Analysis Overview
SHA256
1de884f307ee10b814a9956404829a28e0ca6b8eff2262c90bd265365b52d8f5
Threat Level: Known bad
The file GB_B10851cyz.apk was found to be: Known bad.
Malicious Activity Summary
Gigabud
Requests dangerous framework permissions
Program crash
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-08-31 08:23
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Required to be able to advertise and connect to nearby devices via Wi-Fi. | android.permission.NEARBY_WIFI_DEVICES | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to write the user's contacts data. | android.permission.WRITE_CONTACTS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read audio files from external storage. | android.permission.READ_MEDIA_AUDIO | N/A | N/A |
| Allows an application to read image files from external storage. | android.permission.READ_MEDIA_IMAGES | N/A | N/A |
| Allows an application to read video files from external storage. | android.permission.READ_MEDIA_VIDEO | N/A | N/A |
| Allows an application to read user selected media files from external storage. | android.permission.READ_MEDIA_VISUAL_USER_SELECTED | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
Analysis: behavioral9
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win10v2004-20230703-en
Max time kernel
139s
Max time network
157s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WerFault.exe | C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE |
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\clockDarkTheme.xml"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 412 -p 4232 -ip 4232
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4232 -s 452
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.173.189.20.in-addr.arpa | udp |
Files
memory/4232-1-0x00007FFD5CC30000-0x00007FFD5CE25000-memory.dmp
memory/4232-0-0x00007FFD1CCB0000-0x00007FFD1CCC0000-memory.dmp
memory/4232-2-0x00007FFD5CC30000-0x00007FFD5CE25000-memory.dmp
memory/4232-3-0x00007FFD5A350000-0x00007FFD5A619000-memory.dmp
memory/4232-4-0x00007FFD1CCB0000-0x00007FFD1CCC0000-memory.dmp
memory/4232-5-0x00007FFD5CC30000-0x00007FFD5CE25000-memory.dmp
Analysis: behavioral10
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win7-20230712-en
Max time kernel
138s
Max time network
139s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C714D761-47FA-11EE-9242-76E02A742FF7} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000e8664bdb653864eb3b20ffc0ad3b02100000000020000000000106600000001000020000000c1726c115aa7a35b57e93f659bec6319e9e3249a6f5ab921c116a722cf11735e000000000e80000000020000200000000105a86bf4ba661d2b023bca83efb34e4043a51e012933677d7ec220ccb81ff7900000008b3e44b160e68001bda8affa48fd326895c084053d752cb2f0df6a3f1e7dc63fbe6b8aff6b29a8c73bc654abe06ce7951548f1ddcac2ae1287cba452e54d6baeeb7c9880841cd33abb8e2a455427f54760d5599f27f8a8d2427ce412ccda977c6556350ee177d0a984ca6d1e9fa1af1e0030892da7654ca8c237b54d1c24b13e155daa651b6d2c70275c8eedf144bb7040000000ad1ff8005462ec8f21d77535b6d357e0ab01c48c2eaf21edd11c970a65aadefb549783e89c54c81a288e41da885373b96d052bc8b6c91aed427f63c28aa07cc3 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "399647158" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d09fd99c07dcd901 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000e8664bdb653864eb3b20ffc0ad3b02100000000020000000000106600000001000020000000ba2be0f3e184693be8f86445c9eaa63bfd5d1f9d4a33af68345438dcff64e7d7000000000e80000000020000200000007bf296478d2fd005c567efb151e14ea16478788858cf5a698a18c70f6f882f46200000008324363bdc17ea4725bd9486bb2e745d0707939bc0e1731af852bab4b5f0471e40000000511482c7fbd8cc5af2b20fbe80c9005db61e4a3caa9ddffecbbb687944832d38c29472bd3d4242031a73e893cdcaaad8331681cace2ffe47282faf928f6eb068 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\clockLightTheme.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:768 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabBD76.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\TarBEB7.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af0c8658777daac19470cd140b993a00 |
| SHA1 | 00c06c3a2238239d54597c3ddb1d7a7282fc6e7f |
| SHA256 | d427a980659c01a99618251e5015a92cfc3a982d008007dad36f637020fa47ba |
| SHA512 | 8305bb311dd36fc9b38c168712048c734004d0d16b98c684ed1b2664ad589500c8c070a188584b906b55ad0e4ce90839983c3768a5151d9d684be3d388b1b1b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d70d97c0efb1ee1a5abadc20851113a4 |
| SHA1 | 15186cbcaa3cea009f9fce34b825832e99ce25d8 |
| SHA256 | da3d0760262f89f0b4d02c48e71d5a4626ef125e445a2b4c6d9070beee80b47d |
| SHA512 | 21e33299d1473317d06093077486ebf0a282065bb920cf7caee4dc9d625e9031420d8965214e4921c819ed92c95308a7a80c8f92c401c2566d5743dd44cf6e3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a986b98d9d90cace1252691cb002837b |
| SHA1 | f92a06404ab906b15e7107311bb5139d9315511f |
| SHA256 | 6bffcf0eec4ca845f30bc974d12994c1b3eab3d5cf56b9ddd03c0f6d9f947857 |
| SHA512 | 34020895b537a6e4cf7b73ea29bf2a6c7c23628f9143c9357124075044c33d8043bd57b1adec770b9ac32ce0f0fe60cd22085cd7456b48336303ff83f16434a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | facd19f310337baeb158a2aa5ea0d31a |
| SHA1 | bef29b05ed4adb305ee38e6ecf92d8ecc389c79b |
| SHA256 | c167e8cce7035626487912709fe92903b56b0c71e3d7df5574067b6d8f290fea |
| SHA512 | 27b82a7ffaa0f7000003c9c8c01c8f5f418cfcd3672b6e08d06857bcc35f01fb471f45c48ad7425eb44b9b6fb264c511bdfb22744704508c550f914219658d38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52461811f0d9612f4e7821c2eecdc20c |
| SHA1 | 12d3520da4568213c26d15d1436c2b08844799a9 |
| SHA256 | 37ee8f741fb7b247da503d2c763c1ebd68af2b543ece5df839806f17553a0afc |
| SHA512 | dde12d12c564033eca2f3a927c9f84b5c9ca61ab8017245b8fadf9e325c2e96f7bdad1cbe634fdaad99a199e1b2821baae4a1205afbce20f81ae7fa2fcd1f11f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f35e45fb19deccee4e1d915d9041a944 |
| SHA1 | a4b4e2b3ce1eebb6f460bf5efbbd2e66af52e9af |
| SHA256 | 1a930540f88df698f3341ee3b2ed5cf08b71cfde1498717ab06f71243db531db |
| SHA512 | ccb48f959abbefe9f9dd7f9767f04605d0f7daba17be253a033f5241fae41b8de1f7b4332bdb92182b7db143ba6a3651a83e3b9038076712633d4bec12eb79ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4538a2417891b30682e9aaff6c5c2aa7 |
| SHA1 | 4c6490cba75400ab17812e6521f98c9fcdf8861d |
| SHA256 | 73fac41fed18b29a66eeb2e53db3c626d3583ce232f41a42ab3333f60258ea6a |
| SHA512 | cf924e123a03aa3d7cc9cc20d7d98f8223fb35cb297e96604f89bd46e57ef5a26672eda2827626f3607bdfb9beada61889b581740ea81abcec7ca820711668ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a502049444fadbf2cedb9224ac4304c |
| SHA1 | 8b6c6585788156d535937c135c26a592de93ba81 |
| SHA256 | 4c88b2750765ec62f628c90caacb4ddaffcd4b889003beaa5ae703b3cc4b5292 |
| SHA512 | b817cd74059f8e7f1f75aa017198b948670056aeaf8187cb32a3066ae193ed8d73ccaf7fd8587bebeef166e5eaaa57cf04f3eb3a8e8fd333ea0d50fbfa36dbd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 989eeb8bfe5ddcc361ad9fe1170d1c1b |
| SHA1 | 418bc2fa417fcf4d5a7afe66131e12f821e6c7f6 |
| SHA256 | b26ccd6c37e414565c1517cc8567d19cc8c8247a614231125c3dd8e2cd667115 |
| SHA512 | 835428a5b36c2caf0a4b65eab7976171bb88b98dbf0b32a58f30499d41e1fc7f3ed811103492d013e9d4a6ec109b6eedcc6523a61256128ff422598ce326bf11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0a4b739d06d2aad8253d09bd3e3fadd |
| SHA1 | 68b0cf64a7c5a93ceca9133169feb9b7642b48f5 |
| SHA256 | 657fd91e9c1b2910aaed3477d7c46d5bfc78e1725006f0e07eab008fb057db0c |
| SHA512 | eef78b5160599e6c2315477cb2f857729ef268e8e6dc7d5c13d6e43062dcfbb59001ad7a57ec846bc91dc18a05db5e7c2b2e3d428d03246dfe9a8e1c51e8f24e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45a5966d8572883ea454d667ae735fb2 |
| SHA1 | db2fa71913e7be7ec023dc98c7e83a4a82c6edf7 |
| SHA256 | 68e47af6ba94eccca4e72b6e84e21efa4d74de6bedfc284eca4b646e00f1da2d |
| SHA512 | 75da99bc4e44514170d6a1b0c50202c0d9c81df2499747359c9acfb65fb34b988fc86bcf39dd9760c8b42f60c408a08431e2ab34f14849832e817abfce9b9bbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f2a30f84630542963feca8d45986966 |
| SHA1 | 9a14d4ea2579f10684d7aa8e8598367a8a7d9542 |
| SHA256 | 0463886eea101bd41d3c28bc861b61cfd845d48426a14e9a69d451f54679f150 |
| SHA512 | 3001010a654ee3684f3a49495223ea3f8bb27d7821921889d614434074068a6277a4e905d12e8c2af83812dca3e174fd2392051ad5f89d4d94bcae8aa37760a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b91d27cb055a4f8020bd6f7672b01ac8 |
| SHA1 | c530a3972953d85f8680273f0e057471cdad15f2 |
| SHA256 | 673574305bd104958383f45871cb281a1847df5151d66fa8bdcda9adaf3a838b |
| SHA512 | 4258f4f75ceb334fec2933ecb6b4ab58a3b03c77c381a087014d07ebab6d77bbb99b152db2ff909503afe0e271e28edf9bdcd3e57a0267f41f76ff6b706472ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec2942f2f0be971d341fca0c164e3af2 |
| SHA1 | 146e0605cb3c8317b08e5094a6b1f4d504ec4e44 |
| SHA256 | 3de31e586643fdcc513e11ac6100c1caaccb7f8d895dcbb8bb7c88447c433162 |
| SHA512 | e72f137a5919ec451e1555a4316073ab894186f23022212fa9c40b459c46e405f49cf1147c9babe1b37d50d6f86274cd3ca23691db73a26196d3b48a659ce91c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6f20ec8c76a3745a6105f842b12e81b |
| SHA1 | a2a004224820e0098a9277f1622e83a8af0a1aad |
| SHA256 | fc98a71ed25b945d279850dafeac2b5a7a138fc66aef3f4aebf6070cf8ecbd95 |
| SHA512 | e36898b2fc38e2996ddf1727855bfb72bfe6681e7b40d22c722826b141376f996f3cb79966433eed6a0d256a19399e575909a3f22746ee030215bf32a4cd2b27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20565bcac4a9b23addaa3838ad09f21c |
| SHA1 | 6cf0b0f55320c7bae7a947c984899eb79411ea09 |
| SHA256 | f59850b39c3c6092fc54c7b581ecbdf50d1c3b89c83558e3b7e316e4719b8d29 |
| SHA512 | 152f991f3c07ef81b787644c28d7dbfb70fa2d612ab7c9edb3bb35bff7034e7e53a855602b000b291e081fac9c895be56b97188f2c43cc9df7780b9dc247cf02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab9766068b2ba656145542313ebb72a3 |
| SHA1 | f577cecd016dcac8eda47faf238423350d15979a |
| SHA256 | b03a768c4a7b9d689731fe14e7aa26b00471298f0206283404dd2c649245b20a |
| SHA512 | 8f0ec7b1b4957c1fe3c1fe57dfcbb33dd981d2d7b4c53ad0218a70a546493b8d8bf3cbd9b1665d43732a360fc1fb6738a4723277bae1603e66f236ff7e363ff0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9a741ed98c37baf65b6536258724c15 |
| SHA1 | 6f70ad8d9128367a0a2c69651dbea8b6d99293f8 |
| SHA256 | 2e9515b8cfe5ebb1ecf775c209ba915ec4f1dc48124ef6264af62f9abc9da2cd |
| SHA512 | c87fb650c6f1b6acf0b4c8e51dbfbc277f3f67a74aea7f47234847a9b6dbd7c3581bf0011c0272970852a224b4ab2a6d12eaf42968ac033d60a91572d05d1925 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed3821ae00715caf7ee4a28be03982f4 |
| SHA1 | 258d743654937a6f1443e0bf9333716019d18b96 |
| SHA256 | ec6288ce239a6d9c504b159ad49ad1ebc2024f5d216ed816439d71cfb743ab36 |
| SHA512 | 162a428608e5bf21fac515f57706f41b10e2bdb519ca20c27c79df39b9c7e63119da8ca172b75f76d16013c277e7f2da715e700bbf1377879c37ec222d162f7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f2a23a8a05a26a04e283144699c38f0 |
| SHA1 | 8d3da7140319235051878355c44458d519172fcc |
| SHA256 | e51d53e8086b9493f47c146294afd79ffb64265acaa5f8f3edfcd444160fdd76 |
| SHA512 | b67975a87220dd4cdea078af53ca7e5a837e1c1dddfe97b00168c76ab508e121a5f7d9a2dccadf3f8af337c16f52fab58e337a6afcfc79be4e03468ada42faf7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d787c5e49e3c0db5f7280682b671d3f |
| SHA1 | c6e1031fdc80c882d2f400d21b69f5bf5c1b7a6b |
| SHA256 | 2062bb82d4b05b720e0dcac4c4ec864fd3ac1ba53b5e6ee4da2e55b174eb26c4 |
| SHA512 | b586d2429198b69840334d7aec016b4ae5afedb4cb2132acc36ecd3674a253dbbbd21c164a425a2c2313ea0eaec0291a61a109977455c761c7bc1d4eb13f05f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 550d202d0779c6e68a5670fc2771f965 |
| SHA1 | c39504d6cdb96aa673bec65b39d2369bc484c465 |
| SHA256 | e3fe5ce73847e36c1dfc10ba18e25e4e017161f431e32e045844ad7d8dae5df8 |
| SHA512 | 1f9fe8a1b4663efe967c1a1fee5adb8abef847ff9fbcd3fc0e8afd585275460363fc4512ca9227dc9f19b6edcaf3c5bfcb630dac38c8e098fa6981198a259afd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe80a96504ddf5f0130e335e0ffbaa28 |
| SHA1 | c91b35893f7be4ad33a0e02b17fd46ad3b76f63b |
| SHA256 | cb170846b6b89a3d591cec4a283bbca76767bc39edec025125e878b71a1f9f49 |
| SHA512 | d805c11bbdec82803e7d37787b172f843cd37d6d17bf42045270e9e7e4381224dd7dd70a5734b00ac59d3ae3b875b6fab1727c98b702723a46c11d2661254d90 |
Analysis: behavioral7
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win10v2004-20230703-en
Max time kernel
137s
Max time network
158s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0eb10a207dcd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31054855" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2621204631" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000052a69338ef97e94eb4d938c2816c6e0d00000000020000000000106600000001000020000000e842d447e8d294d4c8d067aa2549af00981c8e9db744900de2eef1cab75885c4000000000e80000000020000200000008e8945c32c0dbfe3ec5cf62550d047eea423238c2985659d7e42a603de31cbff20000000efd0364b9c621f4b2e31ae5e95e12c943d5c8f721cc5589c22c82ef3fa608cdb4000000055b1a558a81fb21c8d6c8b11a9f1c2ebfe2d17d43c16e31e421257a4d23c92a4d4824193d91a958f76d008c146870e486698e7d8cc576dae6d56a3c7304d7b69 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 804826a207dcd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31054855" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2688860849" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "400250272" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C78DBA73-47FA-11EE-A95E-CE28E34818EB} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31054855" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000052a69338ef97e94eb4d938c2816c6e0d0000000002000000000010660000000100002000000085f5551e41452be1fc7d1f3a767c1d532d333411a967a7075af69b7f0d6e48c4000000000e800000000200002000000033090fca3b3fab6bab06034b6a106d4675fdccdbe1c4acc6ea2224d6c389ef6e2000000094f7acccaa813e7c62691bb29a169b542a28f78ef8f1209e2abfe629569f013b40000000043fe2f38c76ebbd621494ec5ebbb4aa40afcac33186c55c628389a5e79ae802da414cdf47292dd715a23f4a2d3595dbe1edab818e71b0c1d7f3779b49320b6a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2621204631" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4132 wrote to memory of 1664 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4132 wrote to memory of 1664 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4132 wrote to memory of 1664 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\changelog.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4132 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.177.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.8.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 9eb67e9a8861de92583990188129fc0c |
| SHA1 | b01fbc8fae9dc4e6f521ae30e8087ef833b607c4 |
| SHA256 | 81bb7f8592e696e27f59be57babb1766a090a8e5f8cdb23e677582a180342da8 |
| SHA512 | d64a9f111f5dcec7f71394ae5bd53518a7619f3f348346798e3eae15612da22c448b62d3f2bd82dda7904e7715224693eb3d17cb52717fd3cc43ef57a7e64125 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | c890b903fcec9cf731ff05696767d3b4 |
| SHA1 | 02173ab9596c44d68deb2376ebdd18681fd35088 |
| SHA256 | 7af23c976085389fd7e24692412ae2f38b6ce66b5494baf6c05465ac336f0811 |
| SHA512 | cb509b719fad2cbe879a19cfc606cef0a6fb5f61c6bd9baf230c8e124fa755225c50ef7d58eb0889a083fc859015f469a92f09c0bd9eaa5ceab3e8fca85bf01a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E3D8ZC6J\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral12
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win7-20230824-en
Max time kernel
122s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CA1E75B1-47FA-11EE-B587-7A036C616DFE} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007527a1bfe6a818429fcd5676e9b72b27000000000200000000001066000000010000200000009f53b8412427eb32e7eba4fcbfbe5a56771adab09ad6aaa24ade824873a58ef3000000000e8000000002000020000000c108cc53cd2f4f3bac06269e0a178ee406d24f3e9d4dfaf1a16c5e95d521b5c1900000009b0e2db1c80cc3b342980b9551668f884fc87e81bda18ae5deb7af26c32822bfb2afc1a22bed106f6a710b6ea0afe1726931aeea8642b9404bbc692f59811ee2ad5f79436c15635d2fb01f0fd983a6bb54294a2853b1ff278f2ac03359a33f8e31850d6a778ba90a86415e49f5aab08dbe732c74843c9d4831fea1a91450172e6c8aedb7c8f7b56f59f972c4f54dd3bf40000000db1425c8987dc584b1c3ced2f5ca758264a8e6f0987d7e632896636429a5fb14658c25afffa1be904857c82a6e981cd6a20698fed84aeeec11ba61abc77b65cb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "399647163" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c064eea007dcd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007527a1bfe6a818429fcd5676e9b72b2700000000020000000000106600000001000020000000097abb449bdf77f69d09e1dc4fa4b27ee40822bfb95969c66382e76f7038ad9e000000000e80000000020000200000001e6b7c0d9b2df2571c9b3600d29f7d3adc9af677b558e60730618811cbdda2a3200000002507a5448ca36d8191d835b262c2c03b9e8e5ec18c72695389dadc80bac81344400000006f53f69fb82baa84c64b2d9f4903352f7a6616c20f24d049e864826adf668aa9a9bc30b7816ff8801d69791ca096a3a44bb821718f93bea10c74c5ec23c446a3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 868 wrote to memory of 2200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 868 wrote to memory of 2200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 868 wrote to memory of 2200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 868 wrote to memory of 2200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\credits.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:868 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4AE7.tmp
| MD5 | e56ec378251cd65923ad88c1e14d0b6e |
| SHA1 | 7f5d986e0a34dd81487f6439fb0446ffa52a712e |
| SHA256 | 32ccf567c07b62b6078cf03d097e21cbf7ef67a4ce312c9c34a47f865b3ad0a0 |
| SHA512 | 2737a622ca45b532aebc202184b3e35cde8684e5296cb1f008e7831921be2895a43f952c1df88d33011a7b9586aafbd88483f6c134cb5e8e98c236f5abb5f3aa |
C:\Users\Admin\AppData\Local\Temp\Cab4B67.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar4CB4.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f881a11c818573735ef21c2af2eab723 |
| SHA1 | f94d92a261d0a51454c817b39b792b8b4c1c2cee |
| SHA256 | c6c6e50f1322bc201829ff3bf864b860833fa15cff87e7b03da4f29965c0254e |
| SHA512 | 91425081d9583d9ee15dca89511275ceb95e45494fb954d2798239dcefbe3323db48ba3246932ac0350d49f1bdf54acd04782a822aa4c7b008ac64c114337120 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63b09862e0cb0a629ab4b54078295afc |
| SHA1 | ae61e6aa609f137d10252bc000eead0383e68943 |
| SHA256 | cb3844236abe535a671088640c76c4abab6f0e306443a8c6d70b2b4bdf27c660 |
| SHA512 | ad8d7889bbcfb26f283c263e0e94e674c5539d3e31d59fee24f1602762c80d92c7c803e5fa7f4acf4fadeb9f60a1610a817547e54f1690e93af526c1a72a9071 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c551045ea6f2dd8ad6da60beb3def5ae |
| SHA1 | 33e9ad8606de1293b7f23450e90258b21cc2725a |
| SHA256 | aed019a833c79753dc970211714af837dd28553b1c1f33328b3947e99ba348ea |
| SHA512 | 7ad695c56828d2054bbb27bdc9a3f29bf7467e3374ac1c0cd29da4db54d56d5e625cf3c663bda62cacdedb5f990f90bfd5fee3780ca4b6a0ab43c67eb9ab27d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d9da3fc008dc7196eeb63517f50758f |
| SHA1 | 6cb7ee6c2492068ab9df7f536063e8d8a0309b37 |
| SHA256 | 44d532c399a0f2ed97715f7676542341096224ccab1044f10d251c41d72e775b |
| SHA512 | f5bfe11648d4d8b7a9bd9e55aa9d8ba5504c77c05ea62ecc9790cefdd80dd7fa8afeb22ba52bc1454fa6d2813238240030bbce5b1a25ef1e2b97cc63280fdee7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdfdd5b15d8a9745aff47586280704e3 |
| SHA1 | 0ebb789ffffd3ae82db2f808c0a6c8444497a61e |
| SHA256 | c93d58d15bfb8907f9c683bc1196806b3d8dc9362453818ffeef3a3546d12c62 |
| SHA512 | 85598c012fd61fdd3fc5201aa98b4a4916a341450a621023a68d619a47de2725948f7cac113b938d07504423f4593087b110bd41678328294ecb0db52bef8439 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 526b4b313fd2adfbce1305b12ae34363 |
| SHA1 | be73391d15d53d62f85382fa543555360087d7d3 |
| SHA256 | 1146263c421ae6fb64c5b2591ed84fc197464565fc9074e77356efb8ac08cab4 |
| SHA512 | 407502f2348e8e603cc0d3efe70e1b7bd68e6b116c7dc881684fd933ba0860cee7d7f99ede8d5514590001d6005bf9e42a749bc22163c065968acf3f5bf4e7b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7d51a1c8de7ad6cdab3ee56e8c305c6 |
| SHA1 | 4200b9c46f0f2ec9dd6a796a6d7318d34f24e1e9 |
| SHA256 | a910bcef8b96b275e44612008e45df00e078b5164b5564c482250f9725ba4bc7 |
| SHA512 | 8fafac15ddbf06ed1116596446d4ca60fd7a0a77f953aa22229b91baf13680465cc84955d7b6c9b46ade3626f4e6927233624cfbefcdc9a8df1b9835d8a583ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83e9509cba63d5ad1d96f02ef695066e |
| SHA1 | 410e03cf560bc3bcf1ed28d8c806ed8d88215030 |
| SHA256 | 7209cacc1d81aae5904df5fd03997ae81bc08f35194f8c6d2e6c4788ac6c4216 |
| SHA512 | ec3bf1d6b655dab8d34e65afcf9267a107efbc63101ec85091d348a8510ddbc1f705cd61f1ce9a889818be5d3bae0369585f46bef26e6502973e46d40921c32b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 077ee4df83e085f4263b67ad42518657 |
| SHA1 | 5bbe832f7e419a45e9b9046878242e354567eb5a |
| SHA256 | 67eab3edd0f3a3f3f012bb029cc6c80d31b5fc0adbad5ca3689c6190c4129358 |
| SHA512 | bd5a65f875dd2ceb6181c34a373aaeb8b2a45a86bb20d9405cc5e523074a89991c75a5ad39ad3f1a281852d0201a3a83a3ec9d48a9713497f3d853b0bcc8e9cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b54ea82a48513b2f065b1873c4703340 |
| SHA1 | d81deda458f08f700fa2159d06c4a23edee73c40 |
| SHA256 | 9014d508197ff0671c5d9a7c2880d593a14bafd796945fd6b321a87dc4f1b24c |
| SHA512 | 82eee396d9453c82009da9ab398770be3546eb434916ff0e2e4a7fc27ba1d9d45afe91e556b0ff92118f1ea025a1fce83ab47d35ff9b0e16d97bfaef8abd6234 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0394e8e38b98c576226d3b0c088b42f2 |
| SHA1 | 8f78491e6bbf1f848a28f89ab716da9ab971f249 |
| SHA256 | 8cd359038289f551328dde9477396856ac5f2deffc2d60a58b0715aebb8691af |
| SHA512 | e425aece05aa8f2123dc9a0761a34c9e1a06c56bb11b5f4ab2de447dc384a8744539909bfd4f70fb58f7b6c8ec5a332c330c1f191ac057d99ba7b220d88c1cbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c24ab8ad53d51f6d3cd341a23202ea99 |
| SHA1 | d6b6cffa56515cbda31cea044281af03998f1db0 |
| SHA256 | 1b7d1a9e98926e8b8f186ef3a963a73f3680609cb124db7ef7feedeeaec07326 |
| SHA512 | 61c063ec53ca6dcd8b07ed3ceb15244ba6395bd04a43d44c934adcbd4dce0af5c1b35f28065be37209e79d08652a4d41394a9c66aaf2d3f02167ca94f77419c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5124cb347e7a4700d0b4b41215a34494 |
| SHA1 | 447ca62e32c1b0913d976119837e02960b07f466 |
| SHA256 | 15b3429679301dc0aa4c072d458f16b0928c68daeea61a1e07f07d2da15be317 |
| SHA512 | 01bdfdf7e3182f866a87f9c00a96db1dd6f64d47a768ef77c1eba4a924b9326bbc5e8159f09632dd98af6ccef6a3111f8f64401881e0587e2d6e3083a167457d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 627c7003621ece1e9453a481b9134ef8 |
| SHA1 | 848f396fec03751044253ea707aaca034bd9fdf7 |
| SHA256 | 21ff4e73ae37be45ce132473dc79603a38564b513ba24faeda5e6b1c5594a84a |
| SHA512 | 4f7d79fe4b4d5c228732d275c1eeb6c0def7ac42982d763a861450b83b3d1473ad88ad2343cc99bfc8a504a7d94afe12c432abad5b8629975b201f969f59b0e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6658e3273070732f4d22ffb752c7524b |
| SHA1 | 5b600f8a634e9a0a92a6ca598ae968bdd7d4bcc0 |
| SHA256 | 5980014ae6e20fff9f7ebfd98be0fd1e4d33000d90592ac3723870106a9b2764 |
| SHA512 | df195060ee85b30772b260bd899a7e1255716224370ed98e9efbb3faa63be8530e5f719f8ab33c7acbd3f83a5012739967def4b85dd8b6f8b550e9a01642e38e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a57f14fef6a22825cf64f9effc5d684b |
| SHA1 | 934b5052e098e1add21d05be95b9c2352895dfc4 |
| SHA256 | 9ba88d1ef79727af6032509482060b5744e0a5747621e0fc828c7768b9bea382 |
| SHA512 | c8c130d64f67d2b93aeb25ad9c5cdcd58392eb07a518feab6b0dab73fa7efc17fefe7918043101f0a7268fbff9a887c442824438bc0a2b5f5f5f6d8955adeb24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a391b262dcb355ce0f8f5b9146aea67a |
| SHA1 | d0ee3a82551c0bf8c4e53306bbd578c829e78100 |
| SHA256 | 050a44f00cefcfa26095728797f13d1253ef7bce55373571018acce3ad50cd89 |
| SHA512 | 62726621765495faff293d3d72bb87a4f1074503d5d29ec6894b33454c9498f88e640dd21ccdfa20ecc775325a1a072891d0416b32a17dd97beb2a746e13b5ec |
Analysis: behavioral24
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:35
Platform
debian9-armhf-en-20211208
Max time kernel
1s
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
5s
Max time network
103s
Command Line
Signatures
Processes
/tmp/l17846d7a_x64.so
[/tmp/l17846d7a_x64.so]
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win10v2004-20230703-en
Max time kernel
138s
Max time network
157s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WerFault.exe | C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE |
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\ic_content_sticker_location_60_percent_black.xml"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 408 -p 4816 -ip 4816
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4816 -s 440
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.178.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.13.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.112.168.52.in-addr.arpa | udp |
Files
memory/4816-1-0x00007FFF34710000-0x00007FFF34905000-memory.dmp
memory/4816-0-0x00007FFEF4790000-0x00007FFEF47A0000-memory.dmp
memory/4816-2-0x00007FFF34710000-0x00007FFF34905000-memory.dmp
memory/4816-3-0x00007FFF34710000-0x00007FFF34905000-memory.dmp
memory/4816-4-0x00007FFF31E30000-0x00007FFF320F9000-memory.dmp
memory/4816-5-0x00007FFEF4790000-0x00007FFEF47A0000-memory.dmp
memory/4816-6-0x00007FFF34710000-0x00007FFF34905000-memory.dmp
Analysis: behavioral20
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win7-20230824-en
Max time kernel
121s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CC33A1E1-47FA-11EE-9E5D-7E9222CB93F5} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007527a1bfe6a818429fcd5676e9b72b2700000000020000000000106600000001000020000000c5a61e01a05398c803ef60ae1b1d599df39184dc6194939a54f59be0a2eaf1da000000000e8000000002000020000000441892ab2b69d48bba0fd30cfb012548ee26401010ce1f6495876a089602cd81200000007b93ae91aa935cf9fd37a5072bd1b7605a0ba89abadc3258591b6e089e0b8fcf40000000e6c120a00115acb2c576c12c58c6e9366423215f6f13db006a41a56ec685decc687674683e329c9710dd01e2fcd6ff472b9ed56cf4b3527e325c557ca10f5714 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007527a1bfe6a818429fcd5676e9b72b270000000002000000000010660000000100002000000072bf90aad283488a9d51241a5ecd7129e5663cb33f16848f613fc0f31f7db3b5000000000e80000000020000200000009da8825f697c70c8c481863d452b56e6af656ca8e4ff08acd9cd9422dbd70f2e90000000ff6e03b588b5329634545455599d7bcaa666d4af032c8e18826723e25e594719e0193551b5c3a16f80d1f49c7fdeaba155a458fe0840bd068f4d81d7a57c16e5288745db409bd6717de70ecb69bb22011a7fe6579c8d98a292121e8eb6bbbce122fe6ff5aad5e6da894c0fc0e27f4d709d27fd0cfacfcea744c235051372927921683bf4e2d2b101052b2dfb206dd32a40000000c53f608cbfb3917d07392502147feedcbc19fdbf6b8a979ec6dd7280bfa19ea8430fd9ee3350087d8f8c84ef3a3457819194d1f8cc0b93a20d6b289f084caef8 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d03c8da107dcd901 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "399647166" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\ic_content_sticker_location_emerald.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar2850.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
Analysis: behavioral22
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
debian9-armhf-20221111-en
Max time kernel
1s
Max time network
159s
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
ubuntu1804-amd64-20230621-en
Max time kernel
3s
Max time network
144s
Command Line
Signatures
Processes
/tmp/l17846d7a_x86.so
[/tmp/l17846d7a_x86.so]
Network
Files
Analysis: behavioral29
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win7-20230712-en
Max time kernel
134s
Max time network
137s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C4B0A8A1-47FA-11EE-97D7-FA427F214E3D} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005a31a35914bcf84cb1db54e391e8cdcb000000000200000000001066000000010000200000006b0ff1faf16e78a4e357e746d0bed1d7345d5cc569b2ce6b11063b42a581d7c4000000000e80000000020000200000002ad504226240675299087f08331429b5153f7ec2ea2eedf3dfb2a1db9eeba77d200000000597fab4efc3026be02210883a8d6dbcafbae428e4455ea56a0e657762db8efb400000005e251b439571dcd40b2cb39ff72276b971947145501b63414406943ecfe558042d908ea82940aca0dccb901415b46f92c6156c13ddc1bdb56d9cc8d2d99dd06b | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9067879907dcd901 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005a31a35914bcf84cb1db54e391e8cdcb000000000200000000001066000000010000200000009c07bf619a795cca4190704c2578a7616896f187bb7e4f9575b15167c2c370d5000000000e800000000200002000000049605d5c8a4bcc6ed966840b1e2c2a4ada9af9e1c62e9d4519a884ed9cd7d9bb9000000053f4b2f1e78dc27810843eaf07e5b1a26bb57535c46708d5c2736a1e405b26f80021ba6e9a8e244fb3db5d98cb82754f08b467174453dcfd9409dd32e04402f3fa0a4b04a5c6ab4f4ac9295bf5cb7abf723535bb480b251c14ecc9629a92ad724bc7454fb81d61ef6aa4f0e68784b2c53e4477179e5438665d4adabc5fd6e8ff872b66d092b9ca30e780824f2f75740c40000000ff4de09972828b6d1f1fab46e99775128c0a039ca2f3a8202204c3510b7c673dfa6d0de13ee3411999bbfb91db5eca95f20097d405c61e56494708c55bb77aa5 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "399647155" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\stella_e2e.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabA5B4.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\Local\Temp\CabA633.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\TarA677.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b47cad7f5c0a6465f78c7a5024743689 |
| SHA1 | 67e29b9f7db473c7a056bc7f189249a0479d9aa5 |
| SHA256 | 3912a95c1d925ad24e10a8713edcfe69a02c5ef3640d7112dd5714e139844420 |
| SHA512 | a79bbdd28d2a7cdec7c49f960b9b7f0762755164b5830511e3169b913cf83f5cea5aa0ede768318d6d844caeb6e95a8d624d1c04ed7da06f40575a2934e1f6df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b8289abc9feffe1204a3eb54db6be2e |
| SHA1 | 7debbb1bcbf3d4f670e8f4ff50c18604506f0e67 |
| SHA256 | e02c2a9babcf532c58a2d7b886807c0431efd41b355d134d832b27e70b135184 |
| SHA512 | 426f34e0f3e12054e1ad8bc526d9aa20fdbae13ddb3f1ee5c7d55d5cca1c1c76445e1af4048b2f20042933dd89021eea2873688677f7026d9193f4fcbf1b35b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 491d7290c3785919046260ee2d57e42d |
| SHA1 | 0358cd45945c1e74dbb87564d88caa982e853bf8 |
| SHA256 | 2c14847b7bb0a6761cff2802e3ce72aa453183892bb31a6992f1b4be13dcf70e |
| SHA512 | d9c666a983421084f31e8a6940c83e2a69f4f807dcea173d59f92ac70c888351ce6c5e7167b39ca1b4adf6f39acd8243a524bcac1b91503fc0516861348fe3ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5b40272e316e3d13f9ee0eb4e93f20e |
| SHA1 | f836a9578547deb859809b86a0fdc50cf36006aa |
| SHA256 | 516c55368bd0565da68ea39fe72010fa12027f321f3743276da8b12d1947db92 |
| SHA512 | 61724bf9f8853143cd365a9d5c3d0873bf09833473db1b20600e0b481eacfe02375625699e04d28a10f90ad96416a64fdb5d53def66ccf9ded8a76d843eeb3ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b29b47f91bbe1440d46dd5c9e064cba |
| SHA1 | 10a3eca692caae6ec66f27279862714eb9594b2c |
| SHA256 | 2c8345c3a31bac55296c557908b2e8a80eb75d67c766f6bac8f2b9eb22bb2be1 |
| SHA512 | 0226c451cffa916cf2ff873a088f452b6c614805854b7162606341065f26804789d8fba8128f16c9bb78cd3342716b26b56a72412e9a03bd8645741f35bdfaea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0fc5577719b24a8c6d34d0aa12bb104 |
| SHA1 | ee005ede0638af622ac83c85843f656c9429ac48 |
| SHA256 | 717b85cfa334156aee1c690e045074ca57ba62d3fc102bc8c71abd4049782cab |
| SHA512 | 52737b34a58e94320f69442f80caca7742046521989a08d146597c8479af67a2d2db2f6da9607f6f2e9e243576d0e31221bb78f42dcee765ed6043bc682ff013 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 012fde7cfddb026e9b00ff2421258628 |
| SHA1 | 24ff20903f94df8b69808d0656e826d075780642 |
| SHA256 | e41b5c5dc3080a201d2130008f2fc9df8a5b1f5d7bd0d86c12d541d6f2425590 |
| SHA512 | 8abd6c50f3f884f0ec26d856edd0589d326fee7e0c517f17f2eccd9b83d3edf69127b01c41a433df985def9356e74dddf4fb6681c4ccc59b1d5a74940ebd3d14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b53ccb8936f514d64814febff445d514 |
| SHA1 | 2239eeab3e2527fc272ddd4e52853297d96f8a49 |
| SHA256 | 9859d8be91a1d8e19a086a94fb593c4a4fb791d26c094ba5385df51da84c60b9 |
| SHA512 | 63fc1becd35c1e335aa95c854f390e40384049b43a840e654facf9c38249cb705f8e47158f4866bddd84fc2bd70a14a64f16cd4f2e41c1a20d97d12920e4ff9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e41c3fc08656fe31f211e2d66967441f |
| SHA1 | 9a4afe781713fc390d07820801f74eab6ae321f5 |
| SHA256 | 6f56fbac60193733fac6e41079be42fa7124202c79e524ed5bbc44e73e4b570f |
| SHA512 | 20adc2f66381de69f81dca18a150961f593489c293b45678be7ec3d02736dd1fe9a5e4ebf2ba16eb01c69a0587dd21432804f4d3786b5d915932363c6ba70623 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09c1864f5af131e79caeca192db78b91 |
| SHA1 | 013f3db6d07aead3e038112836e42ed7d93d9fbf |
| SHA256 | ba13331a5196e425bdc2c491649ea54a89b554733daebd393fda0d19586051f3 |
| SHA512 | c66770481bfe479c824d71783aa7b30af6f3370f93f55d00953b790f58900d3700d16d5bdc22a2ad6c180d7406ee1bed56e8a83608becbdd4b29be77efad7084 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad103c9b6ff90abf77337e9932b98f48 |
| SHA1 | d4ecb11ac3369a6b7ac42d7b119df78de54d602a |
| SHA256 | 96f9eb6fd534c90b968bc2e792e506e7ad867e6ba80a90f5e50ab49734b3d668 |
| SHA512 | a26756e2e5727cb64390cf6b4502aafb7bc377ec02be35c35896b5a2bc6eeff5cfc2f4e164180dfaac7c19ab2d73e42d06ce8cf36549793c25bd51c456b48068 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da8522fbc8a213b0e835e68eb1a54449 |
| SHA1 | a3a77e7b8bfee74c7abd50a3c961884152b499c4 |
| SHA256 | 68b463c064e2787993598d31761d9f005d8e9459960740ecfef6178cb5a3203d |
| SHA512 | 295ac2d9263fe12733c96ad0a6dd0c1ea88374b94bdd9da160dc4ad8fb6fcb4c1097b871eb80538d302207aa83c295f7bac12ccb6ebae6051da21192f14bbbd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa46d5d6e7baaffa6d94401806c93863 |
| SHA1 | 00f4649e46684ec64fe6123a065872f9a0a1190b |
| SHA256 | ced369c57dd85f57692e069b642d09fcd2fb764fa80ba9e7e49097889a211bf7 |
| SHA512 | 60e7331a10727c972ed65907e9c1e358d3c8094ed18753093c72ac2159758dacb9ff18881c9b0803dfb0791b365f8fefeee22ba9e80cde7bb2ace37d2d77d328 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 186497538703b8d8c59ae47eb7c81cb6 |
| SHA1 | 9e9e9838eda5c3a527d1a363464be7dc5f642652 |
| SHA256 | 97359b42c92c720af7d74f5e6e396e8451bdb5cc17ae18a403a3a38eac2b6b13 |
| SHA512 | bb9c9c061a7952ebee54a32852b1a8be766833d5a3a9e76250732b186df38b5f65e2ffc8af99a5d2a5631f914c4fed6fd16c0933c6a60bf292d3a28292c34030 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81729a28d4b92915a4f899317fbd9790 |
| SHA1 | 0bcabdd49c659c138c5b6879493efe3cfddb308f |
| SHA256 | d00cc130ab1eb85ebda9d1f84a682fedfab308f9ab14d94de72e5ca354590f32 |
| SHA512 | 62ece91d064834bad1a050804dc8d1353ccd28d99d43da03fb90629332f2f387755a31b3b31128a2cdedc599e0f810dc1596c558bbedbf516218575e66bb4725 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7f11e367f4dc722a5f19df54744e95f |
| SHA1 | 5f9763deb393643fd9b2c45dcfd4b0d7a9190063 |
| SHA256 | f8aed03d1b27860e2204e8596a286d5fddc18e58ea3de014dde10e23396561db |
| SHA512 | a753a0ec93bd5185c36c0bd214ec677ba5d33fda2c6544249bcfe99069d26fb3f56dc87f175d14adb215127efef79aed9424a5340fa50af3f24f1da4da7095d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52e9f4006eb350c745251381f32b0e54 |
| SHA1 | 28b3142ed9d61f32612dc6a25ebc9d46f8a260e9 |
| SHA256 | 5e12ae612fea323b54d6ac809d76f972f10a7520aeac66dccb16a4e0d67ad151 |
| SHA512 | 962c5cc766927d884531a44df5196d0677aff62181e2dfdb27bbc6e7554d576c450da587704c1f4e548229af2bcc7ec0073ce7f2055330f356c612cb87103d06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92d0a2f7747e09dd9e4deec93cfea63e |
| SHA1 | 06aee613d97fbee83430f3b433ddc7d3b7478f15 |
| SHA256 | 4d02cf5901bb8baef21734434a0a6857c8820e0e64d2a9aff0cf439994cb8959 |
| SHA512 | cbe83628c5573cf08e64a72576ea928e18d75453a6cc9b42919e4884a9972861ac3fed497b46907f00c4b77ada09f2ccfdd592db257f2b6c39950a074b623573 |
Analysis: behavioral6
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win7-20230712-en
Max time kernel
134s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40d6309f07dcd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C947D461-47FA-11EE-8E9F-F612EC4A90C2} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002a91d4b999c9854dbdd04be1b9b2202d0000000002000000000010660000000100002000000052fb829d8e4e4bd32e6408b2231fd30d23f40e2db89c50dda4f2e73f06e29151000000000e80000000020000200000003d435f1d5dc8834967f77478a597e112690b2732880f81ca6ff749b9e036f86620000000ece7cac4ab737c67b58db364e3c1492cfa5c501ff9ca1e87abd11f1dc90682654000000006bd45bf91535135a1e6bff6bcd1e7a781a99df83294fb30866190c3d54df83dbe15d4c74e005f0079d061c179a1aacae70975587cdf12fc90b621f31585534e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002a91d4b999c9854dbdd04be1b9b2202d00000000020000000000106600000001000020000000113ba93e9195bbd4a1c2f24c188d3343383318d1d729e923c247a215cdf0131a000000000e8000000002000020000000796934cfa57aba1b622efd93435f51b89cb365bfa1dca9166beb6bac89805aa3900000002ace5e7f9c3dc05dc1bba6f488fb703ad11e7ffef164c1e8bb770535ee2a55050d84c937c54d0c954fb5fa1977583396f61d5136e33ed23330030eea5f30949eb4da6d55a163b1a3f3d4bb47277e76037393069229b741b26486ac395c999e6a5fb3a51917fc412cf653ec80f8a580f6aa8c8e1b2c54ceeb0f4814e5e408eb6ef793282542683853873125a7e2741057400000000a9dcedb11f08211d8d0c64238a48823c42ab245e8321a89c6c002c058d393c174e04d1b3f95b8ceb4ec2a430277a0e60812468bbfa4fffb1408a519f6de98d7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "399647163" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2428 wrote to memory of 2812 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2428 wrote to memory of 2812 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2428 wrote to memory of 2812 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2428 wrote to memory of 2812 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\changelog.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\TarCC0E.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6aedaebc51e81fa9ed260d8a7c4857d6 |
| SHA1 | aad44ab8139973e0977ea02aa7f1c0bfb084a104 |
| SHA256 | 910766898b39707ab74619929699dc60f963e6090e54721f056d2b7f27751351 |
| SHA512 | 5688f1e4ce6a3108dbfb527467d95bd4a5e2a858be136a59698d7ca7cb7cfcbec2aef3152a73a37b5edd1bebadb29e24388467e1791b80d6bdb3155ecd8be8f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59a47dbd299247525da578949ba32e27 |
| SHA1 | c5e5c694b655f5187c72b3b32a177f90a2fc8bfd |
| SHA256 | cb0fcf472ac5095ff877508fef8d3c72b0ae58eed1d2e7ebab10c6c3a606a5b9 |
| SHA512 | 12291fd76761f13495e3e4a0366af7e3ed4d4f9f92bae1798f715eec28547d47c6a371032a21464583e235502913f4efbbc43b0b8f422c4c0aba77a82aff8df2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e104d8529e34b5b11383c51c648cbd26 |
| SHA1 | 0b46f62fa60610f3a0ea9bf7be584837544a636f |
| SHA256 | 5f263e2e1d91214ec0dded6f7ada87ef7883c624efc594402edd8f064960888b |
| SHA512 | 7e9137dcce74e4f69aa8ae7c69e7c48701b20de62a0f192cf35289491712138eeb815c23659e39550d9a392b7bc7f363c8a29f049abdc435fc0b650511b80716 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed423564889f43c256410c2150ec59b2 |
| SHA1 | 30a03e262ff2ed1ce17f5889cdcce615e2668043 |
| SHA256 | 3874eaf80fec8b723002dd7703e483e4ba381a31c7d65a037f570f8c86ec801b |
| SHA512 | bbdf3981ac022e8c993b29310a9e47ccb0ace2fc14cc3f543bbe9f555e09090f1e99b0660318cf60283bc35529b1f434db951df160ab6f1f115b0ca4a7e96276 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae5231dfc7151f55e2fdb95c2e2bdc42 |
| SHA1 | 722a4fd863d197eada9591951dae5d3807d583db |
| SHA256 | 6e915a1c8996ad04a423c9972ec68b020a513b44cb9264774ba051f8ea7fb948 |
| SHA512 | f7c0741b91bd92f32651b045fd8daec82d9d14c31707ad36102ac3a86b3b98814f68543f779e39dc6b277550cd1a5c37d643cae71fe0c21e2e1a6d63359a28cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a8d88d9f2710374b9c5b61e0eab3276 |
| SHA1 | 07556edcb3fec22f370a63fff754f19f68d08b1c |
| SHA256 | 55e52694d9394c4cf041d8ab296530ebb57176446df4b0c32c29236b10c364ff |
| SHA512 | 5dfbb4d0f109a97ad1d72aa82ffcc628a6818ca08d667607a0b03050060cfaa15f4787482e5ee900dd855ec267e5362213530c9b2059a43b9830aad681f6b547 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b2614cdd44531840ab438f20d9ad644 |
| SHA1 | 08b096a1931614321379be5ef4901b3c3b3b53b1 |
| SHA256 | 366f52320ebf02ceddf180d46557c32f4c56c3dd0fc1f6e26624acb3d2ed2481 |
| SHA512 | 153e82fe3a4648f9196ad336e33344873aabcc94ef9920be1b16c3aa7d25bf9e0e165d29d0d1771ab03bf99d39af6c3efbd0332e38d1bba4a3e9797ee8d3a4e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84b410277e5b1c9230f4d2bd9b137d09 |
| SHA1 | 72633c5beac6627929c77bbb32612241b4d04104 |
| SHA256 | 65fdd247adfed527a08fc5190259b4793184bf890d87bfb7c81729c2d573666c |
| SHA512 | fe626580842c476b7d97e040386b2630b3cfa7418c09046cc02c07c1282e5b63bc68ea800ca05d691b5c7e91b5d9d4f2bd75481d79fe30a36070865c33703af6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26c6f95ef4951080d92f7c66e204fd86 |
| SHA1 | 4c48b62e797c16885535e7d1e2b55aa68ad970ac |
| SHA256 | 9f2d05d9efa2498c74e220b6a903089e4accecca152ffccdbfdc0071fe953ad0 |
| SHA512 | 018b54e833f1dfbc1a8baf9b336cc09aa72d58bb8d54f0be23e2fd5dd64bf1646add3b4fdc67e0b237bfcca56448a4cbfeedd20ace389a29f9d7a2bc6f13a2dc |
Analysis: behavioral11
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win10v2004-20230703-en
Max time kernel
136s
Max time network
156s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WerFault.exe | C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE |
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\clockLightTheme.xml"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 412 -p 648 -ip 648
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 648 -s 480
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |
Files
memory/648-0-0x00007FFC636D0000-0x00007FFC636E0000-memory.dmp
memory/648-1-0x00007FFCA3650000-0x00007FFCA3845000-memory.dmp
memory/648-2-0x00007FFCA3650000-0x00007FFCA3845000-memory.dmp
memory/648-3-0x00007FFCA12D0000-0x00007FFCA1599000-memory.dmp
memory/648-4-0x00007FFC636D0000-0x00007FFC636E0000-memory.dmp
memory/648-5-0x00007FFCA3650000-0x00007FFCA3845000-memory.dmp
Analysis: behavioral14
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win7-20230712-en
Max time kernel
134s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015e49348610e2a42ac63317e6e4271ae000000000200000000001066000000010000200000002546689673c7465325873fa14c00d4eb2c3f14a2362e039bc8f50ad07b826ee1000000000e8000000002000020000000762b734e922bf29268fdc8acc40a9616369831e85c78bb42e4c5eb4d2a821d9a200000006e1290674cbff353850708a32196406f6335b25de80a786cd3bb501076a7d60240000000ded12a0b2720934a87537c27de58b99347e5da5df2aa661667a2927ef625ac3f3d8d3828bd429c8c230b00b75cfd374af5838e2b0aeb825561ca558d337307e2 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "399647163" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7035119e07dcd901 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C8F0B3B1-47FA-11EE-ADC0-5A7D25F6EB92} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015e49348610e2a42ac63317e6e4271ae00000000020000000000106600000001000020000000530543a13a2adea51af482149a7c1ad0c94f65ae6fe4077730292f55e142f489000000000e800000000200002000000005321ba6b2bdd9202c94c10956d3139b227e82c6ac67cb17d3a67adbef4b21f4900000009f692b89a2d8e5d6616f36bd215fd69c8a03e4a5a33d911dff6bc5149212e7ff07daaced698592921933f24c43ed413cdae93739bae9bf27b4223f6137be77044f4fa23ab6fbe90efd75b5389a21b8ccadd8850d146da85a4400e47a2566ccc7f271955a671a08786776eecf3d12566efa395131f2e18c6a349d3dd27bcbc3be26af15e428e9e56cbc06e386a9bb7d2d400000009173ad3d22522648c52621aca0ed3f920b80de588cf76a2f2015d6ca192588a8459281382e9d96394c60829ee4255b131e159ec8deaae216218b55b4aa30efe7 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\ic_content_sticker_location.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabBBA4.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\TarBD70.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 338f50bd363b3cce0cf25a33dd3ad638 |
| SHA1 | 3d7ef26be0cb05ac2de8f5118b8fe55102e401fa |
| SHA256 | afdce2ecab70152a5dc62d2d73b8f967f31d96bb68ca7fdf1523c99e7460906f |
| SHA512 | 352d053f5cdbda61e66f042e60b91753775bc3e0660e3c59c13c33b877dd8cb4fcd7d9357355d47641fc4b4bf3c05bcb755919bb2e3ece2f9f3e0689d27d21b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 854f864d975deb8dfced5d2607744211 |
| SHA1 | 2ef0d86e48c3aabdd96e00391e09eac86976039d |
| SHA256 | f308749129bda94c73a643b1ea2fce26d87c9505f3c84e88895cfcd54d91b49c |
| SHA512 | 2d6e9ddc15d29cf8ef08e18f5329a4055408ecea8134b04380d049f61db9df5478bd7c4695b795ce575f7b0291162bb77aa6c2490b565080eaa50eb69dacfc07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d857b51b1b22d1d357a39b088465d3f |
| SHA1 | 8198bf04db5c48c6872ad687ec3487f2e4e0f9a1 |
| SHA256 | 791d1dce0b1faddddcf5d34a66705fdfffaddac0167ae6cdaff1b9f272db68dd |
| SHA512 | 242b78751564e46957a357abc3058de66b01d06e5f42c41f145b3ffad7986956c0cebd2ade4cebbd1c657a12dde54d3c4cc9588a52e76649fe7c1e22c87fde78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0075f286ae8e6ce15c0a2fee70622c8 |
| SHA1 | 32e31fad1fd8800ad04659d5c69cb7ec28331e0d |
| SHA256 | 59dbc3862112b1186a0d39a40a3b6a4ac977b949724ac09b5561377db4591ade |
| SHA512 | e82f6bd6d2abb2a4c41f3de3361bebc9f6580eb7dca07d12d358af4a34bcc0c1814263568baeb199666f8d362d3f08b803e443e9ffbc259a70fe1c27b23942d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2206d07d14c8fbd503ce57d4bc10d580 |
| SHA1 | 27738aff275d4a798ddd61f0726d84d7cb030af3 |
| SHA256 | 67e48d193249b5f087f2d0578e4ef7a86889416e7080fe1e2f0a871b3574ac42 |
| SHA512 | 827a1342bb9a2bd014a497ea86f316dea9c80360f05bddff5fcd8489329882b56ee7bd1ccae9c1423413573445cfa0d6d1042532cbba28c4a9ac527e0c9e84a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a4e682b36caca3a671747e27188d0f7 |
| SHA1 | 37cd1b0acb0131b1575f453982f5b6ff65ef8b49 |
| SHA256 | e7c579009ca2305a43785fa4a0b177c8a13c250b014b6bc5fdf21df496ab188e |
| SHA512 | 6fb4f26a362d8dac1cc6df85958a3e5f8802fab5f6df8ec4b910ef9d7344cda21ecdceb7b0edcac603e241f111940757cfcbe292b6025530f2701c90623b068b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4f142389436a7165a2dc8d03ab3371c |
| SHA1 | 69b08d99f9fa09cd353633b991325133b9efa316 |
| SHA256 | 1003e29271c1fb64f5d027fd202b62f36ed4455fa9044a0f5fa6e7ae715b2fa5 |
| SHA512 | c118a12a5c07425a9b7e0ad763d3233c722e4f9d54b1bd4c18b53c4481a15c0a101c96ce4e647954cbbdab786074fcac19f2dd166e4ac806b98552793e38d087 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c594cf0d2aa1fa9705b6c35d9e59737f |
| SHA1 | 1d7eb4ca7370c2d51b9324e5fe0871b9e1713b64 |
| SHA256 | 48066513cabf9ab1fb2af95d6da63950a43afade596a3ee8fddedaf855812ce1 |
| SHA512 | 8a59672faea89e2569f5ea89fb7f7c0fcbdf99522b3068298613df139ade839a08166cf24f5672432af1eaebdcd007a285a2aec53f25d2b9e21b7308fb0307d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc05895f78b3067d28631385e32890ad |
| SHA1 | 93b1bb27e72473f31476a89f6f5addee1f34fe32 |
| SHA256 | a66fd7999802812954cf4f1bce6098eea09f5b9b677f13018148d9059f96714c |
| SHA512 | b4ff1b2d46ca9be1daa56b3da7ae456d24bca5cf0e27601abcb033112aaf812ff4d27221d8c1caffece215b3491d341b3d458c26547a9a61b2c78cf3e2119dc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9b648d53b9e04a0a7bcc301094936b7 |
| SHA1 | 4eccfae0a557c9e9c2f08446997ca9c31abbaa44 |
| SHA256 | 1ed8dae9a0fee172f551a2f1b698c8a9701d1f9205914dfbb3b4613701857c7a |
| SHA512 | 895f9c34bda562a7cd07b57c67dc94e0eb12e45f103cae265ae2a404645de7e3b0c660d08be8ae207f66f83da02397d267f801b1a8d408655a8ba12015e618b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bf4b9a3aff2bae37780b0e7fcf4a73a |
| SHA1 | 45a2aac6d77da541096e27f49d7db333a8f260d1 |
| SHA256 | 627cc66b5265b435e38d19ef9ac7967f9aac3f548b6bf6e4fe51662d080e2f8d |
| SHA512 | e54e86c217c26b420d18392457a68d789b69135d1006345ebbd9e236d705ba84a35df9e9d8573bee46d49c2e9c0771e76d15746b307cb7eed8b5dc2fa5683684 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 117075454a68a96a21060cab259051b9 |
| SHA1 | 76acc320dab98abbd9f065acd315831fe523d4fb |
| SHA256 | 26678e6679e2f49d8ea3d0742feb1c560a5f9c756dcf0f29e0c7c1c876b4fbb8 |
| SHA512 | eab7ada27143f90ecca25d6bb870be35c1bbb89e38e771a22b6c17f21736894fb8abd34539270630db349049fb0e2e3b4ce0f3d72439b8b2bd3118a9800c2500 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd59e662a9164c0f56f7b564914bdf84 |
| SHA1 | f30c5ea4a07fd030551c4fc1e4fe21c08df86817 |
| SHA256 | 376de87df2f639b36a02c58d166ce69404675f8a38ea40c572c744d8c7b02abd |
| SHA512 | 89ad4bc6c53aa47c7ad9353202846a4c547dbac14b7201f306ed556c02b0955d5a50808167e71d8a5b5be0bdd7fd09dbc5eb0d15230ae6f0bcdd622991156cd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4e7575307070344fad6ad1e1f60926f |
| SHA1 | 49dcea14913af13fba058ce9b65608ab3fe4118f |
| SHA256 | 9ba8f91b5f75df3f6c0387dd79b5eed921338bd86461afd4de377529003cec28 |
| SHA512 | 700997b6463965d267a8de6039a732f9f0187568174778a1a3a8646b7aebb40af92080b4e6579ebe446bce90fa2813092e94d7865fe65d576bbc2c30af5c1405 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d13ef82f19d5761bc4fe021dffbccc73 |
| SHA1 | 8f59614ff5d1f926abc8b25ee48310beadbf5995 |
| SHA256 | b543bcd640adb5bc06d56cf0f19011034c7aac8908cdba82540f1191ce488bf9 |
| SHA512 | bc9398d238a085667f3d7b9f3264bec0b8723754e8227c90581bfd8448bfd05f56e669f9a451ce3da5c6ce1d64d7649255f65a6bf7a20649cfba2555aca28a7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ec00783e6b6bd66650478b837d0d889 |
| SHA1 | 7cc1aca688ba4b4aca7769f341c8238b6885434b |
| SHA256 | 93d476eb5321b5634c5b5abf539094478754e8e40fbdf9d37f157b5f1e7c18d9 |
| SHA512 | c125774710f9e6ffc88d70b2f4ce3f28f59910d655a0a5bb9c6d90c01f73ff512f92cf87b0339c06e1158ce9c6551c72460cc64946fe5080b46b0c3b598ba4b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34c15de5ddbeca4047076a28e737e8e3 |
| SHA1 | c325cdb874439a314be1e60915a73ba015aa8dc6 |
| SHA256 | 7ccdfc1e79d8a0ccc2d63af34bef3a4ffe9e3292060d0b05abf182c0237b0637 |
| SHA512 | 0570591768ca5456e8015810fc4b8a5e86894326476720e1c9a53f641d8912aa1401020ef35670361b422e97b6b936b261401b64ea780c866ad83a5bef9a47f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 398ab1e95614fc9b21784a62733b2a56 |
| SHA1 | e1f7b480f640cd0d308a07af8d5541f37a9f07d4 |
| SHA256 | b1f4ab8f83c9e77eb687b3de9d42bf45def6459ea269a089744d9ed0f07787e2 |
| SHA512 | 37bc9d535eee696bbd0009d98b8211d55af4ae125ecc41b1858e7c8ed4b4b6e20c5cefa6f7cee52bfbe77e2967e9a2e8bcc6ee74c03fafcf15757eba334265c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ba72b879f9fca1825f846e1201ddfe8 |
| SHA1 | efa338e1c9f21ab175d16bbe31f41db729410efa |
| SHA256 | d30c81fe59141864cec5a3d5476c268f95fd8e911cc797fd62e96c2df0c73872 |
| SHA512 | 4d6c8ccc293d01a11ca234e433867b3e53aef9e8c68b84a38bf49fcafbd968273ad3520d827a876059292aaf973351e36024c9b62cd74a791486f1fca2b85178 |
Analysis: behavioral18
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win7-20230712-en
Max time kernel
134s
Max time network
136s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "399647155" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0b0f09907dcd901 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005a31a35914bcf84cb1db54e391e8cdcb00000000020000000000106600000001000020000000162cc40a5266f372d034d54331579aafab0417d683e2d73e18a60f6f7369d8ac000000000e80000000020000200000000dddbd9eb5d1e8cc1b8319049cf7bf451e298db12555824972804d486d564d3d200000004e93cddfe1524f94ec76dbba8cb0c64860b22b12c437f2d58c6d6b7b2b64d4e8400000006364437cdcc9478e79d75abeae4ec21cb3d806c376cf0892cebb5748e7192b2b0df49f5f317a47425518733b950353d0e16e1c6fdcb8b7b0f72b6672026ac8d8 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C5368A11-47FA-11EE-8D08-D63E05CE97E8} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005a31a35914bcf84cb1db54e391e8cdcb0000000002000000000010660000000100002000000098061a997ba823bdd960e847085db4c12d5912d4cb29aa293d6baae26fb520ad000000000e80000000020000200000009ae370fd3ad827120e05923302b893ce500019abc36d915f20eb29ac3cf3cbb790000000d17f8284c7e0110ca146c042db7ecd8753be3de3d333f4f3e2c03d738202021e5ecff5805cc8f8b04b0f6c32d7bee8efff46bb986861e3ee4fa3e70b95dd62cfa34650e52c0fc5a07444b11354fd2ff64cc5b524bf01434c4f4efadfa2f96006bc50d6e1ef27d99661e27a8a6706ac030d9130f95f59e60c768f505fd8ccbe2fa394b278802adeaa0fb1a5ff61e9e1b24000000016078ce7a19e52e38452ae5e865d5d3c2e75d9a674a4097562e34702fcd7ff6f41133022a07f9b953a4bd6e1e1ac97e00081f66b038aa4905678f41bad98d4ad | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\ic_content_sticker_location_black.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabAAE1.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\TarAC50.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f9cd289a7e0b53856a35a49ebb2d2ac |
| SHA1 | e64bef134483cae36cf29729e0c3605cd82d8c0c |
| SHA256 | a30819ebad46a5b4a0d693760f566fa6189dffce0bd09dc2f395e56a116c356e |
| SHA512 | 88246023b1bb0ff3b670987860b1e6ca7a8f8f08e5c0165a315cdea63463b375a209e38c454a6145cba208ebaded81d8c37ddf70af81ae58c4fb3a40a8d5abee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03e9ec9a40e1810ec32e83df4c376045 |
| SHA1 | 799fa7bde915a8d59358af71466029978b35ab44 |
| SHA256 | ff2735ac1089c1524f26bb46055bb5bbf42b2dc271fbb46b4d5ef06c09b1d6f1 |
| SHA512 | cedf6b938bee6f0194e1c1cafca965e6be2c2b3d4cce2db2f6d9d96ba69f7d8a2195dc1204a5c02cfd5bf55e2f1cdf49c5a243a5125f14352c3a60f9bba58f4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c1561a051da0110882dd1c2ad5b742f |
| SHA1 | 44b3dfbfe2c1a01767f8d4f3ad112f131b39e00b |
| SHA256 | 8e106805c992e747525f422433f6087ca0dde215eb0a0f474f673b98c7b48b3f |
| SHA512 | 6ee63f7203e1663a4589d5b28ca60277691d49acc8d4403dede9ae35f95ac0c57e9900f385b210859bf807b753f65da3e2a2ca55d09bdc7e1f71dd6f3001b4ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b0330c1eaccf40a2e1d82a9d027c447 |
| SHA1 | c4c30fef1f564974d242a6356810f389ba811fce |
| SHA256 | d5b65025f39a11915744a704abe42630d484f9ca2a63c5319b57e5c5436c2a9a |
| SHA512 | 529e3bdbdc3675447965f35a7d25d14478e215abcca3dfd8b6518010608155e124546d070534de8c117eb09fac8e005791306eac0f254f8ccd5fddff31aa37df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a583a57eb8e5885e3ed889a1417cd1a |
| SHA1 | 153fd4fae01bdd0072b36b6892b77deffac78125 |
| SHA256 | 907378e2960b134383e5013968bf68276a99d51f3a6c47ea67747e629d93b1cd |
| SHA512 | bad09c7f3cb6ceb511dd2513c1aab49d149e0bd893419f02b8fdd48276756641a6b0fd4a330618141889d5314ab615a4e8237d6333a7ee921f55cc248a00c4be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50701db121118c9f5196fbe413388c40 |
| SHA1 | f69bf77c37a3322b0821d304175f9f861af662fe |
| SHA256 | e6aa854015ef4ab5f198c61d819a745d4e35e1d82f5988d953ce15aa2ca66d25 |
| SHA512 | 16aa38fd6a843a1d5a73e26dd1357cacf077b2f8c4ca979822a3e7828d53e5fed595ce91ad0646453070398c434fd3aad31717be436e135919c646755f99ebce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 829e803e954a36d2814d47b2cc3c5624 |
| SHA1 | 013cca558105d8d2b43d69ff0d8d6209b60a2f2b |
| SHA256 | 1a51fbd912bc9ace9ed249f549d923e33277efb671bff8d92971330dadb855c4 |
| SHA512 | 8e8cae9f89862916ae39ea5dff3eec1ea31eb04b60c3dd887c34dbbcbcfa627e203bc76775fe1332b0331695884ea8eaeeb8ab79264808349c2e5c5710f168b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59abff06290f256b2d73a983e772e942 |
| SHA1 | 0cf666294579073e6003e3aa22bbf7bce7206dfe |
| SHA256 | 55a1c7cf164d5e8c3cc9429bd3b42fc848cc5f385dfd183f9f4cf050d7b16d1c |
| SHA512 | c52cc503cbf902e163aedf7615b5495550f0aafc8b27191480e4dd3a7850f38848435cbb47c686c5d2cfbe0f7a4a1f1e08da1d9f47f1feee4261451e11eb5ffe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3dd2233a7a599f1931b590d28a05f837 |
| SHA1 | e12100ed2fdb07154b7f95f2bbab191b1e10170a |
| SHA256 | 03a8072b7c702c98c97d4078d5e2240e14068364c470d79dcfa77faded86beb5 |
| SHA512 | b8ff26e420c0ba215e69f3e3e0f9cf2a897c22acf3e8b820c6218721317b889057a5d8b8adab1dbcdfcad5aa6fa521407f5081ac2eb3210e7ccb2191d1030ff7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8547c300164cf6debedef9d2a5d2abd5 |
| SHA1 | 5098a2cb835e9aad30e0050fe45d1fc9906311d5 |
| SHA256 | a7da6e720f8543641456f4f5ad7886878a60f3f3ab501a2613ca3408d88c18d1 |
| SHA512 | 0290b26bf7cf09a983af5389041278daed95a1401a3b878aa424458d0e7dad212a022709d7cab6904aee4389d99a96b07f2e9c88341f1a0e06a9707fc6c6a175 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c84c36d1ea6571d74cb2856842f93af |
| SHA1 | 9298883bce866ec4b564ec5e805e5b7deaf53b8e |
| SHA256 | 6622c9ea5511fa3d3ed670c51f7500aa4a20a89a3ab113585609177768af679c |
| SHA512 | b6d0b96d68c4e593c9201cb1f19933b6c26d5044c39d20efb248c0bb5975c3f06cf2ddcefe7b678ca26118f57c18e2eafca75da95743d9020ee5edafed54190b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 866586abb260c8378ad12e52070ccfa8 |
| SHA1 | 5bba785d2e1ca36138afe98565ae86147b70bddc |
| SHA256 | 63dab1e082c79ab3ed100f5d6640a3571d6ee39a6cbe193fd6dbc6a394cabb12 |
| SHA512 | f99cc745b6eaf23e146a21c53f81395cf9582da2387461760e02ef62043852ac25c7ab5741cd75491774783bea81ddb6a1fad2ba041fbc766de158ac72860614 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f334418f7658190d3eb57d7f78e222b9 |
| SHA1 | 8460c6c718ab833ffd6f032f579563b4dc63f11e |
| SHA256 | 1a0050c901c1bcce3061153ff9b5896fac74196d38e44c457c848bfc419e4e53 |
| SHA512 | 7996db866c67c79d2388ed74b17f6bc96b5c4f6bb562c47e13eac0f639c01057da3c070b3a708451155e89442120478fab662e052f0e40d98f7ede42b23430f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e11c184448c72b03ff4b059bf62f9cd0 |
| SHA1 | 0ac47aa7eb8dbb45b7b7d68ddf8a79a425f6fe39 |
| SHA256 | fe6d9b01b8d5695ee106819a048cbcf59c6a588b373b2bd6f2ee9029a0fa4e82 |
| SHA512 | 74d1ed2415541e1b2e22f7e4282a8d9525e7c77c927a014bdfe74f7f5930eeb33f2b6bceadfd21fb6b68d202b2a97ee0015aaca4153038f64e72358966431773 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a8e33d523bde5c7bb27ab4c356b2195 |
| SHA1 | 8facd413594546d24a991d99835eac715806a067 |
| SHA256 | 500e1e864dfd7b83c1edd58af1674fd7e230a0a0141670617bcc6bf75e270dc6 |
| SHA512 | 8a34246ab7d0be5bb7d0adc8ca0fa7c773fc94353552e0fa28841d18052218d655af5ed4eb2a992fb09e66f330ab4c124b140266161b3daf24736db5c0c838ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adbdfc3cad2fbf3627634295b56a176b |
| SHA1 | 3dee91ceaca9441c7358ae31d041a7b0a193ba8c |
| SHA256 | 2bde5c4ecb804c9a3ef8f609cf892634048a51a06cbfdbf4932004bd33b592e5 |
| SHA512 | 1d7e41b1b9de6eb8200f7fe1615203cb6e998cbdd47c55dec02e99fcb78e3ae865e8b4a9553a6911db8d7cf14f605710cf415c606dfd09617a52932c4af066b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c6acf8a635448f156fa627595d9258d |
| SHA1 | 8c5465c94557a986ffa0b1abdd009f03c2521c31 |
| SHA256 | 7f123b0aea8cf3755a88cbd85e14e2da4ec135747f271ca180f8e1ce1e0538a7 |
| SHA512 | cab1558973524acd4a131a91345a25319d971944fdafaecc26d0ebcd6c9997d68f67dd22d6085a447e975c472d50d8337a10e36c09fc43395dd9527a40bd38f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 191367af61d243956ba63d72c53a1f98 |
| SHA1 | c9349aa38c7245be6c880acb0efaf0b4d528237a |
| SHA256 | d4fa15adc30c3c20358e23283754f41109a1ee4ad4c65ab79178954e3ab6abe1 |
| SHA512 | 6352d7cbab64d83e32423006617afdffaee310ba0266d398abc2c20dbf502e5c773e6bfbf6f2ad53671e759da9a356475b57eab2d9eaaf5b8625129404112737 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a45b5618d7cc1de7571e3822d9c69796 |
| SHA1 | d0ce2646ad6d9ae310bba4a4510da581640c4d7a |
| SHA256 | d4c26e2537b27dff593b460ad0793630c44d13b514bd1cd631349a95af4dcc67 |
| SHA512 | 07ef0efc62989cc5a4cd39ff89dd85c938f6456eddbf17742ce2304dbdeb5f7fc775c143ec55daf3ec4685291b148d1da48024d0c37f12bcd111ac2179f1b488 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f3c5ee9e16fd09ebd7776a000af660c |
| SHA1 | c648d7a32a0525037d2022f1513334f52984f7b1 |
| SHA256 | ee5323f8b25a8cfa080de131f4723cd9fb8c91ef287c36856cd570f054b7a10a |
| SHA512 | d764565dac0bdac706e8c288d1d1c75ce055d31ce12855ade3036cdda16b98c5549a5811303eb002e567e4dc290b3a4a59ab71a7eeee631e17169e9e9b8e3e3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c61a64c75d504ee1a2027f878ff75e02 |
| SHA1 | 16280152f2e1ad7eba1cb242b42d961ed330efa0 |
| SHA256 | cd93b355e8d97294744997224528a877e32009c19163f1175dd565fd61051857 |
| SHA512 | 8e95db5e2889054338b2ef92c4f691eda04c575f4b516b0c6ee9f251c821f03100325cfd61e38a9a8ae1db635b7a3dcd40e36468447deaa47a3cffc9bda3ef24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb9ea80f0e983f02cfb132e956d70a1d |
| SHA1 | f3ed87800b6b8a5ab6280f20c5d7e8fa6dc9962d |
| SHA256 | c10a7a0a8647484f2479293d33f702c1745e2f46f96728eeb166180196d0a98e |
| SHA512 | 0fafeb4c14f1cb0ec7e4eb8caa6219ebfdddb04a1762db51fb49a6ae4c8ebd056a2159ed67c4947880b95f55a15370c199c3d93207db945f8ba85782e10e6464 |
Analysis: behavioral30
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win10v2004-20230703-en
Max time kernel
138s
Max time network
157s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WerFault.exe | C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE |
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\stella_e2e.xml"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 184 -p 2896 -ip 2896
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2896 -s 480
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.3.248.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.173.189.20.in-addr.arpa | udp |
Files
memory/2896-0-0x00007FFA9BA30000-0x00007FFA9BA40000-memory.dmp
memory/2896-1-0x00007FFADB9B0000-0x00007FFADBBA5000-memory.dmp
memory/2896-2-0x00007FFADB9B0000-0x00007FFADBBA5000-memory.dmp
memory/2896-3-0x00007FFAD9730000-0x00007FFAD99F9000-memory.dmp
memory/2896-4-0x00007FFA9BA30000-0x00007FFA9BA40000-memory.dmp
memory/2896-5-0x00007FFADB9B0000-0x00007FFADBBA5000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win7-20230712-en
Max time kernel
120s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "399647164" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CA1AE3A1-47FA-11EE-9505-66AFBA4EB959} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80be4e9f07dcd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002a91d4b999c9854dbdd04be1b9b2202d00000000020000000000106600000001000020000000aed1b69aff4a6a274fffb25d3c9c742747bbf93a04076c2557882fa5a891c7ec000000000e8000000002000020000000c1547bf5adc11d036eecc4779d4d2eab02c1b5ec2d5be0e21ef2a340f84a905290000000f55c0a5c5f31b126523735562027949c4061920319e765ed31960993c83b42ef3eba33342abf7a9290bf68f44807619e475b797e3b883ce08bdb74d0f83e419acdc98685cf747ddabee65895b730a40a995068b9b419685047dd236dbdbd4fabf0c52b4085c6c794e4c9dc983acee889909e6c5505b73bd3c28aa983ba7d608ad8ec786e056492631689ef0973b06bce40000000403019e69dc34cba5a6b6166bad4304253733f2b000e6f294c225ff5728855f50773a48944d68aa45d6bec3484644034bd1285bc44cd1cdc628184969b2346ac | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002a91d4b999c9854dbdd04be1b9b2202d0000000002000000000010660000000100002000000086e78ec1fe48ff8bd4cb78e49a8909a755e4f6eea0b0be281ce7850273052580000000000e8000000002000020000000d2e570e96152bc9a7a77051fb124d356f9675002200ab2b4e63ac68a5448271f20000000b53d281d8f2cc584f7cc8d15d0c7e83acd7792e5e2f765eb20c0e8a6c0a271c64000000098e7564ca74268ddeeebab25a802bc3854a486719ce940562bbfb67bf4c12ab8f1aacb667ad1e798ecbb15aa40f651e355ced0ddea594c22e35cfccb0eab1887 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2760 wrote to memory of 2896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2760 wrote to memory of 2896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2760 wrote to memory of 2896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2760 wrote to memory of 2896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\YOWA.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2760 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabC248.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\Local\Temp\CabC2C8.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\TarC2DC.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44ea4f7ad1ddbf14a24559748fde5a43 |
| SHA1 | d1376916eb5c5c6a27671480f7c612dcec53e5cf |
| SHA256 | 70281b829ffcc6e73a3c6052adf0cbc317416f73c998e10c6102a64e2b8fd9b2 |
| SHA512 | 0242ac0053ebd36254b10333e505183f67041859d975139cab42ae593f64ecc3425d923ea510b2f5a8c567771995fa6c4b2325dbf354becff1e0ca5126675fb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e04dc16085b0e57de35198f2dfd6dfe0 |
| SHA1 | 2bb26f7a7f5619f37c799cd988105786581d6c65 |
| SHA256 | 4bc13347660a7bca520e926d2ad03bc57611ffc814fb46b84f6b42ad42ff64c4 |
| SHA512 | 39899f2e33eb2b67f26ce84c5d4466eca4c14b1c89fb8080db7a4b3e6ef3e8fd7f62ea400fc284c262abb8095c75519afeafd81093c17557e97fb70e7301b225 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 331a69b0e5c1911fcb5973d0d2e28b4e |
| SHA1 | 372499304631c560a5b16f29a982431024f02ca4 |
| SHA256 | 7a37a32dd77803792671f41a27d2b7479a089cfd163c20c4ec4c027fa2b87c39 |
| SHA512 | 8aaa1c7f8ff20f410dc376696375316fab7268f505dcd4c6e1332ad5c37e402918551ca26f13ad3afa7d615265c7055b387c7b1d5a20391a63afb4d263a3b975 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bc99503b4f61491fe8e3ca1bc00e572 |
| SHA1 | d2393e82efb3749710036cc5c8faaea75804a524 |
| SHA256 | fac45362c9a2f5f628cec0bdc952d60a0a3616114b949ff6a51e2f5962fa1681 |
| SHA512 | 1580c84dff7aa400c6023e740347db1c731c6fe3bebf740559d2edc1a14fd673569a8035d153481ebf3a6c118717790f89f85928c376b7e88dbf3ea528dce140 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9f9156b47e035444987f9f0ed52a353 |
| SHA1 | 816db4eba63203876b4775b4f825e792a6301a88 |
| SHA256 | 7d3942326641c30d0d388b501a9610b2e83487d2d8bc6a24692a43352c802472 |
| SHA512 | 87d4deb1f81910e7e9fedc4407f4e514f7836d38e2d7cc318dafadaae670f2d68b49f8680614cda1437472ed946855fb7580b7e93944abcac3227a67d23c43ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a2c8e6ea59ea7d9cf9aa571c473cdd0 |
| SHA1 | 27617a3bfc8e977de235ab5ffdfb4a02cabb4843 |
| SHA256 | 6776b29f9296c741d1a16e36720065ca450d9eb36f913f2f2f2b8d13f4e4ca7f |
| SHA512 | d9ec41a06979bdd17d91b605cdc9dbbf30e1c9fb3bed06058acb8e79bc27f15a5f452351e3fb369319bae9b67a6ef09bcefeb6ccfcba733c07927cb79cd018b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3640dbf971a8b573776b5e93c48880eb |
| SHA1 | d2c549e8c9aae4d24c5445574c8c22528930ba1e |
| SHA256 | c7874bce63b458297b818fa48cffeb85595a4f8ae45ce854768e50ffec38bd45 |
| SHA512 | c23586d58eade2d9b256de184340ed52c4ae25cfd9f429507e2d54dec10706ff037f39d496768b7712d0106bdbd82b8e072465a2e9a977f487552a37426282e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35c1e9091efab630c7752f440fe1bc45 |
| SHA1 | b54186e9c2b3281c6d7d980aaba441f04df1f2df |
| SHA256 | 0023f551e0dc5990cc60e1facf0f112719220a30439abddc94f30fffbbe51fcd |
| SHA512 | b111fafa52146477442f3a9089411a05fa3af4e0654c88a6d9d6a1d7e4fc65419928ebb89b75de8aa67a73a4d1c964d6e45602fbf836e7bfc2bf81b74d72d3af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01113334bd7cad25e888e0db114e14cb |
| SHA1 | fc89c1794263e80ccc9cc4f531c382f1c5905db2 |
| SHA256 | 00ba733a797535ad37304fda52d277fa77f355042ba0b61683f491ca45f5a201 |
| SHA512 | 79af0fd5e8e58238b377e66c2785058b36a8c771be3e081df5792a1c13486a054dae4b7e85504e117116ff2d36d43b01f273cb6ba144661dc429eb2aa79d9dff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 446d432dff0820b047cd3e466ef04f24 |
| SHA1 | 456a2c7f3401b493ca70aeb6a640e2cc0e9bf264 |
| SHA256 | 937e8e09e95f9eea22a7d22dc9a74fc326ddfc0b7ebb8e91459ba3f1685bce7a |
| SHA512 | eb50e4305a56998ff53c91244cbe133e2074faed1884460aa121c2f16c2404f602a35a6a202bb4bfe73e8d06dd6d8483eaaa1120b2ecdd08f42f61fe1cbf24cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec6491c4a4204b3ef9d0424e998d4d2f |
| SHA1 | 4eabd84341da21bc44df5d54743a51cc12d52f82 |
| SHA256 | 06940c687d8e15675cb07e8a622cf724071de5e014639695b9ee98e8864fadc9 |
| SHA512 | 7a251854b9098e48c4954cd3dac3d5f770e841661007fd418534e4c0cb13ed6f7035612d5fc6c484248663dd086e7f8721edcb4ea8e4bd5da20b3a7d351ff84e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91249084e2c4718be6218bf1bbc6d75e |
| SHA1 | c5f9229f97db1eddfab280e4bde4b82cfe2eeb3c |
| SHA256 | d6ab941797c920d7193032a1757995f642f59e6976a96364851143f7c4e83c5a |
| SHA512 | 8265d269a129cd29d6a0d814c0c203cc2805489cfaef5208cb2f9f54222bafb4a86c400bbd94cd3ccdf131d6ccef46d4c3f9e52f6115a25b12458061de0a07e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecf2f275d655aa05e2c19dbda0f99121 |
| SHA1 | a1e52acb2617911c7d8fbf2a250e008ff8692068 |
| SHA256 | 0deb7ad8c9dec1bcf1e6ac452663563666cdb68a1e3df2592b94c609d6933c0f |
| SHA512 | 05c902b6d458ae5eb40916a37b892cb4fc56a0aef9d28158a0d90663a446982c8083ee2a36669151e0e0f22eafc7264f9ff0b37e26e4165e87a2f15187ecec51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a16cf9c5ee4661149985bd54351994b0 |
| SHA1 | 07e619b7ef4c887076c0a3f9c2ca771bacd3d275 |
| SHA256 | 161d31654c4cb47b74fb62d21e47e8f2002698035569bf8df802bb23f957fbc6 |
| SHA512 | e100fc5fc0a4d82f7bc21372bd00da44ff429479f0ef7e7ee84d30d183f3242fd58363c7d5c66925babb6d701a508a834e047de899affbe807106eba6a22cb6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8bb9d2654dc2fba6be57c511fd6b1d8 |
| SHA1 | 870a4c14acdffe70fda62d193496b63d782c14f7 |
| SHA256 | 7bcd11e6854038e147ee668472d185ef2d508dcee101f6864ec8538af7ff2537 |
| SHA512 | 707925b0e7e35039e020a92919e5358d6d8439f23ccd8f8c53ae073eafec2c842158be4e4bd0058c9229e9abb4f2925a30a8fa68938996d61110579a90a09b43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf41153db25650489e7fa0bf92f9dd78 |
| SHA1 | 6b529a26734bf01e2704b0034148a36e860c5780 |
| SHA256 | d8fd88cde3e1382d8aaa98c5c31f43679219596281b971004cae1705af68b1e4 |
| SHA512 | ceb6f1240644c3e7701711751031c1bf51c1c8de2aefff34dc557bd47392bb96856e19f4590b0454a4b5571cfc638ea5c1bf6759c0e8eccd6ae8f1668374f9c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31c6efb8d5d18755ec6267e3dd1f3560 |
| SHA1 | cf87bc2a2f54c3606f33ae51d43c9112b907e980 |
| SHA256 | 412909bd7352496f4e11ed75e3d1631adb6f06837c15a00defab670e6714487d |
| SHA512 | 2d595ad680fcf3a167eba2efa92c3ce52e806d9250e5d9895c571fcdaefcf784bf29b5aaa0f8da21638e44ff3b61ebb1a1f284f2d2f70455f5905e58083afe01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f13004723cd9775a4c3dbac02fe9a50 |
| SHA1 | 2870a4e365a6b13c1d0881a85bcee3dca7d256cf |
| SHA256 | d416d9339b44d21b3f118d7ba18d48ef41d349433ea0dbe230f9fa6e96980345 |
| SHA512 | 56b7bfba3aed190ba8dd6890f9e059b62fcf0b2e9a01c585d9434f79ad6cbe500127edc3a815ab2df6f4e5a8fd6308a3c216f98fa1780c73ad48e974ca12ac11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09d78a5e551f476d8e635008279bd673 |
| SHA1 | 70b44afe4ea65bcb727d8c07a280c3989e3d8c06 |
| SHA256 | 8863c9e2a174458916bc0feaf45e93805a895e60d03d4aa02862c8452f93f475 |
| SHA512 | f28f1501528523c7adfdd264eb8ada637870a32ec5b02aa5f0c839a7b987b1daa587e93abc784cce1d860dc2e344d207961131713b8ae63680dcd7a422f34c79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3fb6a49f7ef9a4529f2dd66640a69488 |
| SHA1 | 27978f28fd1962928d7fbb9d4178c6ec4a84d80d |
| SHA256 | 2b1c916be5b3e35793be26bd903902b5d72d6f2e346e7236c649a6e0252ba64e |
| SHA512 | 13ea4e356a113a4baf9aad0d520b66ede2551b3a862951259350ac6341bdff7e9f0a91320ff7efa934b38d1ba0b0708b3c625fe2b53aa677e2f619aef1f68b38 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win10v2004-20230703-en
Max time kernel
138s
Max time network
157s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2603364820" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e70746b52f6804aba4142285479e7a80000000002000000000010660000000100002000000066a6c578c5443b044a6598423c526f1a903504afc7dc59d4cc97cfdf5135789f000000000e80000000020000200000004eee4d95c0120a31b600de135fd907b9fe8cca56116eccf6ed522212d1a205e4200000007c6e3d9e42b4764700a0775ae68a761769886156930b37aa596f1305c817b1814000000077f9f2738522a95a3bea2a5f1b4692017c4409ac63d37db03d080756ed56aa842686841386fc17abb4bf754036f95a1013bc54280b7a2a93921613f518a05177 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a03369a407dcd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "400250277" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e70746b52f6804aba4142285479e7a8000000000200000000001066000000010000200000003c7957e6deb4ea3e6811618eafba97342d9a0967eacd283e2eb34dd9e49ee108000000000e80000000020000200000009fbd245d7fbee6c861a19bc86c707a919a65d565db5d79a5cad7c8e5d79a2e9c20000000d7b6dfbbadf40bd493cb5c81bc256066a0a8095554ed67a6c4ff97ee3200f68c400000004a6f3d2c53aeab02ee58c2c47e6fe409ff6ef3af71ba6a843e99b14d2ff07dad4bf7ec435ded4cdc04f5140c6ac6e941770635e813e113f738053a7a3f1b3a27 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31054855" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2736804670" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2603364820" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 808b77a407dcd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31054855" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31054855" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C6339991-47FA-11EE-B699-4AC21CF3BA5F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3092 wrote to memory of 4692 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3092 wrote to memory of 4692 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3092 wrote to memory of 4692 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\YOWA.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3092 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 233.141.123.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 32d6b2730620d22951365d720612c3b4 |
| SHA1 | 1b125a74be1a94fc7c85f25594517fcc0ac6ac95 |
| SHA256 | 0a8d16db430988e30cbcbf96f0470a3101a55ae9308d58fac47ebe48d0de21f9 |
| SHA512 | b89d4439db75f063c4322799955b51f33f8255a1a10582c964638e0357099155f9a996f60330cd2fff1a50f5e19869788bf2a99927cc16df7dad507ba2aa97a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | c890b903fcec9cf731ff05696767d3b4 |
| SHA1 | 02173ab9596c44d68deb2376ebdd18681fd35088 |
| SHA256 | 7af23c976085389fd7e24692412ae2f38b6ce66b5494baf6c05465ac336f0811 |
| SHA512 | cb509b719fad2cbe879a19cfc606cef0a6fb5f61c6bd9baf230c8e124fa755225c50ef7d58eb0889a083fc859015f469a92f09c0bd9eaa5ceab3e8fca85bf01a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\C7IPBQYV\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral5
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win10v2004-20230703-en
Max time kernel
136s
Max time network
160s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a07bbe79b265d14db3b0aa02a388214700000000020000000000106600000001000020000000cfac082d81404f8aeac3509f7dfd307142f3ba4da6fef673b877e41f5e542432000000000e8000000002000020000000bd66591bbf75c8c8babe330b9821283e6f4defe77455b52eda07c07c7cea627720000000dfbb0c692573ba7c2843e3e7b9128f6c51929400f9fbc2893efe29d1c6245680400000005aa38b8f4a99eb52cb6fe0280142f576e5aebad20ef30575d2af74fd250dc9176e39999ee99ef43640f56f47cea33b41dece6e575fef4f4406e0de0b263ccd80 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "400250266" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2613652610" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2638183878" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0b2b59e07dcd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a07bbe79b265d14db3b0aa02a388214700000000020000000000106600000001000020000000be257dd5ee3487189a19c20573668f8c9693f62bde7340c58375e44559d9eb89000000000e800000000200002000000028c322408e92310fb676d1ef91a9b741a1f9efb79d22402b2e99fcf52c6c676720000000499afab4531382fbca0732cfb094e5a17fd70e560094a1328806f887b32f190440000000fad8342d092036e477a3a3fdab972e39bf88d301202a2a262c783393f720d08ef85415baa663d51f17d07e6547a881fb92908b53468baa04cd49302c62766345 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C73BD80A-47FA-11EE-A61E-CADCCB0AB347} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2613652610" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31054855" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31054855" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31054855" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20b9969e07dcd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1512 wrote to memory of 3380 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1512 wrote to memory of 3380 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1512 wrote to memory of 3380 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\changelog-ar.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1512 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.141.123.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 74223b9a35286a06a7172149ff62459f |
| SHA1 | ad850bf9c6572ee5bbc12adbdb69009aea0182aa |
| SHA256 | af11e8cf0899ced9542680f2b07dd56d7692a4865f6bb7555b2fb05b48975340 |
| SHA512 | 20ab57582cfae64d7aae70a5329a075435eea9a194dad6bd582aad789407e1bad74f3801a7f98d429ca39b29125a615ee2f0345f5c5d3cbc0ffe4ba24127a9b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | c890b903fcec9cf731ff05696767d3b4 |
| SHA1 | 02173ab9596c44d68deb2376ebdd18681fd35088 |
| SHA256 | 7af23c976085389fd7e24692412ae2f38b6ce66b5494baf6c05465ac336f0811 |
| SHA512 | cb509b719fad2cbe879a19cfc606cef0a6fb5f61c6bd9baf230c8e124fa755225c50ef7d58eb0889a083fc859015f469a92f09c0bd9eaa5ceab3e8fca85bf01a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SUUB7YB2\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral31
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win7-20230712-en
Max time kernel
134s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "399647162" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015e49348610e2a42ac63317e6e4271ae00000000020000000000106600000001000020000000bae2762397cb3b30067b2391e7d3f40efab0b8c212b742c86cd51ceb5d5fab68000000000e800000000200002000000034a16bf909aa8f3ff7814b5342f70332065ffcde23e4c19fb6171ac0f455021290000000b2e1219c694b92602bdc2e95f4ece5423102519b9c43bc2f31be5342590dcc64b2db264d8ea93bf11d9642404bf494d5045c52a83d84232ba82d7d5c32d09bec0fbdf4c0bfe111ed7820cee0bf25ebb6e946b29c0bd91c0210a2a60fe52a36bf2ba50e34984e60d7a49240408b3de7551bd818956d554f340c5e7f357dcf790a9c456aace2370c8d136fbe98a7cb2625400000008963b5d75a5b1f49be50d99f58a78e375f0df8f3e69d97bd9ce1b88b8ccb2a3fd28e361358c2bb5481e5259e5be691a130a2aaa5a4df9142f07c2fdd5fdffde2 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015e49348610e2a42ac63317e6e4271ae00000000020000000000106600000001000020000000de33b1a63cc2b66babaa4a14fe6869cdd2e088a37e3d92a663f07c7502a3042f000000000e800000000200002000000045630a82ad83c555885bfbafb80ca7f72ea6f56820e546f045356b0b218a495f20000000536df1cd6571c952e2a1f497e89b6da2a7d194636a9e2d8fcd4079e0bfe1ac144000000085f9947efad823d58e66683925ff413ca25c77666c5fef655d8a8f11639edf086a9a864c45471d2b77fd45687d165d5dadd06b3acfb65f7cbc997c967cc99055 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C8FB2391-47FA-11EE-AA18-76E02A742FF7} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0f30a9e07dcd901 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\stella_wa.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabC16E.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\TarC397.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8daaf1e6b5745f006e92965ff5642a6d |
| SHA1 | ba74d8bdfd297eeb366ca6d47ebd26485f464829 |
| SHA256 | 2f871a128e33a40ee7d91a82686aa7f3a4a3ddc2a90a04c7467c1eb2ff6ad7e0 |
| SHA512 | ee2921b7dc06b738d46019754be636217ed636b17c23af81de2ccf770008c1bb2f224f92b6211ac6851c81192970b03541f76745e6002e420dfa99e67f0211de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3cf5ac949b256fbe92a17a4d5253ee24 |
| SHA1 | f6a7264653e326bcdcb0a324c1642bfbaeb78650 |
| SHA256 | 5cfc69b143ee967ca07c9005f5051fc67445b5f22cb2fbbd9dc0b9e7b6eb9a56 |
| SHA512 | 97725532609fcdddfb7427c7baf6a1b141dd5611375e97164b48bffe146d515ee8752771ae59df0994a46d44ee0065898c8d71736bac18a9fc6b161375bb211c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44d97da3f05717f2a370df0fdde40d41 |
| SHA1 | 51433d7cfd820f0753505497e854c74d4ea4bd45 |
| SHA256 | 313664f5da72fbf5b8e59775fa8f917ddb4a51ae15816a69e056ca00d34aca60 |
| SHA512 | 35f78b9d091d53eaf51c48e5a67f798353dfbfb7e2b6e2e02e995e65595f338b9fdc501bd8dad41de65c08c1da190b770dfb3f8e241e5024ecb39b03e70a232d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18e49619cdf1f1ce40206a4cd555ceba |
| SHA1 | b119a008af1857a22a2e8dc0569cd74403216429 |
| SHA256 | 2dfa22296189e06edc02cfff8594cc077de128a92a185fc5b2e7c903ba983884 |
| SHA512 | 0b329056c965dea1bc84bd55b7f0a14c8e1a254042282521a0df8fb455c1ca285d08649abb9832163c2e0bb3a5c143bc04909068fddc19fcfd8fd564abad447c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87c31db6d706876325ebc277b1395597 |
| SHA1 | 1236bc8f86cf452ff3dc7de61bb812baf612309f |
| SHA256 | 5e3f67ab99747e4869e84252fd31e1d95138cebb55574f1b06175a9584b8958b |
| SHA512 | 8d8258041d021d7a8a9c741813519e629088b27ebb94454c24fc69eed363fe0931773bf17a9b6eca0bc381cbbea7ccf7e3763a9daccd5d4b834785e4fa1ee21b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c826bceaa8cecd758b2d90d8766193dc |
| SHA1 | 16dc2a58fe8d98067461b39c7ec88336acfb1d88 |
| SHA256 | e658fb09c090cdd79e33660cfe26b62870c84dbf6832510ba1c8a3e37ef206b2 |
| SHA512 | 89b15944f219945336bcb946cbf07b7a6c640e1bd09c98e780624cf599c618da9e529d593fc89b308bd505a9870f6d2751f1c16b80bb55842ba39d4da57068c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff4f0be615e20305f8c16f860dfe8643 |
| SHA1 | 05632c48c09e815bcc06475073367a90aceb9b2d |
| SHA256 | 1cc6185231279ffbde7a49335312d2f53c759fa1aea34f477bd94a006a00f618 |
| SHA512 | 6f83140fc562b0a1ad082100a0606f8f24ae6664ab6815ac8ad8b3e35b5875c4311d0df8dd5cbbc95cec078adf0ce885cccc4e51ca38319e572f022249a92e38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7154dfc3eae6710a4111d441b8115ecd |
| SHA1 | 963c374206aad9de026638b345f0792930ede81b |
| SHA256 | 0d6485649a882a86fc574852521d542deb6fa38875dc7bf42d82fbe368121fba |
| SHA512 | 8b6a3c6e942111ece64a36ff638468cc0f11aa38a8aa2414cfb8934064f1a2b40b11101a0dac68ec6fc314e663fe559006dffdcff43ca4d8af13f5cd69895adb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a67e10b8aef05a160118d53b464cd57 |
| SHA1 | 889339d92c948f179acb99a88956c39c29776c09 |
| SHA256 | d0e25aabd7b4d26af529e8f3e51698a20fb0d2013eda5eae37008ceb355eab2b |
| SHA512 | f133ba24b33aa273295da59a8de60046f4ad0744df9b46abc2110cffe6529705b7490199ec226f9b3ccc8c7e5890eed1dd67b3deb89babd38dff02d207718707 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ed1ce9f642a595a1215ce738c8c369c |
| SHA1 | 9e4b9d8a86bdafdbb6ba0430d0c1052840b41455 |
| SHA256 | e36c9013f53f709dd54549eb5a84787c7349e45ca20be8c2b055f695d16aa70b |
| SHA512 | f111e46548b46d86f6da9369349a55a87edd6e23dbc4a567a84c9ba0778d337a08785d9a4713740996924e33f16c00f92e6d947e6f10d9466bc11ed0072799c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c10193cb02a09e89d9abe36db31daf69 |
| SHA1 | 1654c1504df1e40b14f113a9ed253b5d8d89d743 |
| SHA256 | 782362ba21021d3dcea8ae899b481576daecf2e4aa2d6446105c8fd008bcc019 |
| SHA512 | 725dc2171aec6da54d5753e8d8557545e49247fb67fc44d11beba6e91d1bc9419099b1fd825cea839ee1d8009260f876a54da4d8255cf7b5a926cbf67b05369f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6b57861f2e1faa0db01f112bc1fd604 |
| SHA1 | 837892838d4cd2ad87bf720a58e82e7b088a4340 |
| SHA256 | 7b17ca19d86c4e8cf28be28c67d899f24b634098413736069b29ef65a20bb69e |
| SHA512 | 824a82e4f681be9707a143ca8975d42b213f64ded20603fb171226bdaa15cce26782bc4c21d1259216e7f55fd8fe1a9fbbb7769b6599305282fa000c001ff54b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44ff8d9775238e32bc941fa0ec91eb41 |
| SHA1 | a3b35c9b9e37051fdb603884f4e65cfe52d6d554 |
| SHA256 | 37b0943d8e9cd30a2605ec5332dba588e7d192afab896909b1464740225b8acb |
| SHA512 | 86cc1af792ac5382942a503658c6b49f8084768ba6dc6ef1b68e869e9fa1958c9cc61628dfe16f04f63da482797a4625b50582c1e0a67bb52dd4d39fb99135b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db48c2180c881926bef4e5de8babbe33 |
| SHA1 | 0b72e46f3a356e71828ef1d4b85cf7e5dd97a238 |
| SHA256 | 95156075b6d4ac99f305a841bca7fe65489a62ee0eb574462c3c33491773f225 |
| SHA512 | f463e821f7007d5e76e9c9ad6910c78e4ca559e5f39fd9cb8249a90baecdfbfbb55c52af5ee69804b2758c6f4a856090f33d077c3fb8d78f5626a2bb4ef158cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04648f5d9c2496b4137b2f9a5ebb196e |
| SHA1 | e26a9a5b937144ca3a5ab6d98e8c7d6d02d6045e |
| SHA256 | 3a33c599ef41f46b3bf5b0b6371e9c3905b41b0c1dd91a70ed70daa48b6d1d61 |
| SHA512 | 11f9cdd41a4a6a886887fdc113a9ccd49e47b74b126bdb2fa778b3c934c99e2febac60d4bc3bbe1ba0c333965866b6c5a8db788de3b252131f049171e45a7734 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95196eb671fcc4a9e21433457e2c6a7c |
| SHA1 | fae03b50d2d809729d6f613acf79cc2290d71b07 |
| SHA256 | 917d8e611bddcf81eabd0f3b7a3c9f3dbbf26e17415eee42eb78fdc7fc3ba8ce |
| SHA512 | 6fbeb8420068a249727036771eaa471cbd01fd80404d8f603e065118bb3ee4eed143b3314381b9d96b719fa2e6c1903fd8ff94e814867efff06e3dc6900dd048 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5964f19695d0b0dade2d14fa44ca322 |
| SHA1 | 54d8833b7d4faf954f37cdd86bff9cc6fc7bea75 |
| SHA256 | f0216883ff20835833df868837f7a0159f7f6b10b054cd39feeca6963705a01a |
| SHA512 | 7b0f8f55076415ce02a756e61c3757c48877164723fb8a7d93b66452a9747b58b39b6d7ed0f26fdf10545532b98123598f61d40b10dfeba697fa91c323f010e2 |
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
android-x86-arm-20230824-en
Max time kernel
1268163s
Max time network
137s
Command Line
Signatures
Gigabud
Processes
com.gbwhatsapp
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| NL | 142.250.179.170:443 | digitalassetlinks.googleapis.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| DE | 172.217.23.202:443 | infinitedata-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| NL | 172.217.168.234:443 | semanticlocation-pa.googleapis.com | tcp |
| NL | 142.251.39.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.208.110:443 | android.apis.google.com | tcp |
| NL | 142.250.179.170:443 | semanticlocation-pa.googleapis.com | tcp |
Files
/data/data/com.gbwhatsapp/files/.ss/l17846d7a.so
| MD5 | cb93e2fac80c6ca4490ac4c0c19ff36f |
| SHA1 | 863e03be04a2fc4fdf047c83c704c84187741320 |
| SHA256 | 50c31f978b1ec4efee274b2bcdbbb2afe4a212188d40c32d0bc9aecdf79f108f |
| SHA512 | fc543ffce7c6c4c0e47f8d8844cc910760434ca319ea27327888f2264c890639cf09898ebb3ac046944ec051e2cc84130a6197f2b84417c0f4a96661a33826c5 |
Analysis: behavioral4
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win7-20230824-en
Max time kernel
121s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007527a1bfe6a818429fcd5676e9b72b2700000000020000000000106600000001000020000000a9de9dd051591538cb2eb90747320507c264ff52d3d62a46945b91656d708738000000000e80000000020000200000007cdfe1037458f619635aeb587e8715badf0a362416cdb22f7d26720ad69b103b2000000039141909e6de2ee106765e20ca09cf01b53e4e1b42df7fe2110025995da7f6bf40000000798e52578ff8a084e2e95da061f470405df253273b25ee322487cc21ee1e6b4f770129e17cce60d24094611cc079e35aad893e5d88dda484c2c2cba4e36935de | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CADC08F1-47FA-11EE-A10F-DA97EB684D08} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "399647165" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0753fa207dcd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007527a1bfe6a818429fcd5676e9b72b27000000000200000000001066000000010000200000007f2911db6e7c22f439d9ced10ffeceb3dc871fef0cd19fc6bb6e683a4203ba09000000000e8000000002000020000000ede4c099b5b6d2a4471588c8a4e5fcb3944eb5a2edf3fa94aec3e0609bee574e90000000a361743c31305b1cc5d53885560bfe68fdc719613bbd65f0a92ad0ecdec3e23099b04648d95e4eb095a73d120ca445c5caa3d370197c2dd492630447c9d2181695129971f4f4a56ce05c60dc538f2a98ec2e33aa95e38f202f9279d0db1c6acdc2180023598e1e534f95b91d605027627526aa1ddaeb906de396eb3c185fd18f89953c121bda4c6a28486e5483a2115b40000000793eae11c724945aa3a7f5c37d9d13338e40f3bed75d293fdcb1427899152e86c40b60b160f93e576163139fe100e06ee93ad37d2a3913debac26c0cadb2faf3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1528014236-771305907-3973026625-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2172 wrote to memory of 2560 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2172 wrote to memory of 2560 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2172 wrote to memory of 2560 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2172 wrote to memory of 2560 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\changelog-ar.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab8ECA.tmp
| MD5 | e56ec378251cd65923ad88c1e14d0b6e |
| SHA1 | 7f5d986e0a34dd81487f6439fb0446ffa52a712e |
| SHA256 | 32ccf567c07b62b6078cf03d097e21cbf7ef67a4ce312c9c34a47f865b3ad0a0 |
| SHA512 | 2737a622ca45b532aebc202184b3e35cde8684e5296cb1f008e7831921be2895a43f952c1df88d33011a7b9586aafbd88483f6c134cb5e8e98c236f5abb5f3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar9048.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40252c9e43f5ef614169a723cfa1f187 |
| SHA1 | d7de893f64e901a31d23d1f27dd17429f6277b2c |
| SHA256 | 60ae0e61c52fbdc7f77b2b0f5b61ed085e7a0571a8afc952909852f8daa02e1b |
| SHA512 | 570476fad53ef908b7c74017854fefa32383243ddb0b9e4db68df7c6df068f53889b5715cb092119d83ba37dcfd7a6e61325c3b968d5a1e3db57aed8549dd929 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 959c26945f56db6353a03fc46e3ab33c |
| SHA1 | cc29c32b81da50c5f7042c54005ef45094b2a7e3 |
| SHA256 | 69751165c63f3afd2c21cb4a006029f5cc1d00ddd4138d28eb6f06459319de84 |
| SHA512 | a8f336d81f12c75b6b3971781e18ac99ce7395252d9677ccc40397349659bb9a114f382327a382216a8fff87e09e3dd93623525bbee8d05d8ceffbe33974cfa1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f28a858834d1dcc34b8535dcbde61d34 |
| SHA1 | e8f308cb0025d0cc6b666878f32daaf2b1c36795 |
| SHA256 | f8cf7f68e7b4b54fe7379409d3dbcf5d0dc04676bd886030ca53aeca80b97460 |
| SHA512 | 02067f7c3802a3fcb69cc4873a7c9c8ee5bc0ac1c5c5a214271db52a387bfd83c80ff66ce0063cd5d8c520883f436d9473353faabb0b639e98ccf46c8629dc38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 993b1b88688562188b2063a257dafff6 |
| SHA1 | b185ed651f58aedad96be93cacb478d7fbef1d21 |
| SHA256 | cc2b6e7efa36756cf443a207cf9c92f8e2f872d302367ceb9cb0a364558a795f |
| SHA512 | a520ed2f25656d0d3d373ddd4ddfe7fe091c68b73ff81c08cd7e64e5749752287e9c20e0605eddc5e4cbfb6539e2192392f00e6b4b4a1ab488f3445987bb85f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 102228cc10b9523173fb82a09293fe76 |
| SHA1 | c3246459ec7f52979c78a0b7efdf97c431a568ad |
| SHA256 | 3811a47e4e799ffcdc698c37e6b250244ce9485ff316502e2c3b7238405b1f4b |
| SHA512 | fbb8bba2c5c6b942f0d2f3e45f6c1b9993617696d1333f1e5a83c0408900325b1e59bd347f660119c048d577b6b61019c69a46d6828fecac20b7f1a604cec246 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c75f1797f63a9cd788cfe001a56465c3 |
| SHA1 | 39de7ebca50b71f7313499f9dcefa1082dc4d6c3 |
| SHA256 | f9a4b9116293ac020ea214a7129f4f7705a6a00eea6090a7268672ca27c68b6e |
| SHA512 | 1c8ca54afd39f6e6d3accb3b12bda37bb028ea66499e91d52fa3197e9735351d352d63c54e0b6af62e95a31ce202b0a43c41810d8cb57cc44e07d05ccfcac713 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f61fb9af3650cb341996348950835103 |
| SHA1 | 2765ec7aafba426e95ed5376c7b58928c72546f6 |
| SHA256 | b0e32cbfd9553cdf2b7566858bf2d1867649413db5236704ebd844821fc5593b |
| SHA512 | 301099c076b7c5af9716ed1e8859a465f11f28831d40f42ada98f0cb05bb3faea9efa315e93ec237fc46d184d2834ef9e7a8487430af4a0822e805320efbc743 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47dfd3891056161d1abc5167ed41da1d |
| SHA1 | 4ff36d599885c713d42a95b78379c6d1ccf5f7f1 |
| SHA256 | c1c628617d5bec36a0f61df807e85473e434bc17893cfc6e2a46c82765c270b5 |
| SHA512 | 1ec3f7b84a3de28ab8d16c4948dbae6067372735037239a27102c04e256e555db77bc264b72a26f958ddcd2b8844d6343797a7fe955e7914137c8529a4dbcac9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 523d3810bcfbef36485bb96a80e136e6 |
| SHA1 | 146d2287170a5c0bd81c38e409ac5b373b31d42f |
| SHA256 | d3ba7a9c94fd51d2ee370ee730d26ee23076013018e61093a7dfe402b919bc47 |
| SHA512 | 46e5feb06903e1d990a8b15786366de0fe132c108b5ef800c68f72874960373bbeb851386b3f11aa7433f1f1d69202477a3e6a84e205c191fd28e630d3712ef9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 725a3241462da0ed635a16fed14d9b28 |
| SHA1 | 75802f0f72a260d50a99e95ee14dc21ee8ed4e8d |
| SHA256 | 59d70c8e14e3f0c9852a1195bcfce91c66c475185fbbeadf8a7ebdcc7149495a |
| SHA512 | 63cd4b68c8836c07ac07ce581d659617912c226173a4f3632c90c8c3e230a6c5e981bf3e1ff0a6c6412e29c14d8202146ae4590e897e7a35a9e7e47bd96948c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a91e4bf03ee63f74a0d7ba90d6531c6 |
| SHA1 | 2ab956e8e926d1e981f3fb71c43c2b728bf3c566 |
| SHA256 | e5293512071ffbc65e725a72366486cc3ae5c068cc599ef19ff45fa9691dcc77 |
| SHA512 | e88e38228cafa1759474b8fafdb0427ece930ba477e5342b51f2a0471c365118515f78234d3f53a206a6cfe84213f35b4c60e943df93453a8bfe85b2094a62b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41917e5b0d4d4697af9af37a94df6171 |
| SHA1 | d1d0a52e5ea3f3b747538debfb5b8da2d83dd119 |
| SHA256 | cda530133ce74966aa1aa21bc1833b25db7bc9d45a33d1c0e27c73f565e4f1d0 |
| SHA512 | d54eda5e7f0ccbc10c7ed9499becff29c9afb00e15c522da873c77b0aa6353268da5cf34f2309015d31fc8d7486388b365b81c802ed02d5335032dfb4a04ce7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2071475ada5b7218cc2d225d02afddc0 |
| SHA1 | 9a087891d54fe3d53411dcf612132716c24f3568 |
| SHA256 | e177853e7c2f434920346ac5fcbc18562529cb413c2944e7df7edbd7a6c699a6 |
| SHA512 | 1d870535a8caae3fadf9af8a41f3d390e699d71dbc21fff3a7498abe48778fe2de428506625d11a96e25a2d8f7d779f3206685f867e97f4bd3e4e378bf888e24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8720314b00295c922c9ac1a2eff40fe3 |
| SHA1 | c15114b78337705c6c692f97940bdeea4085f7d8 |
| SHA256 | 6d5c87d3726abe20c6c74636d7f913502c04b7f5f5e12bf9dc1be41857ade662 |
| SHA512 | d662c4a240803a97f74389450a61af9d51a3f5d22e08d393ff085a22892e62596711938da0383cc4b65f9f55d2af1363ec0396acebc0962036843417d9dbbd25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c0e29b7e1de04156df5ae077db113b0 |
| SHA1 | 710d6f2911fe9b118be72f96dc4e0818d788cd6f |
| SHA256 | 27e977e7c8b66a5d3d9b745fffbaeac18da0aac4318c70ac460a476b86f326e6 |
| SHA512 | ed9a4fec6e98cf455399faa2a4c1430aef62c18bd5f87620057f608385c8b344e8044545682bdd14999a4a6152935df99f1eb57cc243919057f8473b07fb0b8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e8f40b537814bc278d338514100e5f7 |
| SHA1 | 398a8b90242fb15a6b676b75f36ea7552218e69e |
| SHA256 | c1909840ac39b2df57948a5f5c1a33d0c36749b07eda8257083bba180c7126b7 |
| SHA512 | bf563db13f36c3cd6b16db41166fa8963d6846da72e1f39d101e782d6487e5905d129670d770d7f8dace0d4807c2ace27f3dde80d31ce38801b7d91b1d6b019e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e781bd720f1eb70f519c76bc996ba28d |
| SHA1 | 9d14543140f920a1a0dd9717eba0d2ed18ffe88c |
| SHA256 | b1d67cd1dce1bd133a37b6b2f73763ba03b2181b24d1e7a6a672e3067643a156 |
| SHA512 | 731d65305cb237df0a22d8b24c213c13dd44a2fdfe06122be6ee9e2f083eca1cbbbf037447d32d5d82e0dcf81a45ae9e4a8d0586da8166a749c48c994bcb3f66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90e4c0d4c779ecb017e5d3c132f2a084 |
| SHA1 | 9b997b30c746798afe1229d083e1590db8c772d3 |
| SHA256 | c74f66edaf24c8bbef15020d74ee5e7e769d7431c5b088633c948c651f4f00b9 |
| SHA512 | d41b44ac1fc50b7620764990c2e822f84a7df350bc0edb07bdeffbfd3b43344ac0eb83d0a6a27ee7dad55a2fce7fc8dbc39669ece02f34d0b5e92cd9a8855176 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0457fe00550b316b33061b7bd9c2c480 |
| SHA1 | c567307470ad7993a1d6f23d060de20f41ce7207 |
| SHA256 | 8c47fb86802e62c64ee74cf58251ae91f0e43e0813326b97073dc703bd99380f |
| SHA512 | 13cfc0a10215122f3deda04b270a9a2d3000922e5070896f14b5b22b3c444f683d1a896fab379af8b50eaae2a135dda4dca2fec0996129bfee251e3853cc6dd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba388f3420ff3fec344609da29c9984c |
| SHA1 | f89a264dc880576dbbc48478200ef833f7b4f81c |
| SHA256 | 49e1e0a13304aa64b890bee0b2894a5481a610165a71d7e4ccaccec6be6dc639 |
| SHA512 | 767c80f98060ce674fd00faf6ea1156386a92d99aa2dda3138d492497eefd81a3b90b05df2cfa41c87dc0d09fc58ca4edf77903ecc12ec2120193aa8ec3f7471 |
Analysis: behavioral32
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win10v2004-20230703-en
Max time kernel
136s
Max time network
156s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WerFault.exe | C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE |
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\stella_wa.xml"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 184 -p 4228 -ip 4228
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4228 -s 476
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.178.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
Files
memory/4228-0-0x00007FF8C3C10000-0x00007FF8C3C20000-memory.dmp
memory/4228-1-0x00007FF903B90000-0x00007FF903D85000-memory.dmp
memory/4228-2-0x00007FF903B90000-0x00007FF903D85000-memory.dmp
memory/4228-3-0x00007FF9016E0000-0x00007FF9019A9000-memory.dmp
memory/4228-4-0x00007FF8C3C10000-0x00007FF8C3C20000-memory.dmp
memory/4228-5-0x00007FF903B90000-0x00007FF903D85000-memory.dmp
Analysis: behavioral13
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win10v2004-20230703-en
Max time kernel
136s
Max time network
160s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a07bbe79b265d14db3b0aa02a38821470000000002000000000010660000000100002000000076334ccba42ab579057edf318182e709fe10927c12e0c91c5b8e36142902b325000000000e8000000002000020000000082aa324ff41722b4ba43f0c59621cf0cc5b6173fc247a70a17248f9e1399ab820000000cb68033d73fb92ed531594a9aed70e3b1b73d377681d227fd6ce9fd644fb7aa140000000333e092016839e7ca8b8d7cdda259f208d26c082ed4adaf8677463d29db8f8ffb1340b7b05edf1309ff266767a2c82541d8e3021cc715596a90a614d094b0eeb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31054855" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2635609998" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0685b9f07dcd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2623108928" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a07bbe79b265d14db3b0aa02a388214700000000020000000000106600000001000020000000456e27ab7b6b8027cc87aae059aff86818746c4abb83c0195611eb88899ce8e7000000000e8000000002000020000000a82c0d14e21c30902c09e410dc94c35bc07c802b444d1ef287c19d68ca765d44200000006e6a4b44b94c1de8b81dddd46370417f4d4b1c93926000f76536203ffa8e275c4000000000eced5955fcce966456efd40f7b954213c0bcc8799797b6e9369c4d560c8f2a6aedf6ec52a20f301bcc9e8e247a3d9e8043e9227c1c46e92792d2a9e47a7214 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "400250266" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f00b469f07dcd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C7C834B8-47FA-11EE-A61E-42F81B6E1B82} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31054855" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2623108928" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31054855" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1532 wrote to memory of 5060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1532 wrote to memory of 5060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1532 wrote to memory of 5060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\credits.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1532 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.8.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.112.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | c890b903fcec9cf731ff05696767d3b4 |
| SHA1 | 02173ab9596c44d68deb2376ebdd18681fd35088 |
| SHA256 | 7af23c976085389fd7e24692412ae2f38b6ce66b5494baf6c05465ac336f0811 |
| SHA512 | cb509b719fad2cbe879a19cfc606cef0a6fb5f61c6bd9baf230c8e124fa755225c50ef7d58eb0889a083fc859015f469a92f09c0bd9eaa5ceab3e8fca85bf01a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | d632013b92d14a7c5cad840d3601c5bd |
| SHA1 | bc6461bb7a654fe383377ca5a9ab3a75c0cc0129 |
| SHA256 | c702f74c0b892da8e4dfbacf8d0f29f8b1ba6ca464837c1274bf40990f5b4112 |
| SHA512 | b8f0fb63dce7904dccfe5be1562f7f9f5aba8bd90d1ee4dd7797502fa901a89cefac9e4d33d79a129b643dff03787962adff0dd1ff11421471e961c633b6b3fd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SUUB7YB2\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral15
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win10v2004-20230703-en
Max time kernel
122s
Max time network
157s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WerFault.exe | C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE |
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\ic_content_sticker_location.xml"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 408 -p 1524 -ip 1524
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1524 -s 448
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
Files
memory/1524-0-0x00007FFE069B0000-0x00007FFE069C0000-memory.dmp
memory/1524-1-0x00007FFE46930000-0x00007FFE46B25000-memory.dmp
memory/1524-2-0x00007FFE46930000-0x00007FFE46B25000-memory.dmp
memory/1524-3-0x00007FFE44370000-0x00007FFE44639000-memory.dmp
memory/1524-4-0x00007FFE069B0000-0x00007FFE069C0000-memory.dmp
memory/1524-5-0x00007FFE46930000-0x00007FFE46B25000-memory.dmp
Analysis: behavioral21
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win10v2004-20230703-en
Max time kernel
134s
Max time network
160s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WerFault.exe | C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE |
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\ic_content_sticker_location_emerald.xml"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 404 -p 3728 -ip 3728
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3728 -s 448
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.177.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.73.42.20.in-addr.arpa | udp |
Files
memory/3728-0-0x00007FF9F8BD0000-0x00007FF9F8BE0000-memory.dmp
memory/3728-1-0x00007FFA38B50000-0x00007FFA38D45000-memory.dmp
memory/3728-2-0x00007FFA38B50000-0x00007FFA38D45000-memory.dmp
memory/3728-3-0x00007FFA36590000-0x00007FFA36859000-memory.dmp
memory/3728-4-0x00007FF9F8BD0000-0x00007FF9F8BE0000-memory.dmp
memory/3728-5-0x00007FFA38B50000-0x00007FFA38D45000-memory.dmp
Analysis: behavioral23
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:34
Platform
ubuntu1804-amd64-20230621-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:35
Platform
debian9-mipsbe-20221125-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win7-20230712-en
Max time kernel
139s
Max time network
142s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005a31a35914bcf84cb1db54e391e8cdcb00000000020000000000106600000001000020000000fe64ca69bd8393e1bd13916fbb332c2628b778d3880e61118eb79efdcb43d669000000000e800000000200002000000042e98fe9eb526b6e6797026e81c2cdaea28ebf23cd77f9e4bb8edb85ee21589a20000000bfa8d5db79d28e6a6d871c1841cbfb52fe022852326e1f22c495781d45ec624840000000325eb9e7be32d6447a6010e7fcc08f820233fa909dd7acefdd9df8f6071e7bbd5b49374b3f466f595b218fc9f305f5ad391803b6384a0c5c14d3cbe4dbae2f8b | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005a31a35914bcf84cb1db54e391e8cdcb0000000002000000000010660000000100002000000057e979850a5c1b346b3b73ccf39257291fa6bdcae0af8d85497259e66f5532ba000000000e80000000020000200000004a25ab7041f74fe9c56cf9842c428e053ca3d1045c90083c30639a6b27f04d3090000000e05daed35b2d399dade3f31dbe47067cb85245e8b15aacc531e863296302ec992d639bd851a6275e9127751c9ad464d3efa611d80b8519e6509e683efd313393668d995dc18348b633db2af82ef4d45c85241018b3d470a0813570508e965eb22f1f5b2ee42ea6ac3a7918aff2b0cb76b65eb6d7ee25350714230c1062d231990bd7d611f7a527bff0265f5193978eb1400000004a0e0a7f9bedb9f811f930fe1ba0e6bda214d77ca17434a62b1c584e25557bbf12e0e60912061957bbb451d27468c40d74623527574b239a85e01930cfa84baa | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "399647161" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c03ce39c07dcd901 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C7FE2DC1-47FA-11EE-9BFA-7E970D42A387} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\clockDarkTheme.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabB626.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\TarB823.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 032da8689f1032e69aada4a7f08cfdba |
| SHA1 | a5741ddc61a5b707e6ab45124d3a25887787e254 |
| SHA256 | 2afe4e2af373ed0d77e8d014c8b51d395156a6b6b3833eb8d52aae947d227fae |
| SHA512 | 4303585d2fbf8eda129a08dea50264ac3fce7e20d32cd222c2f7ec25ac6d305234035801392a4840f88f7a29b4f4c7fd9a292677c3c3a54219eace3e6257e2c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a88ac1c1fbb6e8dd141b44e3cd1fd25b |
| SHA1 | 06133ea9d1c5d09978847d2b622ba6d8e6366d21 |
| SHA256 | a6b9b236e6c8b09cfe8408a674a0a5bc765716fac457ec0d1fe8124475f9acfb |
| SHA512 | 5cb35d8e0d584a65bfae9e264ea229a53824ceca11a68e28c69a953063cef504cf383df10b09e60915a445081a66929e55655ef0aa873f47d2d24dcaa5fce7d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca50c11819c1762f4f7fcc06b1530200 |
| SHA1 | 1baddaa7ea13006253115d73e303e0d1904ef2f4 |
| SHA256 | 3985c0b2ff63dd009c1d4d2202a6a0943af52df110e0595b884f16b804975e0c |
| SHA512 | f0ee7ed1f988fde7cbef4e70e8af9283be6c7c48867b65df158372d455b57d062f21ce3080a8f429462df80c41b123bf974ee9066af3734a3e7393b39ffaa58c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ed85a809b30617ebcbdc701c98dc2fc |
| SHA1 | f130d1939948fe282598f6a45f4b0a88028c16a9 |
| SHA256 | f3021b310982bb2f8ff8c14c101a3ec289fd6f20e1d8da2352432991df831025 |
| SHA512 | e9d62dce1ce118bc60b68cc22f69523e7e60e5e8975aa7ff0366a6ecaa200aa0aad23d5b44dc111cc63fbbf5a1ee85c30b1a6ca59f26b38ea74846040727f0be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a968bed7db94345e75c1eba241bf4837 |
| SHA1 | 17ea724c3ba68a698784d66425a1620cfea5dfe8 |
| SHA256 | cfb1208e0078845405b529395a104f5a1d16433a91aac08f54227c4b686843b6 |
| SHA512 | 738b51e0d0498757a576e39620a640ce8992e8f6301e617c1544e1fa4039eede463fe5ba7c9d495441e032c47888a096ee5011eb52a2c5580965e2af5c29a3af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 801a133554bf4e5d1c78e00ac3487b7d |
| SHA1 | c5d3f951d4a8bc88a0589f4e9614515d86d46abd |
| SHA256 | 70636a8ae09bf045734db2a5f37b889ad8f2c6b9ca5708032325e75fe91983c7 |
| SHA512 | 59662133bbeb91eba1a5adb42edca2830f127cf9a9df45825ab9b4a4b5346f23e9d6b2325f0459df110608bc38a8179e48ed3f66c13a7cf01a97e9305dd280e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab7ac7052e4354ac5e8c7588a40fec5b |
| SHA1 | 378b428d9ee65be7c429c505bd1bfdd0ea362c98 |
| SHA256 | 0fce6a819e033e70adfdcbedf83a3f3c8bb118a4b4f68e2e4593ecdc2cdcfd64 |
| SHA512 | a25fc02dad44cc2871e833067dc10a8ac9a9a15bc0682dc09e76ead1521b1677a29cf5a03e70f2f63af2b1bc5f752658fa7efd34db40ef4fe13a33045bfd33b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e70c389bf1008db04e25c681fd88f60d |
| SHA1 | be970bb120baca4f65bba6cc7f8a6156c6b615ae |
| SHA256 | de3478bf8210a87182221e4f3e9df20c96267da589424c507651f6fc872113c9 |
| SHA512 | 249feef0988e6a5ab47fb29f1b809463c3ddbf6c7467703938effe0a5fb10c885f8681f86041c262643e2d6f8f609b3a64d8a8e957049b4ddf0f76dd25144cac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 221cd530e2cb5884b8df39e9bf829f63 |
| SHA1 | bddca014f188e1965e299c7ed217c9bf43237121 |
| SHA256 | 182341c89cbef7ff27b8d447d5d32571da1164b900b3b5ec9b62445dd3fb5363 |
| SHA512 | ab29c2a5b73ed782a96c3c40b519d7ffe8899ee1c61d0aff60ebd191ff5bb14283eccb07ca43b8736c5169e4b6d5b176b7f2dbee11ca823d4785ec0339a3d8e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8714fa49acfbed467cc5d16745e737f9 |
| SHA1 | b30a6740fd0d6922ba2e6237d4be059fc352a9a5 |
| SHA256 | 6762c30ea4019b54561aacd653bb51894c5d8ab3d9736d59228ca13ea2fcaa95 |
| SHA512 | 0b811d8091da277a11faa5d6247904ea87835cbc4eb5c72704763593c2034b2c47e26c9b0cd14a5f3edf91761659106b7d4f6552dfedd13122f68df2dfa4309b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90ae0dc68d3e8ae92839a4dc9d24b20a |
| SHA1 | 14113d000b174ed81464731c38b529644e35d410 |
| SHA256 | e8def9b01b0d59cb0133ef7016be41ef6e33647cd62dde8cd9094abef615caa6 |
| SHA512 | d1b4af8fe45955524c8fb3777631aebf5f12dcd186d1c64f7c4ac9cb541f45b70ed0164dfd2fc84bd9c926c917fd2f02bfff0ba7fb79a58131766c8052a87d3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bcdf5261fd7f71ab23f77acc59beba8 |
| SHA1 | 4e46ee1eb272a67a546f2b0f38a8c756ca9ce2a7 |
| SHA256 | e84df666bb44ff70a298e7d909d2ea3812c2596b18a7582b58d4a36a1416370a |
| SHA512 | 7bec50f3987c1368138dd1f83e98568f3aefd941c02b128f7690e9350f1e01bce8d30f95c0cf7cd5f58e4eda83e33b815f85be6cf014e1f3898d20355b8d0766 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d9bdf41a923822a40da3023793b4872 |
| SHA1 | 029379c515bb6badd5ddf74f36695f8ea3ad978c |
| SHA256 | 5248b3f8996da4acddd6bac4446618460415fabf4e1990c77bb9678685090d39 |
| SHA512 | 38056c198e7182474d2ecd8b4c9fa3cf31b43950416dce5d7aa70f3cfed083bdad4fa0703d91e60321bb3016fe27abe4e8202af68c35a44f42d79a84575aab2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3cea49918cc42f328238709b29785824 |
| SHA1 | fdb565768383df5ed0f9c73b1921d2700ccb5034 |
| SHA256 | 57b637cfb7dc08b4d4466f4831d518dc8f059405b1f72acab11dbfb850142697 |
| SHA512 | 9ec7a485ac8b98d6b6639839767858f3dd729a19cc3ade6709aa7f0092bf00144be72470a547fc1ae6cdb1dc351e00645636fa48e3e51465433de92bba37d957 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb4431f840cd68d5c395e2b371328c54 |
| SHA1 | a25a08359dd2c08a548016d5fd51bd19b46028ae |
| SHA256 | b4677475e3cd4022adf35ad6699a140ef0f40bc56e6e0b2c579bd4d383c755e0 |
| SHA512 | 44b963999baf63990fac7240272780b3334c71ef0b44c6c7285f84a7eec1a4150cd9214fe74b4476abf16791234b4083cedaa023a8f5d370b5915e5473bb6836 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b95925dc99921b7927539eb3dd903042 |
| SHA1 | 5868afd7c943432a9a42181a0c6d0fb59f14a715 |
| SHA256 | 80384a837a78eff616596ccf63e9252f3b742890da71c0b1c3bba1203a14a1bf |
| SHA512 | 3e1165251936222f83209917d1d7b65610a3db7e508f8611813bc5a7b892350d4d1ee4b8448494030446328573e5325bf8342bbdfa9181423d496b44d5d4dc03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 397baa4cf097b3da6434320a42cd3c29 |
| SHA1 | e0c7581c0b901f5ab01c89513eae251fa716000e |
| SHA256 | ab568cae456a2da16a04a5cf4ccff102bd2ed219275e1cfeecf0968a80f937c5 |
| SHA512 | e3f6fdc0672b6647d04c2fc8922db600cd334fb3491231e52f9b344003136ba870704e191c907b1219e4ffc571669d6668c3a124b895c66a003f0559bbbf352c |
Analysis: behavioral16
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win7-20230712-en
Max time kernel
135s
Max time network
146s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8066b09f07dcd901 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CA88C0A1-47FA-11EE-92BA-D2B7D0620653} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000081fc177b9287ed4a8181eac127bbbd6900000000020000000000106600000001000020000000060ced8548e930ee3672459645b81aee15ca58709e9535a6576ef8994cf15e9b000000000e8000000002000020000000cf6e7127a3da74167e6fc383bc7e87b6b3f24ce817e248129cdf41d0c587e256200000007ed8c60fecda93692df747c3993052dceaa90c711409f8b677d8feccd726f1674000000004c1be64b5709ae7bb97079118e699636d55c25b4daaa0bf4ff3ea6feead8a79cb4a1e388da1c855c637149fd2a20b059c86c326233ddee63f4f53f286bf8da1 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "399647164" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000081fc177b9287ed4a8181eac127bbbd6900000000020000000000106600000001000020000000a00a3152e5b6ca05d1fc8648a4b7dd40c44fe131d12f3170979d5e27d8b36f20000000000e80000000020000200000009273a3b1113dec18d39346303eb8611a2a449f6cacafd03bd4c70d0705b65fec90000000e21bc98acd3e83c78945ccd7f6953879d8ec81af95464f8c6a49b40d077f510e1939b80f5987ff8f1ce0eb6a60d7b46e1c6276f8aff07c0aa44579cbd32096366f7112197948565e14a8032ed5d12dd0da765e08976ef665255594089b1684a2d1f376897a8743cd6b8c9c5dbacb62df00a32950c8e5b9416e624ed0b5e82ff8270ba47bcc7224298176524a184265a24000000017dc3d604260c897cb292bda490fb4e95b47c4df396cadbaf58891610cb3cfcff64cdd0fe98726bf9bc50f4fba036ebaa09408858f5621b833046904e7d26716 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\ic_content_sticker_location_60_percent_black.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabE821.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\TarE9FC.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | eb525bd93331c66868fabdda4b25ae3c |
| SHA1 | 226ae36b45683950da5e629873a94ac4539d3e01 |
| SHA256 | 5136877b8a17092f1125244c24cf52492371afd930273d53a090f7a81723d51a |
| SHA512 | 8387432e0de39eb30e17608f7d0ac24dc1abba78ae43e33480d054a13ff03c3d44d8a9b8e7ea12ca91ea25b90dea831760ef984406c9644a8605e699d4415629 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1643dd82666c8bac977506da6b0d53ab |
| SHA1 | 3925c7a464aa2363547740294df2e4e3b7f15248 |
| SHA256 | 71b4e3e32ae79ab3cab3582ccf4b98572ccef7b82330a225bb7013f9f5a84a33 |
| SHA512 | 7cff68e3d3ff13a41e8f7bde5a40bffcb5106da561137d967d0708a44cd87bb20ab92269a8195424d0fc1e95b9bd0b86f83ce9dc0a2ba1d8e60ed26d1166053f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1cf029c2d00af5ed1f92af2d7d4073c |
| SHA1 | cfa466999863f8cb1e6657aa2a29dba724c8f019 |
| SHA256 | dd3c3b8b3d6e6972f789ff6f5b39b69fb6787e6d22783abd40e7984deff34147 |
| SHA512 | d759db6917e322c9e13674b76f023f0cdcc776b67f21e0a9159f20afc1f17b65dd029ed69ccecf5cd0012160dddb3c053c19fbdb7fb24ca29417730339067206 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3fbc9159426c4ede20ceeeb9ad828e14 |
| SHA1 | 18c08deb6bd2cad211a9cf1743870c412499ec65 |
| SHA256 | b812d3a6dcb52cb63e2a0d1908eb8ae39a15ff70d32e36a4a890b980e04d93ef |
| SHA512 | 5da3fd021397644dec3df906db0734cfcff90a70dffc59c2b073a54eaf1f6b566d26cb5613afdd791c1694d642649e50b32048d102f4acb86d1225f423703622 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f60d4b2b335c62517e09a71415404c0e |
| SHA1 | 184ee828228e0299ffeed70d07df21fd6cd9a776 |
| SHA256 | 92eaede003fbd8c30306cb4c3725f3d185d609216b581eb4403b69eab59f8ed1 |
| SHA512 | 959dff1ad1463d0fa2c74bd31b558d04bb3abedc9f32c0523e104f23fe96fbc1ab4bc40f6e393cdb013767344f9cf0b5fb0e4e752114e7d3b4b7256edfca0a68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f15a78e314a3bec386e0c9fff416ecf |
| SHA1 | 77bab3c175897b2be72d273c199389db2939375b |
| SHA256 | 2abb7c2076deb1f6760e129bae986d94a2034f1136bbd7b57fa427d6188d2793 |
| SHA512 | acb2ed4af3c2c18fe2315c57c357d75f5a4e3629af47615ce68eb78b7ac9c89320b7c345ae5278e9f6563bcbf12bd8a4283ffc41a4b7c9fe940931a7fb8de900 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 926b1424e96b20c91a2c2426a15fa53c |
| SHA1 | 9c907501583af04551d87d78d5cb14c905205055 |
| SHA256 | 2745978c1ec7bb6daf35bb49e2bda0dd0c1b4dfd4b62f946eaa6b16a09b4607e |
| SHA512 | 814e2f5bb0d9552b0f0e7f2d63a2d7e7df3bea867d24ec52bfa623ddbac48efc9efe723c89ed8ed5f04d19bd99c372041c6cf2af3b3f0a229d2c6793a8aaff68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6756fb90d592aedfb3a4dbb04867a8d2 |
| SHA1 | b3a501f26e0783e9f793c71a1a9d9a05e5e35969 |
| SHA256 | 1ddda08a5c338d97f79b9b3df0e1c027f8bd29ea2d251e6828aaf3816699191b |
| SHA512 | 9ce6ed5d7718eb62d937004f082659445c253d41c43d60d14ba54e6f08e496acd30d7b1c9b76c033fe1c6194402455440e25a802fdb81f2defe4fd1f924a709b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 686af61a13149f573d7761f4fc6f05d6 |
| SHA1 | 3d9cce60e037ec05198af6fec719a1d45a2dd51d |
| SHA256 | 5dceee177a53a43fa73de00e7758450132c659896a62193713aea813e705336d |
| SHA512 | a21cc6a6fc737391954ddc0f3949b1e1e4eb1e6c8de203f3df26e05686967e0158a7f7ff96b1b492a390e5bbec0f9e90db6649d9cb5f7d634d063419f96299b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e941a5217b813168987bea03979d2cde |
| SHA1 | 0157ad539f2c43fdfc571f8806cc0a1febb7640e |
| SHA256 | 82f3e122a8373aa56b255bfb788cd93e8291a6cc14c3cf5db68299bd775e4778 |
| SHA512 | b25dd0b6a458906f092dfe09f4f5d143a3712ea368ac816492f68e68b03fd8d0139f39ae0be36b59612fc5676a57319f7796605f38fdbca7c9cf96a4fb5f84a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a55a124f11bc5c99881899469cba1507 |
| SHA1 | 897a0cd1553a17f962df217a967e70714571f828 |
| SHA256 | 79b900f8d8693402d1b649de16dc320a83dbe2852317a51616f70c27903750f6 |
| SHA512 | 2ab98378cbc1382f1829807649bb654d61a299d58f77c040864cde613fd16c11b7614eab39751e4a9697c4f2d4219c40ebd4d2af8180f7ba5bb7da07293885e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd8ccb7dc8e022af7901e4975c6db67e |
| SHA1 | 9c0e2d8d80c49f1d017a67a5c06b7002fe820d66 |
| SHA256 | 8131c14cdccf9bbf23789fb1aa09b6324cc3076d04e56e0ea8ad1c65a8729ba9 |
| SHA512 | 5e39ad43f448b69444c8c6adeaad83cc4eccc094f3d82b980d82ced6a8e898adc4a608dd3d64931e80405e2b56d1717ae1b37a1a6bd7ddef2a59d4c730d805fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04eca5e327da4b70516fd21ee4466b99 |
| SHA1 | 228d49e8b89c6726529b1638064609e1d447f8aa |
| SHA256 | 08a025d108c1959c676d2946ec3b360cfad93043f474bb362186f29ce238a68b |
| SHA512 | 4a5053ee5ed8c6f73ef7e7ea7a1068ed05795894ef58599cafdd40fad29ad8008077d8bb7c3b51481961a475a123c319b7a4118dddd1542bafac56b1889cfb03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a3fcf9256d9aadd77fd1aefa392f72b |
| SHA1 | a4c5d37f5a81205e0cd0ce3beaca4878470a8958 |
| SHA256 | 7e5da2f8e00fd7cab72c64579e27324ddda859ab7f42e1b245609d1332caec01 |
| SHA512 | 2777557fec1f82dafdffb752451d07921f94f56153393bb4fc481051cb742edc548c27824a62d1b543a5108ca2a08ab4d0d5cbbcbd60f2da6be700c95eda404f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 314b1fdc9760dd14c8723948fb3428e1 |
| SHA1 | fb9b2d7d6cdb253c2bab03012704ac410b0a29fd |
| SHA256 | 1e13d694a535454f0eb5ea23f2d3cda4692d3f77379c9f2133fbf0760b64fd37 |
| SHA512 | 71c8c519cd8b8bc40a30d96c09dc261d43c866d5cfe89caa752c8a5eaf62e7c289c4a323005988c6b1f197ae97080fe7ee268f12199aa4589ff40a32fd8b76e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2a152b0a5112ada8675c634aef365b5 |
| SHA1 | b20db514f43b0a4703930a9c76e99357ad74ef69 |
| SHA256 | f9d4f87a0803ab4e43aafebe4122d6a8e58ef153586e6dfa5d2e8e042ede5bc3 |
| SHA512 | d5bfdfe146da0e7c02c552ab4379f319b0a9a6ff9312e3143231911073b94254c9a658162a7a534da28156e4bc7d9c1cf8b4f977d675a94e6b5cda41431cf353 |
Analysis: behavioral19
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:37
Platform
win10v2004-20230703-en
Max time kernel
139s
Max time network
156s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WerFault.exe | C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE |
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\ic_content_sticker_location_black.xml"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 188 -p 2656 -ip 2656
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2656 -s 472
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.117.168.52.in-addr.arpa | udp |
Files
memory/2656-1-0x00007FFDE36F0000-0x00007FFDE38E5000-memory.dmp
memory/2656-0-0x00007FFDA3770000-0x00007FFDA3780000-memory.dmp
memory/2656-2-0x00007FFDE36F0000-0x00007FFDE38E5000-memory.dmp
memory/2656-3-0x00007FFDE0F40000-0x00007FFDE1209000-memory.dmp
memory/2656-4-0x00007FFDA3770000-0x00007FFDA3780000-memory.dmp
memory/2656-5-0x00007FFDE36F0000-0x00007FFDE38E5000-memory.dmp
Analysis: behavioral26
Detonation Overview
Submitted
2023-08-31 08:22
Reported
2023-08-31 12:35
Platform
debian9-mipsel-20221111-en