Analysis Overview
SHA256
e78bb0e4ff1131855c0c1bb5e94c961e4b9b10a15e6f4598c9d5322813456269
Threat Level: Known bad
The file Chinhphu0805182515.apk was found to be: Known bad.
Malicious Activity Summary
Gigabud
Requests dangerous framework permissions
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-09-15 07:26
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2023-09-15 07:26
Reported
2023-09-15 07:29
Platform
win7-20230831-en
Max time kernel
136s
Max time network
135s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4F05E481-5399-11EE-90AA-FAEDD45E79E3} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac20000000002000000000010660000000100002000000017c793eb94bf60e4d77e7e630a386ba22ea855391f43e23ae8276178281efe3a000000000e80000000020000200000009e9137cf5098ff99db7bf09bd5afa4dcc91d7cc5d3e3f9d8cf6ed3bbf7e4c5b590000000a6cb20c3f5cfd3def536ab4c6785a14189ed00ed568d8ddaf804aea32334933034ec9b9cb72cfc9004d895223cce0e84d182371f95cc68aa3bd0b6993feadfc4f8889a98fd1b29772bb42b0a9ceeb2b8f85675239a5e89aebdc9e59b8f1e0763df0fece82df16fe4b98f86d5481c054c04f5cd290ae22a450b4f120439838fdff905db706a53dce8d0dfb0943a0e2d5640000000b14d7d77cadd666f30c6111b827701b9db4224163f27e3b6e7c4a01e5f1a62e3b7a08498f83d2ed7313ee4bcfe8b3871638f6cb7071c9b084c4c5f25026329fd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac2000000000200000000001066000000010000200000007ceada43593b26e23540e2ee00fe824135ce7eae6d7f6fd08eeb76284a892de5000000000e80000000020000200000007ce0905aa8f5f9671745a7022c0eda0aba844283026e6cdf3debad421a949e182000000048ae7073b5003b0386bb1ae77dc0c8a48a4a465b98a02f4c9efd6d9bac0a7c7840000000730bca769a108d622ee7a27be2377a9ecf779d89d85c931298eeb3ca5d861c4d2e0ed9c6ab9a93b31143dd4e7a64dd632c9d779e10c29e4c49c9a18fed2d91fe | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 500b1224a6e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "400924711" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2956 wrote to memory of 2216 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2956 wrote to memory of 2216 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2956 wrote to memory of 2216 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2956 wrote to memory of 2216 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5EB6.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar5F46.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe624f5ce3cc68ab9606e5b51ff7f669 |
| SHA1 | 87463adbdabc4dbebf4029e7b46cd60545417474 |
| SHA256 | 0da1ed480de55db84979502afdf09842ca77bd8bbf52e9703c81983d9e19b0c9 |
| SHA512 | 4027806490cb13521dd5cf10a3c0261b9e059b91776888190c354a4b2d7acc6c7c3a427b5574aee04a8542b758d25a858e759f1945044e14eee4755f101e5996 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0f50a7858cbd75f134ee77711701bb6 |
| SHA1 | ccbe88b847982367b30df3ac3efee449c6d9d041 |
| SHA256 | dbb5d6e89d247328ab22aa2538364bac14ae2ba9c4def85cc5ea4b7b497014ce |
| SHA512 | 2c96095774cc8c9dd96b3903bae4abb7d10304d12bd7d05339fdbad637569f8300a4e2b3df5d76746202a8fe0f8308dcf1fa48ee9ae42eca21fb9a41e758e307 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aba011bd6948d83d9852ca141e911000 |
| SHA1 | b9b7935162de3ab4bf44550be50f5b4367a1f04c |
| SHA256 | 2675462539ce58d62d2d18225fb84d4e5401b27238fba5f6d7f543e4e67bab7a |
| SHA512 | 98b4b58cb670908896755ef190f6e12dba7ee01a84349a60fd4958c500ef2d0bbd9de990e72a7400bf18d8a616dc4b2dbd2734171cf6ef60c5cb7f0a9aa3853d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fe7afa2389e74e3be0135fb282f799e |
| SHA1 | c8617b17f25e5ef87aeaa06cbd06ad43b59dc324 |
| SHA256 | 93df60c424d96f9fceecf756c3565e273a9bc6e4de2511fc93e5a5d71308119f |
| SHA512 | cf3066a95ba8ec74dc3ed8790c4b488bd85dc0c5aa0ff52daa1095bdc07f81cb5a21d7df913e66d09d684b8df48d6b9edb71da0232d827b09ba5204b865b7877 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09fae14bfc62bd782ec0c9587b5bb4ed |
| SHA1 | 3aca41e2fcd99065a4e5b654a8baa599797c08d9 |
| SHA256 | 3145c9a7138f23fb2c94e24d3b00a1e4024885a2e96050d2d57c95e51bef04f9 |
| SHA512 | 7a4ea57b70d146518e2099ac3d77590dfb33c45be0ee97560ac5836caf896346ccca4053eb088c750cf59401144de21c666b2439783b7697ab957ebc5f1ea710 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43e31e1bc721135ae17cba39fd59b489 |
| SHA1 | c2941939c7be22fb6f696c4846acb4cbe5514ecb |
| SHA256 | 80586d0da065067e3d3c852168dd92a968af01e1c24676838d734c2a9db3477a |
| SHA512 | 8172b5f1c28e4fa3dc6b6994a71ef141f31b10895bd7cdcfeed6a773c49adf3506f271622690f8219978febef9989a233a535f17efaeb3bc246857335a3b3e3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 786356d57589134d5119149b147e7e4b |
| SHA1 | e50f4590292b659596a19809b7811a279486ce99 |
| SHA256 | 40b6a140cb31b4d1fd0fc1794d722a7f94440949b20e7c08c8d414c28138486a |
| SHA512 | a43e53bc8601c8e068c843b9dd8fbe78ba9ece9612ea3070f6fa3702b8aaeb621b55fef28c8e9b2e76b3f0671c2e80a8e90aeb6670fdb188bfb9686ce221e071 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d270271776a967ae9bb91ab327acfce |
| SHA1 | 726a87576cf2035a9dc2d51d3e480b6b6b4f5662 |
| SHA256 | b9056d8614c1722b4db72379cc37af45cc74a28c8e8411a170962bf4922c50b1 |
| SHA512 | c66f0f19c25038225ede48297006ce98115b0cb4b2710a88b0880ee5541aeb9576e75b6966981ec9ef08eba09eaeb9d6ec3b7795854c4c3c58b69d45f55531ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ad970170fe9b7b54116259f77c6368a |
| SHA1 | 5d0cfed2021bd441548bc888417715fd252f240b |
| SHA256 | 0c03ab4a01f0f05b0828d22af7ff07df5439ec17523cc8b2db2a4866d45177f2 |
| SHA512 | a7fed18bd592e872e99b05d928b2d2af0bff215525049fe3fd27174c85b42157aa92ac266e889583ee253647d3bc888c110c83c57acba503932e58b54564e1b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbc4b06b8cccae78da3cc31cf2d36c91 |
| SHA1 | 9a21004552c2dc83520645e91e0ff11e48c9be34 |
| SHA256 | 40fca577bb3154ece800ea90e57ff49639c75f0d67a32920e6285b1af1b56e28 |
| SHA512 | 059bb4874bffcb27eefc004623d059a0040135ab8c644bf91396b054bd8ad4ee3680bfe6fd959791e3dad1de99e1445667c1f3874f23a046df6ee9586de81347 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de44c53aada6326207ead987e6f2b7f4 |
| SHA1 | 2cc3757ffa0e2659b8dfbfb5c18bbfe0e3ec5c34 |
| SHA256 | 09e79f065d604e53580d7225f74a8d6d565d5eeebd6260e82fad13edd7e0b506 |
| SHA512 | e37dc7fc27a1ce05d644c1e89402db460810677ed7abd3dd54dc73eae56e9fc89f5bed351fcaddf80702c980ef66f52d8b608832d0f7b47a053e6b1a5d3695d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af965b9c46cc64dba5ffef375d56b0ba |
| SHA1 | 6ad8f42d4bc2348d0f790b1c405fbe4556798416 |
| SHA256 | f2291165ffcc92444b040e8176f81c1ccea2cd73493694e2bf18e6f15ec598f1 |
| SHA512 | 9dee052d932272d21322df09f607b5e57f3f797476633c7fec83e447c46b4c0af2a8de68df4169638bec9ac7bc6603b202d664cc992bd4e2f47eb1f852228cc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3fce9b70dc1912c64b72460cd69611a4 |
| SHA1 | 265d6a205f44c2c6a14a867303f9c6acfaa1f600 |
| SHA256 | 5a5d428e703fc213aa395185859445b216759ea4aadf3167d1708efae85ab3f8 |
| SHA512 | 52e34d0738b39116e8eb5604c7a3db26d647eacc0868c51f3e551fe47f4d8506507005af5c63b5871489a248c9131fb917b8b14074d548eaabcc2d4fca50d148 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 339b4a7f5ad3963fbbd3ef99a36624e4 |
| SHA1 | 5099a83b1aaf8d3f410fc9bfcb1b426f22ba7bd2 |
| SHA256 | af63b5087b24d820b245949676c006d2b538c94f429ccf458d29c0c557a75486 |
| SHA512 | 946b68e4ec143dc23f0fb70e97735233f4a5f8535340c1714cf6832bb647af8b7628e12853c0633e1f7a04db463b72fc40895be2541bc762b86fa7b23f4e51a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc7dbd9b9db0eeb47acb2fce5959b2ac |
| SHA1 | 4e3d6ff0145ce85f19c61a77dbe6add461646196 |
| SHA256 | 2e5e87ceb6b851bd857e79ba9209ac7564ae257336b3f55d387d1f8792dcea01 |
| SHA512 | 2af495e5795d6ac10b82defb78939d8f55de0785f6f6d1a078282b125046ce616e01eb6489ab9c7d9ba9c33d5bb505b0698824abfcc35d07f0f3b6c2d35c3ddc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0e7020f01faf197eae367198332d6aa |
| SHA1 | 8818acfc0725cb8ea2e9d7712ee4393b2646d069 |
| SHA256 | 3ecab31df529bbc107093b3090f04590da28b61ba93360da90205c66a5ec2252 |
| SHA512 | bffe0e9fb3b636bb8acbc0d49fade0a5e0adc7d200b0de8c7ceed39072ca12ec80c8f932ce736750ea33b0c0318cefeb65fb5de475a9ad427fdfff598c27df8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27105c92e9c6321322770beed46f6ee4 |
| SHA1 | 81357b650c9e176831751e70224734e44840f266 |
| SHA256 | f8ddf16bebb63f573a32da6fc80cf854d9744dfeccafdd2f00bf5141221efef5 |
| SHA512 | 47711c964c45d77bc0d9447251bfc98f3a3607411e7dcaa6dce04d15becd84675a77918769100a882752f3e71e3f3ca32ec020373f7650b455de5e757507cf37 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-09-15 07:26
Reported
2023-09-15 07:29
Platform
win10v2004-20230831-en
Max time kernel
141s
Max time network
151s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31057830" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fd14e1ecd39b1c44a5efcb8a6337e6ca00000000020000000000106600000001000020000000228e2be7b8f54d9fe5cde8436b6a07b6a5d730175c774fb5fc92d3fe36f13c3f000000000e8000000002000020000000cbb95e2052e3d0684d1f52876474dcf3fbee535ea1909fdbaf106cf89c20cfe120000000d00fa4d96c55d95d8b42ab7d55e6e4f58dd0203319ebebeda93264f9f37709324000000089a4b734739eca30e1f7549876c8bd47f9e5e5f23b67c41560b08a90880e36a4e06accb29f11f62583b3e297c20d5579acf41fa16d15a9d0eed0a5dafdd2b5f1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0229c24a6e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "595933059" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a07fb124a6e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{4F0686E5-5399-11EE-8894-765F18DF220B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31057830" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "595933059" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fd14e1ecd39b1c44a5efcb8a6337e6ca000000000200000000001066000000010000200000005fe81475a8e0713400e54b92a998c8797620b0f7321af1c0cc034276735733c0000000000e800000000200002000000018b9aa2536d263de3330bdd1952c88158aa0a887ebc46f6414b831a66f0d80a62000000008db7aebd7a4009e35a53cd87f641217c3202484739beae46daa2cd82384384c400000009a4ae1c475c468a69d24fbb731a1f282475eb9951602dc72dd2b0ad85de95f2ca7ad924c3800d52aa79f3c676f3f0c5dcd4d67bcfa0bf06486ad2ed2657ee1ee | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401527817" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "606557520" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31057830" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4888 wrote to memory of 2708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4888 wrote to memory of 2708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4888 wrote to memory of 2708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4888 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.7.248.8.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NTEOKZ9E\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral4
Detonation Overview
Submitted
2023-09-15 07:26
Reported
2023-09-15 07:29
Platform
debian9-armhf-20230831-en
Max time kernel
2s
Max time network
124s
Command Line
Signatures
Processes
/tmp/l4ed5947e_a32.so
[/tmp/l4ed5947e_a32.so]
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2023-09-15 07:26
Reported
2023-09-15 07:27
Platform
ubuntu1804-amd64-20230831-en
Max time kernel
4s
Command Line
Signatures
Processes
/tmp/l4ed5947e_a64.so
[/tmp/l4ed5947e_a64.so]
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2023-09-15 07:26
Reported
2023-09-15 07:27
Platform
debian9-armhf-20230831-en
Max time kernel
2s
Command Line
Signatures
Processes
/tmp/l4ed5947e_a64.so
[/tmp/l4ed5947e_a64.so]
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2023-09-15 07:26
Reported
2023-09-15 07:27
Platform
debian9-mipsbe-20230831-en
Max time kernel
2s
Command Line
Signatures
Processes
/tmp/l4ed5947e_a64.so
[/tmp/l4ed5947e_a64.so]
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2023-09-15 07:26
Reported
2023-09-15 07:29
Platform
ubuntu1804-amd64-20230831-en
Max time kernel
3s
Command Line
Signatures
Processes
/tmp/l4ed5947e_x86.so
[/tmp/l4ed5947e_x86.so]
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2023-09-15 07:26
Reported
2023-09-15 07:29
Platform
android-x86-arm-20230831-en
Max time kernel
2545727s
Max time network
136s
Command Line
Signatures
Gigabud
Processes
com.trinsmalw.bdyeurqed
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.179.170:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| NL | 142.250.179.202:443 | infinitedata-pa.googleapis.com | tcp |
| NL | 142.250.179.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.208.110:443 | android.apis.google.com | tcp |
Files
/data/data/com.trinsmalw.bdyeurqed/files/.ss/l4ed5947e.so
| MD5 | 2641b6e41b80bcb4b1b086b161f4e200 |
| SHA1 | f160fec29dc4e7f91d2134290f534c2f1d664e3a |
| SHA256 | 56eadaebdb57c44524ea25155bda707ef9a490d9c1fbfea46e4ee611e31a85d8 |
| SHA512 | 73ce93f4cae711dcc6411235baf8851a1f0a88871b66f9b2c377997f9e2ea63a7bf15e811e9c86c2b67765aee3f6e29762340d7def8159d121c06500de7c9231 |
Analysis: behavioral8
Detonation Overview
Submitted
2023-09-15 07:26
Reported
2023-09-15 07:27
Platform
debian9-mipsel-en-20211208
Max time kernel
4s
Command Line
Signatures
Processes
/tmp/l4ed5947e_a64.so
[/tmp/l4ed5947e_a64.so]
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2023-09-15 07:26
Reported
2023-09-15 07:29
Platform
ubuntu1804-amd64-20230831-en
Max time kernel
3s
Max time network
144s
Command Line
Signatures
Processes
/tmp/l4ed5947e_x64.so
[/tmp/l4ed5947e_x64.so]
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2023-09-15 07:26
Reported
2023-09-15 07:29
Platform
win7-20230831-en
Max time kernel
134s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "400924710" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008c66dacf3255794896cbcb5ac20a714000000000020000000000106600000001000020000000b8f68132225c403a23a16cf3a42d9c3a20814784779ad9ea9dce08596ba539fb000000000e8000000002000020000000522cd85fda67b2f4d607f825dee998afb042be51d37f60a6de43f2930d44d79d200000006acdd52cf0287bb7c36bdc758b880f395b86707818ed75ac1b0295b29595c5e04000000089df88ecbac0c4569550f8e6d4bb5086dd7995649424a36082da6e8e1017b9a7461cd3f9c9695f236d50e7fb0c35ae5e472d3a63c394136d5402c71d2dad66c0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4EE164C1-5399-11EE-B006-5AE081D2F0B4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a011f323a6e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008c66dacf3255794896cbcb5ac20a7140000000000200000000001066000000010000200000003c9123b6ee79cb5f38a32b50717c5549f0672e9d296872b910ba1f7929c1ee06000000000e8000000002000020000000f74d7abc75ed1ba598bbfa9e7d666e60b59c8c4dcc4dbbee9528a58897ad7ae690000000bfa06cc92e619a6592ba2aca885841886fc61642f6efa4fadf836a88ab7cc4d41d28886c3e0e4f5a0d5a8dc274800b4d30d9f235cdeb160943158f80efc3395cc798eb5f7cb3762eb111a1e8c0477ea2593f052508598e958aee9c3fb8fa83828644b7b5c64d7a80b6bf2af00ecac281cd472105ddfd3a550f7a18fd9d74680a44a61c939d6b2afc23c5f8883369820b400000004d23a499ac58758972fc173b447d3c49819988b55c247e2342feacfbbef0f8b7fd65af56c10d83cfb254ed717248781a6701de0f070986fdc9930ccdef62cf56 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2180 wrote to memory of 1292 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2180 wrote to memory of 1292 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2180 wrote to memory of 1292 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2180 wrote to memory of 1292 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\mask1.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4970.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar49D2.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fc27ccacb073b3b7b285e3294acfd64 |
| SHA1 | 9be8082ddfd7562220ec62f83a6d3f5f560594f4 |
| SHA256 | 497123972c73c0bdd2dc7c33e30064d2a441bb205940da875d64af135d310705 |
| SHA512 | c1184de9b8eda0b1994a61244238ac0c75b4a9952051fe626ae367d6a82a3db5ce3ca3262ac8fb5745716966438e75e988850032698b6269ef60a145da3756ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3bed8675f43ad9b5b4df2153bbd07c1 |
| SHA1 | 9648fed04fc360d96548e50d0813f6fb7e008a13 |
| SHA256 | 8a0efc7a4653eac3e0a1f2906b321623136ff97aec6803eac465f8f321d2e3cb |
| SHA512 | 8de24b182499d7ebea2fad7bb4bd19d7f8e0a4bcc7328089e9ba6f57a92beb28552439ee3d1e876d008bc1c6f7ba8e071ce13b14ced8bc9667d93b48ec62236c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 094888390aa65d135f8b7762f9918279 |
| SHA1 | eef3407088743eb30bb3fadc6f42bf884f01e1b2 |
| SHA256 | 22535822d00366ffcce6191eb3c3cdb4c4980361d3e4be00df0d786a6a75c9cf |
| SHA512 | d45051a2a316f679cb3425c3e2cbb0b4122764dc2ba7ffe56ef21be79385d56fdc05385c8de4ba67341e8c0f2f27318c963c9e7eb968218168c7f5d6f41f91e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6ccef0a74b4f79290c528e9f5033cb5 |
| SHA1 | ff45bcb79c53bc07bc2a6a80e51069a0fa73bfb1 |
| SHA256 | 8936ba37ee65cf7292eb80c6c67ed0ce78c9d867bdcaed7dc2e0ebc2278cdc13 |
| SHA512 | bfff5df8bdb11971d029b7e31c790ddbee09c0656de99402a783aaa9c8c88cd5390a005f8fb316ab84f39bfd1eb1442098fc96af9aeb7eb7675267a5af635b7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 587b9ef1736baa4092b7baaaa967f39e |
| SHA1 | 7daafdd8face027958c58ea779a9899c4158bdf9 |
| SHA256 | b3c1ee92c12b794c22fe0fb4e14254f0aad35efadd3038a18b804e84c180a4c3 |
| SHA512 | 000f5b039bff041766f1e3d84317f1f54776a98d8ab8b16935a27d21f999c697ae077a9d097f8aaa3c3b87515ef7bf83557826ad820ece3cfb29536b29e4ea6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 499dd5ab3a76381ad2945553806c9bee |
| SHA1 | 909ba345754c58af856831e1da30b304b9c56097 |
| SHA256 | 5d84896d5c96515ac1b4be95dbfc54c04bf7d565bc230974d896c17a403f054c |
| SHA512 | ba05ad655d186efe367efda496d794522f1b64ecb3938c9a4d4c95b704d1bd3327a853120644b44db1de6b65cbb46d55e5d47b5a843e27dd91c901b450908da1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eff8c3ca545c394e82127ba38d134524 |
| SHA1 | 55c0a809b3300416b657b3c0fa8da13eeb8bd251 |
| SHA256 | e2e391fde32e8d43dbcade8bb759a315c165f83be3282d16b8c7c5b5d0846a98 |
| SHA512 | 069dc6890d7cdf8fef8b1f4a9b727a1f71791b92c2e279165b3286b13a486bbd70b105363fc9e7e432dbbc85095e5e55b81ee2f628ced70ead7209ff75dd91ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9df00d54e4747770e97dceb55acb950 |
| SHA1 | a187282ec8f95860be088e4b933ff5b227c1eeb1 |
| SHA256 | 71123fc1a2e5b31ca52c7cbe415ef2a720530b9ad9bfa3d13c23e69c56c79039 |
| SHA512 | 8a60fa847fc57aba700d0de2f6a7091c4499e7f9cf06723245e9a8f9c31718fda50bb6842a1cae2d4b7217d9bef5953f9974675c26f2cbeaacc6113f1e9ae9d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 818baca766d8495d442db2a258bd6626 |
| SHA1 | 7b2723244464a572077605871b5b53715803159f |
| SHA256 | 93a8def64d9c2ba241fb433df633c0eff777786273d840a7fdcb322505612bfc |
| SHA512 | 5a458e0214959fbf7a0b205f4a1c374e9efb3feeb7c79d126345b828440d54871e5760d0fceb10dbe582f904e411865e1dc9678ff8cf764685bf7c509c78036d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8e561f1f5367ab5896a2a16aa2184e3 |
| SHA1 | 1b7ff111e908be428d2ff968e9d098664db75391 |
| SHA256 | b009c1f7437a1dd99117290686d2653063455bfaf6620942941d3b7d0529be50 |
| SHA512 | 173c39497ee4aa4b842f8f149c2aee7672b4d6b7b4c573cbd14fe8af1ddd65f518de1cd9ca2b229e7ca63496e4bad2b6909ee7e1ab580d6dcebf2ac641c11a0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f0856d391e1cc7293a85eb08165d6e8 |
| SHA1 | b1400fa9ec82ede58e3f2e2ab8cc02fb98be586b |
| SHA256 | 3f963edff19e8ea50ea1ca492b23d7c296bc5af1e256794198c3a85f4dfa1756 |
| SHA512 | b479c9ae424f3bc4da42c39359974a3abf13b6781e4350b1fae06da828cacd90a4c6f6ce950218db44ae03b588f1e67172f3c17ae670357935d85223914936ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0af6898490ebb21666a97635d22b6ea0 |
| SHA1 | 8f7ba55cecec421e64996df2b00bdacd2c5c5568 |
| SHA256 | b4d7f00f8fa57668bdfbf4573961cb898530e78e6694e77cd5f8ee3ecf71261d |
| SHA512 | 77ea5b9b6bc49951f96e91f8c1d243339e7188ffe3fe67cf5582a784480d6b1bd945f1ee90347cbc84fd28caf2985d33d03ca25b39823de47e5ea1c5088c1a57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8adc15dc330bb379714167844ccdf6d |
| SHA1 | 1649b9d5d82e0f1c7cca1ada67d65e130ffcce0e |
| SHA256 | d7b09b7e249e5a20c85240f32770a127f2769b84cd90ff45931e748d7da39976 |
| SHA512 | 209c2df0561a828e2147d601984c7c4d8f7759ed11159179dd0fa72aecfcbb8f48d75966764fec28ad720a091fc46c5ef1fefbf0814e6f9adc50d3b8db45e21b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83f2f6b6bfc3c048b27a90e041ef61f8 |
| SHA1 | 5110e65d90a4f198ab674773737ec5400d6737e6 |
| SHA256 | 6a92444e2f55eda00e92e677b6f2708c7aaffbb0f6f036fb458abe1e5fd95249 |
| SHA512 | d5ebddbfe132501b542990123675d68fd54a37debf1930332126043e7747cf9ca48a03687274162c4528f2c16dfea7f25fcb848349f9eac95275218124698aed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 645f2f70e1b0c4d8dfd2476b7ed25835 |
| SHA1 | 464c17831b4e80e2389e767ed42be018826dcb21 |
| SHA256 | f0aba3aa1f73456169448284b38f3e5958a4531b6c4859582dc3a44800e1f891 |
| SHA512 | 21b18e48be1e7893c295091de3014dc2349706d5318cfbba3be142ad429acc8e76f34fdc9e40ee58d3a0662d08792e410214007a804f9e792d4d600927ed0803 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a01ed430fec8cb7d73217d8274a539e9 |
| SHA1 | 29275383665d16e11aaeea5ed5b02f682161d4b8 |
| SHA256 | ec9fe9f90d7eb61aae11f382cc5b60c7b7c27c88f71fedf9be0e627f376ddb23 |
| SHA512 | 6cc3d43a88e4e7babbaee3a47f3e138903ebb20b04bffb5b560636f6e5b6494898fe2c176a1e8e629670e94e0abf528ae1ea5463488ecf5e0cca0820142981ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f2be62f8ec565e9923daedeb4a55a88 |
| SHA1 | ae85e8075cca9f4abb96c1f63cce58d954d1f938 |
| SHA256 | e7a3930e249f11ce4bae93ddf7abb46f2cd2fc38b47931be998b5fc178a4f15b |
| SHA512 | 36995ea3a83011e6d554391cfffcce3410ed0bb5764a1e593196ea8ba9cc0c7a9600d80631c3c7eb5f95a33932b4265c73fb410a1ba90b0e07b3c0f9a11bb5e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5924e649f44a9ae5f79ee65e481b47c3 |
| SHA1 | cba696d95123e231816809a0fbf992b72d5f1139 |
| SHA256 | 98b795a250d6a6068a412910928396f7ed99e4a842077141deaa77fc963d05e7 |
| SHA512 | a72aa7ac78a39a681ba745804889896b60cc550ea08c526ccc765bfe1316fa619e2fb0caf45868a32075d8c2f4ff3e511ebc6cd13d0db32072dd8a833ef99118 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f8af2002ad597e52a08518e2b565981 |
| SHA1 | c9e09741ca6f3cd5a443aa7b932aafe86c6696cc |
| SHA256 | ed47e343bc4b6d8d560d00e2e1e0c2d894d69a1981bad6b03781cd274e303a95 |
| SHA512 | 8304049c1f9476fcd83a07e5099f1f0218360fccb3b11b087d35a6c6d657266386d765f2f48190393ac094c607f2c323e98a5875e8395b58befa98fed9c3dfe1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db9eea880fc274bd48eb288d6d016d1c |
| SHA1 | 8a9743feda38285138d2230af2f74bfe33dcf9df |
| SHA256 | 37abf408139567b76f2d00aa8c056ec532669534728a1d3907e4a32fa7455d59 |
| SHA512 | 7b1a8977bb37b8d44acd331c8f46a8e7eab7f2d2576fdaf9793bf76c151a08046b90e9d13ac5f2999953814a458e1f84c4e0e81fe81b584f57842e3dadc4a136 |
Analysis: behavioral12
Detonation Overview
Submitted
2023-09-15 07:26
Reported
2023-09-15 07:29
Platform
win10v2004-20230831-en
Max time kernel
142s
Max time network
148s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002e066c10583e1946ba3d1022da920436000000000200000000001066000000010000200000005ef4b0b228f4d5385d8825e6dc5e543d884aa2017e6b71607dd0f63dd71028d5000000000e800000000200002000000095939c4723eb5c72f2b32a6147eae43551093ffd0c23fbc38bdd4d980911c1de2000000053f9cad6222332a731c63d976052a0aa4148613c4eaff1d3b01b30a0ede310664000000061eee253266dca2a8a30a164f34b39551eba3c95824521706d5ef51bf4aa32a9428ad94768ad4cfc7a200e0a6c7611f6506d9938b831c4718f1ced7f089808f2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{4EBF4274-5399-11EE-AC9E-76459FD948A0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31057830" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "605209503" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31057830" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80ec7d24a6e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002e066c10583e1946ba3d1022da9204360000000002000000000010660000000100002000000086afa11551e0be685091cca45ca32be03507f2866ef4eeb929415acfaa2d8daa000000000e8000000002000020000000a0cdfae6a8e46f9a6dcfc72d30e954f2d1e939bdccf103b93ebc72dacaec623720000000f7a772d80f1a307f743f5cffe1050119a7c6f2362419c77c1ada474c76807bc640000000cf6dc75d8c7882f825c488897cb50873a33661e3c470504f8e2f090bc8cad780ae8f79ff2b2c000cd5bdb0a4ea86eca51d66ab1fc7dd874243a5d36131431cbe | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50709324a6e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31057830" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401527816" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "592241567" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "592241567" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4760 wrote to memory of 3116 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4760 wrote to memory of 3116 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4760 wrote to memory of 3116 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\mask1.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4760 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0XT81K5W\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |