Malware Analysis Report

2024-12-04 03:06

Sample ID 230915-h91khscc24
Target Chinhphu0805182515.apk
SHA256 e78bb0e4ff1131855c0c1bb5e94c961e4b9b10a15e6f4598c9d5322813456269
Tags
gigabud infostealer rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e78bb0e4ff1131855c0c1bb5e94c961e4b9b10a15e6f4598c9d5322813456269

Threat Level: Known bad

The file Chinhphu0805182515.apk was found to be: Known bad.

Malicious Activity Summary

gigabud infostealer rat trojan

Gigabud

Requests dangerous framework permissions

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-09-15 07:26

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-09-15 07:26

Reported

2023-09-15 07:29

Platform

win7-20230831-en

Max time kernel

136s

Max time network

135s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4F05E481-5399-11EE-90AA-FAEDD45E79E3} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac20000000002000000000010660000000100002000000017c793eb94bf60e4d77e7e630a386ba22ea855391f43e23ae8276178281efe3a000000000e80000000020000200000009e9137cf5098ff99db7bf09bd5afa4dcc91d7cc5d3e3f9d8cf6ed3bbf7e4c5b590000000a6cb20c3f5cfd3def536ab4c6785a14189ed00ed568d8ddaf804aea32334933034ec9b9cb72cfc9004d895223cce0e84d182371f95cc68aa3bd0b6993feadfc4f8889a98fd1b29772bb42b0a9ceeb2b8f85675239a5e89aebdc9e59b8f1e0763df0fece82df16fe4b98f86d5481c054c04f5cd290ae22a450b4f120439838fdff905db706a53dce8d0dfb0943a0e2d5640000000b14d7d77cadd666f30c6111b827701b9db4224163f27e3b6e7c4a01e5f1a62e3b7a08498f83d2ed7313ee4bcfe8b3871638f6cb7071c9b084c4c5f25026329fd C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac2000000000200000000001066000000010000200000007ceada43593b26e23540e2ee00fe824135ce7eae6d7f6fd08eeb76284a892de5000000000e80000000020000200000007ce0905aa8f5f9671745a7022c0eda0aba844283026e6cdf3debad421a949e182000000048ae7073b5003b0386bb1ae77dc0c8a48a4a465b98a02f4c9efd6d9bac0a7c7840000000730bca769a108d622ee7a27be2377a9ecf779d89d85c931298eeb3ca5d861c4d2e0ed9c6ab9a93b31143dd4e7a64dd632c9d779e10c29e4c49c9a18fed2d91fe C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 500b1224a6e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "400924711" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab5EB6.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar5F46.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe624f5ce3cc68ab9606e5b51ff7f669
SHA1 87463adbdabc4dbebf4029e7b46cd60545417474
SHA256 0da1ed480de55db84979502afdf09842ca77bd8bbf52e9703c81983d9e19b0c9
SHA512 4027806490cb13521dd5cf10a3c0261b9e059b91776888190c354a4b2d7acc6c7c3a427b5574aee04a8542b758d25a858e759f1945044e14eee4755f101e5996

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0f50a7858cbd75f134ee77711701bb6
SHA1 ccbe88b847982367b30df3ac3efee449c6d9d041
SHA256 dbb5d6e89d247328ab22aa2538364bac14ae2ba9c4def85cc5ea4b7b497014ce
SHA512 2c96095774cc8c9dd96b3903bae4abb7d10304d12bd7d05339fdbad637569f8300a4e2b3df5d76746202a8fe0f8308dcf1fa48ee9ae42eca21fb9a41e758e307

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aba011bd6948d83d9852ca141e911000
SHA1 b9b7935162de3ab4bf44550be50f5b4367a1f04c
SHA256 2675462539ce58d62d2d18225fb84d4e5401b27238fba5f6d7f543e4e67bab7a
SHA512 98b4b58cb670908896755ef190f6e12dba7ee01a84349a60fd4958c500ef2d0bbd9de990e72a7400bf18d8a616dc4b2dbd2734171cf6ef60c5cb7f0a9aa3853d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fe7afa2389e74e3be0135fb282f799e
SHA1 c8617b17f25e5ef87aeaa06cbd06ad43b59dc324
SHA256 93df60c424d96f9fceecf756c3565e273a9bc6e4de2511fc93e5a5d71308119f
SHA512 cf3066a95ba8ec74dc3ed8790c4b488bd85dc0c5aa0ff52daa1095bdc07f81cb5a21d7df913e66d09d684b8df48d6b9edb71da0232d827b09ba5204b865b7877

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09fae14bfc62bd782ec0c9587b5bb4ed
SHA1 3aca41e2fcd99065a4e5b654a8baa599797c08d9
SHA256 3145c9a7138f23fb2c94e24d3b00a1e4024885a2e96050d2d57c95e51bef04f9
SHA512 7a4ea57b70d146518e2099ac3d77590dfb33c45be0ee97560ac5836caf896346ccca4053eb088c750cf59401144de21c666b2439783b7697ab957ebc5f1ea710

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43e31e1bc721135ae17cba39fd59b489
SHA1 c2941939c7be22fb6f696c4846acb4cbe5514ecb
SHA256 80586d0da065067e3d3c852168dd92a968af01e1c24676838d734c2a9db3477a
SHA512 8172b5f1c28e4fa3dc6b6994a71ef141f31b10895bd7cdcfeed6a773c49adf3506f271622690f8219978febef9989a233a535f17efaeb3bc246857335a3b3e3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 786356d57589134d5119149b147e7e4b
SHA1 e50f4590292b659596a19809b7811a279486ce99
SHA256 40b6a140cb31b4d1fd0fc1794d722a7f94440949b20e7c08c8d414c28138486a
SHA512 a43e53bc8601c8e068c843b9dd8fbe78ba9ece9612ea3070f6fa3702b8aaeb621b55fef28c8e9b2e76b3f0671c2e80a8e90aeb6670fdb188bfb9686ce221e071

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d270271776a967ae9bb91ab327acfce
SHA1 726a87576cf2035a9dc2d51d3e480b6b6b4f5662
SHA256 b9056d8614c1722b4db72379cc37af45cc74a28c8e8411a170962bf4922c50b1
SHA512 c66f0f19c25038225ede48297006ce98115b0cb4b2710a88b0880ee5541aeb9576e75b6966981ec9ef08eba09eaeb9d6ec3b7795854c4c3c58b69d45f55531ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ad970170fe9b7b54116259f77c6368a
SHA1 5d0cfed2021bd441548bc888417715fd252f240b
SHA256 0c03ab4a01f0f05b0828d22af7ff07df5439ec17523cc8b2db2a4866d45177f2
SHA512 a7fed18bd592e872e99b05d928b2d2af0bff215525049fe3fd27174c85b42157aa92ac266e889583ee253647d3bc888c110c83c57acba503932e58b54564e1b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fbc4b06b8cccae78da3cc31cf2d36c91
SHA1 9a21004552c2dc83520645e91e0ff11e48c9be34
SHA256 40fca577bb3154ece800ea90e57ff49639c75f0d67a32920e6285b1af1b56e28
SHA512 059bb4874bffcb27eefc004623d059a0040135ab8c644bf91396b054bd8ad4ee3680bfe6fd959791e3dad1de99e1445667c1f3874f23a046df6ee9586de81347

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de44c53aada6326207ead987e6f2b7f4
SHA1 2cc3757ffa0e2659b8dfbfb5c18bbfe0e3ec5c34
SHA256 09e79f065d604e53580d7225f74a8d6d565d5eeebd6260e82fad13edd7e0b506
SHA512 e37dc7fc27a1ce05d644c1e89402db460810677ed7abd3dd54dc73eae56e9fc89f5bed351fcaddf80702c980ef66f52d8b608832d0f7b47a053e6b1a5d3695d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af965b9c46cc64dba5ffef375d56b0ba
SHA1 6ad8f42d4bc2348d0f790b1c405fbe4556798416
SHA256 f2291165ffcc92444b040e8176f81c1ccea2cd73493694e2bf18e6f15ec598f1
SHA512 9dee052d932272d21322df09f607b5e57f3f797476633c7fec83e447c46b4c0af2a8de68df4169638bec9ac7bc6603b202d664cc992bd4e2f47eb1f852228cc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3fce9b70dc1912c64b72460cd69611a4
SHA1 265d6a205f44c2c6a14a867303f9c6acfaa1f600
SHA256 5a5d428e703fc213aa395185859445b216759ea4aadf3167d1708efae85ab3f8
SHA512 52e34d0738b39116e8eb5604c7a3db26d647eacc0868c51f3e551fe47f4d8506507005af5c63b5871489a248c9131fb917b8b14074d548eaabcc2d4fca50d148

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 339b4a7f5ad3963fbbd3ef99a36624e4
SHA1 5099a83b1aaf8d3f410fc9bfcb1b426f22ba7bd2
SHA256 af63b5087b24d820b245949676c006d2b538c94f429ccf458d29c0c557a75486
SHA512 946b68e4ec143dc23f0fb70e97735233f4a5f8535340c1714cf6832bb647af8b7628e12853c0633e1f7a04db463b72fc40895be2541bc762b86fa7b23f4e51a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc7dbd9b9db0eeb47acb2fce5959b2ac
SHA1 4e3d6ff0145ce85f19c61a77dbe6add461646196
SHA256 2e5e87ceb6b851bd857e79ba9209ac7564ae257336b3f55d387d1f8792dcea01
SHA512 2af495e5795d6ac10b82defb78939d8f55de0785f6f6d1a078282b125046ce616e01eb6489ab9c7d9ba9c33d5bb505b0698824abfcc35d07f0f3b6c2d35c3ddc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0e7020f01faf197eae367198332d6aa
SHA1 8818acfc0725cb8ea2e9d7712ee4393b2646d069
SHA256 3ecab31df529bbc107093b3090f04590da28b61ba93360da90205c66a5ec2252
SHA512 bffe0e9fb3b636bb8acbc0d49fade0a5e0adc7d200b0de8c7ceed39072ca12ec80c8f932ce736750ea33b0c0318cefeb65fb5de475a9ad427fdfff598c27df8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27105c92e9c6321322770beed46f6ee4
SHA1 81357b650c9e176831751e70224734e44840f266
SHA256 f8ddf16bebb63f573a32da6fc80cf854d9744dfeccafdd2f00bf5141221efef5
SHA512 47711c964c45d77bc0d9447251bfc98f3a3607411e7dcaa6dce04d15becd84675a77918769100a882752f3e71e3f3ca32ec020373f7650b455de5e757507cf37

Analysis: behavioral3

Detonation Overview

Submitted

2023-09-15 07:26

Reported

2023-09-15 07:29

Platform

win10v2004-20230831-en

Max time kernel

141s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31057830" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fd14e1ecd39b1c44a5efcb8a6337e6ca00000000020000000000106600000001000020000000228e2be7b8f54d9fe5cde8436b6a07b6a5d730175c774fb5fc92d3fe36f13c3f000000000e8000000002000020000000cbb95e2052e3d0684d1f52876474dcf3fbee535ea1909fdbaf106cf89c20cfe120000000d00fa4d96c55d95d8b42ab7d55e6e4f58dd0203319ebebeda93264f9f37709324000000089a4b734739eca30e1f7549876c8bd47f9e5e5f23b67c41560b08a90880e36a4e06accb29f11f62583b3e297c20d5579acf41fa16d15a9d0eed0a5dafdd2b5f1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0229c24a6e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "595933059" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a07fb124a6e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{4F0686E5-5399-11EE-8894-765F18DF220B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31057830" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "595933059" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fd14e1ecd39b1c44a5efcb8a6337e6ca000000000200000000001066000000010000200000005fe81475a8e0713400e54b92a998c8797620b0f7321af1c0cc034276735733c0000000000e800000000200002000000018b9aa2536d263de3330bdd1952c88158aa0a887ebc46f6414b831a66f0d80a62000000008db7aebd7a4009e35a53cd87f641217c3202484739beae46daa2cd82384384c400000009a4ae1c475c468a69d24fbb731a1f282475eb9951602dc72dd2b0ad85de95f2ca7ad924c3800d52aa79f3c676f3f0c5dcd4d67bcfa0bf06486ad2ed2657ee1ee C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401527817" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "606557520" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31057830" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4888 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
US 8.8.8.8:53 254.7.248.8.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NTEOKZ9E\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral4

Detonation Overview

Submitted

2023-09-15 07:26

Reported

2023-09-15 07:29

Platform

debian9-armhf-20230831-en

Max time kernel

2s

Max time network

124s

Command Line

[/tmp/l4ed5947e_a32.so]

Signatures

N/A

Processes

/tmp/l4ed5947e_a32.so

[/tmp/l4ed5947e_a32.so]

Network

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2023-09-15 07:26

Reported

2023-09-15 07:27

Platform

ubuntu1804-amd64-20230831-en

Max time kernel

4s

Command Line

[/tmp/l4ed5947e_a64.so]

Signatures

N/A

Processes

/tmp/l4ed5947e_a64.so

[/tmp/l4ed5947e_a64.so]

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2023-09-15 07:26

Reported

2023-09-15 07:27

Platform

debian9-armhf-20230831-en

Max time kernel

2s

Command Line

[/tmp/l4ed5947e_a64.so]

Signatures

N/A

Processes

/tmp/l4ed5947e_a64.so

[/tmp/l4ed5947e_a64.so]

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2023-09-15 07:26

Reported

2023-09-15 07:27

Platform

debian9-mipsbe-20230831-en

Max time kernel

2s

Command Line

[/tmp/l4ed5947e_a64.so]

Signatures

N/A

Processes

/tmp/l4ed5947e_a64.so

[/tmp/l4ed5947e_a64.so]

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2023-09-15 07:26

Reported

2023-09-15 07:29

Platform

ubuntu1804-amd64-20230831-en

Max time kernel

3s

Command Line

[/tmp/l4ed5947e_x86.so]

Signatures

N/A

Processes

/tmp/l4ed5947e_x86.so

[/tmp/l4ed5947e_x86.so]

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-09-15 07:26

Reported

2023-09-15 07:29

Platform

android-x86-arm-20230831-en

Max time kernel

2545727s

Max time network

136s

Command Line

com.trinsmalw.bdyeurqed

Signatures

Gigabud

rat trojan infostealer gigabud

Processes

com.trinsmalw.bdyeurqed

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.250.179.170:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.250.179.202:443 infinitedata-pa.googleapis.com tcp
NL 142.250.179.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.208.110:443 android.apis.google.com tcp

Files

/data/data/com.trinsmalw.bdyeurqed/files/.ss/l4ed5947e.so

MD5 2641b6e41b80bcb4b1b086b161f4e200
SHA1 f160fec29dc4e7f91d2134290f534c2f1d664e3a
SHA256 56eadaebdb57c44524ea25155bda707ef9a490d9c1fbfea46e4ee611e31a85d8
SHA512 73ce93f4cae711dcc6411235baf8851a1f0a88871b66f9b2c377997f9e2ea63a7bf15e811e9c86c2b67765aee3f6e29762340d7def8159d121c06500de7c9231

Analysis: behavioral8

Detonation Overview

Submitted

2023-09-15 07:26

Reported

2023-09-15 07:27

Platform

debian9-mipsel-en-20211208

Max time kernel

4s

Command Line

[/tmp/l4ed5947e_a64.so]

Signatures

N/A

Processes

/tmp/l4ed5947e_a64.so

[/tmp/l4ed5947e_a64.so]

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2023-09-15 07:26

Reported

2023-09-15 07:29

Platform

ubuntu1804-amd64-20230831-en

Max time kernel

3s

Max time network

144s

Command Line

[/tmp/l4ed5947e_x64.so]

Signatures

N/A

Processes

/tmp/l4ed5947e_x64.so

[/tmp/l4ed5947e_x64.so]

Network

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2023-09-15 07:26

Reported

2023-09-15 07:29

Platform

win7-20230831-en

Max time kernel

134s

Max time network

134s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\mask1.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "400924710" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008c66dacf3255794896cbcb5ac20a714000000000020000000000106600000001000020000000b8f68132225c403a23a16cf3a42d9c3a20814784779ad9ea9dce08596ba539fb000000000e8000000002000020000000522cd85fda67b2f4d607f825dee998afb042be51d37f60a6de43f2930d44d79d200000006acdd52cf0287bb7c36bdc758b880f395b86707818ed75ac1b0295b29595c5e04000000089df88ecbac0c4569550f8e6d4bb5086dd7995649424a36082da6e8e1017b9a7461cd3f9c9695f236d50e7fb0c35ae5e472d3a63c394136d5402c71d2dad66c0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4EE164C1-5399-11EE-B006-5AE081D2F0B4} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a011f323a6e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008c66dacf3255794896cbcb5ac20a7140000000000200000000001066000000010000200000003c9123b6ee79cb5f38a32b50717c5549f0672e9d296872b910ba1f7929c1ee06000000000e8000000002000020000000f74d7abc75ed1ba598bbfa9e7d666e60b59c8c4dcc4dbbee9528a58897ad7ae690000000bfa06cc92e619a6592ba2aca885841886fc61642f6efa4fadf836a88ab7cc4d41d28886c3e0e4f5a0d5a8dc274800b4d30d9f235cdeb160943158f80efc3395cc798eb5f7cb3762eb111a1e8c0477ea2593f052508598e958aee9c3fb8fa83828644b7b5c64d7a80b6bf2af00ecac281cd472105ddfd3a550f7a18fd9d74680a44a61c939d6b2afc23c5f8883369820b400000004d23a499ac58758972fc173b447d3c49819988b55c247e2342feacfbbef0f8b7fd65af56c10d83cfb254ed717248781a6701de0f070986fdc9930ccdef62cf56 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\mask1.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab4970.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar49D2.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fc27ccacb073b3b7b285e3294acfd64
SHA1 9be8082ddfd7562220ec62f83a6d3f5f560594f4
SHA256 497123972c73c0bdd2dc7c33e30064d2a441bb205940da875d64af135d310705
SHA512 c1184de9b8eda0b1994a61244238ac0c75b4a9952051fe626ae367d6a82a3db5ce3ca3262ac8fb5745716966438e75e988850032698b6269ef60a145da3756ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3bed8675f43ad9b5b4df2153bbd07c1
SHA1 9648fed04fc360d96548e50d0813f6fb7e008a13
SHA256 8a0efc7a4653eac3e0a1f2906b321623136ff97aec6803eac465f8f321d2e3cb
SHA512 8de24b182499d7ebea2fad7bb4bd19d7f8e0a4bcc7328089e9ba6f57a92beb28552439ee3d1e876d008bc1c6f7ba8e071ce13b14ced8bc9667d93b48ec62236c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 094888390aa65d135f8b7762f9918279
SHA1 eef3407088743eb30bb3fadc6f42bf884f01e1b2
SHA256 22535822d00366ffcce6191eb3c3cdb4c4980361d3e4be00df0d786a6a75c9cf
SHA512 d45051a2a316f679cb3425c3e2cbb0b4122764dc2ba7ffe56ef21be79385d56fdc05385c8de4ba67341e8c0f2f27318c963c9e7eb968218168c7f5d6f41f91e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6ccef0a74b4f79290c528e9f5033cb5
SHA1 ff45bcb79c53bc07bc2a6a80e51069a0fa73bfb1
SHA256 8936ba37ee65cf7292eb80c6c67ed0ce78c9d867bdcaed7dc2e0ebc2278cdc13
SHA512 bfff5df8bdb11971d029b7e31c790ddbee09c0656de99402a783aaa9c8c88cd5390a005f8fb316ab84f39bfd1eb1442098fc96af9aeb7eb7675267a5af635b7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 587b9ef1736baa4092b7baaaa967f39e
SHA1 7daafdd8face027958c58ea779a9899c4158bdf9
SHA256 b3c1ee92c12b794c22fe0fb4e14254f0aad35efadd3038a18b804e84c180a4c3
SHA512 000f5b039bff041766f1e3d84317f1f54776a98d8ab8b16935a27d21f999c697ae077a9d097f8aaa3c3b87515ef7bf83557826ad820ece3cfb29536b29e4ea6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 499dd5ab3a76381ad2945553806c9bee
SHA1 909ba345754c58af856831e1da30b304b9c56097
SHA256 5d84896d5c96515ac1b4be95dbfc54c04bf7d565bc230974d896c17a403f054c
SHA512 ba05ad655d186efe367efda496d794522f1b64ecb3938c9a4d4c95b704d1bd3327a853120644b44db1de6b65cbb46d55e5d47b5a843e27dd91c901b450908da1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eff8c3ca545c394e82127ba38d134524
SHA1 55c0a809b3300416b657b3c0fa8da13eeb8bd251
SHA256 e2e391fde32e8d43dbcade8bb759a315c165f83be3282d16b8c7c5b5d0846a98
SHA512 069dc6890d7cdf8fef8b1f4a9b727a1f71791b92c2e279165b3286b13a486bbd70b105363fc9e7e432dbbc85095e5e55b81ee2f628ced70ead7209ff75dd91ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9df00d54e4747770e97dceb55acb950
SHA1 a187282ec8f95860be088e4b933ff5b227c1eeb1
SHA256 71123fc1a2e5b31ca52c7cbe415ef2a720530b9ad9bfa3d13c23e69c56c79039
SHA512 8a60fa847fc57aba700d0de2f6a7091c4499e7f9cf06723245e9a8f9c31718fda50bb6842a1cae2d4b7217d9bef5953f9974675c26f2cbeaacc6113f1e9ae9d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 818baca766d8495d442db2a258bd6626
SHA1 7b2723244464a572077605871b5b53715803159f
SHA256 93a8def64d9c2ba241fb433df633c0eff777786273d840a7fdcb322505612bfc
SHA512 5a458e0214959fbf7a0b205f4a1c374e9efb3feeb7c79d126345b828440d54871e5760d0fceb10dbe582f904e411865e1dc9678ff8cf764685bf7c509c78036d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8e561f1f5367ab5896a2a16aa2184e3
SHA1 1b7ff111e908be428d2ff968e9d098664db75391
SHA256 b009c1f7437a1dd99117290686d2653063455bfaf6620942941d3b7d0529be50
SHA512 173c39497ee4aa4b842f8f149c2aee7672b4d6b7b4c573cbd14fe8af1ddd65f518de1cd9ca2b229e7ca63496e4bad2b6909ee7e1ab580d6dcebf2ac641c11a0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f0856d391e1cc7293a85eb08165d6e8
SHA1 b1400fa9ec82ede58e3f2e2ab8cc02fb98be586b
SHA256 3f963edff19e8ea50ea1ca492b23d7c296bc5af1e256794198c3a85f4dfa1756
SHA512 b479c9ae424f3bc4da42c39359974a3abf13b6781e4350b1fae06da828cacd90a4c6f6ce950218db44ae03b588f1e67172f3c17ae670357935d85223914936ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0af6898490ebb21666a97635d22b6ea0
SHA1 8f7ba55cecec421e64996df2b00bdacd2c5c5568
SHA256 b4d7f00f8fa57668bdfbf4573961cb898530e78e6694e77cd5f8ee3ecf71261d
SHA512 77ea5b9b6bc49951f96e91f8c1d243339e7188ffe3fe67cf5582a784480d6b1bd945f1ee90347cbc84fd28caf2985d33d03ca25b39823de47e5ea1c5088c1a57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8adc15dc330bb379714167844ccdf6d
SHA1 1649b9d5d82e0f1c7cca1ada67d65e130ffcce0e
SHA256 d7b09b7e249e5a20c85240f32770a127f2769b84cd90ff45931e748d7da39976
SHA512 209c2df0561a828e2147d601984c7c4d8f7759ed11159179dd0fa72aecfcbb8f48d75966764fec28ad720a091fc46c5ef1fefbf0814e6f9adc50d3b8db45e21b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83f2f6b6bfc3c048b27a90e041ef61f8
SHA1 5110e65d90a4f198ab674773737ec5400d6737e6
SHA256 6a92444e2f55eda00e92e677b6f2708c7aaffbb0f6f036fb458abe1e5fd95249
SHA512 d5ebddbfe132501b542990123675d68fd54a37debf1930332126043e7747cf9ca48a03687274162c4528f2c16dfea7f25fcb848349f9eac95275218124698aed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 645f2f70e1b0c4d8dfd2476b7ed25835
SHA1 464c17831b4e80e2389e767ed42be018826dcb21
SHA256 f0aba3aa1f73456169448284b38f3e5958a4531b6c4859582dc3a44800e1f891
SHA512 21b18e48be1e7893c295091de3014dc2349706d5318cfbba3be142ad429acc8e76f34fdc9e40ee58d3a0662d08792e410214007a804f9e792d4d600927ed0803

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a01ed430fec8cb7d73217d8274a539e9
SHA1 29275383665d16e11aaeea5ed5b02f682161d4b8
SHA256 ec9fe9f90d7eb61aae11f382cc5b60c7b7c27c88f71fedf9be0e627f376ddb23
SHA512 6cc3d43a88e4e7babbaee3a47f3e138903ebb20b04bffb5b560636f6e5b6494898fe2c176a1e8e629670e94e0abf528ae1ea5463488ecf5e0cca0820142981ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f2be62f8ec565e9923daedeb4a55a88
SHA1 ae85e8075cca9f4abb96c1f63cce58d954d1f938
SHA256 e7a3930e249f11ce4bae93ddf7abb46f2cd2fc38b47931be998b5fc178a4f15b
SHA512 36995ea3a83011e6d554391cfffcce3410ed0bb5764a1e593196ea8ba9cc0c7a9600d80631c3c7eb5f95a33932b4265c73fb410a1ba90b0e07b3c0f9a11bb5e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5924e649f44a9ae5f79ee65e481b47c3
SHA1 cba696d95123e231816809a0fbf992b72d5f1139
SHA256 98b795a250d6a6068a412910928396f7ed99e4a842077141deaa77fc963d05e7
SHA512 a72aa7ac78a39a681ba745804889896b60cc550ea08c526ccc765bfe1316fa619e2fb0caf45868a32075d8c2f4ff3e511ebc6cd13d0db32072dd8a833ef99118

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f8af2002ad597e52a08518e2b565981
SHA1 c9e09741ca6f3cd5a443aa7b932aafe86c6696cc
SHA256 ed47e343bc4b6d8d560d00e2e1e0c2d894d69a1981bad6b03781cd274e303a95
SHA512 8304049c1f9476fcd83a07e5099f1f0218360fccb3b11b087d35a6c6d657266386d765f2f48190393ac094c607f2c323e98a5875e8395b58befa98fed9c3dfe1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db9eea880fc274bd48eb288d6d016d1c
SHA1 8a9743feda38285138d2230af2f74bfe33dcf9df
SHA256 37abf408139567b76f2d00aa8c056ec532669534728a1d3907e4a32fa7455d59
SHA512 7b1a8977bb37b8d44acd331c8f46a8e7eab7f2d2576fdaf9793bf76c151a08046b90e9d13ac5f2999953814a458e1f84c4e0e81fe81b584f57842e3dadc4a136

Analysis: behavioral12

Detonation Overview

Submitted

2023-09-15 07:26

Reported

2023-09-15 07:29

Platform

win10v2004-20230831-en

Max time kernel

142s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\mask1.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002e066c10583e1946ba3d1022da920436000000000200000000001066000000010000200000005ef4b0b228f4d5385d8825e6dc5e543d884aa2017e6b71607dd0f63dd71028d5000000000e800000000200002000000095939c4723eb5c72f2b32a6147eae43551093ffd0c23fbc38bdd4d980911c1de2000000053f9cad6222332a731c63d976052a0aa4148613c4eaff1d3b01b30a0ede310664000000061eee253266dca2a8a30a164f34b39551eba3c95824521706d5ef51bf4aa32a9428ad94768ad4cfc7a200e0a6c7611f6506d9938b831c4718f1ced7f089808f2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{4EBF4274-5399-11EE-AC9E-76459FD948A0} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31057830" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "605209503" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31057830" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80ec7d24a6e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002e066c10583e1946ba3d1022da9204360000000002000000000010660000000100002000000086afa11551e0be685091cca45ca32be03507f2866ef4eeb929415acfaa2d8daa000000000e8000000002000020000000a0cdfae6a8e46f9a6dcfc72d30e954f2d1e939bdccf103b93ebc72dacaec623720000000f7a772d80f1a307f743f5cffe1050119a7c6f2362419c77c1ada474c76807bc640000000cf6dc75d8c7882f825c488897cb50873a33661e3c470504f8e2f090bc8cad780ae8f79ff2b2c000cd5bdb0a4ea86eca51d66ab1fc7dd874243a5d36131431cbe C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50709324a6e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31057830" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401527816" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "592241567" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "592241567" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\mask1.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4760 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0XT81K5W\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee