Malware Analysis Report

2024-09-09 13:27

Sample ID 230807-y74gdshc56
Target 392d9c1f05d8f8d67fbca464690af0d925046f05edbb75087b16c277627b5238.bin
SHA256 392d9c1f05d8f8d67fbca464690af0d925046f05edbb75087b16c277627b5238
Tags
ginp mp74 banker evasion infostealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

392d9c1f05d8f8d67fbca464690af0d925046f05edbb75087b16c277627b5238

Threat Level: Known bad

The file 392d9c1f05d8f8d67fbca464690af0d925046f05edbb75087b16c277627b5238.bin was found to be: Known bad.

Malicious Activity Summary

ginp mp74 banker evasion infostealer trojan

Ginp

Makes use of the framework's Accessibility service.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

Requests dangerous framework permissions

Acquires the wake lock.

Loads dropped Dex/Jar

Requests disabling of battery optimizations (often used to enable hiding in the background).

Removes a system notification.

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2023-08-07 20:26

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral32

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win7-20230712-en

Max time kernel

120s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\chmod.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\chmod.js

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win10v2004-20230703-en

Max time kernel

142s

Max time network

157s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CertificateWarning.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90cdf18e6dc9d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31050093" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043db47ff6362a24abd0df5a96fa93c46000000000200000000001066000000010000200000003337ac17cab7fe99fe2bdd385ca3313ae9556be90e7a2d90a74a0638b1dac828000000000e800000000200002000000015072ca9c6188ebfa9c197f3b5e005f05b69d0435f25602c52b056ae77c7160e2000000054e5bfd1f06e0f91af569d3543b5db9983ad857a8f4f7738cba97f57bee6dd10400000004dce9eafd2cd9c765032f167431b6024738087b06d1c9e9b8f44f10dd55554ac96f2ba74554884226a9ba0085822a09ad77328ce35c67d348bff89dc291d941b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b075e38e6dc9d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043db47ff6362a24abd0df5a96fa93c4600000000020000000000106600000001000020000000c3cc9ff8271ebde7fbd5abf5705a6e27f8bab6316bf52b222806c6d1f2a77d88000000000e800000000200002000000074f5b8cc5053c0b883acd04ff8185c7c1aa228e2c0855c95ee25cb9dd78b467a2000000040b3e105194bc771ae9759c239e72f28322fd7dd624400da859811079b2c8aea40000000af1e8ab4a829e25f348f7d6c5af1552c367ca74e0d8e27d1d911baafad37b123cc85e53ad26201ad1f4947fbafb106893ac8af335b8bf1774a9e66a1be3c8c02 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2357900599" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2367901046" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "398204976" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2357900599" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31050093" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B7D4E1A9-3560-11EE-B651-52929AE94110} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31050093" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CertificateWarning.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4148 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 254.1.248.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 203.151.224.20.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 2e7e93f2126e4a2ff494ebb8cc3f1849
SHA1 ebf3f3a0c44aa3fce72a034ad73b2b75d03c3f8d
SHA256 729cd0fbaa261cb2a586c0260bdb2233a25cb5e00431e4b3286317201ff97f07
SHA512 2d19886463098e7c80e386547e5a7ce89c7e9e57240412d318e373dc57c4c938b3208066dcdeee24c0e9d6590eeeb0efd0ed9b6f5a6a01e8a7a77ef10686623f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 2e36f3cef7a2ffe20695635dfa71228f
SHA1 0fae6b13bc7a3cde8b9ed7857d9e86e78e91624f
SHA256 d65db39b6f47ae702774e79d1431ef2ba708346b7fa7eb75fd6b8e7d056a38f6
SHA512 418b6a1d53fc7971db175ceaab31b1513bffd3a38df4ff26da7bbe3e95f0ad723dc9a44d7ab1fffcd36d72cd4fdaf8fb1ed9456a9ba65fbc5458dec97f3be720

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5XLATO3O\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral11

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win10v2004-20230703-en

Max time kernel

141s

Max time network

157s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\OPENLCS.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\OPENLCS.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 254.20.238.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 192.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 203.151.224.20.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win10v2004-20230703-en

Max time kernel

141s

Max time network

156s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\angular.sanitize.min.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\angular.sanitize.min.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win7-20230712-en

Max time kernel

117s

Max time network

121s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\base.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\base.js

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

android-x86-arm-20230621-en

Max time kernel

3518004s

Max time network

159s

Command Line

unknown.decline.return

Signatures

Ginp

banker trojan infostealer ginp

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json N/A N/A
N/A /data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json N/A N/A
N/A /data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Processes

unknown.decline.return

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/unknown.decline.return/app_DynamicOptDex/oat/x86/RxLyO.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
NL 216.58.214.2:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.206:443 android.apis.google.com tcp
NL 142.250.179.206:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.251.36.10:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 gunfirebob.top udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
NL 142.250.179.138:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 jackblack.cc udp

Files

/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json

MD5 399ad44f3cc66c9f1d473882d75db038
SHA1 2bda8a9f0f9f59e40b28eddd444d08c3cb0cec82
SHA256 1f563937a4ff9e143e0b00032376875c7cfe2d76e14d0675585b1bd2adee98d6
SHA512 35ce54d7768cf49f7344ffba65ec6a2ca55fcc68fe9d6f8d50e68d6a87b38e38ae504ada75c44173a380b89afbd395dec1a2e1c0751b51e967386df8425737a7

/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json

MD5 f0141bbe2b96842a489d9a97d7377658
SHA1 e5d6c7d6c487e8fcfcfd593d3d63e55f37026aeb
SHA256 356ab89ed459e9a7cbb9b39ebe9d2aabc0991cb1308bdba3c645a01ee93093ce
SHA512 0c0e42b8196974a6958990e3324d10ef255e4ec9642fd6c397ae6dda9c7c0abecbe6559ddb4b79fb7154ee42904d12c4dd300a1ed1483113f6c0d7802eaa975d

/data/user/0/unknown.decline.return/app_DynamicOptDex/oat/x86/RxLyO.vdex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/unknown.decline.return/app_DynamicOptDex/oat/x86/RxLyO.odex

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json

MD5 f0141bbe2b96842a489d9a97d7377658
SHA1 e5d6c7d6c487e8fcfcfd593d3d63e55f37026aeb
SHA256 356ab89ed459e9a7cbb9b39ebe9d2aabc0991cb1308bdba3c645a01ee93093ce
SHA512 0c0e42b8196974a6958990e3324d10ef255e4ec9642fd6c397ae6dda9c7c0abecbe6559ddb4b79fb7154ee42904d12c4dd300a1ed1483113f6c0d7802eaa975d

/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json

MD5 2105cf8d537e5de99c22a23ded4185da
SHA1 3673db2b67eb498eddbcea80ee150acc9c2d99cc
SHA256 e2f1a5ec84e2344a3ac5015733acc963bd3125e5a4175615d2a02a595b4570a7
SHA512 5ff2c275fae1ffdc296a088ff910104a7794008965abef8860edb6ac2454a1654caa0434591ee34a459e7908888b3028c9b5581fabab2c3efbdab09b63cc2796

/data/user/0/unknown.decline.return/app_DynamicOptDex/oat/RxLyO.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/unknown.decline.return/app_webview/variations_seed_new

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/unknown.decline.return/app_webview/variations_stamp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/unknown.decline.return/app_webview/webview_data.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/unknown.decline.return/shared_prefs/WebViewChromiumPrefs.xml

MD5 21223e9184445fe043476484cd8cb1f9
SHA1 2b4813f849121d60ba35eb0889080668bb62c778
SHA256 bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af
SHA512 be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

/data/user/0/unknown.decline.return/app_webview/metrics_guid

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/unknown.decline.return/app_webview/metrics_guid

MD5 39f264473882a106edc98413def8b9d8
SHA1 245fbc605af121e08d5c2bdbe1a09169a4da9e9e
SHA256 56c0679314573dbb3e23cc3668a1ed8fa4264c56460ce01969bb9e1e919d54e3
SHA512 21fa6b92aa3dfc42c98e0098fff8aef87d889a0df5315ad985456518f50561c480f9b11d1fa4c38b0eb92a1ec5530ea26ffae295569c3e4a71705a9eb8c02b6c

/data/user/0/unknown.decline.return/app_webview/Web Data

MD5 dc79f9ce5f3ab5270b33e61119dfc959
SHA1 1844bf222a5144b513dcf2fb50a18c011701c647
SHA256 47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65
SHA512 18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

/data/user/0/unknown.decline.return/app_webview/Web Data-journal

MD5 1c4825ac976a1bd66a9d69effa7bc530
SHA1 748f6ee460ef3c477cde1e2dd5ef6f6c975ee51d
SHA256 346a4bdb079dcf4e3c69cab7e28b31410b65525033f9d7d3ec883f9d5363838a
SHA512 a569763bbbae1342816d475e5d0d155706c00e7a4098b9a042607dacc7b30c6602f751510a82fb3aeb0e48ef6546a93c1ba87a937096d3bbb99a0d8092e5ed2f

/data/user/0/unknown.decline.return/app_webview/GPUCache/index

MD5 93027d42b314432c4216e6cfca48b384
SHA1 43448dd8102979c3926828182579691945eedd4e
SHA256 3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c
SHA512 a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

/data/user/0/unknown.decline.return/app_webview/GPUCache/index-dir/temp-index

MD5 0548161fd9ee9fba28d05546a51989bb
SHA1 527ef83d75e06958cc0363674144c088fab9f40a
SHA256 00fda1b385235039a92b0b72d7295284c8ef849b906fe28cf95c4833a55edda5
SHA512 d47bcad260d3c3ab516c252af91d45355d5225ebce7203aa64066df1e5ac12fc5ddbff6e464d268b8ff5d949a3ff32de46cc989c54e65f2ea619e013950b84f9

/data/user/0/unknown.decline.return/app_webview/GPUCache/index-dir/temp-index

MD5 c4bc9796d6db5d3517cb671cdc59143f
SHA1 f2a294b909296512c3a2fa74fb0c13a2d094eb5a
SHA256 6f28c187544453606fa1998a8d643163931ea6de2c39d1cbde1567c703115d1f
SHA512 b95fbf8af0fa21272759faf1b7bf67da8d0e1882811546ace35f6d00e95ba278ac45db06adcda584eaa6ce5a0744b566b8735be79ba55019a8634a0c1357f035

Analysis: behavioral6

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win7-20230712-en

Max time kernel

134s

Max time network

140s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\FileBrowser.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000e8664bdb653864eb3b20ffc0ad3b02100000000020000000000106600000001000020000000601ecb4da387228b0509641be214cc2b268d0ccec1a59a5a7cf584820aae5533000000000e8000000002000020000000ed1d822b72a3fc56dc368d9c02cd726c6af6ad1bf06e8fef4d1eb60b47caf7b620000000c2b70252c4808e1eb9f5c8aeb6bb10b255c56f06c0167249b099b6cafd3b8a5b400000000b1bf009f4e7e1572317d78c3c85edd50afb39dade53c0eb114a52a03e0be8983d11926a8800db225a0016deb24b367d9e736e725a2843a96f42d3fc58aa3b5b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "397601874" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B6FAE2E1-3560-11EE-93A6-FA28F6AD3DBC} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60e3d78b6dc9d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000e8664bdb653864eb3b20ffc0ad3b021000000000200000000001066000000010000200000008ce3fb58d2985cd7f5c4f60ab4df23736387927b5e185ab4eda1527a665dbc5e000000000e80000000020000200000002522bbf432c19c3c543c817bea4338df6ccf3ad17bae2a2955eb2aa2b1237d6590000000643d8a7ae8e6418d6d81ef2225f1551d4e62020e5db325b9e746863c6fb347c641d47c5a9379adef7af324ce3b94ef81d49b9b31614620503ad5beef38d920502e95c9190494a44e8f6a35e74b2ca9a9376d66539ed47ec10bdef9b7b4ffe431a7af16de6e7f336d0baa93eb280460049ed5828a19e6ff21e538ef78015ee2fab0e39d913ed090302b9da5e6ee520fce40000000e03761dda390720a23415a0bdbea00693e0eac13d85d7ade7feb23f13c8b1eeaf18f3f4542158133b8d0e289d0b7d419dbbd12cb872ee8bbb64aac5b5d5445b8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\FileBrowser.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:764 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabA48C.tmp

MD5 3ac860860707baaf32469fa7cc7c0192
SHA1 c33c2acdaba0e6fa41fd2f00f186804722477639
SHA256 d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904
SHA512 d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

C:\Users\Admin\AppData\Local\Temp\TarA6D0.tmp

MD5 4ff65ad929cd9a367680e0e5b1c08166
SHA1 c0af0d4396bd1f15c45f39d3b849ba444233b3a2
SHA256 c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6
SHA512 f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f01c8731f57a1759c47d9addcab299f
SHA1 96ad07f783b677ad85eaf8a804760874c1262998
SHA256 dd0a6ac316c20a0a9b1b9a8052e7ee0f7159ab37b2c3cd9a5f58ed1fdeeacbb9
SHA512 96d6ffa157ac4dcce2bbf350b1617011800faf07725710be34c307676aa990adb95362eabb59fb260bf1095ce445935ea65203891e9fe83a0abb44390d94983a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3627a7d267b357b376da05f99864b29c
SHA1 8f8bd3df1b361c1c09f8847bcd251fa45275c5f7
SHA256 155ad802f732f86a20a83fab7ac935b60210b460fc84f9574c6c0160ace8bd31
SHA512 6b2978ad4789cf0aae478e61c6f033b546016195eadd48f9c18f2f6de422b15de3278afdf5ac282f84cf203b7a77ed676530bf113f60e23744eccc590428a640

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e81c2c8458cce2b01d81e9e118f4e6b
SHA1 69fea05dd60c6a1f3f033265839ab706414fdb4b
SHA256 af3fa823d5f96da2ca8bb40037e975f7deec956d82fcc77e4db028cc3b16143b
SHA512 76dc665a1ae1ce3b19ccf54c8754ab8d218e47b90ebff62bcfebf486c1ac3eb93857b9b75a0cbea3e2bb7500605fb62b2ffb06938fede3d540670828dae3c31e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 717f9e38e9e073c5da75e18af386f31e
SHA1 9bb503eb2d380985d8301b27f2fe845438236cd7
SHA256 ea404427d26b639b16c0e30d43e675149e3059dfe14a855512ab23e814e54f76
SHA512 34b4043c9d85fbf63f78aaa1e36efbeaaf5f94fc331629e39d6906dcbb60fdef20fa50c49cd6b8aa1c8d0f810b253a25a97615a1cfdcd81e018ce0159724e1e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca91c44f672ffb489cfc75a476f1461c
SHA1 469409baa2a7090ab4adabcd13cd6c2d897bb356
SHA256 2f4ef631f4481b104ff9324a53bd2712c969881f087a565cade98f8698c3bfc5
SHA512 bcdfa3e972b5bb567851a71bf54e5e59093bb78cb23c0b5e7a938252bd34c8918414fbf26ce941d3e447c084b792d6fd4f5a051eb8450fc756bc66d3b13c3cb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6002431837c6d4b141ba59b0c230ba84
SHA1 400aeef575bc997813066db8bde8f379c8b21328
SHA256 87999ca82b30f74a59689134b31704c36ca4b8c0d0591c1a9bafe321441dca26
SHA512 138b38d74787c0856bced38118b6338afb90ed49227133af487f90c42747d1f0aa6052d2361fb157c11e95878ea0017709f553031231f2ae33bf24de45989e02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2721facef167835448bca7dcb8db1789
SHA1 66dd3abe60fc4bffa39fcb4baef2c21472c936a2
SHA256 4905a4c3a21b67a8535285a4727de2f0edca2c5bf7aa322524147af9f829e4d5
SHA512 07f484a14c60c9f75e4dbed5419f0e2f9b362d2666013616acd2b81724324d43e3e5a7229ea54cac9a6049bf8f00d251459750f736c773f8a5d6522f404a15b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c550ee7a5fc9a49190e53a27bbf01a5a
SHA1 d21ae87fa73f96da1a7d8e389728ca35b4c7b131
SHA256 a440cfc8539ffd51d87ebe0d9426f46a821c816d5f8f47d60a6f403044dec5fa
SHA512 10718ae13ed811f24a382de11dd162d99cc6b528513d545e4589279f21332546de113100a7ff10b24a9d382fd6610dcf43b8d26f9eba419d9990e7c468401cf3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25e8f61180588e8da2c627dc3eb1befe
SHA1 b9ffb9465ebbfe8cdc47231bd3323680a751888e
SHA256 79c04efa70c714b064b562a355bcf170fc67952696b163aab004aa29db68b105
SHA512 38122a876c7594ec16eda2ce8c73c6628235cc4d15343dcccf2e2630f7a3ec15269e1b4f80874d9542500dde1dde838b2a818bbe2a1d71ceba02c36fcccaf399

Analysis: behavioral8

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win7-20230712-en

Max time kernel

122s

Max time network

126s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\MediaPlatform.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\MediaPlatform.js

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win7-20230712-en

Max time kernel

136s

Max time network

138s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\YTPlayerView-iframe-player.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10673" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B825F561-3560-11EE-9996-66AFBA4EB959} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "397601870" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10673" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000dfff1b3a562844db5bcdd926cd82794000000000200000000001066000000010000200000000271cb07e332f43776d2644ddb394391d06dfa5574ce0a76559cc7ce9500d2ca000000000e8000000002000020000000eb41a2cf1b19a02e859d17e247ea45055d85c88865ca83c43190a96b2fbcc59c90000000f81752abf333fd503d8d5da9f7ed2d45a3087f3e56531c8c43a7ca3f154d20538cbee29832ffc04117b6882fe814057f0a86eae48867bedcf41dea5dde31ec18fafa0f24ad0bd359915006d51cbb2ba0027926fc0d2c101a98b15a368703ecc08890b9861186b6554b7ade573ecbf9d513e7aa137b2b612e8adc8d294c7323cc38ebc9fca0490703d66d93b8881e69e7400000007840d176dc8c7955445454b586b384f3dcf72430329686ae564a8b9b64f61900a2ef6aba238257cdf955b91469f2e287b744afc03c77b1d9fa081d493d24f65f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10673" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00a713926dc9d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000dfff1b3a562844db5bcdd926cd8279400000000020000000000106600000001000020000000a8f1fe506607f7406af6ce44d3367f9b1fa387706735aa7f83ffa7de7b5be891000000000e8000000002000020000000ebc6dec450af87dff340c71d0b546ead1faf59dbed126f544304333a409bd472200000000c355bad8ef9b23475c94a84cc32ecc3cdba753943b94859e97be2630607792e40000000063ab9baf1f378ba8ab1d71667a7eec2082fd2e1e94830969fe64731b91e731c09f250166d46cc8a69195b185b5b9f5e527128cc478453eaef2aea909cf94c79 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\YTPlayerView-iframe-player.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2476 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 172.217.168.194:443 googleads.g.doubleclick.net tcp
NL 172.217.168.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.138:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 172.217.168.194:443 googleads.g.doubleclick.net tcp
NL 172.217.168.194:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZQA88UUR\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZQA88UUR\www.youtube[1].xml

MD5 ef17c0d2cfa9c240d1defe6248e48048
SHA1 42f885b48804f6b8844c3d842701e377711e3e7c
SHA256 ee460a8f85d97e83fe3a7c0e23fcd0abb307fe048f4c2dcbbb41a0fd450e871b
SHA512 d75ed0ced66c2d9aa1ec08691a1a697308206cb5ba4451ccd7d9e381f748e4f1e5399a14e1e3d6acf02ac13e0f1cc0b7abe965d35df07576748a78514b3ff457

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZQA88UUR\www.youtube[1].xml

MD5 3a8064e9edee49ae0a0176cb1dae2209
SHA1 eb8675f094a89bcb08c205b5ea233a23f2e2a806
SHA256 248ca981ba6458306aac383b20b206a140976e4a677e3437e53fda174a41ab45
SHA512 2dfc015a30fd01ec74f5ba5d13978b47b5d65eb08d4fa9005c8e2d130071f9070e163e31521d2c1c149e05c8e0eecee895f3a0e088654124dfeecbf40185479e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZQA88UUR\www.youtube[1].xml

MD5 992ed6941ad2ca72c7e3346d6c78fa59
SHA1 644456928c6181bc5dd21a9fffc59a75a5bea197
SHA256 2ffcb291d0970c2b854362ac8a1cbc23c97d41c257bab85dc03ebc6b9c5d1249
SHA512 2c301150b8f10419da8c59b256154c06ff6a685b4ce84c133e1f40429d534189007bbfcb761fc7b0805524137c7f68ff774fb8fae94c9cd35195dc09ddfe352c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZQA88UUR\www.youtube[1].xml

MD5 a32f8f21d012c4a426adf8c3c933ed41
SHA1 e2ba328349357d24ec36bbef6879b45a9851d375
SHA256 75056b4721338819994f01f0a130b8a01ba0c835620da3681c42a486977aa493
SHA512 7027a09c875043ca3b61df7a4262407869b2755eed91f7aad12692ae7fc3f36138b81c6ff8e01bb59f4d043f227dfbc9bb0baf2ade7eb27649acc0df752208e4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZQA88UUR\www.youtube[1].xml

MD5 63d47cbc084e0f497808c673e0e86a66
SHA1 1cf2593792ca16bb4fd010c87e021a3644f6f264
SHA256 0f504cf05288e7652c10d631764f375c6a94d3a47568b55afe049e6d23c6e877
SHA512 353fe5ce7b6ef4256c9470335a7e9296ff4553679d5adebd2580955547c994d8dfe7428865fdeba95e46ca33c7d3a040c3199feef13de665df26512375cc7e7a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZQA88UUR\www.youtube[1].xml

MD5 82b7edc67ebeca3b96fa5278df47ee77
SHA1 e19b5676a15e8498d610866a6bb0b63babbde4e6
SHA256 7081d3b7bd06c35eed2f52fafce7a02bed23b5e35901832bca78e4587c5fc21c
SHA512 315d326e4019971584e5cc43fa250287fddb9007bfae78de73c32d8b1606dc543c5f5950b57b6e14f3192a725b51785eb702cf373e040c4b1a939ac945be5194

C:\Users\Admin\AppData\Local\Temp\CabF01.tmp

MD5 3ac860860707baaf32469fa7cc7c0192
SHA1 c33c2acdaba0e6fa41fd2f00f186804722477639
SHA256 d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904
SHA512 d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

C:\Users\Admin\AppData\Local\Temp\TarF02.tmp

MD5 4ff65ad929cd9a367680e0e5b1c08166
SHA1 c0af0d4396bd1f15c45f39d3b849ba444233b3a2
SHA256 c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6
SHA512 f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d3f2a13b9f1d9df4d506bf8267ac444
SHA1 6e5330e2d8a78de3bee49f9435c036bffaf4832d
SHA256 44eb3b75c9c3de7bdc6c546394589544f67b73c93c198ff1459ebe1749dc9c86
SHA512 32f17cb209d4eee6168eebfb538563a9d32c26c575b62e6154c32e1d9dc70471918036e17d9dd554e6cd216f4d9e02102f0d1309f25f55b0487dbd9e86cc4387

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79f9e16cdd1f2bb68f691bbc0b14a5e1
SHA1 4c3b4227f3e30a55e16e9c0da3d47e89a2199aac
SHA256 bd6c004c8ffbbba6f89afcae5b42935835251ca332457eb05fbc35e5b9672c99
SHA512 7a08a2dae454fb0fb8c90b30aad90cc42452f3f77b940915fab1498bdfa0157eb7ed4481aaa4cdf0142ed9f45ed2e029e426d3053f72bea2d35b286ffc7589fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bfb08aea45eccaec2bbdaef54d2987f
SHA1 f46850d417e5489064b508d7f278b2cadd47d0b9
SHA256 a6cf0d4a0fe8fab023c173ed1f2f20862110f2ed3dc434aa08ff865464158ce7
SHA512 81026f32a4142c8912bc6c99d20051e50d401c904156666f4dd67ed9e9cef25b6424c0268098d64ef65d8f2f37b533065d564c392a4ec0dc9ad8792fd88cacaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be332568e67f526fbd69e206a12e131b
SHA1 5653465ab21599e2e87c2aa36badd60697b50e8e
SHA256 44b395f656b3922c0b8502c492c38c146c19bed2d62d2f013d3d7e90d9cf8c50
SHA512 81b43b6c95dda719039594e34b96f6f5fef1bbb684dbb0c52842f0bb55f0647dc9251f968c5fac33c88f52b9eacf1625f9c70a12b4c6267e444d680e72ac0976

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a9d48830f089881381db774762b16e1
SHA1 e6714854337b1d67a974189fee18a5da0bf7b4c8
SHA256 2e20ae0ff77197b5c333be04a3e1c95039365646e0baff639bc53c9e7110f3c6
SHA512 67fbd6d41c5566ab227cd5b164c0c8e288bb23466aa4f531f319a8d98d010d88b2e3c3a9c7fa50935cfabbc977091cff1b03a537b8ba61ee059ec6ef81aa1ad4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6862b637a3ad2889ca99f2e76991142f
SHA1 4ad0a58d9c3d5e14fd323d5d6483f2a4640ba6c7
SHA256 2c3e99d773686ea40c8d1ccfe51b012d5c0a20c52ac693b6fe86640023c56b8c
SHA512 99455f7c64976df13fa30faca98cdf8432e5443f2183a3990e0b0f2ebe49b843c87f3fb2a2b59b4d6c002f0d548c36cb7ed952839045ce4e4c96e04e0c986ee4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d393c851f4aed5d9d33a1309eb36c5a4
SHA1 5ab967ca96a280639409bb66780a69274c1a8133
SHA256 2ebf47fac96e47c1cb3b5a3113d28bc649e17f250c637ebe7e7b9b3dfe6c5e8b
SHA512 1f9b7cab6575dbddc112af3f80a0e26a0cfa7d3edb0dde17013055353cb95751f589eafa5d1a2aebb30766b1b28d19a6ca52b4f1fd8d58a79f4c8fb80f249874

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19f61ed2f51d066b7bce5eae8f2720a5
SHA1 eb146fcfa1937b610ea08ffb598892349f795024
SHA256 64904cc224f469636adbb31b4c474e651c2b979d1ac69246fbd4bc59a3ba3501
SHA512 8b31e635ef71da34102dc9fc772c754e85fbe768f42c5626893bbd6ef38a6183fa20335ecc92182316125d78bcc9214601f66560da2c5a51270b024945899090

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b3bd6c45460163a195ffcf357c47a35
SHA1 92066d15981268c91434bec7935e6f0ee35d4ead
SHA256 6313c2f7df266286cb5cdeff4a5d28f6de7efafd879efdd570f5b7e67abdc1e5
SHA512 6da143abc878b27198ff039bcce9e816d1627ae57309aa9c194397ffac1ed157f413201d0f4c5386e40b60b9fc438915be43e19f969843c9fb8c9243e980f01b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbc39c5ffd26943df9004a6206f7ae45
SHA1 57d9b6beb9c982949c6c19505817c32a4bb6da0f
SHA256 f2bb5487c7d426f63c500b06c5242fca456090884559737b3205930fa550cdc6
SHA512 06c223336b292ed973944622b64418b46bf821233cb945301ba375837712336e01bde315c3ea27c8eadf03d2ee289c2833956c03da9a83f85a8ef82edc59b35b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2cbf4990e7c2ebe9ddb8720d453368f
SHA1 651eb546e38e662558c1bba6947e30627d505b74
SHA256 f63fac622c453ddd689030bb50a65585ba8fc78fb2384de7e1309a51064e90ca
SHA512 a138e2ca5156946fc6ff8e90a33f49998f739e0bae8f68d455977eb8f417d68aff561b92800022a046e3111b06e77a82d89b89f886775f16dfac08253ec21dd5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 522e970deb3db0f033ec0f8745f6aed2
SHA1 cf2058329dbf9cce25ad99a2fc5a12ed28e685d9
SHA256 c50152164100c5a47c83c7f9ae7f3ba1dffe5f2a1918efb2354ea701f0e9c529
SHA512 438d1a0c887192040069330ae304bad6fbb6e440cc8eb87e428f6d24f26aee379546d5f624f8804ef46f563d7b1101d031acaa81cc2738951aee0aba028208b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c297951a00cffa60442d8bd16d0a5821
SHA1 385671feb06c98bd23c88670df821a4e20b3cdea
SHA256 51896f112c229a60add4f92b051087c2f5bfdb7032db90a7f1985be8f4ba411a
SHA512 52ffd8f62d30f231c3c0308d971feb5dae9d4fd410775429a72d04df3e06e072930d84943a513205668baac6304a875186035414e26f9a71faa06017ffa6ae75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2cae9bd79c4aa022f3522a484926325
SHA1 76f1b670a3b0bcdaa463574a15874962fcf4f0da
SHA256 d6a36ad0c5d0ea0632811cc0c09c2e750dca2529325b2a4e80fff3133367efcd
SHA512 43d8721ee5def639d3b00aefb6132fd2fb0fbd00d9ef3780f623d30da38a1c204a7fff7b46461775f3f0eb2c69718b23f8c4c6898568cc5e99dc79213c3c3a94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8ec656a7f777fb74deb160b18f86939
SHA1 a78687aa1828ec53f74e1c681124d3920216a397
SHA256 5e6a1ca942181d2411ca9953b937d7bab3404ac84f215c5a43b0066358a42ac3
SHA512 739545e61019da739ba5e1e047885d374ea81fcf828ed7304badee40d0820ac201528723fc05261920c12cba05bafc6bd08025651d34b22dfc7fe4c1fda5a3ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 254d0a94a7aad86141d69f81a9b36e6b
SHA1 e1e36ddc1e8b8589db1e9f76c6e729040a5d930d
SHA256 6fbefd884ef6c2c90dfbf671db264c4f6eeba2d7282ea6806af2e15b250bb4b1
SHA512 dec086392d7a485e111cece2b167dc39ef778f4727d7c7950312a29f6814aed942b32423b915157cfd259a8aa2666ebe735561554767c4a23354fd5935da9518

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1694963e355cc8d6e93f6c6d97155949
SHA1 4c0215106af7caa02f42d0d623f60a408ccd8e30
SHA256 424cceae9d5c708983a6f914f0344fcce1926f044d4a786d23c9de3e83e2b97b
SHA512 3d9a17b043b5e0fa218784aec921a7eb8402092372ca24aa66278f71c09289804feca3ae4db5dde56be992fd6adab13e926b66e31f681026b8b16ed4b786d188

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b7999c67d8ef9306c1fb5ecb98f8bb1
SHA1 2358042e8e26ddfc466590b3b6bad0d7ad32bb55
SHA256 9069b8a4296cf134c27982d49a72f8968cf7a44d600240b376b2d7e2a9a3e0c9
SHA512 ffbc02c12712521d41da5a659e79e8d7a48d5c3679be60dde24d3a8781816355f8506d4f10e55ee27594bd5ed2ee3cdec7971b9f006dfe5d8f50692016cf035b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a366b0930823cb011b01d67407da753e
SHA1 9841b35d0313ba29db2f547de7dc1a1cba09b70d
SHA256 711d489664f23710f4e6b19f6df3d40bf662ce2697600f3e0b7821b3f1e15f2d
SHA512 4243f07150b3775a44e92a3fb1fecd29399633a5c538cc94bcd15a21410bb92bb1cff8a4ab0c7be3c4841da28ecccc5068bf6b14e2527b0fd349fe5941985137

Analysis: behavioral24

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win7-20230712-en

Max time kernel

120s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\app.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\app.js

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win10v2004-20230703-en

Max time kernel

140s

Max time network

156s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\angular-translate.min.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\angular-translate.min.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 63.13.109.52.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win10v2004-20230703-en

Max time kernel

140s

Max time network

146s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\bootstrap.min.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\bootstrap.min.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 254.20.238.8.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 218.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 233.141.123.20.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win7-20230712-en

Max time kernel

134s

Max time network

136s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\POLITICAS.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005a31a35914bcf84cb1db54e391e8cdcb00000000020000000000106600000001000020000000cba5fad5fff14c99ce5f6a8fbf50685ee52045fc14f780b0e2f0eec082dac92b000000000e80000000020000200000002927e4509b78c8f1456455c079580b5840c48c208552ba6107b3d9500fc07bb890000000368004d724b9cb1737db4453a1ca64caa1898056b54d2b3d065cf515e2d9e6318dfebce1a8ee671807cbaa397d5e6f506312112883bc8e7c380e2db5204c7b0666e67d5c0e14f8d3631defe008b038b7d8479c2e1726469ec4ef47f99238df53dee5d5289299472a3e08a739c736f466519311752de360cd16d2bca0f6c155270441719bb06517d764c9e738c38d7c9e4000000007ba1451fec51fb448c8319c699193bf439c87bca65877d4f509b85310c2cdda884d7180582c9aedcd1f927b7bfe7c202e645630c82d8e408624f86c4aed0564 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B7CC1591-3560-11EE-9480-6A17F358A96E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005a31a35914bcf84cb1db54e391e8cdcb000000000200000000001066000000010000200000008db0d095b3a751d6bbafe58d4551896c6a841b561326f155f1120a2396c780ca000000000e8000000002000020000000932cd681b44145f80b3e32044d2e3b46ed21d6181c5f360e055e20545938548d20000000120ab16909770085afb0d5e3d3edb1a23b3614f9dba590268cd9c67e72f366ab40000000acf2f440730bec5a0cc110338c2077172cd9df8bedfc67fb7d1978f43e77b8edb00d7fd57c977a66b7fd66241f5391bfe3610f7dc8d04fef3bd54291b0c04c73 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "397601871" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8002c58c6dc9d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\POLITICAS.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab8E3D.tmp

MD5 3ac860860707baaf32469fa7cc7c0192
SHA1 c33c2acdaba0e6fa41fd2f00f186804722477639
SHA256 d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904
SHA512 d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

C:\Users\Admin\AppData\Local\Temp\Tar8EAF.tmp

MD5 4ff65ad929cd9a367680e0e5b1c08166
SHA1 c0af0d4396bd1f15c45f39d3b849ba444233b3a2
SHA256 c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6
SHA512 f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bac6b0a83d31cf0ac3195ac0de3588b3
SHA1 60cfbade67759c2a343512e2d79ca5c4a5b524f4
SHA256 a03f9140cf783971c2e9a642a901bdca670b65f32392f6d609905e882c5b6109
SHA512 25739e1d557527969accafd1cd4dc8f683999dc5e87aecc66a04a46edfdea7ec2f7801a613c660619dcd8809b29525c6681b4c14d806a4c1e40a58c8f11644b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0ac93cd2b4b1af40e4531418359d2fb
SHA1 089ae684939c3090cfef44556d8ad893d9396ab5
SHA256 399a8fcb804cea0f964243fb5c97f06f963dcbba7407e269ae221bc428489c42
SHA512 1568a04ade7f539b6fca3f14e856eba06afff17191360eb79d3fff2c131874d9574b330711390274aeb92ce0d927280faa0386d3ec02f1a936b03665be5956bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb78a07bd0713faf9f1bdd955186e60d
SHA1 65b280629ddc986a44606fac98e3d4f8a4047e2c
SHA256 1e664d9c7f4975e787d62783b0920d2f32612f46f76a702f1b2283b1e16fdafe
SHA512 7038ac150e1020907174ae0fbebea6efb5f8cf5dc86ba54550ed1c7255a21563673b0b4b794b3bfaec8d18b493a7a1a8150ec5d7d9f4b13d51395d48c85245c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0d8cc2961e648ace7cf0dbf2adf0642
SHA1 b993d8f0d1b274ef95d7b32929e7f7198e41c536
SHA256 55d62e58c3be7b2b3e2cb53d582a241a1698f6b042cd64e465e3ed37c5468fbb
SHA512 f55dd8a57f14b72a866525906670eb38cab994c6debfc517ecd5d8e2328474f97478073a7a78085345da9a1426be55b80b8c114f41b9bd45c8aaf2f89a1524b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f08d07767c2a5c775193c58c3d2eab47
SHA1 862af673ab6896ae468583af2435893364ac6884
SHA256 b1e1e3e2f7487dacda0e463aca3c2a30d0be71efbdd115d37220bf49887d8afd
SHA512 e4dc52cb0a0cd51b3603e0d5076e43c140975c4cd3281e814b92bf11576d107d5e3b354de99008aef5f92f916112e95f0e489c7022627a370f0a8c8fa0af6d01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d9c9ce96a29bb2e6b568941659b85b6
SHA1 58dfd08e3b2a03706b6b891fea8fb75e46d3e08f
SHA256 f43faeddc3d3c3b2d35b08bbe7dcc7d918a1f14a905bdad92f56500577dd908a
SHA512 d771ee80ddde24e8bb965f66bb26cd7757edff0582758fbd8f518fe11382ec264ac5b790d1a1a387d96e7d1c4a4a0dda87058c358e40e6cfc4145d0cd02541bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5259dcf28cf41af1ccdf8be24400ee49
SHA1 cafee9f29c6d09cb870161b69866d749e7fa614a
SHA256 30c1793320bb76778df05b92f4503c430ebe607981246480371562e50a95256a
SHA512 8197dbee911a755bb428833538847565f06e6fa2099fcb18f45183e71505d3084256ffa729cbd9838294a45473c52a37fbfb2a28e078a869f9a0bc3235b106ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5ae11262687c4c719259b35ca195c59
SHA1 d7854f88708dcda5357a650b941efa4a3f232b92
SHA256 a87579bf704ed278c26f5c715ee55928f83e41474a1516ed9ef79212016872fe
SHA512 e2307faf72463f9582b9f23550128b373bec32fd6f562a2865532f4007e7cad949b4832adf4e9789c58156539a5ac7a1e69255d61393233f2838d14dd91f78e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc469aa4dd214b33e5b11b0740ff8312
SHA1 63593b836b7dd60c9c87d6e9dbd4cdfbd96a035e
SHA256 0b306ba03f924281963dcfe2fa0a198586e78a51c25e1c318fde23bf923c6244
SHA512 c2bda824bd8e794ea0e820a22c5e43979915862ad6d08cacab19bb641627d092f19de87d91068df2a2ee4c6972b75b7d755f7fd515009572da5ea8be40679520

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe3db67297cffac9bc0f1ef130ce23fa
SHA1 8cb784f6c3e9e7e4553752796fb124c71dd6815c
SHA256 ca86841474b4442aa7d2d3603e9b0396941a3ff8824015f56d09e7c5c5992554
SHA512 64cfab28c68191f88034e7a5f3c0fdbb41bcbbafdcc2af04f9b9b8fe733b305504d79d519c1167cbe22399b69e07874e89ad753c53631c18540b3d3f241304bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b177630cf21d5df91f070fb012738059
SHA1 3ff67138443d27e8c555012aef9826d36e8dcb07
SHA256 57142aaa1a4be2814ed294b35ad2a78f21871dcadb8eab9cec20d04ac8aeab9d
SHA512 b7fb9449ad3c715184b0d26f48d63f3e6a3d01cf4ea0c5f07db0838890bee39172e4a90e9f73b09b7a58ce73a2db2d06b0fbd2a197a5ffcda46d0593d795eaaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74aefc7e4082988636518f400de9949f
SHA1 7cac8af3ca60c82a37647a246f0ce2644f8cca57
SHA256 34729b154b26d409a8f6e1e9c96ec0dfaf738f39cbf41724c985564783184b62
SHA512 012c089f8ec6be9c5281c048c4cff0ae3d6375af8acd7e771485686803fd6d4029ce231cf66555b9037992346022aa168833a10bf0309a92a46ae56d1937b063

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0a78d7aca6f6cb98e8fa3d6ecbdd5e9
SHA1 04cc59abc5aeaa7dda8fae1d9d14338e02ca4581
SHA256 2483b1e179ffae838e3c315cf07f0f0c9bc3600060e6a45e8ba19fe524d53d9d
SHA512 8f378afd49fce4665beb262af2bf1d9aa71f7818fc536d826ed61b8bb7a13c89b99376062894f7a57b5c0066fca3bfbfb19c8728f01e36631dcdcfed3d28e57b

Analysis: behavioral17

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win10v2004-20230703-en

Max time kernel

142s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\YTPlayerView-iframe-player.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2357787373" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "398204977" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B7E9CA45-3560-11EE-B651-CA9BD619D26F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31050093" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "10023" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10023" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a060ce916dc9d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043db47ff6362a24abd0df5a96fa93c4600000000020000000000106600000001000020000000b08fa83ef998137168012f9ff166fc7a6004b9301eabdc579da8e65bd01a1ab2000000000e8000000002000020000000f3d4f9b69c6c48435f90a35011913949cd524cca49614338d2017a01ba1f7a5b200000001918d6d2bf97e9f2dc26cd253088dbdeb4a09eb2a1ec3a9b416136b27d4bdbb440000000ea83dab99d2ba018e9035997e337125b6d23f3c8471d9c1c848d88558f7b61f32161896b41ec21935c2df5730c1a1705a54ade431e577b7e1f92f35f0ef3b12a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2357787373" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10023" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31050093" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2370445272" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043db47ff6362a24abd0df5a96fa93c46000000000200000000001066000000010000200000001f90e6aac591d209225a7778c58d0dd891c0dfa7bca4336820e44eeeda4a876f000000000e800000000200002000000001bceb1fffc1a38916f2dadf31f75eea29dc1a5904e4919880ec4f588ade4efb200000007c03465968b12c5eabc583220667cd09af2d9e5928456b18428ee6e9fdc4e0f3400000009bce7d84d00433c911ed3fab65f4c10fdb0c10ee24ac0be0db6dc7aed4f1045fae3589e03e06e6a0af636fc1323f5091eb5989373d6979c003f1aa7994e94322 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8047da916dc9d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3195054982-4292022746-1467505928-1000\{736EB1C5-8E41-40EA-A085-2A13A39ECC58} C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\YTPlayerView-iframe-player.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4492 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 254.20.238.8.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 216.58.214.10:443 jnn-pa.googleapis.com tcp
NL 216.58.214.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 10.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 64.13.109.52.in-addr.arpa udp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 120.150.79.40.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\32XN203M\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\32XN203M\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\32XN203M\www.youtube[1].xml

MD5 a8756d1cb2e8cd97161924bc5a185cb8
SHA1 c3b2db99128133e85ffda8d25a1998b49b305872
SHA256 adebfc8075131a0cd55afa7fd8d36f562a050a105c1c1a5018e59f45a67f5a7b
SHA512 fc2e8e82dc695af27e2dfeacd92b30eecc1a4dd8aaa1958709a9644879814883258f658b343f5e23f850d333a168d7e9d1399d844ac314429ac1d5ce3196d716

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\32XN203M\www.youtube[1].xml

MD5 2c902d228ccc45b7eb71ef7cd1015dd3
SHA1 9c2192f27f61f6a9dd63a33874c89233397298a3
SHA256 8378122ce8f0168cc9ed5f28b7233100b599d709ac8b612b815bd8cebf8229d6
SHA512 8a1eb12257a11f342c5e68c3cbb3bdf16a852d35f05876e13c66c998ec8b2c66ccbd339b23bb65bf179185b9902d347cda0938ae2fbc37c61bd4c38f0d6dcc7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 2e36f3cef7a2ffe20695635dfa71228f
SHA1 0fae6b13bc7a3cde8b9ed7857d9e86e78e91624f
SHA256 d65db39b6f47ae702774e79d1431ef2ba708346b7fa7eb75fd6b8e7d056a38f6
SHA512 418b6a1d53fc7971db175ceaab31b1513bffd3a38df4ff26da7bbe3e95f0ad723dc9a44d7ab1fffcd36d72cd4fdaf8fb1ed9456a9ba65fbc5458dec97f3be720

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 adb480d5b514ded0f564ea11a50b6394
SHA1 7bb1c212267b243fa1c3e8fe6d4f85f5cee02dfc
SHA256 0412658328d7e5c54fb4bf364f8d9fa109c60ae828122d6f4d29ec6379d11f0e
SHA512 34aebd235cb83340b2098f99c5daa97a877e1b95c8f578dfabd8b749a7b69498b4c5f16c35f45071c4f08964503c65a18c3c06508aa9a7556d2250ec0ad9c255

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TTAFXRHP\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral18

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win7-20230712-en

Max time kernel

122s

Max time network

126s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\angular-translate.min.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\angular-translate.min.js

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win10v2004-20230703-en

Max time kernel

140s

Max time network

147s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\base.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\base.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 126.149.241.8.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 112.208.253.8.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win7-20230712-en

Max time kernel

118s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\angular.sanitize.min.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\angular.sanitize.min.js

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win10v2004-20230703-en

Max time kernel

138s

Max time network

159s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\apimiddleware.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\apimiddleware.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 218.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 233.141.123.20.in-addr.arpa udp
US 8.8.8.8:53 66.112.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win10v2004-20230703-en

Max time kernel

141s

Max time network

156s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\app.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\app.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 254.1.248.8.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 112.208.253.8.in-addr.arpa udp
US 8.8.8.8:53 1.77.109.52.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win10v2004-20230703-en

Max time kernel

141s

Max time network

157s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blank.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31050093" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80addb8e6dc9d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "398204978" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2352545921" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2352545921" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2385046094" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b00bcb8e6dc9d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31050093" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b4885326af1dd94bb4dd17ee5868703000000000020000000000106600000001000020000000be727ff5ea5a34a96e3a7bd81a1ecccdc93a423b55ef062a5962b5dea849ccbc000000000e800000000200002000000083744d5d0143226375a275cc8ca760a31800da49c0667c9b5452fbc2790aae13200000006d7b8d791e1ef4533ed74b187ebd4900487cfe63ed0d42e0c20be2ab8c1188c140000000853ae8a3945a97928aed71e980ac5ee9247f109ac4dbbb82f3eb3f734e41fd483a1b43c0c5402f40a1d28f4c4b9dbd315f67c0284f501004abce13fecc592ed6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31050093" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b4885326af1dd94bb4dd17ee5868703000000000020000000000106600000001000020000000a0fe85bf897f74ea4bef1a38ee452087a31756112513278f032d059061647cc5000000000e8000000002000020000000bf199148a348e18fd80ec2184ad3e6040069b30bf5059510a4825a4edf7f1f2e200000006d03644cb26322794492dda61ecdde924efd2d7ebaf623e18ab6bba76da81fde400000009fba3ed117b6c0ca83c8a0221f69157da958191b3ddb6c3be7477e0614b929476810f46d8e40b13f6f48e5739b2d386e2354a424b4d84cb6b1316da48e0d75c6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B7A702BD-3560-11EE-84C0-4E773A6B0D09} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blank.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:984 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 63.13.109.52.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 2e36f3cef7a2ffe20695635dfa71228f
SHA1 0fae6b13bc7a3cde8b9ed7857d9e86e78e91624f
SHA256 d65db39b6f47ae702774e79d1431ef2ba708346b7fa7eb75fd6b8e7d056a38f6
SHA512 418b6a1d53fc7971db175ceaab31b1513bffd3a38df4ff26da7bbe3e95f0ad723dc9a44d7ab1fffcd36d72cd4fdaf8fb1ed9456a9ba65fbc5458dec97f3be720

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 daf77965a64a28b2e0a550f5fb25fe01
SHA1 4990a1dfaad8005413ebc5ede7227a03b66a20fe
SHA256 2882acf91aebc6c605449241135a02f03d013e5525447b2ed1c8786f8080906c
SHA512 97dd84e95ecd715c444292d21da6f6dca39dbd253501a4bdfb1a14638da6a2d55966e4442b1708adcca6df2599c5160944bc0112ef178f7ac01423afb820e6d6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IEREYVXM\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral2

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:27

Platform

android-x64-20230621-en

Max time kernel

3517891s

Max time network

38s

Command Line

unknown.decline.return

Signatures

Ginp

banker trojan infostealer ginp

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json N/A N/A
N/A /data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json N/A N/A

Processes

unknown.decline.return

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 gunfirebob.top udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 jackblack.cc udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.250.179.168:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.27.188:5228 tcp

Files

/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json

MD5 399ad44f3cc66c9f1d473882d75db038
SHA1 2bda8a9f0f9f59e40b28eddd444d08c3cb0cec82
SHA256 1f563937a4ff9e143e0b00032376875c7cfe2d76e14d0675585b1bd2adee98d6
SHA512 35ce54d7768cf49f7344ffba65ec6a2ca55fcc68fe9d6f8d50e68d6a87b38e38ae504ada75c44173a380b89afbd395dec1a2e1c0751b51e967386df8425737a7

/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json

MD5 f0141bbe2b96842a489d9a97d7377658
SHA1 e5d6c7d6c487e8fcfcfd593d3d63e55f37026aeb
SHA256 356ab89ed459e9a7cbb9b39ebe9d2aabc0991cb1308bdba3c645a01ee93093ce
SHA512 0c0e42b8196974a6958990e3324d10ef255e4ec9642fd6c397ae6dda9c7c0abecbe6559ddb4b79fb7154ee42904d12c4dd300a1ed1483113f6c0d7802eaa975d

/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json

MD5 f0141bbe2b96842a489d9a97d7377658
SHA1 e5d6c7d6c487e8fcfcfd593d3d63e55f37026aeb
SHA256 356ab89ed459e9a7cbb9b39ebe9d2aabc0991cb1308bdba3c645a01ee93093ce
SHA512 0c0e42b8196974a6958990e3324d10ef255e4ec9642fd6c397ae6dda9c7c0abecbe6559ddb4b79fb7154ee42904d12c4dd300a1ed1483113f6c0d7802eaa975d

/data/user/0/unknown.decline.return/app_DynamicOptDex/oat/RxLyO.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral3

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

android-x64-arm64-20230621-en

Max time kernel

3518036s

Max time network

143s

Command Line

unknown.decline.return

Signatures

Ginp

banker trojan infostealer ginp

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

banker
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.getInstalledApplications N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json N/A N/A
N/A /data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Processes

unknown.decline.return

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 216.58.214.10:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 172.217.168.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 gunfirebob.top udp
US 1.1.1.1:53 jackblack.cc udp
US 1.1.1.1:53 jackblack.cc udp
US 1.1.1.1:53 android.apis.google.com udp

Files

/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json

MD5 399ad44f3cc66c9f1d473882d75db038
SHA1 2bda8a9f0f9f59e40b28eddd444d08c3cb0cec82
SHA256 1f563937a4ff9e143e0b00032376875c7cfe2d76e14d0675585b1bd2adee98d6
SHA512 35ce54d7768cf49f7344ffba65ec6a2ca55fcc68fe9d6f8d50e68d6a87b38e38ae504ada75c44173a380b89afbd395dec1a2e1c0751b51e967386df8425737a7

/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json

MD5 f0141bbe2b96842a489d9a97d7377658
SHA1 e5d6c7d6c487e8fcfcfd593d3d63e55f37026aeb
SHA256 356ab89ed459e9a7cbb9b39ebe9d2aabc0991cb1308bdba3c645a01ee93093ce
SHA512 0c0e42b8196974a6958990e3324d10ef255e4ec9642fd6c397ae6dda9c7c0abecbe6559ddb4b79fb7154ee42904d12c4dd300a1ed1483113f6c0d7802eaa975d

/data/user/0/unknown.decline.return/app_DynamicOptDex/RxLyO.json

MD5 f0141bbe2b96842a489d9a97d7377658
SHA1 e5d6c7d6c487e8fcfcfd593d3d63e55f37026aeb
SHA256 356ab89ed459e9a7cbb9b39ebe9d2aabc0991cb1308bdba3c645a01ee93093ce
SHA512 0c0e42b8196974a6958990e3324d10ef255e4ec9642fd6c397ae6dda9c7c0abecbe6559ddb4b79fb7154ee42904d12c4dd300a1ed1483113f6c0d7802eaa975d

/data/user/0/unknown.decline.return/app_DynamicOptDex/oat/RxLyO.json.cur.prof

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral7

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win10v2004-20230703-en

Max time kernel

91s

Max time network

154s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\FileBrowser.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31050093" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e70746b52f6804aba4142285479e7a800000000020000000000106600000001000020000000083a427fa9b185aabce49ffc554cad447a0836bb96d00af98b8deed1c47f4501000000000e80000000020000200000004e766a00b15f7124c9437bf8127037f2948c751cf41c35800a0f4f7523be496220000000acbcbf8b48c5fb3fdbb65dbe8931bb85275802d28fe5cd0cb172bf6b1d72f5c34000000007a006a9c18c449489198dfd147fd21286481debddaacab109fd0d58c26ae814518ac16c2c871f89dea60badfd42a402132c7bc0acf7d455f4fc2bb273b48ce1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B7558868-3560-11EE-B699-6A662EB9E81F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31050093" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31050093" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0ec6e8f6dc9d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2375943858" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2347818649" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2347818649" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "398204977" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e70746b52f6804aba4142285479e7a800000000020000000000106600000001000020000000be3957e3aff530d9bdf9d890e17b8830ada30e2e750c947699495ecd992caa7f000000000e80000000020000200000002e265f392c16f94a3dc2c5a4cd6e284e915bfd76a9f43ecb92c4097690821b1120000000897a9fd45ebd0871b64e03bda1ca23111caa39330deabdad4b08964800b02e5340000000616ee772a0522e0fa26fb8ca6f51f3850b53e48ef3f69643bc643c248c64b6ea4e1b1f56df475603a5809cdd1e4643605c0d90e538185a13ed115e2859271520 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00f8568f6dc9d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\FileBrowser.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1284 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 254.1.248.8.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 7d5714975d3d2a763bc7e00dc1be4e38
SHA1 af9143938151299c081187999afd868c6c478866
SHA256 4a4a1ea33d05e7404411889148c8a9106caf558f29e6f6c9fcd29434bef86851
SHA512 dd75b11e108517838769e75fde6aa83ac15e03a006da6e7319373d83e14f6ba6dff4ed06e4eba838f0ae9aa8769c54914d5908bbdc60fc67a0c245ab5e613337

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 2e36f3cef7a2ffe20695635dfa71228f
SHA1 0fae6b13bc7a3cde8b9ed7857d9e86e78e91624f
SHA256 d65db39b6f47ae702774e79d1431ef2ba708346b7fa7eb75fd6b8e7d056a38f6
SHA512 418b6a1d53fc7971db175ceaab31b1513bffd3a38df4ff26da7bbe3e95f0ad723dc9a44d7ab1fffcd36d72cd4fdaf8fb1ed9456a9ba65fbc5458dec97f3be720

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\C7IPBQYV\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral13

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win10v2004-20230703-en

Max time kernel

141s

Max time network

158s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\POLITICAS.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31050093" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31050093" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2377446027" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00e3988f6dc9d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "398204979" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2391508753" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2377446027" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31050093" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B9122CFF-3560-11EE-B699-4A1E53401E07} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e70746b52f6804aba4142285479e7a800000000020000000000106600000001000020000000f5e0203a13162229d97e5b04b01c62b57c505fab16900da99347a07c4917318f000000000e8000000002000020000000f8b7029fc83753474c1140d82803f1b13b38580e83fe25e50d12d4e607e8be252000000002f0c1c237d3c6ecc42f4e0dceff2af6daed16b8df0f89d499bb485dc52ed95f40000000d6bfc08edd6a67d7ba9a257895ec45da6e0ea30273e9513e7a5b9801fc6a081160144dcf67fe757638e1425eb4767a3fd04392c4a600ff70f88d4977c02f0963 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40a47e8f6dc9d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e70746b52f6804aba4142285479e7a8000000000200000000001066000000010000200000004317d02886ed0263f2cdc040a4d41c79a0758a2ea3db49bcc05796f245b5463f000000000e80000000020000200000003a132d62e76f6f6c1cc934297b0698165cc20d6e83423d0c93cf3ee6e29be3b6200000007f90589cd401473d87293bf900eb02d7ea24be74c6aa0544a79b4968f68dbf314000000052aeaeb82a25ecce71a23c3332006fa3290a0bab2d65ed09c2edaa5e931dfaf24c0860f3ecb98a0e5172cf136b4b9240a7c292baa5764722708a12599836a7cf C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\POLITICAS.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:920 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 233.141.123.20.in-addr.arpa udp
US 8.8.8.8:53 66.112.168.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 2e36f3cef7a2ffe20695635dfa71228f
SHA1 0fae6b13bc7a3cde8b9ed7857d9e86e78e91624f
SHA256 d65db39b6f47ae702774e79d1431ef2ba708346b7fa7eb75fd6b8e7d056a38f6
SHA512 418b6a1d53fc7971db175ceaab31b1513bffd3a38df4ff26da7bbe3e95f0ad723dc9a44d7ab1fffcd36d72cd4fdaf8fb1ed9456a9ba65fbc5458dec97f3be720

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 cb3aca98f8bfb7f9dacfdf85973458a7
SHA1 c23197552a186864e5ac7a6ea5a970bdfd0eebea
SHA256 f4bfb3bf54cf98fd58d801b7e0588d14b2ed583ad1d555453f5b9fd0edc0c4e2
SHA512 f40564d6bbdce21130fc2bf37a5d86175d41e251d4846911ca2d779a11ee4dd0796277d0f461b76c07e354b7bc2168bb03489d69783ef9e45abce852d3553d07

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\C7IPBQYV\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral15

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win10v2004-20230703-en

Max time kernel

142s

Max time network

148s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\WeReadApi.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\WeReadApi.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 254.1.248.8.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 254.20.238.8.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win7-20230712-en

Max time kernel

119s

Max time network

126s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\bootstrap.min.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\bootstrap.min.js

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win10v2004-20230703-en

Max time kernel

140s

Max time network

157s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\MediaPlatform.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\MediaPlatform.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 254.20.238.8.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 233.141.123.20.in-addr.arpa udp
US 8.8.8.8:53 66.112.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win7-20230712-en

Max time kernel

134s

Max time network

135s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CertificateWarning.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B6E76A81-3560-11EE-ABD2-66AFBA4EB959} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "397601869" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b14723a8e389564aa88fef2378dcfc6300000000020000000000106600000001000020000000ff9da8a8e363bf5e54715deee8217ad9060f57468486201920727cc62da90146000000000e80000000020000200000000436460126f378d9ccaf74be59167787cad1e6c5fbccd0a43580182d0276da4290000000ffe9abfb9529fcb8d7964dd6892a535d578e21c55553b8524a26848b58f3f5e492b9429c4a35d5344e47eb6e1e551231521ddd350201e7385e5eaaacd9f8346a54a9b695dbec18373b548def8a688bcb5677187c8a68637829aa3274861eef48e89fbc6e8432baab7b772d913de1e189140f949fe343b800e1c166755cc9fcdd6f8f06ab8a17ac9c474565aff2332ae640000000836d44826f03d7b1bb9dc6ebbb550d9be2d2619595f3fb45d33603dd608d88515c9cee04576f4d8ae23d4415a070cb0d58276e53ba849d3a0a55ec9852186ad2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b14723a8e389564aa88fef2378dcfc63000000000200000000001066000000010000200000008d90a108283042834da3a01f1d4760a2b20fa61329fa43c0413498e900075b11000000000e80000000020000200000009e6b55edb613dc3544b8b01ed8adc299a8e1522ddb5a9a592de60575dd2400bc200000009fe02defbdba1cda55c81729399abc56441225bd0e861d16b68cb3e1aaa13f2d4000000061641020f0c08c4fe0c91da0d98800aa766c9b9c5e5b2c70db501b160c7812e377570cd0949c5b3f2d3c54d5935691a7cda84ec8b7f72e00ae119f69765c0285 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 502dda8b6dc9d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CertificateWarning.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1860 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabADC0.tmp

MD5 3ac860860707baaf32469fa7cc7c0192
SHA1 c33c2acdaba0e6fa41fd2f00f186804722477639
SHA256 d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904
SHA512 d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

C:\Users\Admin\AppData\Local\Temp\TarAEDB.tmp

MD5 4ff65ad929cd9a367680e0e5b1c08166
SHA1 c0af0d4396bd1f15c45f39d3b849ba444233b3a2
SHA256 c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6
SHA512 f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 762394f74248c8d8502bd3932abd0346
SHA1 6d074de1f824acd9ed7d03de9f29177f53b67f9e
SHA256 093d50537e81ead3b6aa951f98e5d0acfba295cd8ad038c99dfe44aad33f13ee
SHA512 47e4c99b2dafd87dd7d7af15d9e0ce304dfc4123f93a7cdc7c121ed044a39aceea07ce697bcef8624fa4c94aa76d077e5e7502cac6109f4a4f8ea1bd7faf4981

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5488035c87ed737e1368ea6ecc32d721
SHA1 8a05d3613a7b45dd6f73fd359fb359fe1cb34ba8
SHA256 96fcf8ee05711edb2a466fc0e16718549449515b5016d02aa97997961ad50feb
SHA512 71b82605421136e295bab1568c7506bf09bfbbdcef7fb6e3a6d7e247ea89fcf3792f4694da4034aad9a4e4b8b36793b1e7984e5c7393d561f7ce439d45907cda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 adc2be8d51b6ad82d671a3e36866db16
SHA1 82bdd21f315a3d15f1593550f565195b8a571764
SHA256 d1c182ab7ddcb99b14887d80e35fde7186eb68628b684df1922e1e67c28d29c7
SHA512 a3c0adb723d6d61f63e069dfdd626efeca1aeb77f768ef2680e867b5730f9e19598080aa7c43ec9eee1d7d2153f403ed945081861f0937a17b209bf1b0ae55c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 188c8a1a4272758851a05e76004cb5a4
SHA1 0bde4cc3c07c4c0443199668ecc16c42da83df13
SHA256 89d04bdb7561cd18dfe541e6fb96c24c73e31964bb4fd429dd7fe623fd379a97
SHA512 7d45e2a60f91e82c1d111b7c2cf19e6ad47eebe3d9c9a3c82d42b6b7273267e7c02553a2f0db16a1283e718248aed6ec631d96d4d43df8b7bd334acedd16ae14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9828b8145a1dcae1d89a7336a6d802a
SHA1 b778593d99bc7c918d22676e620f6d6e57ff4de0
SHA256 935892694a1ece799912106d6cfa6a687377f141fd02a90f374fac5957609317
SHA512 b32a09e0c7c14770b4c02d7173c1515394f224e7194f37c4edf87e5bacac0dc1e888c1df035d1a9c3219bf85d856684b13bf730a78cc8059a782129a0b7a4923

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 771edaefe51bc2b6d62ba2982482a47d
SHA1 7eb5a717f5894a9ef2d67c578731be03b0162235
SHA256 9f53962f953d13db7349ddf9c4ff95a5753e2521bd9d69a09eb58eac3c7f577b
SHA512 700eaf2157d75ab758e6cf67ac9844f2316a501b810fab3101381eea0000899cfd7873dd669cb48913bda1e89e8febd718773bf87729b8ca71c7558c56314789

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba9f4cc5eb8e73f372103a852a9a5463
SHA1 fbd0527375005b3087804bd520201e7dd387a7b0
SHA256 a81cddfa097af055acb08966ea0ef04a5b622efb0c03baefeef0183e69813459
SHA512 4fbfbdc12d1ea5736d108bc99bf3cc245f29d67617a7207f994d12c5cc28cc94aafb8ea6e1762eb42d0daa87d07751c1d7ca92a1736d11886cca39b04a620cb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 869db8ece3fdde328f677736db140306
SHA1 be923bef2527557642edbe3389c501dc331b102a
SHA256 3f295c8b54194df2480406a47f660848206b07da61ad34fb5f3d3b82edc4f105
SHA512 64d6763edf2dcb43d45d82cf32800b6872ebf8392d6192dbb8594dced1b7eb3a89bddd7f55a4a27fe96b838af1202d78b9fc265fdc5b85ba4dc1d32d370c3576

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6a8c1de8904b526f6aa8fd1e3e2092f
SHA1 a51a445003c760d711cda179944ed61de8e0a894
SHA256 72616a8b12be50a8f2119a314959859baa1db5e41b772abd62f5230327583461
SHA512 05dba4bcb1092b280abbfcf3cf93d31eb299982ac744af4acde3b4e325c7715640486681a19abc10f1596744a56f62e065a128445c015b7ce609884b6734d18c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07f15df4d17dc20dc2fb0491a462f914
SHA1 8d83f057e75cb022e3140a9e2077a93d1661fe7c
SHA256 0a75b71f2507747e7c6ab97c99bf3ecf507e551e7e4ede595617e4af9ac7b636
SHA512 654d0d66a8232cbe7b9af54f72335a56e5fc570e17077cc5de5876e981f2819e6aa1233af5b368d6667b44836e0de3f99f949fd77e96b8ff4f7d6a4a10e8e28e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 331a73de0ef1259e1627e8c5569ee9b3
SHA1 b196a8e22ab7b1662f40058f8c29809157ba030b
SHA256 fff987d1d12dfe7ddd3a75fcee02a79b7c4397a40ce58a93378f520d8d474877
SHA512 b5cf87153f1304d0e65b2addfd1233fc406fcd02cb832b827e8ce58b6e47b67700870f877eb90de15471c89dd1b3151847cb9f3663ec282a98b7e1472b85b683

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c555b8268652e44bec761b91e66f03b
SHA1 1fe67b8caa6b549ebd91cbf6567070dac35c5729
SHA256 2507f5fb6fe93b69e3938a21bcb68d07db3601c0ab7b79acedf78dca5f73e5c0
SHA512 e543fe36016d35d0905fb29073f54390ca0daa0afcba1b9d59e0f4d487be9a93e966613e095f99cf029e35facc75721d7d83b19f5bc27febe04ac31511bb99db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b68083f07d8e418e35c9caa10b96cc13
SHA1 e49fa64612579f199fb4e48d7cce8d7b07e038c5
SHA256 f9fcfd98a23fe9067ed00f0acf6b27af4d4a1213f3f13a2cdbe1842ee55166ef
SHA512 4d60af5887fe1f587c38853995e2d0406830d032dcf012c1c5ec0f190dfd3dc466ab674bb68409709e4f3bb1a02af79cda6ae843c9f73e21f0e8f2db55bf8f98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 294150428c857dd34063a48725c63c33
SHA1 8728c3a5cef2f20aa8a9171f1d4a2fb3911cb291
SHA256 2fbeda75ef2f99eaafbc48f2c6d2b2bea1cce1a7706ae2a8c5c5d1ffde309d38
SHA512 5877138edd8c636c4249e882d2fb66f1bb2e12725181d5007c6c4838ee10c36c9a9d8e65ab697a2137aaeb8b430f6be46ce45eee7e830a40bd858e8e7ad090ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b60e3087c868e8651dbd925e35aedb79
SHA1 42844830209d67e3c6bddb10534cf14bdbf5c432
SHA256 2623854f210ed4bf6f49489f2157c672629586d10c5784c89aac3e215ffd5e21
SHA512 b6cf1123c9c740a31a26e9b8a79b69921b7babba5eedc9e682afef93d3ea8c62e065c286ed55723bf893942a3e2fed4a9861fcef4dd7394d055f90d53bcbf8f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0628b73b6055b08cff89ebb29de79e4
SHA1 58f042214176870e4c452dbabf495a87c0f6847a
SHA256 3107abbc88a8b8026e1a53ecf81cc42155b6fc48c065b0e4c2bcc45fbecd9f6e
SHA512 b8b9150144b55f01935180daa671c15707f8c3b4a2abb2dd654013a29e0e1aa0bd14c47d84ec5007b84079fbf8616c8edc67b3d56b501603ed3922e38f8f2a7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc6cc71abf0838cac305795590f2849d
SHA1 7b4fb2cb1a1348a61f6d47c9497dfe723e1193a9
SHA256 521d100daec7e346966ff26b468049c4eb340790a9a8403ceaa10e14558d2d8b
SHA512 a7259d2a9b4c67203c59e2fb67f0835887b7a6921a170c16dcb695bebfafee9adcef3e78f10f5436482e8165d5828c55fa0d2e03621aa2e133417d8568ea377d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe63975f36d1b27fd419e87cf34dd0a4
SHA1 0dc357547d1f41d38f2d80079f1f754c6999b7fb
SHA256 6301d06f5d6d7c4f22a98781fa405b131d68151ec502b19ef7369f39bbb8c767
SHA512 03ef4a7d3db0d024c0247324213e85206a8c627c444ef3fffa0949b64476051afbc4f8c17c5e6eac6625128335d00e4d5bcb11ca29b9828af80c14559bd7aecd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30d66e40fb8cd396b7ff9ff1344cab18
SHA1 923d980add91b80b42ea3066c98ba7d7343de992
SHA256 ce8c767345bdd49ec19301b2383f571f0135ecae4aa77a5e33388c043f1f9dd8
SHA512 3753cec2e0e7ab08117b0cb587c4da273b4466962d51a654be6aa57efb30dac894828eca1bba0da84a3e11fc690ed2d39cc648c954594902ba51d0be9dd239e5

Analysis: behavioral10

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win7-20230712-en

Max time kernel

121s

Max time network

125s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\OPENLCS.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\OPENLCS.js

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win7-20230712-en

Max time kernel

117s

Max time network

121s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\WeReadApi.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\WeReadApi.js

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win7-20230712-en

Max time kernel

122s

Max time network

126s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\apimiddleware.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\apimiddleware.js

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2023-08-07 20:26

Reported

2023-08-07 20:29

Platform

win7-20230712-en

Max time kernel

134s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blank.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70c94a8c6dc9d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "397601868" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b14723a8e389564aa88fef2378dcfc630000000002000000000010660000000100002000000095c52dd366462c1c5bb31d8eb378a57b5f0a54e737b834d1787a109b64ffd58f000000000e800000000200002000000086ca2135aa5a83ad2a1ac1100d8ddb1601ad9ee25cc96abf9cea04fcf1d2960f200000009a40104ba7b3b0c5ab62ce3ca2b3f81232b2905259fd047c90db82b40a451fbb40000000b5760813d1af8ec05498c22dfe912c244a547f104448fec0f0d27cab2c0596559ec6ad84d4b19ce30e9c3a7bf002cd4a67bc33656b38bf8502c046d6ff7d985d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B781C621-3560-11EE-B06A-E66BF7DF47AF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b14723a8e389564aa88fef2378dcfc63000000000200000000001066000000010000200000006f0121d3ef73a228221378390d4b41b74f50c9c7b8e6a757eddb4e60295de5f3000000000e80000000020000200000001808c4914b9210cca0eb698f6ac8aa2689b9b26c1504908aed249efdd94701f8900000004c86a5a63e1a2dad906673e163c69322d640554c6729e1ab617919f2844246a0c297ac7aa5a61658b23c43bf54711100f8dbf86c07b6baf162cd5978c0dc3a9d6309bf02964e6c06b2efcd78e72e9343805d10a61ebc915dfcbf1e5fc67d18bbcd15b47bbc0a52046019eb5a17a845340558c770ad6a65b6bcf19fd5992140af1514701684c3c5c89b796d79e50da0dd4000000064390c5d906dedfa82a1c39df3f44522bbf8dc113dd16842bbed4559d5a0e6ffd43a048f01d721205d9525ddd0c2eed736286d6432311dbf39bc678e63bc295f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blank.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab9002.tmp

MD5 3ac860860707baaf32469fa7cc7c0192
SHA1 c33c2acdaba0e6fa41fd2f00f186804722477639
SHA256 d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904
SHA512 d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

C:\Users\Admin\AppData\Local\Temp\Tar9073.tmp

MD5 4ff65ad929cd9a367680e0e5b1c08166
SHA1 c0af0d4396bd1f15c45f39d3b849ba444233b3a2
SHA256 c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6
SHA512 f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7fd3b94f70cb050f40bb962b2154650f
SHA1 b7cd4407715bbe2097e1b39831f7d6961df3b200
SHA256 c58ce4053d44f83188682d2732feae79765d59091243edc023739435b31888bf
SHA512 1395a8d9f994e365f41fbe8e0a93da589ffebdea367569a09c563b3e298d2f0cfe720ad4b51205119d9673bd2030543c577adbb588731df3b78c207e46adaf42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a17ed2e06f548d76f29f1d4d6dd6d1b
SHA1 959e485b7d60ccfd114114bc5ac481d66831c671
SHA256 9082a3eacae2852281ba8dc1486723f1e7c2a1732305f606cec299de1d7f8152
SHA512 95d252411f1a5d519032a4357d901c0acf2ec68a2a931640c38bae957dde87a53add50810b89602c400bd443f1ef69ab0d8702b260bc8ea2bda46bdcb9672dc0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2cbf27168370bdcd04c6f94c18b114a9
SHA1 60045f9ef1953f71df5bd6ea800666cbc7005a3a
SHA256 1e27f49ef31f7707eeb9f8a240aee3f5d7494ba2ff019ceb4eb99460f03b8836
SHA512 c34d20081454b5f328f213c5c84248f0ffcdc6b5daf56f3028556ffc5e2dd81961b4f8cdec17a020738c7a6ce2e32a54baf23c6fd4f1396a1807ebb496fe7149

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c0a2ed632b49204ee1e861a7a3a0f1f
SHA1 86d5ab3dece5087400cbe92931c50a384c5b3cad
SHA256 2c3f0cdfad0711379289b8a782e4bc2c0fef1ab16578e3168da610c544b103d6
SHA512 0b37d904466dfcdfe64cbbda2a3cea2561ed4e4ed99fd60052bb649af82c66c22ef10936dc0a8f12f27432c654feadacaf27fa1be527c9f4591db7b7219774a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 249a56b910ff94436176e1578822f4ac
SHA1 0dceb6653fbc09a20df5d002de5cf5733a68264d
SHA256 99936ca40f289e44dbdeca88ac59538aaf7d1cf6d9799b90497264aadb503a7f
SHA512 31345eb84dc58bbeb461950ef53704626a16a92fab8719a576ca85e68039be17c066633326aca859f7ba58f9cb24de4e3c7b8fd714375d8018f847d5594057f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4f98e31da9021df413b67f52e46e48d
SHA1 1778bde833acc813831f5d45477dc1b0a5917014
SHA256 3623425933191ae486e1f1f6508c313c13c78d3317558037ec90d72dddaf1429
SHA512 8d166ab3cebc01b684881da90a7613953cb8f2d53b1a63c698289b0aeb356ad2bd02b8c8f22e660afefa7ce01ded14aea527c2a1f26993c1b77a4d7134c95d70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29ee444d944bf04001c6a9fa7215fb94
SHA1 f6046c92f4d4865a0c00c51e176ba8233d13a542
SHA256 4f28e60e62cd39b3e66f5085b0a482577e508a5f1a4028697e2e4a74276825ec
SHA512 4e009dd65a3afb6da49b8bf9ff395696bd8b3ff20dc2389dbb0923e5357dc1c83d2bef2a4a30ddc96755202b0c5a0a1a5a4ba7fd8a69c32f7b30fb820786ccc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 665705cbfe4f42d66f2cc6f2480da473
SHA1 64656f60497be41381bfd3c27ab093c1a5fbef29
SHA256 0c18d8fb2b0c63cd2206f6380d59462833467d20efe3f9499e4277f9f165bc0d
SHA512 d69555cf1c29e4a2fabff08c750ff8c3e4ea859630e96a68c118e0a1deb33303cae36d510f423759d428710eb2fb90c1bc7e0419a2479e5ee5fd22659dd10803

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 233b7148a9b26c7b698b769eb3238ec4
SHA1 b7b9084551df4f8a21056cd871a939f17c2ef86a
SHA256 5a9ad5a5036bab9209a2b7a4acdca968f66eb82b54533722957bbdf9535099a7
SHA512 3f54f1435311521688dcf7368364f1b910278a423b5b1fb6d3fcac192a10e7903c3bc1c108d2cbd207bc435c40b23ee3bcee52f7ba04d1df76f63ed8b700deb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c34fabdb15c99c52f908c5f62a5d796
SHA1 da68d3cddbabc8090889eb64dfc9b9365da78190
SHA256 e70488489cd1532fcbb76f858943cd2299d8e0c78e97f3bb0685fdb0afc954de
SHA512 cab851b360c6046931278f9af7c6cdcd9d460e3c49817949fae0c9d254b3970a23e4ad7108249705fa25f1065b7c1cf741bbebe547378223a740e4059ffbc4e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b83ae5e36ac3dd94293e3207c00a2242
SHA1 445c847ca6c5e3e001142e21e1169b3f5cbea01d
SHA256 14aa8631b237193bba877c1ea827c1453beade1166678e98fcf77c6f7de0d0ef
SHA512 91f0fe627e04ba9b2f7d7d37c5a1641a32d861e78292a9256bd83acaca40333f868df72de0708005f312664f3a2f59f2c75656ef4f02e975f31f2291ef8b7219

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 983ede9d7069119c3d57fd3da4c1bd72
SHA1 40ce8bb2b08e9df7409fa28cc2d0bee7a3d448b5
SHA256 5bf6ff537a8f6acff25aa3403349ca08e86242a590b143c77825d043928afbc6
SHA512 c3ac83be5b1f58c8ba21bc8f8558627aa0cf38df8ec8fbea9d101efbbfe33ba9c675312caf20b097e5a2dec5554257ce2da9a743a488712b6e280b36070cef90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be712dcfffbcb36fa6741b865e0272e1
SHA1 6c8419d1db7cc693f545685685f84c62194c28c0
SHA256 c30b629fda54326e680eb53604600e7ddded8c74b0068c5a1214ce4c83944e6e
SHA512 433ef77e5bed81470c15cc6cf114627cff81c1151eb7109b1b2812e540654d540024d65b6832dc9bf3fcadbbdfecdac7168d213d6f9a44772a85a359f96a0890

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2037232411a76443063f8de75139ae52
SHA1 cff89b817d244b0365627bdb45951c4e4eb6f2ea
SHA256 f42da7038a7d876a10b1399618743fd99318f90e246cd7e2db0e47edcb8436d3
SHA512 0d6182b8b6cf9283808d81eafc1582d9e1cdd2117feeb3a626b3cf0bd3e6008413a2ad69ec5a2d22df08adcb3a29d21e57df8a282e555884ab745db478c799cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0dca8ae9d0bec861a5871a8501fc1e4
SHA1 2b4ae78ae6cb80e25ff54ed9780f42bfb2a0a48b
SHA256 6f505074f27e4b782ce83002c1f2fa38cacebc90b4123ff640e7dd39727b0242
SHA512 11371bc0f58a05fa9e4771bf8defcf4eb55fcb10b0b1cdd1dfdd432f89bf52d28288d83737a7e627f9dc186a8d6dbb7c7311e13b3e59de73141adfb386463c26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5cb47903ff420ef42157fc09ac637c6
SHA1 7ca6c5580dac0e632addaa9b65500ba3ac14935d
SHA256 69b36929490cc116cad32a8cd23cd770bdacc2151e812382290c76dc8188981a
SHA512 155f494d0602190f87c399ef2814194ff9cb536f56b9953b06e9ab043811480d37d0f872b330c2822c1eb64cf72086c11b1c07d917605499a9eeedac12346cdb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0034b752cf23fa05a43495fb60a87cbe
SHA1 945f9cbf3e8fb9b42d2f1e77429a9f0a6691f22b
SHA256 1f8babc0d776362c35b72e6569e00d59233639c9a024788150d6f78a3ddf8ba3
SHA512 771825adcc20702c119556c9b2145c0d23c42e593856fa7d57839009f31d1d1e71cdebb6240760993b2d100184faf20468745bf228818166cf2323d40fe748a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f94f76b15027af7745f44092299f3152
SHA1 a377d059b076b7ac80b5fb39c513ef86e0e6f826
SHA256 8fbdc8ebef254fc8af7b54c1425d6c35fa8e8a3bca1c37701532ab6a6211eedb
SHA512 9ba338725ea05a862ffabddf99596980e79bcb070c1aa70798797776df864238d6234879edd7c03274b2317a2725750f209b29d3154c0af289f49e94f289c674

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 069312ba5146576043b1d47a0af7dd45
SHA1 f7b8445f5df24f870721d645612d93856d84f918
SHA256 d97696c81a4c931b86a908e7c3add988231923a0f81d69410138272f137c90c6
SHA512 fe3e2fe6b2d378397ff1f20888c98bb0178fb8a6ae0b7a4f88054bb0372feba2afe265a0f7ff9e3eb01a3a79798b06c5de96408fc0691927ca489fcf00748733