092 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4528 wrote to memory of 4092 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\disclosure.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4528 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.211.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.1.248.8.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.141.123.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DQKPKJPE\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral13
Detonation Overview
Submitted
2023-07-10 13:24
Reported
2023-07-10 13:27
Platform
win10v2004-20230703-en
Max time kernel
123s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2000faf231b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000929439ee50e204ba4f4b605da59efba00000000020000000000106600000001000020000000d91be7d468ff9d127a99f71a4505f6247b445f7584db1860df06aafaaf460b1c000000000e8000000002000020000000fe243af9d41dce01ef890145e944720f9d9af657c068389058d39c9511227cb720000000e4594d715ed504243c3ecd4aa703967e1dcce82498f1a9892b2f8cecc12212ad4000000034ae1c5ce844e8d042ebf22ee46369d638376993cda9d061e8e3f4cfa9701bd8f46a9c55bf7bdeb0ceeb8dfbf92099538e2b2706f4ba4bc46115ccf058242393 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395760451" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4065227232" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044401" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1D0F5BDF-1F25-11EE-AF72-4A1E53401E07} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31044401" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4051320379" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044401" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000929439ee50e204ba4f4b605da59efba00000000020000000000106600000001000020000000e0b095e9ef3b865097b63f09c83baf618e5bead622798530160f5530265c56eb000000000e80000000020000200000005770f9c595d5acfe2d9ef15805eabbfd5028a3b875240becaa875b6b16631c7820000000db756b7c82b468178124b6b4174571590c843fd9586e216f994417f39b180ae140000000226328d7182bacc86803305b75fa99bef11dd340b72bc6e5596ff5c1a3f591717c2ebbad9bad6a70cf1555b491a590c2ed21f47e85ed419221ad180527872b2f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4051320379" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0120df331b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1032 wrote to memory of 2312 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1032 wrote to memory of 2312 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1032 wrote to memory of 2312 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\myps_policy.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1032 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.113.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.50.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.121.18.2.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 64.13.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\42JDD8EA\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral16
Detonation Overview
Submitted
2023-07-10 13:24
Reported
2023-07-10 13:27
Platform
win7-20230703-en
Max time kernel
146s
Max time network
138s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d4e20c56306bc849bbbf82eb036fcf6e00000000020000000000106600000001000020000000665ad90d1874bd4b33a3db53205fdb7b352722e512ea16d41a93c5ceea5dc702000000000e8000000002000020000000a6e4ec8167764ec099dca6ef03b951b0aaf3ae172e1c502fee74427bc075145b9000000062e198ab132a97eb542ac95fcb7545ec959996150207da75bb851c4540602d5a5df027b928219d67ea5d31cde352f7a36285dda753b2b9785e00316d1a0ffe40d85b0c0dcc02bf844179e25dd0cb9ac60e4751dd88aa4d5691e88ceb8bdac85a3433c9bbbd4437b85bc49c47591b685393ed2bd1c353deb0cee2bb472a9e71fa6835cc6f0444278327f3ebae0c028aea4000000029e11dc799874f2a94610ac11e8cdcedfb26421c3614181d927717fcc0252e5bc19340322962b1cd8abac6ba28a14af2536b2d12ef9678d16287c447fd48f28b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d4e20c56306bc849bbbf82eb036fcf6e0000000002000000000010660000000100002000000099e11338ae438a7d1bad65c7222a3cfff5e3e7749726bcbd69ddcbcb325d5621000000000e8000000002000020000000e72b4b5acb553a8d939ee4d75a502458da27aee6162bb7b17f58b5ed7e46bdb5200000005233ff9bfa17b1e5c13f026aa3d34af307d238fe09301e2db460c7b44c417b3740000000111381e08899c62d9692b384ce4a88e532e84e55c656a7b35e435a8b1b756160e69c67f96433f0eb719c0d8f55a12554ac1f9aec1f4926aef5a02a3b233f8082 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1C36ABA1-1F25-11EE-A0DE-76CA95553E89} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b03e4bf131b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395760449" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1816 wrote to memory of 2320 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1816 wrote to memory of 2320 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1816 wrote to memory of 2320 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1816 wrote to memory of 2320 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\vpnservice.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1816 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3C3A.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\Local\Temp\Tar3EBC.tmp
| MD5 | 4ff65ad929cd9a367680e0e5b1c08166 |
| SHA1 | c0af0d4396bd1f15c45f39d3b849ba444233b3a2 |
| SHA256 | c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6 |
| SHA512 | f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d3371342b9a14101ed4be3fcca572e9 |
| SHA1 | f251580b931f382bb9893d3a1cf9b5d20687bce3 |
| SHA256 | c270a4deb9ac0829da955778d08767f42c0ce09f72a49c4e7138ddaf6eae1ffe |
| SHA512 | 9e94aecef08800b89f88ac36650733efd0b6ac9ffc009fe8d50fc8d0a51bb4303ba93c3ab6ca0d92cc8ffca972b1fbc45484fbaa85db85f5e719f4bcb29734a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7395125e72cc2f8375c372b023093f97 |
| SHA1 | 618073b3f53c34688f58a731b8b9e3275ba4e059 |
| SHA256 | ff6cd8ee3d4cb17ff8a626395dc00dbba8b5a861d1ac6dc2c88fb49e9af87a3e |
| SHA512 | 17538a8a8f2b461ef3ff8b742237a4c54db60363a3b4fb690a88a0e3a3358e56e16f9487d9a7ddd81b91c01fef34946b606ac775c872e5aef921c01c087a23c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c565adc45cc01d889f22cd85d720a1c3 |
| SHA1 | a7bee3dfa1ec6a406305314ab0fe25a33c12967e |
| SHA256 | befa37325712108941863781593e14700019dfd81991784d91562225aea93ffd |
| SHA512 | c4ea69e465534b644ae164dc8037c3c5a2894f2cbc616d349b1548ca41801c13d4c3a793e0ee7db35af126486f244ceda0966c82c67fda880226b2107f67b231 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be98bfd63c6ed04abc7fb1200c8a4d0c |
| SHA1 | 608219da94369de3d3ef7d9d334d431f1a1d2ad3 |
| SHA256 | ede01368a13fd1171a764c0c317eebdc64d802074ee96e834823bf591d82ec14 |
| SHA512 | d4d52bcd83f999452bcac2e9e436d0fc430f22a1679f8dc54773505b5ca0e24e10f8af3d3d95dccf86c74b4c0bf019351fef5ab2a653dc2f6790dbc05b8ee4cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85e325d3f5ec3c972bef6c959a8f2f13 |
| SHA1 | 71bc45472ffef92ceb50c11a4660e33a71709f14 |
| SHA256 | 9796bf6d3a4e1e71600a5f9b058cb6e4ab740b393d5ef9642913125974a53de9 |
| SHA512 | 03c83f4f55eaecd0a8193ab9b1d1c1cbb2e651618ffe68f8e60ffc12f04bae2031c7e221a23a136ece870e5e2ff345a4dd282e280a328874f2820ab541eb7846 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 245ce30b36eaebd15d4c05d9a53a84fe |
| SHA1 | 970abf66639adba84a97024c6e652e22d36b4dc1 |
| SHA256 | cbc205a60a9885cce97309d41146d3a1c4eb7604a40da717dfc0319ce2da86cc |
| SHA512 | ae7b44c156135e1f6ebac6f8fb15ef2e01147599cc3a2367151b92ca37acd1faebf6dd0b03b5ef558d12f3c0c9f1bd90c3b3815d9942447b62f02c974ce3466b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f96273db349968c2fc61671221facd9 |
| SHA1 | 2aab1398ff0c887eebecdee8479b266b14d82626 |
| SHA256 | 5dc951bf0ae3d669682285ef061ba036b62b24bd09e7b9cfc49f5e6fda5fd5d9 |
| SHA512 | 5804e6f10426b64273f4cfab0af89706daa57a15ebe16466d26d121e491dc34e8f35058c23cae52054b85ac96861a3104071e603eec4f50bcea567dc875ef664 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84dcd4a3abbb6425596ca5d73cd96200 |
| SHA1 | 0f2a9c574bb628d809874eed99d8826edebd764a |
| SHA256 | 4b3f6607868d9e9d4dfe74b180312d4da4c1710a25c7598d1fef9cbc3289296d |
| SHA512 | c9f713c114f601e3982e743dffc17888931d0da3c4685201c3058a2fd7a35e0f7ea72ee88cda571de4fd90f1105c59ad88940ef7431c8f98bb795e6005121033 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5dd530b2003f58b67823d0669675e763 |
| SHA1 | 29035c626bbca697043b770d7d0de072d0038eef |
| SHA256 | acb525c18c6db910284dbbaf9d9d398db94a357ff408b2e724711fa0026f4492 |
| SHA512 | d9ce38eaab5059e2148cd90c066cccc354c9313ea883816e3e3dfe1e907ef8d017cae91271bee4b81bbb6227d9e1362855cb40ecbc1363764ee09c56c9162a5f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\RA1FVPAH.txt
| MD5 | a643fd83f959bae4b573c7086e82fadf |
| SHA1 | 12369443f8d52fc248a0da3476a982175fa409bd |
| SHA256 | bf024d2dee97db114077d707f4e5d1e5918212836b6e33f489d7fb20c1e16cb4 |
| SHA512 | 7cf31108da3d40ea97e15bd2e635fc700c6d0fccb674ff9238e3a59826ea7fead5470694e18a40bebaf26272c1311d98ace6b4395244af6074f1dab8e94445aa |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXTVO3I9\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral3
Detonation Overview
Submitted
2023-07-10 13:24
Reported
2023-07-10 13:27
Platform
win7-20230703-en
Max time kernel
100s
Max time network
136s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006c29dc726ce5b94c89351546d5dd24d4000000000200000000001066000000010000200000009c7a3d3994680b5b0b6af05ab4ce94c322c37a5f3842a566f721bd8dbfc35823000000000e8000000002000020000000c7b934c42f6be9e736c646693d5a07cbd4a45529d304067f917c157643bd146b2000000005867be4e6ba7576fc55d30a406e29089be7ba77347407ddd5cd9cb3af2de18740000000a89d78567b772562ef80e3e68c30480375130e8365fda4f65b9c5b2cc4c93cb6fa77ed95c2b07305e273c090625f655568dbe4b5a586b5c2712a8f9325ffc84a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006c29dc726ce5b94c89351546d5dd24d400000000020000000000106600000001000020000000a8c1551770652a89d27e3ca78c65438116463c3212f5dc8c212e7fb034592ae5000000000e8000000002000020000000259c50f8697b8a5eaec001b749a0f76e2505f8ebc90f6af830d7377601a40a5390000000a6df942e2d5d2b2d0a75e1f9049abf10560f6215def439638c267f67a633920d82606af48baa3f79d464dafb34d3ae3f89b07b5b5945c5d821b0ed5a4efd42fd6c5725b49fc90d4a372f7e4bd2e60d2c2723d9019a19ff2cc092a97c3a7fb8fb063b3a02b7b909327b8dbd5548619f1b398e764785a36af99a7e80007e74afb7626baae11cba568d71583c9319552b324000000025031f4b1e9409c206d758d3293c8dbe1333c1f42f3908afcf4fe187763fdb51152be704118cd0d3005aad7459474f3dcaf03879754bd9783f1a30818265b14a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1C477481-1F25-11EE-B612-C2A254DF4AC1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 706d3ef131b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395760449" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2956 wrote to memory of 2568 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2956 wrote to memory of 2568 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2956 wrote to memory of 2568 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2956 wrote to memory of 2568 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\disclosure.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5F51.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\Local\Temp\Tar5FD3.tmp
| MD5 | 4ff65ad929cd9a367680e0e5b1c08166 |
| SHA1 | c0af0d4396bd1f15c45f39d3b849ba444233b3a2 |
| SHA256 | c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6 |
| SHA512 | f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d11f60e86fe07ce869401ffa3186c2b0 |
| SHA1 | d8b89ffa90c6e2cf80792723dd60621b974caf3a |
| SHA256 | 1aec3f0b84f2da2694ef577b512b34ad03ee2da457a2ae195990629a0de7ae11 |
| SHA512 | d8118243697feddbb81a67dcba41c5374d1f64983713d391587ef7117938845cc48d376ad36a654aa6dd5dbca8ad200dd4a25de9aa08ebb4c2baf0bbc7282452 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c66e64b673d73fb0c18140e9fbc225e6 |
| SHA1 | 850b33089795003d76b45d83e145a78fde31a3b0 |
| SHA256 | 81b577f3cc212abaacf7d0e2aa20f351e68d5cb840343d57c4d6d927eeb01732 |
| SHA512 | f44f76bf645a601fb36d66b015f44f830f649fe36787ef2c37356239d1dd774e391d8ef547825f57ffe2f13fc10dc9b85b206ceff7b3518cb6af7b9a729d4470 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38dc2adc1531c2889b37d5812e19faba |
| SHA1 | 168c872c4193113c7b4d835fdbaa215a7dfcd431 |
| SHA256 | c9cb40d62160728d376d3cf43dc8e52910a0b5a661e5c1acb26456c1113ad4b5 |
| SHA512 | 147ced44eaea61234fb2e53f0ab6c09ba473600f2f2975d61033dfacbb3c9a209675a4d5006b4c3de7416e3816b83c4f15870e71ca5f3729e00661fe4cc9669e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10e0670ced1ab50bf1d4adaf14757621 |
| SHA1 | de5d0a8fd9d35f6b700dab56530364c2ca7d1fd2 |
| SHA256 | 30ed4f06aa01cf6d2dec1fa896a47c2a0a5603b8193093ac568e190facbd5360 |
| SHA512 | eae3f92f6c8644c954caa08bd6c0f93a739780cf2824890bbf6c8ea6b003524659bc943f00146093bbdc90e70fa7fe54fc58b418f63d19e951f4f73fc7e02b78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9382b76d7533448b4e4306e82b67d779 |
| SHA1 | 4124896a6bdfb9c4e2454841a73e679d2dec8e23 |
| SHA256 | ca72cfabbb2c0bb671e49253bfc78ee239ec5cba9ca36b66cc541e7ff5830466 |
| SHA512 | 0726c6bbfe313008d8c7d1d66718d4a1d126e2e4e889e33636a5d124aaac06877e5605b1ea9bf9d1931502e2c7841e676c447ba3f917605d458c1ac8c83e4bcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2970f898450437f42d2094001476ac70 |
| SHA1 | 59c95bab637561b5594b0179d907a019ca1b1eb6 |
| SHA256 | 193d83ee1ec929a81807550dce72ba5864f6940eaf7dcd4223ae80e16c544bff |
| SHA512 | dcf66dc7fa57b9eb65895280058956a9095a6ad9e29df98083a671e15d06c9466c50689490de634c1eea091988916994f7a63f58de70dae2b615aa228eabeced |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a3a25089bf6063a48a571c51f16976e |
| SHA1 | 6559ce7bb03484ac20c01d7dfad2ca57186a9781 |
| SHA256 | 4f804cddd60c6c7198abcd6c4436fd55516e409101539ecb3982ba13f15630e0 |
| SHA512 | 42098aea46b82e57c4e14d7ccc24b8807941a9a9f3f9ecd97b73e24f38299a7c4d8da67bc33ddef462beb6dbd5876f22a9109b4cdb734c8c82951e4a3043d1ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a576e79aaf1110f0965bfc6fb556c9e |
| SHA1 | 6767d4c127e5900431afe6b84b0569ccf72d8799 |
| SHA256 | 5a6db64c7ae34bf51429f1627515d948631bf2fcd3dd04c8c3e3bf272cbe7f49 |
| SHA512 | cd05cb460ce4a2a079a57e82b3666d7dea1dc7803528988e0bd17232210338879bea7adc899598b352b05258a9746085190d0fee29550ccb08d40a1291062c0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be1620bcef161a5c81c6342ef55f0af1 |
| SHA1 | 4ac47ce778f00b36c41f3d2f69bba25d2db973bb |
| SHA256 | e6377e5cd840dd58601666b6dcf7a427aa83c9515af4d15a2ad8d0417a6c17fa |
| SHA512 | c26a5c6eac1676c5de02e8982598a49495552ed28fbeed9371ff87372a231fdf8b6bcebcbf4901e9301aa849220e091f0f18260c576f33f295a0df9751e8cee0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc06b8a672aee8fef4e89a961892d984 |
| SHA1 | 738f72db6965d1b5a37a15e8af79983d4b184072 |
| SHA256 | 6ad370c25e2d49bf7c633965798f26956abc61cb8d27966c8a0a99a5ada120d3 |
| SHA512 | 62cc382cfcb9d0eb4bdd83aa8d436f036a9b36beaee047dc874c32ad251bad30765e151c6254e46763bc62fae90edb74ae356403c4e495e53c3cd9444191c326 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FAV7EITA.txt
| MD5 | 22405f5eea490348c618fbc61f945366 |
| SHA1 | 4afefa457fea9d0ad28a7e2f88d5ddecf5998626 |
| SHA256 | 153a65cf1c9d64371da880173dbab2370157d6ad3fb93a62b701c9441b10d149 |
| SHA512 | b636c87f64f319e39205fca523471112d0dbfb6d3d8a2700768cddbb43400bd3bfd0b504474103e64d1aa615f8d6b29a3c2b031fb232c8d38cc6eca0c4287676 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODRCOPYD\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral9
Detonation Overview
Submitted
2023-07-10 13:24
Reported
2023-07-10 13:24
Platform
android-x64-arm64-20230621-en
Max time network
10s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2023-07-10 13:24
Reported
2023-07-10 13:27
Platform
win7-20230703-en
Max time kernel
100s
Max time network
137s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006c29dc726ce5b94c89351546d5dd24d400000000020000000000106600000001000020000000c7dbf9ca845c2d58b5b76d0750911cbba4a726acd019ae78721939ecbaa1d33e000000000e800000000200002000000091e0ceb7bc09fe281627a9827d1d6e623fdf3f583cd2faa35dd36990b4af102890000000f0c05de2baa47d0e62d22b8c41b7cf619fd17075874761e8f09611bf148eeead90ce2645c6dfc197a8d37913147ea665b3287d1e7d7c64ffb69f37bfedba9e7119849f7a80c104dc447e0a19686d832803c6062d7c3bb375370424aeab87fbc11247bd26b2e4a380cdc657811cd68232634bd6235282a4e39e87aa12b93fac8c0513aa0663f2f585a6278afabc76030b400000003140e5aab14170c74f224b1599d9197f0ccc78d3d8de974ae2e915ea189792309a5849b55770224a48eee57a1f0d22a8c71056ebbf853782b5eea761a2a803af | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6086daf131b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006c29dc726ce5b94c89351546d5dd24d4000000000200000000001066000000010000200000005659a9f70edcfc5490716b4ba8da5c2526cb7f852c6d187328464882cc7e278e000000000e800000000200002000000001165617d40cc8e604cc6c43e626605014f9a5cc5aea5bf99d4fefac596557c320000000aa64d1836367a134ce8dc1f79d2bd06c17ff0d524c40ab6ae9b8a874cb02c51340000000347dc96d5d5b23c314eca45f1043990e6ddb434f01bb31d402899c09a414a1419f722be26b23277f1672f4f077fc3e616e37e1e1bec3b31cb74a8ff91a228dec | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395760449" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1C3F5E31-1F25-11EE-8FDA-CAC1EC3252FE} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2872 wrote to memory of 696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\disclosure.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabBABA.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\Local\Temp\TarBB4B.tmp
| MD5 | 4ff65ad929cd9a367680e0e5b1c08166 |
| SHA1 | c0af0d4396bd1f15c45f39d3b849ba444233b3a2 |
| SHA256 | c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6 |
| SHA512 | f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de69338651aebba37858eabdbb985236 |
| SHA1 | fb3a9d0aac40057d850218237304eb4d83d76cf0 |
| SHA256 | a16ed6e8832526c9ef839f49763e4633421bbb8f6a8fadb5a93d0924d18bcb51 |
| SHA512 | e39a92cb7efcebbecaf184527c8d163ce9a726d551561c9db106e07aac3909bd34c199de917fbaa6c796837d4aa09f6be1190b4f3c3cdf7a76c7c2953bc525df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1328731b707ff5c89ac0fc3e8ff3197 |
| SHA1 | d5c927776654d6e02f8a97fcd269edb7a37fd125 |
| SHA256 | 99fe745b0d3443441abddbe59eec2fb78cf60d27c77fd3597dd9e24d9e069c50 |
| SHA512 | 986be9b745eb07595e8ebaa17f7ce03daa81e85ba23c8fba6c600069b6c943cf6341b6abeaa45a9b30c09a9bef1f937b82db3113a528f1b17a67e667b63705b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 202f8de8a3819a9888dd556aaaa85515 |
| SHA1 | 4dd77f8e26e9493069f9bc645a38558eb800058c |
| SHA256 | 7e2b225b200db3b8f8cd16cf67d7ef040394448300f3abfd18748e6f62333970 |
| SHA512 | 0af87935582bdad00f5b6ff3733a274a211a594e1a0ff7e01bdc778f6ee5992d2e2d222b60f1d62417ac196baf83331fb4453c8699ad58089a41d0ec3bfe32d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0883a7e07fe41a4ce4edec89861922bb |
| SHA1 | 40d5f9ec6afa9e63c95d5589d3d9ae353b98adef |
| SHA256 | de815db714332e8f6e00e244e63b92d6912ac732895673945c0a18a48aae75b8 |
| SHA512 | b275ea2ca1d71e803b811df5280b5205957be499bbb2ded3299183f0a257dd7c6517c2397227cbb04873f632018e2089655b0c320a38b3e6ddb60e792a0b8a8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e611a7e80a0c8bacaeb30fb27f1bb5c |
| SHA1 | ab235e01da24b0d4e5cbe02b9b8e3e434a3b643e |
| SHA256 | 197b357082e0ef29f7151798b27637e00ec6b2f6b697e5f8386ed8b2d28d6e75 |
| SHA512 | 3cc5c6da881c63446436cc0230ea33ad1500a7c3919991ff27cf0e20e27abdffb8480b967052fc9b61c4544148890a620832c6357e09c5fb5a46786b3f5cecd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6730748823f8f25748376178d22cf942 |
| SHA1 | d50e036aaef055753dc382370afd53eb0969483f |
| SHA256 | 52ec90045da863a9c778ababd4456dcb4db5089c122a02a4998eab27f008f009 |
| SHA512 | 52f578662ad7cec40f52128282a60d95d9c2d366e7eacca6514c977798e35b8361da24003b813617d2fb8f761883958d3b4ec3b76f9d71d9bf97a2fcc25f692d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZUFLQKK0.txt
| MD5 | a81963dc67f6e4f32c63a466735f429c |
| SHA1 | 5a62cabc8f1368508271bd0064e508f85e25bd98 |
| SHA256 | 0a335871deee2b38ad77db6bf14b77faa2ebbfae48cee376d428cbbbb240c9d1 |
| SHA512 | 727d6def9ca14953a9f62dd8e8e159065e663b48e09f65597fb6edb7c56b411bf07a055367b06566fc05bd6777301e375faaa098b63098af00ad1430926c90bc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODRCOPYD\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral12
Detonation Overview
Submitted
2023-07-10 13:24
Reported
2023-07-10 13:27
Platform
win7-20230703-en
Max time kernel
144s
Max time network
153s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395760460" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cacdb9c8f7e7d1478a5f6d5a6cb4c29000000000020000000000106600000001000020000000fd76d065a1f5dec876b2f6b375224d0843e7f0a01ca54c4963aed40e3a88a837000000000e8000000002000020000000266b4fd40f244d7294e047243f4355c8f0f7b75c501beee51c15249af3f998a2900000005cb38af629d546c268c486171f859128e0b349e695e7e9be7f7e9c77497a2c4c664e6c3af78d7a64b9a711425a9144d9f5e8d57aaf12b134e1f2cd184ecf3c968492347cbd30cd871ade4601b7c751f5ad74f42e691c2623a2457a8a8a3d2da0dd01a76637d8c2d9ce07b819b45b12c5cf88628ab3388465545d7f171aa3f63bac7bca431c69224edf1a3f4702be845440000000de29dfdcc358930a266ecf0a0ede92bee4f283721364b7c396494a43eb8ec9c231fb61187e5bc6946c5a4a70a7f1ae65dc44a5dc35e8bdaf468e4065c094097b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1C34FDF1-1F25-11EE-8C3E-C2DE6A20C970} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c08ed6f131b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cacdb9c8f7e7d1478a5f6d5a6cb4c29000000000020000000000106600000001000020000000831d5cc3235093f7d29106560ece209e3fa4848394a81cb20efc0d2d3b666b93000000000e800000000200002000000034d66953a53b315e4f1578ed0f73330783f8fa5d81c8d40430d1846e9f3ebe01200000002f3c85b1e82c1243deaf482d76258933df89296558a7ef5ae6f29f9679157c64400000000fc8c3a9a023c79c2614151cb6079aeff43f3b6c36407e14dc23c11ea926a4849a0e444c2a59efc1cd7e4ce84548c2792814adb8f21c5ba12e7ff216582f9e05 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-264077997-199365141-898621884-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2184 wrote to memory of 2400 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2400 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2400 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2400 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\myps_policy.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab544C.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\Local\Temp\Tar54DB.tmp
| MD5 | 4ff65ad929cd9a367680e0e5b1c08166 |
| SHA1 | c0af0d4396bd1f15c45f39d3b849ba444233b3a2 |
| SHA256 | c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6 |
| SHA512 | f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c78abafa3714358a8750994cca9f440b |
| SHA1 | f78d8750eb3ab4ce268a88fb68813480e9d52a9b |
| SHA256 | f0fefdc7d81205b3172ea32d3e947d943293f5d38336662fa4248736db977479 |
| SHA512 | b7247bf83335d98f96ecbfc31e0f3243389e154643fe87e8cfdb314853cc7e4646504a2bf22a78544daf0113cfc3a06a94fde7f63bfdcb6a0a15aa31b51ee09e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6c76e03239c87ea7c432f283dba2329 |
| SHA1 | 5b5b9b7db3d5f5bfd9fd608a578ea4b634aa228a |
| SHA256 | 072b102ae48b00134bed7b5be29ca5d4b689c6e68b6acd65f4c57bdee51dbee4 |
| SHA512 | 270ae512a20e305ff5db03db7427d5165a05f797b8763e0d5add2ed4e81ca3d0d443447696f793cfeaa3e5768ef7f388475062c3bcbe8660deb4649feea383a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 363205fe95db3145eea3b13c69615bd3 |
| SHA1 | e8a8b4f3fc045d453707d809b7bbfcd14cd30cb9 |
| SHA256 | 38761a4dac2d6d261afb791c9aed229ee00bf5fdc932cb94359fbc8ec0a3d2b8 |
| SHA512 | c131a919f4fc0912862d4f68a0d2be351b74b1f2be26de302b764449b58381b2c68ce8789c8267aeb820251411b8683be26e3b31b2460d26c4e10b28a04beaaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0ce92b217bea23f676f0798266f02bc |
| SHA1 | 75741d88247b5ce20bc0a58de48160d6184d6e5f |
| SHA256 | 65690f012832fed8013466872c67dfe986a9b8b37a54448660b2ae8129b3d3b2 |
| SHA512 | 2d67c76dc708bbf4196b89b05368a4332ea05c42b25bdb1dd30cd93ca5a639a2b85d693bc7b637cd178ac49c47feb3a5c49877de5e3dc5315e8bae0ca8e6f42b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48f37f5483cb1d71cec75d884db99069 |
| SHA1 | ded068116c12d6e550c0c5c1e8bbbf8a60031961 |
| SHA256 | d771dc261cd1d9f925978fe89753ddc6f5f51ac15d19a166f72973c3d6395d14 |
| SHA512 | 8937c56f2d88f8d0582e0d93bc8d7f6a26489bbc7216707d961b8bf7b736ad3dd6980e95b7fa295723eba2cc0fc7e9a2b35ad7c0ddd09a268ef71ebfde546917 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69385e7630f5de60757e9c3ffcff11af |
| SHA1 | 4be546e3677e1242d59d8d529b4c843201b90a6c |
| SHA256 | 0c5d67d957b8340927b10609764eb269f2098163ef0d8cc07b2e75f482e715bf |
| SHA512 | 883533da3d86521f1bc879bc54b54493bc1a84311e878b06ed50c190f2fd863546ae84ffa1023b6013269f4b506401d532f0a910b6653ff03748e525cb55b0e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab9c78d2ccb378537a7ef41a818648b2 |
| SHA1 | 493e5825191a6201a8d450547b0a0a3ca2201ab4 |
| SHA256 | 7f2f1484f3b751d4bc7fa180344e7d778666f42b7c217d0c0b0c77eff5c26a1f |
| SHA512 | 19211d9120a2f356238452fa1f998fa1c7b3f480884d829de792470ba33efed7b0c96bf1f48766e62ecdbe65bbab408163fd844dc6845306acec3482d750c908 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55638f6173331cac535866fdbf64e8f2 |
| SHA1 | 8384f92271f0097fa87783a09043f40605db5750 |
| SHA256 | e361215ac60d1009f66353ff007ceeec1efdd2109de299537159989113d0dd68 |
| SHA512 | 04d4700ccde5ddc69578c261d3f0895de8c89533367b2aaaa21eff11fde2db298cbad08bf9b863ddc526b42a573950a346e0bc89a360f7bb0ee6d326d6e81baa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69c5d5de79bab91db99182be7b20c280 |
| SHA1 | 905ede1d1f25995789792f310f8ff11b2a86c383 |
| SHA256 | cadfa0306cfa8272c87a1dba26df2e42062549e618f35931f03672ae80f82ff9 |
| SHA512 | d5e904bd5fbe700022ccc793d1f35814840657b6a275529ca19c3576e9673c54fe4865cd8bd0ad0c99727bd7dcff7d067ffa8bae9b42a37af93f93050e687c79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34af83a12b4206bfd566c61d28193230 |
| SHA1 | ddf22138bcd926623e28e0e40bee85d09ba988c1 |
| SHA256 | f144278f3d812944cd4b9e93948077fece0d63f447cec3c5d27b2e48fd3eeab9 |
| SHA512 | e51e583f5976b6da6112a7a1600c3a069782d0924da4aa0860c2991b75323414806ccc9742c7b03c50ec3f71ae8ee8ecfe869e3ccd655aa90d01e51b6dce4822 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c904e243e3c296d5eefcd6f29920baf9 |
| SHA1 | 500381694c891c930ace4d89f1817cad8340ff47 |
| SHA256 | a1d7d66984dbc0a41d470b28fe235fa04be5cf03efea19a55d379b08831b40ad |
| SHA512 | 1a406c2b5aed54fe326641eb43823c262eac5c93c8ed1e8a8645365c6c95ae925dddbc28a735f3a284bdb5171fe8e9f67421f1cde3c64e2eb59bb19bc7f49e90 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\EXLO5EJC.txt
| MD5 | b7b2523dda478c412a132aac84669404 |
| SHA1 | d4ee79d75f976ce8fa7d2952930bc81a6319f0b6 |
| SHA256 | a50a30bc3d6cd09f0346975db1109ebaea304644fd3681fb9445a4029f971c4b |
| SHA512 | cf91c83a926dc71ab59b67f996ec4496f6b7b4436281116627ff6bc49a9778eb458f5be8048cb620e49226c1310c729304b8d67193dcd503c1cd2bc33aae99fd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S593MPCP\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral1
Detonation Overview
Submitted
2023-07-10 13:24
Reported
2023-07-10 13:27
Platform
android-x86-arm-20230621-en
Max time kernel
1073382s
Max time network
127s
Command Line
Signatures
DiamondFox
DiamondFox stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
Processes
com.protectstar.antivirus
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| NL | 142.251.36.10:443 | infinitedata-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | api.protectstar.com | udp |
| DE | 217.160.188.114:443 | api.protectstar.com | tcp |
| DE | 217.160.188.114:443 | api.protectstar.com | tcp |
Files
/data/user/0/com.protectstar.antivirus/origin.apk
| MD5 | 64bce546d5b79b78e6688420945edf87 |
| SHA1 | 665cd42c9831d0510db5756c004911c5b71a99cb |
| SHA256 | 75078c407ef53a9433ecbdd76f49002a8a5bdc9df0da65ef0bc6040c6bce7dab |
| SHA512 | 20c50c51b18bc7f1f281ecdff81e1395ec82a22d12b4a28cb9bf69fee56cf0b7059939f0542c545e8419a32ce158a6300901944f50364f51be33a4995c2399c9 |
/data/user/0/com.protectstar.antivirus/databases/com.google.android.datatransport.events
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/user/0/com.protectstar.antivirus/databases/com.google.android.datatransport.events-journal
| MD5 | e265fe62f506350508a659e1cfa47ab5 |
| SHA1 | e85ac1225f7d6998f92c02163d2112250d1b6390 |
| SHA256 | 593578522d73c0ed291e79238047249abd828d7b791ea29b02aaaebb548a1f0b |
| SHA512 | 182ef119e4bef40a291111457c5a46931cd3f74353d7b9544da7513c9083d99834b56e48946bd5dc1bf0cae4fc0c1aaae38ff0e480fc57f64638d0ab35be0c0b |
/data/user/0/com.protectstar.antivirus/databases/com.google.android.datatransport.events-wal
| MD5 | e73ad47d8d33614c18da254c876d8be8 |
| SHA1 | 7533e155e26f02c01f9dc379adba3688be60bf26 |
| SHA256 | fffd04c56a2e348cc106a64fef074afbeab7f0ee456c347f3ff7af77719db472 |
| SHA512 | 0e152405da3db7a2f0766b63e0f77920127a5eaa4fb7f6c484df468147ff6d56e1f883bd8d6da4e4a0976466393731c1971a4e310e8a66196bf13aa6c497e7c8 |
/data/user/0/com.protectstar.antivirus/databases/com.google.android.datatransport.events-shm
| MD5 | 7dea362b3fac8e00956a4952a3d4f474 |
| SHA1 | 05fe405753166f125559e7c9ac558654f107c7e9 |
| SHA256 | af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc |
| SHA512 | 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b |
/data/user/0/com.protectstar.antivirus/no_backup/com.google.android.gms.appid-no-backup
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.protectstar.antivirus/files/generatefid.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.protectstar.antivirus/files/PersistedInstallation2103747448313327976tmp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.protectstar.antivirus/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MToxMDc1MjQ2MjI0OTk5OmFuZHJvaWQ6ZGEwYjliODY5YTAyMjNhNjk2YTZjMg.xml
| MD5 | cc50cc927314a9a5b5fc9d7b1d700bd0 |
| SHA1 | e9488a294a95a08e6e8e8c4be19cfa3cfda63c5b |
| SHA256 | 5ec8f4f7562f575a09be607ab902e2d60350168d45d7743dcbc18223b86a4daf |
| SHA512 | b4381cf62ef97c34ce668fa4d741ef0a6c7814dd25edd06d65ad2b30dd9e816d599845cf4f2d3fd4a7825abc386e6d9034a37e1b0c912cb06b8d1bc69f2ea5b8 |
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.firebase.crashlytics.xml
| MD5 | 1ae01225fa51df678d2d1b0b75be2859 |
| SHA1 | ff97af4ae2d1b4bb4fb66594ab8c1ba853c7d1a6 |
| SHA256 | d1549a8cde7a15d506d4b1474cad62cfbd5839da51d54ba0137655722e8b726e |
| SHA512 | b0ed064a4815b78d11032b603399cffa6bad5d5064a20d9831a34f4ad226b818c43a0c44205adb877e92755a8efc279cf343fa87452261b535f58cad242ff81c |
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.firebase.crashlytics.xml
| MD5 | 34f5f880192122d2e1ab6a30db2920c4 |
| SHA1 | 587579eace03de9472bf67e52df58f012c2e619e |
| SHA256 | 835642f27573cbdddf3e85d00dc20436003db9402bc139b4f328646f16284910 |
| SHA512 | 00a97ee3f7cada0631f5fe761d055942b712b458187890da473663fe742549f8fff6ece0871453aa90466722972e56da6e84db947339101ae197608c4f714924 |
/data/user/0/com.protectstar.antivirus/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MToxMDc1MjQ2MjI0OTk5OmFuZHJvaWQ6ZGEwYjliODY5YTAyMjNhNjk2YTZjMg.xml
| MD5 | 1cff29b55b02160ce4fe311f6aa34d36 |
| SHA1 | b02b16af91d8a4def0d97361eb2ea8471a766c6b |
| SHA256 | fdb86ec9e513cbedb59f29210ff3cc61b6f0aac33b2a287ffdb0337da0948a59 |
| SHA512 | 5993a8b135f9dd1e6722054a543b755333c4ad4094d42f98a3236c0f9e1951cf1a66f7722dd594b175ea3bd8306cf5394be7885fb571d867fdaaa616e2e6aff3 |
/data/user/0/com.protectstar.antivirus/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MToxMDc1MjQ2MjI0OTk5OmFuZHJvaWQ6ZGEwYjliODY5YTAyMjNhNjk2YTZjMg.xml
| MD5 | 06be4c55cbf48e1381ab5cc94f8802eb |
| SHA1 | 279f81624a64ea2a69390b0f48d52e0d3c2aa7ee |
| SHA256 | 6094a60105de7be3ba2dcc8eb75de3832d6ee631decb95e43fe4de0d2d10685e |
| SHA512 | e93a237f2a9b8621e311b76f2a9735ae726d60d8e0978ac13ec4a029713b3355a9b5f6b17e4bccc0277cd37245e91ad94507cba4caabfb469033a331ff4793ca |
/data/user/0/com.protectstar.antivirus/files/.com.google.firebase.crashlytics.files.v2:com.protectstar.antivirus/open-sessions/64AC069E022500011022B63AAF4942D1/report
| MD5 | 17097f1aab8877e83df0a310c290c01e |
| SHA1 | e2bcba780132f8bb0011568147de93a60ae29d49 |
| SHA256 | ac812c92a66e660a98c75983168233bbd7b8840a128614c03fa47f5167c6cce8 |
| SHA512 | 0195cc1d106f5297e4c955ab5d10895eba0456df5bec276b5d6930564eeec6edfc567fc9ba3155bea3494121d6d7abea1f9d5d111e45f9f82d6e9e6eb255c69c |
/data/user/0/com.protectstar.antivirus/shared_prefs/com.protectstar.antivirus_preferences.xml
| MD5 | c78c495cf44504f575a670dc6bafda86 |
| SHA1 | 77355bef2e78059d7a321dae6c6a56670bae772f |
| SHA256 | 645640a89ddef96bd44650003d2906d1395e1c59949afc10365d4affafac2831 |
| SHA512 | b166a79883696f8ce4c51132c4adf08ea99a7f6cd13c9ff55fc7026a6480bde3b9be64de96bdd51284974b1675ac9b46f528602b05de0e86b1d363b6a525a3b3 |
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.android.gms.measurement.prefs.xml
| MD5 | 250b4caeba60ddf53228405750ba66ca |
| SHA1 | 422ab714feb34e9f3b4f1cbe669887bcd581ddb1 |
| SHA256 | 2478c97a377db9ce6a44977b4864a40af8b4f5e5c8f81892c424a608ddec911e |
| SHA512 | 373750c29942fef90281109b6025c398d0f4ac62b58a984a3651d09f8c016440bc40f6bd84fb6d40acf8e48a553d4c1d22e01a95c40a41567c079ba9a338afdb |
/data/user/0/com.protectstar.antivirus/files/.com.google.firebase.crashlytics.files.v2:com.protectstar.antivirus/open-sessions/64AC069E022500011022B63AAF4942D1/start-time
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.protectstar.antivirus/files/.com.google.firebase.crashlytics.files.v2:com.protectstar.antivirus/initialization_marker
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.android.gms.measurement.prefs.xml
| MD5 | b421e631dc9b8025673ab3f058aa35d8 |
| SHA1 | fe46fcd60f39a87e1c4f16c5bf038a600e47e363 |
| SHA256 | e407654a51b55fce929fc2d19bd6959e000ca19c2cc9806afff82d8ff5e6e52b |
| SHA512 | 443657816f7d18894822f9f70d87b98f3915f5f0ac8da1185ef538366e58e0dc0c0698a16c054f1ae0e134ab80d6906c1e8ea31c0dc493186e7144c031697b20 |
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.android.gms.measurement.prefs.xml
| MD5 | 4c5bad331a5fc9d4e6d9a527f6bb4abf |
| SHA1 | ac7846e05c0c5d409d507087fd3abb0530881ec3 |
| SHA256 | 024ac3afd580dbc4095a0fc34df4ccbe3d63e0d50465a3c6b9de9cf1fe17f8c6 |
| SHA512 | 446674723e4416f795809a970f3928617926a4cc162c9cb871a5a70d6b25590922abc4374d05c1fd94cf85dde2ccd3477def1df247445bda87fcff3c38f87ee4 |
/data/user/0/com.protectstar.antivirus/cache/volley/1832329520563655267
| MD5 | eae4358251c8fbadfdb40bdb1fcc46c4 |
| SHA1 | 2accdb66169bf748a5801328ee4e180a2c016157 |
| SHA256 | 24f6d97025eccfad6ff210634c64d15cc8e476d7b9b36ed3c67e84c9d8a025c1 |
| SHA512 | 17a0ce1e7c6059bae971e99292c95a8b752da6e89024e4b3c1298fe9e69b290c1fc09b073002f0760f04269aa7f6ad52189f2d12f6ebe8cba4a221740037c596 |
/data/user/0/com.protectstar.antivirus/files/PersistedInstallation7325596795498429696tmp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.protectstar.antivirus/files/.com.google.firebase.crashlytics.files.v2:com.protectstar.antivirus/open-sessions/64AC069E022500011022B63AAF4942D1/keys
| MD5 | 573f30909f4bf560971e1115453c34fc |
| SHA1 | 239ea999a5ff1fda1652483298fcea2627e76269 |
| SHA256 | b0c0f5f2345c11fcf39b8528bc21c9a0a767d5061bb2ed0d7ebcd0552d8fa847 |
| SHA512 | 8cf5df41225b624953669de573c71b5fe87c63ac0c566d7a7b9674e5bd9c2c83cad46feec39841a724512098969f28bd86733f2ed00940364fa490c80ccfac91 |
/data/user/0/com.protectstar.antivirus/cache/volley/-4440143562082814216
| MD5 | d2ce7da2614046c00c2a68dd8c049332 |
| SHA1 | 4beda6adb093fe789efd63e2cf2f2d8954d3c0d2 |
| SHA256 | fbae0703914713cfb3bcfd33311d09f21030fdc8fdd90849abbb30e09f0ba7eb |
| SHA512 | 5ec3fa60b20c63219fbc92f5142fd451fae9aa09579ec440df15959bfa51bcb2000d3524ed9876eb14895fb1a0ccb49f6dc355363bc07e872583e751e3235434 |
/data/user/0/com.protectstar.antivirus/cache/volley/-4440143561595694984
| MD5 | f98bf81e4a9c712c04645c732d0d03e6 |
| SHA1 | abb22aa82330d715589f5289359f2899737a2aba |
| SHA256 | d2a97d7c9f614f148a6f1ed63057e0ebbd6386370088c16a1ec921da00e21a75 |
| SHA512 | 3b9ba6b7f0c9ab68053302b2f5bfafc3ab73e3e4c3fb8f7c571aeadaeb27d95234064c105f8ae105ae2611d05573ed912dff91c4ba0e2509fdee5dbd21403ce4 |
/data/user/0/com.protectstar.antivirus/cache/volley/-504558873-1090045957
| MD5 | d5976bcc696c648487b50d2f93aa9ae0 |
| SHA1 | 9760fff9069022bcc9e26b706f7d1abb7d66f114 |
| SHA256 | 01fcd0ab87ed60b538bdfe75b1902ad3b399a6def95db1f231dc73571c464d1c |
| SHA512 | ef622621d6c65f47449eeb0218b1953350dc64eb56e565ee7ad03f8efc7a07dd04025a585635153300afa93e1a8203c79d9df671f0f735d87c3280f5ba6184d6 |
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.android.gms.appid.xml
| MD5 | 19c6136fea22cdd1306685f7179cbe8f |
| SHA1 | 422dd8a5b8639b26ff5156de8193eb852ec69b4f |
| SHA256 | 9f03f5c1ce7e15dc09a184d2dac54a2abe61399be4ff44de021aaaf874818802 |
| SHA512 | 159047985d5d0e8196c7fec2b93ece2e4feba83d10a724db7cef6d395989854cb84985f8d91703fd4bfc4de64dd28d6ffd0c1315431b7ac2882b06787936078d |
Analysis: behavioral6
Detonation Overview
Submitted
2023-07-10 13:24
Reported
2023-07-10 13:27
Platform
win10v2004-20230703-en
Max time kernel
143s
Max time network
156s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044401" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4092845741" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4079407229" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8040b7f431b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1EA24E5D-1F25-11EE-B699-42E031024C9A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e70746b52f6804aba4142285479e7a800000000020000000000106600000001000020000000367d97c0fc19e986840734d73512c8b76433c08000d5eef787c934b8e7b8fa29000000000e8000000002000020000000889e136574a06061a7230fe34b2281295689123266fb7f98e619584f11079054200000003c981d7ce38c3b5e5057dbf1eb174c83a4eaa9036ca599e98b9f6789b135b2984000000022886858978df02276df474e63e9eeb6525241b1d8115957275f149d1b108f33733774ecb94304f3a01749d17e765c2c0d63c449e820719efe565ec1f9ee58a7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b02da4f431b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395760454" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044401" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e70746b52f6804aba4142285479e7a800000000020000000000106600000001000020000000d5d80faf56aec8abd68c16736cabebb6a0d09e1f5ff6f5dc633f26abc20b8003000000000e8000000002000020000000313c85b1e141e1710045beb8b1f8b5260bde6448e3ead4d7b72699b6d44fd432200000000b46287f185112ff1539382824b161d5439bcf49ec78bc5e51af812f8666e71440000000ef30ea21245109a98131da5bd6ca6b642a3e568f9c6738447b991141d6308af311d48e7b3fea48ee0bd3cddf4e7150b5d121be43033cbb335ff7ba10f99656a4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4079407229" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31044401" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4864 wrote to memory of 1016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4864 wrote to memory of 1016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4864 wrote to memory of 1016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\myps_policy.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4864 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.211.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.136.241.8.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.141.123.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.162.46.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\C7IPBQYV\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral18
Detonation Overview
Submitted
2023-07-10 13:24
Reported
2023-07-10 13:27
Platform
win7-20230703-en
Max time kernel
148s
Max time network
137s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b560baeb882dc64aae4acff703adb14e00000000020000000000106600000001000020000000cf6ad45554be24a68acedefb1af0e44e55d7ed91679752526e2fc2195b85016e000000000e800000000200002000000026b847692a742eaf5d4421dc1e3a388399d51ae6127cbe4b94e50ce8c4399d0690000000c1716178881dd1c17c2926aef27f3899c71a3eea1abbc19c6ecc5ce391c0c025e22df63b86a76a8d608a8fe40e4998536a78135f1c3c96a0b214d20fcc9f38f19f6f75b516c2f8e815eaef46b7ee711509f87575650c8bdfd7ad33d9c2cfe444b520b8d785a51b609347aa8937c6ca5723545fa20e00694fe97867f063df392edc9f7bac82a936657c529b37da22099a400000004131630676adbc967ff736c03f72a478032f5938cbeab9fa97011f360654f19848f939dafa39602db48881731cc0e4b4dc3972c3ee02f7fdc63bf14088b7f4ec | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1CDE5D51-1F25-11EE-9A14-7EF4D2542886} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395760450" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b560baeb882dc64aae4acff703adb14e0000000002000000000010660000000100002000000091c657b9157eecc69b6b1304f85d07bdde73e459ca0d89d6f78966c0ad7cf000000000000e8000000002000020000000dddd98cb313d6975c0e9430554b5e0d5a8715ff4e6a2830f3374e01149af01f120000000378e0d1cf932b944aa10b3fee07d30b1295712113dbc73eea67c6fd76d5db3e0400000008d49280dd92afa2c4a417414e4d12922827fe4fb6fd9ece64a6512de8760e8aa6cca10dc98ceead9a1d8db258e5c564c51d3bfcc4252c51447164747148b6477 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4027c2f231b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2952 wrote to memory of 280 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2952 wrote to memory of 280 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2952 wrote to memory of 280 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2952 wrote to memory of 280 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\policy.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2952 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5A15.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\Local\Temp\Tar5AD4.tmp
| MD5 | 4ff65ad929cd9a367680e0e5b1c08166 |
| SHA1 | c0af0d4396bd1f15c45f39d3b849ba444233b3a2 |
| SHA256 | c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6 |
| SHA512 | f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff0177ef1e9478eae50e71d56c1a5746 |
| SHA1 | d122b5b9e61bebb706cc08becb0f5377a273d250 |
| SHA256 | 1dc96edeafab834e7f66536c25b86615904ffe051e964517f5acc680b5f0ffef |
| SHA512 | aa6a92ec6c8d9eaed9bf10ba0737b96aec293e7005411b318d6627d7e0b8c25f3daffc5905caa6dfb5e85b0e1fa97f1e647cc2a6a03b27a8eab7286002a61905 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 286e1170eb49f911502144b66454ba06 |
| SHA1 | b2586bbbfe83f743b4caa202835f0c5cfaf0417f |
| SHA256 | 620b4d026851b832b3933b9557317f7d3d236dbea92af3a7bb6f2cdb9012b536 |
| SHA512 | d930997c365808f4b1983a7c1f1d1b1caae07fba027d80ff7a169c9107bf540c4ea42f9a34fd6b30bf45e4262271e722503ab76a103d567bc3f696fcd9e7981c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27b1efda377576cd6c10d74a888ec290 |
| SHA1 | 7b2cf71961245822aaf7d0856158fbbca891fd4d |
| SHA256 | f27678d088645e60888b3da4cb5a58c915567693026f2f80f3843d22c3bf067a |
| SHA512 | 04571a462697e3cbeae42f8df58aa469edb8ec7c2d3341216a354622797ccfb5fbe5c17d532cdddb9ce023cc8e1af169b057e8ab0b2ab8b7afc8c2d48cd439d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f95a91f904b35e9165c592ab1f0d735c |
| SHA1 | d0d1705ff2fe620713d925192a25b6620acb38dc |
| SHA256 | 9a829ebb5159d132dd63797247de4be99db2474244646e5600e4a34bfc911cee |
| SHA512 | d388e5e5146cc029f3855e814833ee912b8cb8d5e2fa4b558ace935cb8e2b214e41d1ac87e6d6bda10ab69fe679f3dceb319da127a0e9fd366a3ea79429c2602 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51c5b2b390404d611e6790a4ee938743 |
| SHA1 | b6282b98fa98c064c8007126c09c2ceb0ab8a9b2 |
| SHA256 | 488209bbba9c657b08d11e1d06807f2aa8de09e5eb0a9e2c018044fddb2a734c |
| SHA512 | 5c7dde271eeec16d0a60493226d0ddd0a3cf994eac117ccb58fb274f26e317454c2dc9e535c8c67aea6048254c53c8d025340143e56e2636de4df195cabe50ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 894b92441b692f2fb07efaf8ab1666f5 |
| SHA1 | 438105f3aebd6740d1acfa7cda18ba2eefc6cf2e |
| SHA256 | 2d81a6f0abaf73f8ce4e98adceadbc4de59a8b38fb36b510efb905d2e2761bf3 |
| SHA512 | 0794222335632bb2a77ad8c026ccb20bbedd2c8d7571f4767bc28e3d6436dbd02bba8eb5a1312d1ee6eff882b976f797ef29e7c9e85d938a1c53d504a22b9a19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 924f2212c494f77fa268a0d06996c8cd |
| SHA1 | 29431e0c380e174a97a16afe296af6475a78e4fa |
| SHA256 | 574c2f53dddac340fbd8fa6ab885454a62d25192e8cf68f8aead5a49c39ac0c6 |
| SHA512 | 447fa7efd5cedd1e514fb324dd6f43af0af86c4e2fe657257f5ce696ddf52f099d8ec761248e9f27a6ecd7f9b697324e5f2f5587c2a9553801a9a4f28dbfe0a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c007bfb512515e27796fbc724ebc13d |
| SHA1 | 6b77fcf87e4ca11fee4414e702ef96548ae4d7cf |
| SHA256 | c3c8abec0aa040d2623447fac20ad051fb7d8647a6c24be6b3030a5552601f4f |
| SHA512 | 6d61afa86dbee3a13db1f2626e5c56443c1701d2ec4a4efb24976e8a9133a92dc4bad8f1b29f1bcb1b4a684490f2448cc48b958aea9e7a4adc0cea32771fb304 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 812268112ef1cb7974026c02b6a6a1cc |
| SHA1 | e02452d294999a01075cafe1429a78f105c76508 |
| SHA256 | 13b8260813719ecd544429bf0aeb42c4a4c6bd4aeefa88900b13d02eca8f6ef7 |
| SHA512 | fd00098baf1c34c91c312647367cc33b78f587148d641be1c23c0dce8045fed568758cb0ecf878023ffddde004ae1a036f4d1fd74d79d17a9a79712e21c6ac47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bddcd88fc7ec2851330a495c9652ae7f |
| SHA1 | e81402881e8eedb9d88d132ea8554025c4c25c64 |
| SHA256 | 11009a31cf2970ba15672ba37d4f3524a76654738bffc28665e485e0eb816b74 |
| SHA512 | c839b8d34cfbc312dc98835d7053642c20177e3502d22d9937e2164e0916ae37bc2a28999cf99019384b33d3405484dbfa1795c94b4cc9f9624151faf47d5630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26b8bda3286a3f70c78cd05ec5cd4c9e |
| SHA1 | 7871c556d36a87de98eb55d37273740bb3116060 |
| SHA256 | ffba4ba59db84ec8b1fbe47bf4aeb712efc4d52a2d4cf0d8d4e9cae6c01991c6 |
| SHA512 | 2acb8beb1fbd730ad4fd61702d33bd7006cb3edb245b5efe8aaaf1a958c4ab7dc1b179dd6d2d6a1bffa5e812ef83bde3822b83e25013fe7655106ffe75b8f5b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52262f5d4871df605864bec43b6f5a1d |
| SHA1 | b7e4b91eb095aa2a9e4c6eda351556da4ee74f06 |
| SHA256 | f4aff1e45a068c9f3b5f9cb23bbedb814faac0b3834459ec4968e874b07360fe |
| SHA512 | 72895a08b771c72da488f75d305a33e521ebd93378e317c66b325605ca1c35696952188d7a6dcd9882deafff3aaf951947597cc1f0626da8e88068b27f6dfde0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0799cb5555b9e58c1056c0c08e734d35 |
| SHA1 | bb5e948d147a53b59011d2726be73ba9bd79c5ec |
| SHA256 | 06d1ec5e983f5389381314351b726a553b67267bc94b22df2a07bd7681d64bc5 |
| SHA512 | af290ca89d3bc6f141d215ae47101f4c22c052d9a43287782b5dfd50ba6e103976a5f8437dd915d5b8d09e88ff13eff9e2e106cc30a604ef568fa3391f3f3710 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a4986e5c753ec21b7ebcb43ac1f6f13 |
| SHA1 | 29c05c9abe02206095f11aad8a6bf6a1f6caa703 |
| SHA256 | c708e74a51624c3e658942a7fb4f3d0c77795c6eb52fac0841da5667277c0c1e |
| SHA512 | ee09477ef53625cb02e28d43bb4d4546a678f5ba36dd7774bbef2c4e1bffc3ee716635e43512c3c7ca399988a36dc8d8c14f226fbb8090abebf89092fa3161ff |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\31B1YLT5.txt
| MD5 | fd99c5ce31d8e25f03056a0be2a8e93c |
| SHA1 | ceb6a5f8466ad624474aa8cc3c7e23d06a0cb14e |
| SHA256 | c72ca5c3ee515043914f0ac3f9a10451945f923613861bab6313f7a44162c5d1 |
| SHA512 | fd4bd5a5ba34704b015ea5fc1110aed0465d6b472b7d1d64744d6419988b1b1380a0dd7d35a897348ff2532db022d0da0c1c6c0116ea7c786bb4e5be07f11f9f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XZEULFN0\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral19
Detonation Overview
Submitted
2023-07-10 13:24
Reported
2023-07-10 13:27
Platform
win10v2004-20230703-en
Max time kernel
128s
Max time network
142s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1DAF3688-1F25-11EE-A95E-46EA114D2111} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044401" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31044401" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395760452" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4061721076" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b08c2cf431b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000052a69338ef97e94eb4d938c2816c6e0d00000000020000000000106600000001000020000000c165abdd39073848ac2389d4aee25ddaa859968ae76f9fe74341e2c6d9db6e35000000000e80000000020000200000009cab8c8b23b832dbad35272bcaf41e9fb3e12829c29f1c2c75fb5d752475a894200000002583f6c6cf0e2dc9da19a7995733835b0846edb61f70c69e194c7472bc5d1eff40000000a8f08c91761b20f63191fca7a97f311e06acd63fe2db41a452a7dade00811201d27042ab8e9e6d2ba11ab632b7cffa374baa6467bd0386ec096198c91a5bfa34 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044401" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 809f3ff431b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4061721076" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4072186939" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000052a69338ef97e94eb4d938c2816c6e0d0000000002000000000010660000000100002000000089303162242063f7da6e36caeee7b0513faabed20a40bf52e6e18e3a68670865000000000e800000000200002000000015923994cd4f9cd12ac017051b58e776202740c6ec09c930154a238abe6eaef320000000978b2217fd2e343410c0f36a83cc698c1034520fffb50bbb554c6fa7ff4804ea40000000f471a04656fd0183af6a27bdac3fc880c8f5c7eab505f1f6ff4ab091fdbc7618890b389fc4245dad9cb25c1c83247ac91ca0e4f07cf4fd1edd445753282ce166 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 5088 wrote to memory of 3892 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 5088 wrote to memory of 3892 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 5088 wrote to memory of 3892 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\policy.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5088 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.211.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.141.123.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.136.241.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1Y0EG8YX\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral20
Detonation Overview
Submitted
2023-07-10 13:24
Reported
2023-07-10 13:27
Platform
win7-20230703-en
Max time kernel
101s
Max time network
132s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1C3A5521-1F25-11EE-AB44-72C39AAF56E6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395760449" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006c29dc726ce5b94c89351546d5dd24d40000000002000000000010660000000100002000000090a1363520171ce729b11d73bf17ae278887e5ac6cca5af24b9e108aae1b6837000000000e8000000002000020000000ee35220365bca1007ce1a7b964d17868708f0b0df3bb5d512f0c38f7d7655453200000001d4eaa6eabb87060c659b30f0f07c0b40493c1c1fa10dc7fcbc48895f394777e400000001c4ca2135ea1fcf118ef8bf70a5c786a388f25007b5693eba9efec9ffa5dd726a53e46b4566969f481a7ec40c3159a22da59c2c59d5b17e21d4249914121ae53 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80b239f131b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006c29dc726ce5b94c89351546d5dd24d4000000000200000000001066000000010000200000001ffeefc82e382543432d660236d91e133f5666c6bce60b84e95dcb580bc2baee000000000e80000000020000200000008ebd9f4aab7049c2df6e2e9076fc6a57415c8a4f5aaa1129b34cb3b6fbfb44009000000073162b2862ddf7786167b58addd2a68315615dc53374880b69530f3086ab882df2fd0548d04764adeaa30b064191185acf6f9c2004b5cb3028430c8199180ba278462c86ae30034507ae6e89f5c05a7b39a9ba13f3b442dd0e4a567bf38e8a5999c9a1f53f2fca56d004ad83d33707d64ac85bec67ae7079a4feb7163c4fe3ce67816fe6a71e8448f0359f86f32c8268400000006d08351e0714b00220acbbf2c04e1bf313953a330e7c0276ed970cde460443134c3107052443202a1d7061545fa707724d61667f4b6f16d501a3efd4077f2d9f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2813141852-3076131560-4232376420-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3024 wrote to memory of 2360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3024 wrote to memory of 2360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3024 wrote to memory of 2360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3024 wrote to memory of 2360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\vpnservice.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabA5F3.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\Local\Temp\TarA73E.tmp
| MD5 | 4ff65ad929cd9a367680e0e5b1c08166 |
| SHA1 | c0af0d4396bd1f15c45f39d3b849ba444233b3a2 |
| SHA256 | c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6 |
| SHA512 | f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bafaba2d9b7d03b8c72f9ee782b263ef |
| SHA1 | f29a7980fb30d34c307eacff5bd916542c14bbb6 |
| SHA256 | 7d3def3ee6a5aa07fa2ce4963592a782f57a5ec7802fd84c4e94478b251d375a |
| SHA512 | 6a6f9bbee91179424d5cea1cbe87e809cb1c3303be1daca4a54af474fb2556fc95a90afa8b3e62f8177b6db6e0a7750d5c1a2c86ad14d83bb2ea29ab7f388d27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a226419bd18df0d2e62c393db57dedcf |
| SHA1 | b1487a156f551eb14e0916e354e8b67a35315896 |
| SHA256 | 7332887fa09f762dd3fcd73cb2dc23ec52a0e11909d7130f1bfee9d9d01553b4 |
| SHA512 | 63afd9229ffcf292b3563d76313cedae1a587942b0fbc5726a2f89e760ea4b71e075400e74adbad6367fc0d8deb7cbd16c13a6c3653bdad0f0a153d7a40a3d75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a29c29262ded76ebd5a0deefd23ded3 |
| SHA1 | c96462f0e6da51c1326cf1805afba39155c18bd4 |
| SHA256 | a459c428e334a51693395a0a4f6d8b8efc629df73767b3ecdbb847b2890fe556 |
| SHA512 | 4f72c2466e99de38831026a99f1fe403a04ce344ccbeeea595fd65ab6317afd010dc09287fdddb4eb42d2d368ebfbf1f79218f7136985f04b7645064b029ea83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d955f7a4479d67fcc07928e091d6ccd |
| SHA1 | 246424b05af2037836c79746a171abf5c9659778 |
| SHA256 | e38b1bf0e986b396c41ad44525df21d95af745bf8a00375dd54993a5315da91b |
| SHA512 | 554758f1656a6fd79c723df484393e510dd2683bd9a4016a0f45cd2ed5357579b5187250027d5558ba10d7ee481106e0f65decc2996641f12605f88814a02b51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0beefb5dbfff8fcc8867a75963fe4a06 |
| SHA1 | 59af2360650cbf0f99915912db770b6d400e9b53 |
| SHA256 | 7df05e93062258459d68d42edf1a607050c849f473c95ffeb8623364f03a3607 |
| SHA512 | 42aeff017f09c60002eecbd6370de28fc14701840bf2dc6171eb54a7a85a0ce810b1ef4d79feddb61f52fa9c7129c6cb753509ffe35dbacce6428da744d4ec69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 659b78fa9cc490af64b5fe14b6fbb433 |
| SHA1 | c13bdcccbdf187e0d44da1f62d50b1ae4cb4380b |
| SHA256 | e9998f17214e0fc57e3d9be9de1e2c668c52f408dc24259ccb52ae0462cb832b |
| SHA512 | d95e5588cac2a07f86d8e5fc0f0a75b9031fc7837638e664cc181f7fcaeea2b58275777a6c395429fbc52358298f3e4a2a6fcd3df3e5d489b545f5b9623af44c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0dae81759c0b6fb9802f5a8b96ae0256 |
| SHA1 | 4ddd3d11ce2d1694b0d941a88406ea1bf5cd4104 |
| SHA256 | ee71bebca0d692b09a8834c1c3e448348b53a243536aaef92568ae7d8f744182 |
| SHA512 | d3ccf20ed318eb80341f051ca64d463b7dec1072d9a567c74a4f809a0c2a068afb24d28c7c47e4e189ac16be78d08894ba3bbf665df6511011c0898b02623ccf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 174ac9470768a85b044e1a00b1cb68ef |
| SHA1 | 5afd7809e672e009425c465cfc8563e1e0c0dae2 |
| SHA256 | 1f8f8319378cc0af153efa7628cfa67491dbba6912a840c7d6473987369120ef |
| SHA512 | 8869d5474a04b8cb5c2d373da0504d367b1ab6c0c0762d25ddadb5d4231f0e161544e7fa911764ed49786859baffd31cbf4c2dd911045aa389ee4655e5749cb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2466563e32494fbf441d7357ec2773a |
| SHA1 | ba003464724a62a232f247cd49fae2ac5e06f90c |
| SHA256 | c670fe6af1fc46d1b26d6b4b5b1b4a8712b53ecdf62a460c211e6dcc9ff0704b |
| SHA512 | e113ebdc0dca5484fcfc4361787a57fd76b1e1aaa37ad86e8db02c736bcd9813b630ac78dc3ea0a99734e8623af7418b0c298de3331f3eaddc02f98b0524634e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6943d19921a21704e7fa70a927ae3a1c |
| SHA1 | 795af73af41d075c2891fa147203f0380266eac6 |
| SHA256 | ca2e2a0837f14718617bba3d42969305193630e48b1a3cf1170ad4a73770997b |
| SHA512 | bf99f8dc2a146865fa25fc99e585862f9b1c0a9e7a96f855cc7c033ad06bd0d2124a8b473f5d884879f0bcf4048b530b4732f5a9cbc08348f567bf98f4cb1878 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c11f68912ac5c48fffd57737992ce5b7 |
| SHA1 | 6ff390ed5197d04d33d71371d463e6bcedbbbbfb |
| SHA256 | a90042f9a2180fe3d822c8d3ee517c29ab83840fbd0d9eca4d449eeb966ffa64 |
| SHA512 | 1e58005d3daf8019fca866d06a6f37b606422e0a5577289d5988ce4ef2e667594ff6a7c652794bf08cf51486a2fbb232a5969dfdfd508b49d5c474b8295fea2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56e898805a82a21ab138980fff974a48 |
| SHA1 | c3e06f4ae7ea7c00e22fe2268183699b60071d84 |
| SHA256 | ea594952f709c565580deec8bedafa95aa0dae88636fa1f68a9eee4ceaaefdab |
| SHA512 | 8a23de0aa714dff9fdd5764e510cc3f6ed5a1a3a89850232a4620bb9e0a2c17dd7eb2fbb462642b0cafab8f00de3b8d2a1361b76a7920796585473628193e25f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2dbc69ed73a42862e7bd9e3f5fa87acd |
| SHA1 | 2548c03e06fac011caa19000b8a856de34d6227a |
| SHA256 | 9ff6f21d867d7caef052fb590cd7664720d543a7bc30234be26c8e7cee75a2a6 |
| SHA512 | 677cc7da34a89384c9be93ba949194372cec1b9805923e170d870ddafe829a3ee64272bfcf12fdfe01bebdcd59d35257685ea84132c63b8348100d6b999cca6b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\46JE6QCO.txt
| MD5 | 6fccbce5cdb77b1cf45dd19c6a7cab5f |
| SHA1 | 94d43e4300904bf402de78eb6664c39a848c5dbf |
| SHA256 | c1ad749cf9ce43545ee82dbbc7f306b0b7977d24c93112c828f99592d50a067e |
| SHA512 | c51c538b2cbc5f88cc1fb8a5deaa0c76d30a3a8df047d55476613f3a5b202bdc3034a6e7a323b255d29effb82c0ccae02febcf3e3c4a928e75a0f6bf95d5b460 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODRCOPYD\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral5
Detonation Overview
Submitted
2023-07-10 13:24
Reported
2023-07-10 13:27
Platform
win7-20230703-en
Max time kernel
100s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395760451" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ab35dbc53fd45498f88cda789e11c50000000000200000000001066000000010000200000003f17430ccc6ba9c066397ff6215448d5e78ae7ae694124b1bfab062479a28414000000000e80000000020000200000002f5a6ce6911e3e9e331af4579eeb75c5c1a9a49f101e294e6b027a19e0fe2bbf20000000363e50f03f2175b3c6310ccac5d88f6c6c277e71557b80a7a7f256a6314ebffb40000000249d77847dcfa18892e255fca761fb80a7d8adec44a165a8b433286aed9945f19a20e74a6aab8c7d228f0a4ab5b3f5e07af68631176616836b0e0ce6045d11ca | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1DA5CC01-1F25-11EE-AA87-6EF46A3BE504} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0c2f1f231b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ab35dbc53fd45498f88cda789e11c5000000000020000000000106600000001000020000000132a9e96805f7cdf1025547aa098c207e9299710157238556bb9e1fe2d0f7b17000000000e800000000200002000000057043915cd082a61844f29932320455a549515ca36d015f9d6dda8e8964bfd7c900000005ba489d4110e2988a360574231a75336d4a66f80f03d4ab2abed44be35d6264533d8ea48a8d49e17c0148ce3646aea796d9548272ee4b33f57b930d74e6a0c438114104906d8198d1bebd7b956b2276f19bf4fc038c92390d6c27b3ba98049a7d57906aac52516dbae603bd3924401a295a8e9dbaf86a785b40b4083f908d0cf4c7d8ac32f5faf548bd657216e1fd1cf40000000c2e31febac9dd89e2dcf59d8ee84a04870a6f5f98ad187242c69d531debe097be5de24d082ec6431fb84b1ed8b57f4f470214a7d1371ce1dc3869ca3765292ad | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3004 wrote to memory of 2804 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3004 wrote to memory of 2804 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3004 wrote to memory of 2804 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3004 wrote to memory of 2804 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\myps_policy.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3004 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab8049.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\Local\Temp\Tar8138.tmp
| MD5 | 4ff65ad929cd9a367680e0e5b1c08166 |
| SHA1 | c0af0d4396bd1f15c45f39d3b849ba444233b3a2 |
| SHA256 | c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6 |
| SHA512 | f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f022280ff9321d7a0d90246976e4977a |
| SHA1 | 8d81fbd3cf893dda8ff46851ae81776d887a702c |
| SHA256 | ae26c4fd93efde5dc2dbdba087e4b984c44be1c1c0ba87114aa986d64cbc09b5 |
| SHA512 | 028c38a6566af0a0d1f2106f296f3414da23a1810b8f8ba331ce58def8e10d2eac32316d882dca3c5f7bfa6565c2929d7aac08ea4816a782d6a1dff3b9fb015e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a983062dffd1a2a822096295730b8d70 |
| SHA1 | 31856f43300f9d1d3418321c0fd2b90e43f1d11d |
| SHA256 | 8bda4f1d30aaa79f48e4951bd53a9f5adde34a8ec75207097f46af549a6b0954 |
| SHA512 | 6f483389cc75b1a3e4e52f38db141fb56e9dfcf2a8362c4045728a544393fb7ff2633eb2b08e6db6d6fc2aa57bcebf9852af2efa41e79c9969d8ce878df48efa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2c824092aaf0a99869843a5e36bc0ac |
| SHA1 | 43a477aa3f7b8faf7dbaf02845f10520eafe45fc |
| SHA256 | 6ee434d29035baae7fd11fd475a4a6c4f1e389ac240c713a8f0d6fc574a99d52 |
| SHA512 | 49a02f2f38ac000e73a6bd5483f3a565cab234c541e6a152533541e6376c6d5c810b0534102311237e5e7d97006687d3622866e330ede75f05813aa6e5645821 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ee7d786d01578481c03cce04cbedf94 |
| SHA1 | 0fed7633f5facfff56d91d289ed85567dc51ccf1 |
| SHA256 | 9da322290bac06618fef3c2241b46cc0afaa9aecae0f8fd4acde586c361f1dc0 |
| SHA512 | 3a7eba393f57b514c3d6df5eda2cb60d14d5b7e09ed65bd939bdb147ac275a4ac649b72421ec1173fe28e0119f2afdf48109c5233b6f95cd62703a2fe7d24d70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cae868af31795a88ff7ae8cb74b0870b |
| SHA1 | 02365d408e0ed8a06f6d94638a75d5867c39dfc3 |
| SHA256 | 03d72121d08e57cf263d70817ed39ba76236f42274f510ee05b6716aa8138e5e |
| SHA512 | 3a52acdab8df23cf0a27fcc5bcb35cd5707ecd001937a3f8caec5199aa4497ff1cdf708973c9a87dbfb9dc3ee2102a73821146ee7e005a25f45ae31e643cf802 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df4e886473e2e2c7d39bb9efe2a138b9 |
| SHA1 | afcbfc5cc32115d4d8a32b60d4f0455ac8fd77fe |
| SHA256 | b8c31137515f44eafa5712de5fa93b812de20eed3a0800606f395fb28c23e82f |
| SHA512 | 4d10d508e41aacdf40472f74531ff39ba917682780365a6cf2c100ff261a5f114ad1f42baeb99dc47dcc03b9e92bc949ffb4b909d38043ca03d2cbe50808fb60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b0e83d8f9e88f09ecd8b83373e33026 |
| SHA1 | c72301b8cc8f626894e05ecdfdc5708b26cd9522 |
| SHA256 | 74a86af72df8f5aec96b5d731a1881fe94c62457a7c7f38935e634a0e0d17f9c |
| SHA512 | 5df37ff4ac5e3e3d4126f9f777332a633b5e6bb2c578a91692ec53179420fbc5b77167ff7524b73d63524210699eaead13cf5ae31654a6d9143d6e21f6939c6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91b52da48bb6dcfb9e35ea1f581af11a |
| SHA1 | 056992d9eb959af6ff7859e479ea145d7d3da7b1 |
| SHA256 | 30c0410378f73c1d0a16d6b2b7e624006871b1ee9cca27dd7f87af6147344064 |
| SHA512 | e67a156355e19ad36623a7b09ee97a4bc5b6c6c7d93f383bd476a1e35c6711c2e83907a6287cd7c9964ed1b61686366bd54c8c5f77a21409e8fd9f4cbe146921 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92d32f4d8338b5c0c1f2718169da2450 |
| SHA1 | a515553da1cf2caf083e896c042b0409c21cbf7b |
| SHA256 | 1e5e25f502bee764672a33aaf60300b0fd73b990183571f4a74a8011e5e58524 |
| SHA512 | 4c10b33a80df617bce3300544ed769da92e4377872e854ae6d8c9beef1d4d90c5b6ccb817178754fe1212ef5495fd16a60aab48b4380a743152e5cd50623d694 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7F3UZ18S.txt
| MD5 | adcd27b1d678c0dc864a1105a957cf8d |
| SHA1 | 32562ebddca0236bcc3a0fba50ec56dcc74548dd |
| SHA256 | 4e02756eca967e074038d35f343dad8677a1f31dfe8eb0940285ef0c15ec2cba |
| SHA512 | f84478570eb41682e9051b91ee848b9b50dbd206064a1e4c110ffae20fc46855a379cfe6e4355d50ca3be2c4d35875a31986b4a09ef98bcae2aee7924bf8e34b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JHFV4GXP\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral7
Detonation Overview
Submitted
2023-07-10 13:24
Reported
2023-07-10 13:24
Platform
android-x86-arm-20230621-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| NL | 216.58.214.2:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| DE | 172.217.23.206:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2023-07-10 13:24
Reported
2023-07-10 13:27
Platform
win10v2004-20230703-en
Max time kernel
140s
Max time network
151s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31044401" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044401" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4055835772" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4055835772" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044401" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395760451" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b4885326af1dd94bb4dd17ee58687030000000000200000000001066000000010000200000004b65322f90cfc0222f4b584e678cfcd48a9d6669e21cfd3d900f742279ca3642000000000e8000000002000020000000da2a132e4cc9f00c95a345ebff6f731a5b8dfa9d12eeb1e681af5088ca0ef22c200000009526ac73c1a448db885b12c1ace14402f7dd35467456907419ac2dfc8e2d5713400000008fe0a5b51aaac27e742c0701b08fd6e52d8d99cbb0127eb911293f2dac593edb836d0f876c60406cc55bbbb3ff15161456c69728f424f1fcf754cffd75248bfe | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4069429623" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0d218f331b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0b924f331b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1D343AA4-1F25-11EE-84C0-FA18DFD6C72F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b4885326af1dd94bb4dd17ee586870300000000002000000000010660000000100002000000072ee488a32465b85acbf1eaa31bd95ac7f642968bd9804f73b6b60192c8cf0a2000000000e80000000020000200000002e36cadd29b20355d886fb9cd5cac3c359d286c38bb97ec3613a68c6197652ef200000002ed3205863f87d2f75148b6342701ae7eb8843526f1eb6ca1b0a7cd3e9722a1e40000000c54ac4d81c30c9057b8ae93b326fed727aa79944d86ef33902dd2be5034f9de1ee605f6073c918ad063d04ffa5518af21b9248e14bc8fcf8a4f50262dd3f300f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1156 wrote to memory of 3884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1156 wrote to memory of 3884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1156 wrote to memory of 3884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\vpnservice.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1156 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.141.123.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HW3GGUK8\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral14
Detonation Overview
Submitted
2023-07-10 13:24
Reported
2023-07-10 13:27
Platform
win7-20230703-en
Max time kernel
147s
Max time network
135s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1C34FDF1-1F25-11EE-BB29-CAC1EC3252FE} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e9b4fd3e4f8f414fae099af533ea5f40000000000200000000001066000000010000200000007331f5c28a3f6adc18818aced1db378b95b1bf2ccd95cea3c0d08e198e295851000000000e8000000002000020000000a05b6a85a53b04d01ad5f346cdf16ee71cad5f2ef43f0e0cd20c9a766446003c20000000480dc487aa4e2088e2e7667eb788ba7cf8d066fb59fea646c84fe3c2441852494000000056323145e9152fad2527c781ff68b83eef225a205b441ef4c3ec39a8bde68dcd630804e01ac0f17a94fd155a827e3c5c1dc7f3a4c75530084db9ad65177603df | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0192ef131b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395760448" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e9b4fd3e4f8f414fae099af533ea5f40000000000200000000001066000000010000200000003aebea1339c7a9e5e8c09db6d824a5ba5b7d7e1a4d065181da2da3e22c028310000000000e8000000002000020000000e4341e2167fbbd41352b41138710788ac3227449e76a5d6d8aff4342bddf1598900000006363cd00036176c6579c6cbd7a00be23f1dd9aa5732bcbf15043600896dc68e8771f9c880eca69a08d0e7f132bf94190ce771aa2ede3cabac71beb68a2d05a94bd8cd2fd0041f59d83f5c79c311ed9205855aca042a0ce2af2a848eaeef1a74e79eab15e7ae31483761655094e2580f42498c4e8094bc0a6ec8810a86c72d246b4ab97a2a0e1807e7f264087807b591040000000395f15e6e8ec4d79c022fc192ea18cdab87e1a1d4d37c0d99ee8413b3807f9e36d903afe6295cb9cd49f07ddf7a620cf4a11f23b6cef9f1bb095b602ff1276d0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-719110999-4061093145-1944564496-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 276 wrote to memory of 2396 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 276 wrote to memory of 2396 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 276 wrote to memory of 2396 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 276 wrote to memory of 2396 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\policy.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:276 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab57F3.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\Local\Temp\Tar5895.tmp
| MD5 | 4ff65ad929cd9a367680e0e5b1c08166 |
| SHA1 | c0af0d4396bd1f15c45f39d3b849ba444233b3a2 |
| SHA256 | c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6 |
| SHA512 | f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bf83d4fc964abf2d4f137dc6b70450e |
| SHA1 | 65202d2f7580507014e8f28c985137f925713c02 |
| SHA256 | 9d54cf94331fd0e478863b346b8d9dba120245a6fffa2ea2673185a670cc33b0 |
| SHA512 | 42258f4dd05e43c753920a59940429d5574eac903afbe1c2f0afadcf6f01287934c5cc7643db17eabab67c3f4727f7a019b98d5282bd2ca2cae469436ad19eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec98e006059749a525d97a3e7c28d387 |
| SHA1 | 528a85408394b4ad80b3d18a87f2f122da0c9a39 |
| SHA256 | 6fc6c4655348235d5df196bb93b1790f15344f5211b04921cb141a264c4cf1c4 |
| SHA512 | f37b3a5f6e0333b73f89f30b9d202798e2d8056b2230c4bf060fa1610ebf06236901e4d80437c3692c511c3c5aa05c8e230b33acdc6d051f2b85296b53b93de6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0415b80260f3df4c9ba00e1ef65c55a8 |
| SHA1 | c3a629402ecf47feddb0b2c259e22d4f178172e1 |
| SHA256 | 0c1641676454fe7ce146134a298afb8d9717c13928fc47421d867765bd474c03 |
| SHA512 | 2486a30cb5e592a0a1e9e812f84eae0735671fbcf055da2ca7c6bd4ea35063539c3126d726b30a2494d274b8288d66c2eab9807feba957729ed585a6998c4480 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9ca6696f1604efd998e62b99fb87abe |
| SHA1 | 315e4b6f544cd99f89ef4efc403a228ea16e06a8 |
| SHA256 | 16ae28a8d1613341165aa333c1ea1212adbd1301d769662b021922ebee2cfe51 |
| SHA512 | 653b221497429f9563d72642525f76e971bd84f25fa045d7aa7e5fbe8d81e50f60742048dedffe671cd47d9a77a722446d35a1e7215567303e53e5eb0d1b5f39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44460e835dbbb67f86d58a316fea671f |
| SHA1 | 0d5769abcd129becc4930412c94b649cd7f6d777 |
| SHA256 | a2ede3434ecb96af65e22485a2411d6bf338291eb8a5051314267cb373f8c158 |
| SHA512 | 5ee7768aad0635f2388d8bc1d930af82bf2df1858b293020e76cbd9561741ecb4fd6dec9519c4b80318a4730a765415e7459edb750d5e3e0332910743c3c5483 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 555b26ccd4a5d9a982974253e678df64 |
| SHA1 | 5e7b4d0de9124e22095d7fc4c0058166931d44dc |
| SHA256 | 9afeef5904ed8073c72356a161d1f46b1ba4ff3f7e48baa273f5471d31fa20fa |
| SHA512 | 47ac6fb9ffbff976eb5ff0e35c8479a536165bfd5b8a783c33cc241cdf1e32c82976280b00b4760d68698ba62f88aa9f5e7f18c91e5d2f5ac5af4054c75b6667 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7930cdc5e110f97c054776b77693d39a |
| SHA1 | 3bee3644711ec265f7169a28f07a254c9119df7b |
| SHA256 | 4e75cd23aee855f07332351841d033a91979a7cb4b69ac3488103d001b995a03 |
| SHA512 | 8702a332158ff793ce75628268a27bc5c8ef31b736fcd742fececd1767235d86898d3cd201eeedafd3169cc39cb47be05137dc46b38708165b43c34f7df8b704 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 826f6e025097aaf9b4b983a510ccbee5 |
| SHA1 | b1bc6864aff2d73b80b04bb366ac7b13d04a4aab |
| SHA256 | 57c6f71776c79290c8055c4f0e1d33abd06223dc5b7a51d433fca647b7b6540e |
| SHA512 | 1716b4ced21cfa88c92cad6a76913e172176e1d315ce56906bec68a52785632fbac1ad3a9946ae9d64d3b14a7daa472bf7e93c177cc2384a947b816499ecae74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9dbc22f54f5d38cdb4fa3e14dc957cb3 |
| SHA1 | 2d33e649060f28715edaf0b79e27306782d4351e |
| SHA256 | 2c4432fd9b700c02f6fb469457b659fbf829441f7bf48250ff78ea4ca67634ac |
| SHA512 | 88a541ddf17d1942a50d83000ef7cfc1c2789902716cc354114ecd8da691f84ec0f382563cd27881bae1294dc3dc6d314ded37acb0f5ab5d8e449345eadb5b87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa7973e8e4e9a9a06117c4129c6c3690 |
| SHA1 | 61ad90bfde684ea8a3e140b74e3221b05b31a357 |
| SHA256 | 4a3f530804d3be91e3ba77ef99b3b3b372bf4515ff78e81cb448d58ec2863c61 |
| SHA512 | fa1def6871aa7cf10bbd63abcb0e3c9800af2a41a45fb2e9e5eef1693a212f70ec3c16617f5ac5b705a60303401c8c3aca587ced3802bd9d2cda67256983dea4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\C3J95HXU.txt
| MD5 | dd2a9e7395160537f1ce2c01e865c6b6 |
| SHA1 | 4f120f7eaa401abce55b23903fcd62b58cd0e5c3 |
| SHA256 | 01fc5223d737512d21c4dbe252d68c4b981bb585e2e5f25324067f34c459ea84 |
| SHA512 | e80713bfea78a7415988d580909fb4a86ba651cdc0121b6bea669e806bc2218881629c9594cab1c1b642d011ef24e635eae53240c6c5bd728cc33f2866a9835d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CM3TD3CI\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral15
Detonation Overview
Submitted
2023-07-10 13:24
Reported
2023-07-10 13:27
Platform
win10v2004-20230703-en
Max time kernel
126s
Max time network
158s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4085174313" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4103613473" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a07bbe79b265d14db3b0aa02a388214700000000020000000000106600000001000020000000ab79948160866f65357ae71a4dfcc78328ef9ed15f9429cb2f42025df253065c000000000e80000000020000200000000c5d18589cdbb49c611c34388b092313e3026bacf4a320662133feee49100ea3200000006429eb28c62129b6d57ad38d3134743bd3a818de2837d8469ec8b91a4998be1f40000000b515af9ab00b4263d5dc42a94e351bfca26597e01e087a9b4813841c17c144d0497af96d8610bff3b35bdbc0e84841093b99738fbcbf3de0ac8a3c20f46505a4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 607786f531b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1EFD6D3B-1F25-11EE-A61E-5258CC6B9027} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31044401" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 906473f531b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a07bbe79b265d14db3b0aa02a38821470000000002000000000010660000000100002000000069c42cc347270f3e55610ccea0164be66abba39c3c990db6381cb2a8fd82e0fe000000000e8000000002000020000000e122e70b37985853af7ef7129f485a761dbee5d6961a7cea8c100fd6d2eed1602000000061b90b7f46714e89e955d7fbadda326eb10a48d1ad4d30d57cded180b999d36740000000144fb31eaeb535b229d9274a4fb575275e283292da3e0a3ddf168d62d92802151464be7587d0860dca0f04ae84cab53810feab7543099360a471569c63a8fc18 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395760455" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4085174313" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044401" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044401" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4840 wrote to memory of 3696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4840 wrote to memory of 3696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4840 wrote to memory of 3696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\policy.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4840 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.211.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SUUB7YB2\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral21
Detonation Overview
Submitted
2023-07-10 13:24
Reported
2023-07-10 13:27
Platform
win10v2004-20230703-en
Max time kernel
142s
Max time network
152s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395760454" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4080501143" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044401" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4093157542" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4080501143" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8040b7f431b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70ddc0f431b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e70746b52f6804aba4142285479e7a80000000002000000000010660000000100002000000011ed56c8a9cfc1dd31dabd2af7629f58e596bd905aeaa0364a63bc47b1c64716000000000e8000000002000020000000fcc32b92f7b0edd5a7cb29581cdc867ad0da5be04df6679426b7ab1979971fae2000000005881f1abedea07b6c1a8083b9db5661b1ff45dcac478a8170177cca22a779c64000000087943f37de0e3a4cc58b6b3eda0c24828c88812832b7de6a0b16fc79b22eff3c839059baf6e84db043a22125247c6f19b10d87883f77d0c6f93dcee66329e01a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31044401" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e70746b52f6804aba4142285479e7a800000000020000000000106600000001000020000000616cba0b55b30ea38a4c5cc064745ae2d77aa8ce0aaa5f99d786b4ccf4700b11000000000e8000000002000020000000ae0f2cc1dfbc83f2206fd269cf160cf49d09c00767e46fcb8168dc66bb1ff94220000000300567192dcd017afddee9cb01498d36b7ab60acd8c51cd4b13b9b574b3a463c4000000004413fcb17b08ba9f6ec6f98519a00955035ee91f5a9d47fd1ac9564a6e7ba35cc2d3e6664e6222d7e7a59107a5d0d45972edda02eb53791f5f081f1de533a11 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044401" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1EB4C932-1F25-11EE-B699-CE28E34818EB} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4352 wrote to memory of 3560 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4352 wrote to memory of 3560 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4352 wrote to memory of 3560 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\vpnservice.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4352 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.209.218.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.121.18.2.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.141.123.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\C7IPBQYV\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral2
Detonation Overview
Submitted
2023-07-10 13:24
Reported
2023-07-10 13:27
Platform
android-x64-arm64-20230621-en
Max time kernel
1073421s
Max time network
133s
Command Line
Signatures
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
Processes
com.protectstar.antivirus
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 172.217.168.202:80 | play.googleapis.com | tcp |
| NL | 142.250.179.174:443 | tcp | |
| NL | 142.250.179.174:443 | tcp | |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | api.protectstar.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| DE | 172.217.23.200:443 | ssl.google-analytics.com | tcp |
Files
/data/user/0/com.protectstar.antivirus/origin.apk
| MD5 | 64bce546d5b79b78e6688420945edf87 |
| SHA1 | 665cd42c9831d0510db5756c004911c5b71a99cb |
| SHA256 | 75078c407ef53a9433ecbdd76f49002a8a5bdc9df0da65ef0bc6040c6bce7dab |
| SHA512 | 20c50c51b18bc7f1f281ecdff81e1395ec82a22d12b4a28cb9bf69fee56cf0b7059939f0542c545e8419a32ce158a6300901944f50364f51be33a4995c2399c9 |
/data/user/0/com.protectstar.antivirus/no_backup/com.google.android.gms.appid-no-backup
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.protectstar.antivirus/databases/com.google.android.datatransport.events
| MD5 | c991e80bc396d7e9d84f943c8937603a |
| SHA1 | 247cfd69fb168ccc74adf85f32bcccec988795fe |
| SHA256 | af2bdfa4523d041815caad3f42a259583d41a2fad04a4a4a2f3641aa75e41683 |
| SHA512 | cecbe1ab89eda85c87ce57fcc55191402c7df6c72fc41dd80ea35d07e2404427cdb127427d4571b623e697b695e0c41368d3e8ff92d52bade3643b901391d4e7 |
/data/user/0/com.protectstar.antivirus/files/generatefid.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.protectstar.antivirus/databases/com.google.android.datatransport.events-journal
| MD5 | 2fcfc8926cdb942eaf0765a48429ed2f |
| SHA1 | c5cf3793f0088e3da892e2cce3cbb89de1e03d15 |
| SHA256 | 42b5e99e91627d7931d5d2e2d4e0ee9b308a6f7048fd4d2e4fa70904d5b6f583 |
| SHA512 | 5ad26b530d23d60a0382817b26a12de76680f9ac26eb60ab5414f3d36266c7bb27a05b9d49d5aef76248ae424be2f94b8a4553c5ec5b51283b867954adc12dbe |
/data/user/0/com.protectstar.antivirus/files/PersistedInstallation477703245836607552tmp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.firebase.messaging.xml
| MD5 | d6b32b6f7842c43a69d96e6bbc0f951e |
| SHA1 | f09a77cc001d93e3386c5cd436a79ee29a46da6f |
| SHA256 | 5d262a249d4523aa6285643f3e7d110697e3aa653bf68909d3a56f4fad151a75 |
| SHA512 | e15f4e2d36a163ee62904a7d8e07ff792adde9992607f82b663df8047483283334eb2d7d6643aaca4395e11e9c1ffc51f8b3cad45b19922f31bdccdcd898ee56 |
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.firebase.crashlytics.xml
| MD5 | e22c7d687bbe1a37be660e14d2ada7b9 |
| SHA1 | c662c3dc0541178e132350f7166586e7597f9aba |
| SHA256 | 1595e8c06afdd16d0042fa3052317cd5560930c66a8fcafeee204cdeafb0e161 |
| SHA512 | a57cf6860a9f4595e091b54e2b3e4d4e060bcbc92993820d9c0a2e5dea556c5c1833eb164dcbc611939535a61ffba1c439f3331e99abcdc7cb6e5c01e81febea |
/data/user/0/com.protectstar.antivirus/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MToxMDc1MjQ2MjI0OTk5OmFuZHJvaWQ6ZGEwYjliODY5YTAyMjNhNjk2YTZjMg.xml
| MD5 | 719f651334a2df315fe9c1d9a90ddddf |
| SHA1 | 4824f840daa5745f5f2f015242a95213010d9228 |
| SHA256 | e95fb0c861ae7a830e3ba62369ba5ebda961e2e616688b904c888397fdd1e23e |
| SHA512 | 522c320ef36251aa365624bc882fed075eeb57c88c9b2bbb8953fb013b11dffeff5525b463f4c78624e973c385ad40a08488ba974eceb91fe465de4c0dc74ccb |
/data/user/0/com.protectstar.antivirus/files/.com.google.firebase.crashlytics.files.v2:com.protectstar.antivirus/open-sessions/64AC069C032700011202202B0A90A6C5/report
| MD5 | c8b163f68acb0489fa28abf1867db325 |
| SHA1 | 59448a4f69f8a2c78f59dbecf929dc55b98cfe21 |
| SHA256 | c87bce5f9cd6557b20e82921b0e25bb7c9a6b1c72266b026543b0ea3689b38b6 |
| SHA512 | 87f4aff0e09371b8f9eae1a2c3ec417f5ea80c67884561b4a6a029647481ba88f1fc07b01d620f505050784b8130de051e8d30a4ae9186d98979e0bac8e810ce |
/data/user/0/com.protectstar.antivirus/files/.com.google.firebase.crashlytics.files.v2:com.protectstar.antivirus/open-sessions/64AC069C032700011202202B0A90A6C5/start-time
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.protectstar.antivirus/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MToxMDc1MjQ2MjI0OTk5OmFuZHJvaWQ6ZGEwYjliODY5YTAyMjNhNjk2YTZjMg.xml
| MD5 | 616e8f2a609c4790839bdf4d79c32e0b |
| SHA1 | 33cda168b0a9f7924d31b1fc049f3b0247953088 |
| SHA256 | 5ff901a488a319b874121a9dc2e1df21be31b917d3740d9fb093981f3d61ad25 |
| SHA512 | a12fa14b9542858060051075a032a0d2283a09e098590933ad5037f8269a9aed23ca348ca21a512964166754bd9de498ee5bbeaf4dcf7cf625deb667099c25bd |
/data/user/0/com.protectstar.antivirus/files/.com.google.firebase.crashlytics.files.v2:com.protectstar.antivirus/initialization_marker
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.firebase.crashlytics.xml
| MD5 | 084bb1a9931e2c4de4e934be3d5c6a94 |
| SHA1 | b104dce015a85afce248edecab46707801fa5656 |
| SHA256 | b7d9635dcb8bfdd9f3b560635e587e726f67ef0b97bcf3cf68e2ea61a441166f |
| SHA512 | 3e546e58a51763961394b081b4812a24fa5df400621b943bf083d86bdfdd481275f9d0f8c5f4929555e7bc77caac1b344a323c2ddc60140c8693f8d1a8f09d04 |
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.android.gms.measurement.prefs.xml
| MD5 | 250b4caeba60ddf53228405750ba66ca |
| SHA1 | 422ab714feb34e9f3b4f1cbe669887bcd581ddb1 |
| SHA256 | 2478c97a377db9ce6a44977b4864a40af8b4f5e5c8f81892c424a608ddec911e |
| SHA512 | 373750c29942fef90281109b6025c398d0f4ac62b58a984a3651d09f8c016440bc40f6bd84fb6d40acf8e48a553d4c1d22e01a95c40a41567c079ba9a338afdb |
/data/user/0/com.protectstar.antivirus/shared_prefs/com.protectstar.antivirus_preferences.xml
| MD5 | c78c495cf44504f575a670dc6bafda86 |
| SHA1 | 77355bef2e78059d7a321dae6c6a56670bae772f |
| SHA256 | 645640a89ddef96bd44650003d2906d1395e1c59949afc10365d4affafac2831 |
| SHA512 | b166a79883696f8ce4c51132c4adf08ea99a7f6cd13c9ff55fc7026a6480bde3b9be64de96bdd51284974b1675ac9b46f528602b05de0e86b1d363b6a525a3b3 |
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.android.gms.measurement.prefs.xml
| MD5 | 4a24f4ab6584fe097cff0ac91d3ae90c |
| SHA1 | f229535811ce9247efc1d97a65c4c67453877e8f |
| SHA256 | db22a54b9bbdd7b5ecf1fa8a29ab9c1aec735e46279acaa2cdf87c7d88845bc5 |
| SHA512 | bcfca93749b31196f98f984a67993d1a86f9850858a3846b7a362b82ad4d6132f4183f2eb9b11825ab33c5cfdf63e884c0228a757aeda4907a5219b1647fb3ee |
/data/user/0/com.protectstar.antivirus/files/PersistedInstallation8016300835413782643tmp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.android.gms.measurement.prefs.xml
| MD5 | dd6e9c66a12893da0f4b4495a0ad41a4 |
| SHA1 | bfb60ec3d75d1e8d976a6be3c25d76bb5cd581c8 |
| SHA256 | 4ba0e3eb04d7c541d49bf4a103ce2b02a41512ba71bf015c9e7eeabadd2305bb |
| SHA512 | 7183dc4a096bd425dcefd2183966f8f93d25bd5b813cd041c59af283c2cd4c8870fd44fff2e991aae1d2f26b3bbf6e18d41b149c66b7b7d2768a46f28a57d898 |
/data/user/0/com.protectstar.antivirus/files/.com.google.firebase.crashlytics.files.v2:com.protectstar.antivirus/open-sessions/64AC069C032700011202202B0A90A6C5/keys
| MD5 | 573f30909f4bf560971e1115453c34fc |
| SHA1 | 239ea999a5ff1fda1652483298fcea2627e76269 |
| SHA256 | b0c0f5f2345c11fcf39b8528bc21c9a0a767d5061bb2ed0d7ebcd0552d8fa847 |
| SHA512 | 8cf5df41225b624953669de573c71b5fe87c63ac0c566d7a7b9674e5bd9c2c83cad46feec39841a724512098969f28bd86733f2ed00940364fa490c80ccfac91 |
/data/user/0/com.protectstar.antivirus/shared_prefs/com.google.android.gms.appid.xml
| MD5 | c656d44c7f41c450fb18dc42741110d7 |
| SHA1 | a8e3af6bcc7b64fb3dc44cb7cd015266a9f52f25 |
| SHA256 | 3723a27dd1b1a3360227b96bfd2562f40fdb5449cfd5db8e908a1bc59a98ab9f |
| SHA512 | d03669b7a1e2d6c558746d140e0e6206edc7e383c45040ccdca30ead23a65e3ab9f4ae226612e43ecc3da506c0f197af0d70573762b3e72617cc3163ce444087 |
Analysis: behavioral4
Detonation Overview
Submitted
2023-07-10 13:24
Reported
2023-07-10 13:27
Platform
win10v2004-20230703-en
Max time kernel
145s
Max time network
155s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044401" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0edcff331b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4064875605" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044401" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4074563678" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b4885326af1dd94bb4dd17ee586870300000000002000000000010660000000100002000000080c94690bf9ea9061be5d865699761b977caf01d2ca7e3a4d67a9d0a405e3829000000000e80000000020000200000001b9ee644df22966409bf38a012a037a0b22265fb925dc99270813b8b38efcda42000000057c0697f027afb4612ad1329f5ed2dbd5b2db219d8f4371a24f38ad84097184f4000000008c9e49bc22b14291fde643cf3555d47da386ef80e73223ae93e39394cfd23e8eb6cdf5e2780619869b493a5071b8a3de8eacd364b151826669a7f2ac20fe182 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0bcc1f331b3d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1DE1ED8B-1F25-11EE-84C0-46EA114D2111} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4064875605" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b4885326af1dd94bb4dd17ee58687030000000000200000000001066000000010000200000008e70980cf5549aa055207e0b173d8f741e8910bc0010f861224c4317e916f7f6000000000e8000000002000020000000e6e7e656fcd667d77f8170e8f419857c464d241a3c769494d95a684274edf03d200000008cd15ca202996f120132775bbbeaa16136295362015de08bd57feced1280011f400000006467cae1b6ff55390af0137f4a645fd5778137e94beac049b1156b40320471d59f2f5b6886992734b7c512d03686dd03be754b04a8977426484ff4d336c96fb6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31044401" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395760452" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4432 wrote to memory of 4408 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4432 wrote to memory of 4408 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4432 wrote to memory of 4408 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\disclosure.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4432 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.177.238.8.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.162.46.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HW3GGUK8\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral8
Detonation Overview
Submitted
2023-07-10 13:24
Reported
2023-07-10 13:24
Platform
android-x64-20230621-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |