Analysis Overview
SHA256
846a04a5a04dad7129abe56d82b0578d4e2af6d6f73cfdf9de364c001d00c24d
Threat Level: Known bad
The file 846a04a5a04dad7129abe56d82b0578d4e2af6d6f73cfdf9de364c001d00c24d.bin was found to be: Known bad.
Malicious Activity Summary
Octo
Octo payload
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
Removes its main activity from the application launcher
Makes use of the framework's Accessibility service.
Requests dangerous framework permissions
Loads dropped Dex/Jar
Acquires the wake lock.
Reads information about phone network operator.
Requests disabling of battery optimizations (often used to enable hiding in the background).
Removes a system notification.
Uses Crypto APIs (Might try to encrypt user data).
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-09-25 22:00
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an app to access location in the background. | android.permission.ACCESS_BACKGROUND_LOCATION | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Analysis: behavioral12
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win10v2004-20230915-en
Max time kernel
98s
Max time network
131s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3140016200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d72dbb839895304dbc3a7dbf8a262ef500000000020000000000106600000001000020000000a171a51902e40a356f69ca7bf28c7119f86c8bbcf827edd6782dd49f18f2efcd000000000e8000000002000020000000898bf86a98db1bae4b59c55f68cb63df6a9d201d6f83abfb54601d965c6206ce20000000c50912bd74a7a230e5cee3fcab398d4d5cc09d038f732e8dbd8b5d06fdfd15714000000003df8f23500bf80d0a34b0115f4c93ab4e39a9fbb40e83772ba7e8fd5db13c018d6142db20c258a35414f85ec9ae5a292960efb5f3e8140f4f2dc59524ad2503 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401525826" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31059963" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3140016200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31059963" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31059963" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d72dbb839895304dbc3a7dbf8a262ef500000000020000000000106600000001000020000000c7f85080e8d204fc9495b1d9d50e1babbb4f8804839195aca06337391e739897000000000e80000000020000200000005f565c582df406264b5bb50ef511fb40f8da77aaa7bc96a3f1ffd30f2c4417df20000000515f89eedacd8bfcdb57ea5e323de467d466765b37c594c60760985cf8a9a0c1400000005de42f629ad11a71f323110c30e7d3f15aac0306aa4ebff8e7572c5c5912326070ba05b054c859a0b6b7a7466e75daa08c58d0eea799d74fab18905f0f7b51fe | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90cd14bcfbefd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E672F60D-5BEE-11EE-9784-56CCDC1D69F6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3148921877" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0fffcbbfbefd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1140 wrote to memory of 4316 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1140 wrote to memory of 4316 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1140 wrote to memory of 4316 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blood_glucose_local.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1140 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.178.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| IE | 52.111.236.21:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MBSMWSRL\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral2
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
android-x64-arm64-20230831-en
Max time kernel
3462249s
Max time network
156s
Command Line
Signatures
Octo
Octo payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
| Description | Indicator | Process | Target |
| Framework service call | android.content.pm.IPackageManager.getInstalledApplications | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.riverfront8/app_DynamicOptDex/HfoGUZM.json | N/A | N/A |
| N/A | /data/user/0/com.riverfront8/cache/ngzvnyttctwi | N/A | N/A |
| N/A | /data/user/0/com.riverfront8/cache/ngzvnyttctwi | N/A | N/A |
Reads information about phone network operator.
Requests disabling of battery optimizations (often used to enable hiding in the background).
| Description | Indicator | Process | Target |
| Intent action | android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.riverfront8
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.251.36.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | passajire555.live | udp |
| US | 1.1.1.1:53 | www.ip-api.com | udp |
| US | 208.95.112.1:80 | www.ip-api.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | passajire555.live | udp |
| US | 1.1.1.1:53 | jikugac818v.vip | udp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | majestike8ca.top | udp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| GB | 216.58.208.110:443 | tcp | |
| NL | 142.251.36.2:443 | tcp | |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
Files
/data/user/0/com.riverfront8/app_DynamicOptDex/HfoGUZM.json
| MD5 | f9d7541e53b3da21b07114b994c5574d |
| SHA1 | 0dceb9f2b238c417f877ce2c5d659c342a55cdde |
| SHA256 | 5938a3b4d175985478b8bd2c7ec400fe969855493528ef982e511ca6cb4138ed |
| SHA512 | 00e2cc5c4368472fc9fa8b574b55b6c0e18b0a8accfacaa905c7be7844f6cd41ea88fdea35002bb6531e3706619d686434abcead6c672c994524dc51273070cf |
/data/user/0/com.riverfront8/app_DynamicOptDex/HfoGUZM.json
| MD5 | b3f54bdf5727697c33a0f7d3076987c7 |
| SHA1 | 56477825c1b2731afa1a9b76ebb8c533075df827 |
| SHA256 | 11c9f73978d5a9a12e89bfa4f3ac7c36fd9281438798e75f113cc5a6004cbfc3 |
| SHA512 | caa8f233e77b585f6d8cbb08384d974494edcb3705139e9b702a057eac66b9b03ba556c58d5340de6d30ecf64ea7d80dc7afda08b78de6a20e2de238e14d6c92 |
/data/user/0/com.riverfront8/app_DynamicOptDex/HfoGUZM.json
| MD5 | 6a77912b650e56c029a71f6865345df1 |
| SHA1 | f87804085c6f813bbb506e0a0e26f60b494383fb |
| SHA256 | d1ea67963a8e3dc3e34ed70537cbd2c8c8a5971ef27091831c88be1fda02671f |
| SHA512 | 5cf7f167ed81172fc9884bf45b48be84f45499bd3bfba47615695ad5ca53f5f6f2fc2f8532f4811d444f6179f9cea51148211ad108cf1ab5e88a92c11ad8c68e |
/data/user/0/com.riverfront8/cache/ngzvnyttctwi
| MD5 | 20efb40c46b088b3d7f833f6c3cfda07 |
| SHA1 | 9e61943af7a5c19362385f4caf6c985bcc554995 |
| SHA256 | 7eb7dde18db104be32b6da57e4fe59968d1e91bb22f6522586ad1f7a87411ffb |
| SHA512 | af487b361a9d6aeddb865f3f32453b88c9a96698b3896957a37afd8c32f97b3d2420ac4476436dfa2173b1cb32da6724f115a30ae07ff1b6540c97f9958ab8ce |
/data/user/0/com.riverfront8/cache/ngzvnyttctwi
| MD5 | 20efb40c46b088b3d7f833f6c3cfda07 |
| SHA1 | 9e61943af7a5c19362385f4caf6c985bcc554995 |
| SHA256 | 7eb7dde18db104be32b6da57e4fe59968d1e91bb22f6522586ad1f7a87411ffb |
| SHA512 | af487b361a9d6aeddb865f3f32453b88c9a96698b3896957a37afd8c32f97b3d2420ac4476436dfa2173b1cb32da6724f115a30ae07ff1b6540c97f9958ab8ce |
/data/user/0/com.riverfront8/cache/ngzvnyttctwi
| MD5 | 20efb40c46b088b3d7f833f6c3cfda07 |
| SHA1 | 9e61943af7a5c19362385f4caf6c985bcc554995 |
| SHA256 | 7eb7dde18db104be32b6da57e4fe59968d1e91bb22f6522586ad1f7a87411ffb |
| SHA512 | af487b361a9d6aeddb865f3f32453b88c9a96698b3896957a37afd8c32f97b3d2420ac4476436dfa2173b1cb32da6724f115a30ae07ff1b6540c97f9958ab8ce |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 6311c3fd15588bb5c126e6c28ff5fffe |
| SHA1 | ce81d136fce31779f4dd62e20bdaf99c91e2fc57 |
| SHA256 | 8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8 |
| SHA512 | 2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | acb6f7674d0a5e52a7e4f5a96d9f1737 |
| SHA1 | a7c803806c36237c61ad6dd3bd70510389b69689 |
| SHA256 | 55c675a8f88a4b9abb3b7ab7259de2d67fcbe340a10807138bd17c0b7503651d |
| SHA512 | 6f7c881d098db63878c2fcca153321dc233e8b9994bf99cc91a1346747f4dee9d4ef3ba67f62a092e9e672533de36f3dc1994b3bf38666989826273c33d820c1 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | f9c5653e0e21ed53e188874c09a896a8 |
| SHA1 | 7f24f407b37034db56a24352acb0010cea9115cb |
| SHA256 | 23f298470e4190e0200fcc7bceb0acd10a01a2b4a4ee2dc72c0337f1b6bab265 |
| SHA512 | 1f1566255ebc3ea109266534fe738a8eb6a62d8f7477bf5c3958ca793cf7b3b95ce9bcf1723249bb4904908f4939a34bdafef42f5ca30aafe477131d78b270cf |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 872704eb08c7562b1089bb3fa23c4118 |
| SHA1 | ff376ebcc9189fea2d8d0a21497e5c024182a844 |
| SHA256 | a13cd666c8575a708aa3c4edafa51638a60aca2a064cbe8cc1232ecb3fe1484e |
| SHA512 | 7992b1d3c7d1eeb50142a93804cfbb5a80b31d3b47a1a86eb559e01a96cbb9aa9a1a08e88c9c6c58e3a09b0a9ab0f6a47069169fa4c3c956a7e55f673e87cc80 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | b2cda45a5104658e64c5915224a3aa45 |
| SHA1 | 90aed854c042de66d4d22984f4e163006d4886b4 |
| SHA256 | 5cf42fa96751dc8a71842a0cabc737b80cc2cd7a09a6116467c0d9c35939ba65 |
| SHA512 | ec46e6cb91455cfadd9abf262844e241de71717916b829dd1f916efabdab507030ac4631fc688c9d3a378cb4854ad871720fb0d4cbcef6ad722fb2a9d6fd9726 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | ed0e63f8135a2430acd38fa7907aec10 |
| SHA1 | 9bf12e41d81054cc2058ef44a125e6d013cfdc1d |
| SHA256 | d2658cd813776b40d17b7cf594bd9c3e98e8c96ff5727e630eb4d5ea1516b0d4 |
| SHA512 | 93de135a5773a06e98baa5ef44612f0bb6d8f5aad5454e7f29a8a9d28fae378907e16c82ae0e4b9791be0aa68a83055762c79e6bbc66f1c14e595687cf8fdbdd |
/data/user/0/com.riverfront8/kl.txt
| MD5 | f8fcfcd348248e5895356f024276f64f |
| SHA1 | c88e76ecf60eb4d97d99b98b768ea0ded8d00a30 |
| SHA256 | 35b9a84e6462c27d6e0192ce8b85a4d5bd8b877f7727973f363cef3e4e01066f |
| SHA512 | 932db12adb794ec9923d235575a3b62c72959d7ca9797887cceb363cbd4f619c5c491e62566e221028b2950c52578d1d11ababb18815961e430cbcfa6924f64b |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 87cbf7d7b28ae5c059bb321c3a891316 |
| SHA1 | 1bdc76d8578e8eb68a69e38356263efef91cd474 |
| SHA256 | 6d6240d102085476fa3518fdd9e94d4207b181359a02ec370dea601d8ad68bbc |
| SHA512 | 4146dd824730cbae0aaf7ed76f1e7e88f9640aa0511ca5a302dc3334dbe7fa11ed19ee7e5d12f746ac70c4a5b27ad4abf669136c18cdc2e6f1b21f2818282dae |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 588d55867ca23d7adb63e10eb933d127 |
| SHA1 | 94ad8a4f6b111b414e6a52f2a24b6765244f67db |
| SHA256 | db18131ecc657cdc652c9b834f8d68b84b9868d13289f63ee865ddca80479bf0 |
| SHA512 | 65279b99ee73c38c7706d2131245a1eeae76015cedb7abce577d5758b5f102f501df6de9661e4dc7ba6a49c01e6c5236c99ab3306486683c0303da305410231e |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 041c902f628110b1656b2af27a166581 |
| SHA1 | e9b5bccc181215998b8cc245fbf271d0793b589a |
| SHA256 | 5c85f25a34c7d8baa4cf7544e30d5497c605b93ebb3998e09881f1aa4201f1be |
| SHA512 | e6ab3d9b8cc0dde03adf8247666b2000d8b6b030157c53716a297fd9ca6348bb785d2936363d373c508a32d1aafb2465dfda8afc6afceb85afc5ff48c60ff7e6 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | b36993ec8a76aec198637198e7ba542c |
| SHA1 | 99709f543938d0f87839ab0e844b2afa18cd4757 |
| SHA256 | 323fe65ab247b046140a7fa6b61b8a48e1fe3b9217ce98d1d928125f6ac8032e |
| SHA512 | a567134bbc211a1d54a5b38b0bc74803ae5d8ded7a97b0a4ee900f515d54c90b48ada90fa4acabcb1196ec4f5714a1e2436c7174d2f8c8756cc4fa5123efed3f |
/data/user/0/com.riverfront8/kl.txt
| MD5 | c84c20d83dc4a0b44d5200bda38537fa |
| SHA1 | a538a13d5e987df6448ec7464df59f988f7f7550 |
| SHA256 | 97584eb0881ee3ae5744395c8cff1aa8ff70fe6595d6a62742092b1c9aa5fdbd |
| SHA512 | 86f443fbef6b3703c6b7b1863a028d896bed07a2288448a2cb658a569895857058eae215067b4397d47360d493faa112d06e2457a9140812732e8d9ee141e8ae |
/data/user/0/com.riverfront8/kl.txt
| MD5 | b607f657a4c2295dae4f3fe519bf0512 |
| SHA1 | 901e94eba67895fe8d2e2ef73c6630b50ba21d36 |
| SHA256 | 551109939e68433384226acd66c8869c19e705672e3885ea604c9e9b2b7b9fe4 |
| SHA512 | c165278880a5061d159bf8ac8931a9f1fac27d730eb7cb3d80482aee888e0713c62d72fb31d51846f3305f6313a7ece02196faa9eea1024811430f342cb35c41 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | e6ef4bb16e080cd1e73b8bdb823ad4c1 |
| SHA1 | 8b1e5c14517bcc0900fea25307bb48cf8f48fc35 |
| SHA256 | d4ea30f1019d80be34b434052d1be9b9b8770e54a64f8d5d8b5f71cd36c0e0eb |
| SHA512 | ae0584d40fdea8819289c6d896ffe135a170414d5041b41e426ef4324f5bb8567b8aacc53ec28d5b228df3cd7c115c8471233fd71655c9b03659c81f8cfa3a2b |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 402a82c27328dbd73d6b9df3f77183ab |
| SHA1 | 9106cec095cd57a92eac8a7c132e9f955c0ef423 |
| SHA256 | 5189f91ea41d93ddc6cdc7a190437baf56c4d3b152bdaf6d25dd2e3167568f50 |
| SHA512 | baacf2e6a5b571b261c7d5faf41f018164df38ea21e91a9003242702e95b672328356425cbbebf5fd62d3d732249b35c57e8afe062b0a8906619b79c4b1bce1e |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 402a82c27328dbd73d6b9df3f77183ab |
| SHA1 | 9106cec095cd57a92eac8a7c132e9f955c0ef423 |
| SHA256 | 5189f91ea41d93ddc6cdc7a190437baf56c4d3b152bdaf6d25dd2e3167568f50 |
| SHA512 | baacf2e6a5b571b261c7d5faf41f018164df38ea21e91a9003242702e95b672328356425cbbebf5fd62d3d732249b35c57e8afe062b0a8906619b79c4b1bce1e |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 1590113691112aa2a574233288ee8593 |
| SHA1 | 95d25057b65469552ef22dff7bfc5897b32128e7 |
| SHA256 | b01c36dd3b18107bf6970b4dd89a1c47dcfa57c0c37032b245e090e7f447f491 |
| SHA512 | 1f3394bcefa0342e4feed844918e2cf6afaa09f4a6624485bb2f187a4ebd5b540fd09e7714ba1a3c4d84dfbe2396c27b6f8f0d5e125b7e8247215763af351802 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 9dae5d228dbdb80b319b5986a7b40f1f |
| SHA1 | 893b69191e5233f8dba50d38144064d80b6e1096 |
| SHA256 | 9583c78d6754ca6e9f8749ed116907fb113cfbe0999c92e472bb63c5aa9238c9 |
| SHA512 | 8215828a97c33ba8ebe19d58ee0d51fa076a78174a291275b2bc0585b5b2ddfa1506e224d0deba5d3e166bbde3331e8fe654b7d8270811c7ad29d5cb42266a1e |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 18a0e89b1d9ed64426f53b73224c9273 |
| SHA1 | 7088cfe116dbd82045cec4182243072a639d4399 |
| SHA256 | 602edeaa484725daf87bf2a6a539bb66eb1cb9af34d7168401484734a6da6c95 |
| SHA512 | f6ff0bb732ac3ed17b0e021c4bd28216a58f8cd4ac8489eb5a6b458d94f8f5f8c54fea0daf98ac807659ead75934cb264f14127331b0b0c633a24f085716a4be |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 5acc78b6b49e09d269e93706e0a3212e |
| SHA1 | dbd5950c140e96c7c9b33dc11b846e9f77cb8b31 |
| SHA256 | 26045c7d17ae27940bc5106cf4ae383a63433d3269d1bb7b504b031a1a347654 |
| SHA512 | c52a447fc8bbf0347fda325f9b3dc2bd5c076172c8312cfdc05155f8dea832a4bb305408fb74d6fd0d9af26c82ca85b450213146e47979c43ce0977cee2945dc |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 51b37f9fefb8121667f381359c9e5115 |
| SHA1 | f47efece1d1181ccc31b3724eea0243f94242299 |
| SHA256 | ed20773f18ab7609ac8b8070d3335ee3ac01b09bde2443d28c4dcfcec3d97aaf |
| SHA512 | 7cd864fed967d91e9d8b23eaf3b9488f6b06886f59e7d34e5785e558fa39a1dbb83bae1cf476a34ddf4079d8a6484e0e704959cd9c8f95acb32659af579f101d |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 51b37f9fefb8121667f381359c9e5115 |
| SHA1 | f47efece1d1181ccc31b3724eea0243f94242299 |
| SHA256 | ed20773f18ab7609ac8b8070d3335ee3ac01b09bde2443d28c4dcfcec3d97aaf |
| SHA512 | 7cd864fed967d91e9d8b23eaf3b9488f6b06886f59e7d34e5785e558fa39a1dbb83bae1cf476a34ddf4079d8a6484e0e704959cd9c8f95acb32659af579f101d |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 9cbe6b46c9c1aac25f31ce39f9828b4e |
| SHA1 | c1292e6a3874e9bc5fcb82473744556777927f61 |
| SHA256 | 401f0ed548b69355ff31fdc4c8cb335e836ddde8e878761e0f44b33e9323824d |
| SHA512 | 776bdf29053617ddc3b10fef3c46fa2f7449468eb2d9d722c7de96b4534f9b955377729810ce05f50eca29f45801cfe9815873561d3ddc7c8100f37901a0fdc3 |
/data/user/0/com.riverfront8/cache/oat/ngzvnyttctwi.cur.prof
| MD5 | 1c85e9c87a0cb1576233fef5cb6430d4 |
| SHA1 | ce6160bf80b709156c3055825fa2442928b19b15 |
| SHA256 | 679c5b7a060826863b71b9bd89aac9dd8241fa8f79c13b100d249c5be213d92b |
| SHA512 | cfbb9d1fe81dfc79145351e034b5f4719cdb9f79f4d952cdcb5683303974b6cd93426bdb80ba281816917c9042eced583a52829693a3c1a68d21c93234b61f24 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 2f7e30b314a98cea46f4fe7125b6c4bc |
| SHA1 | 482bfc831d66bd1fce2dc2fb211cc8306b31eb43 |
| SHA256 | 898d0078b6a4ad8df796f6a86d7066a5a59b17153495e2dd933e7409e0262901 |
| SHA512 | ba791355cd88c89fd82443fc290d7c158753a284124325bf9dc9d809694760b6bb38ed56ca55aa006ebdeeed052c02e3fee911f72e8976678295f94f46fcd49d |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 2f7e30b314a98cea46f4fe7125b6c4bc |
| SHA1 | 482bfc831d66bd1fce2dc2fb211cc8306b31eb43 |
| SHA256 | 898d0078b6a4ad8df796f6a86d7066a5a59b17153495e2dd933e7409e0262901 |
| SHA512 | ba791355cd88c89fd82443fc290d7c158753a284124325bf9dc9d809694760b6bb38ed56ca55aa006ebdeeed052c02e3fee911f72e8976678295f94f46fcd49d |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 35e816e23076f0228a24b6d0b464f224 |
| SHA1 | fec78e9eca66d3c533e58a2334829e7ef76d8b9e |
| SHA256 | d7022ae9fe22a570e41519eb2fdc47af28b887d96dee7ddc2d1706b4fa81a14b |
| SHA512 | f9de99b4ff33d6b74bbb54a90e19fd46fbc75c1c6a14740ef336498a636cd1a2a4e6807b9b46fcb7143e389643ad02c1409c7395e2bc48daeae96960bf160332 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 1446c0920d80659ab880c3bbe410a4a0 |
| SHA1 | 5648b4be1fcf62861a1e5a0890f9b3e4d48ce87f |
| SHA256 | 4ef8d7cd3c3813256c4775afff7b546e4ee39aa68734fb876e5cbd025067624a |
| SHA512 | fb5c6508cfe5b271d038e0eac2fed8e9c0f6ef65dda6423640214c59150db9508d3724c0558d543836f69b9808e5b17f31a81b0f90a862b6136afb2837e9a62f |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 50d5de7928a1c99ee1d213b11001a5ae |
| SHA1 | 87d699e1e255671ccc9a9327baaeb6e504e10da1 |
| SHA256 | 22926dc042623d4e77fe6588bca25c7045abbebcc6aa773c4f5abd71e899b02f |
| SHA512 | 36e5b0067dcc371175cec8fbe41ad2b22546380273df8bdd6b24d809ff63b8b375561897386ed9a7a304d3e7ddb5d48841a8a746f09e998af818693c96a3bb0c |
/data/user/0/com.riverfront8/kl.txt
| MD5 | dbc9887ef4a1a4999613ccd358de346b |
| SHA1 | 1f3f80169623620ea8cf6f6c11a9a2147e91df53 |
| SHA256 | 7926258c5b9b4049b4b95c3184e46b82fa07408e84c7cac06cef7e8b4840c20d |
| SHA512 | fda1a1b79ef5460b8c8470f5be2a29463c33bc5fa0fa2fa9981daefd5d19a8d4680670be06627574fe44c85d7d1e02fd6a17cce016c0201e3f6fcfdeed46f013 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | fae49d19326fbbe52e3fee59f18cfbd8 |
| SHA1 | ffa2524bd66f9a5904b5821a502c714b4151a09b |
| SHA256 | 2227c5297a0da396a9bb2087d240642c786ce30a21b515cd2d3d78d6a047d8ee |
| SHA512 | 50b4b40e2304f408ef58a0e32fd85e722cad1d6ff9428fd2f04e114d12a9560ff5700230b84f0b432e8570b607c6ee36bd5db59350a7aa87b6d1151c84328686 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | e1e6f315b0503b80def6fe8354a9cb38 |
| SHA1 | 05d100c592241b0d8d492c945653831c4c882467 |
| SHA256 | c02c491e009208d7f8501e2f4132d778460670333773854700becc5465bf1f22 |
| SHA512 | 2865edb13d16d30752f83ec28ce4cd28fc06e5ab294de9eeda3766cff6bc0a200208292e2480ae10c1419851c5c69a0310e5c3143b0ada468b9daf457a63955a |
/data/user/0/com.riverfront8/kl.txt
| MD5 | f47101589282d465c9143e6624aa6ddc |
| SHA1 | 51747b95913506a280ddcebaae2a70c4c30c9101 |
| SHA256 | 94720d0f836073cb680253ebd6cf048dd3ee3d50372d29e24d9d147e0130af31 |
| SHA512 | 682e89dc8a06cd09b6ec28537011b9499c0dd8d8067cae5f83559b00f849b55535aff0fb9fb0e6c744fed79aec0fa6cd45e747af6c135d584f0ee6e94712ba26 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 95bc6314fa9cff6545fbde578f937e39 |
| SHA1 | 21da67c0a01c0eae8989b294d5b1cf647f0a40c2 |
| SHA256 | dba47171bca3efa9af816f547f6a3fd0343c551d601c5f7d64d74578976dbe5a |
| SHA512 | 4e97542337df768a9c9f563ee8f9d23cec4500c31f74a0b6eb0a98759874745512484b461214a70eef27952d17414030689435f5b616d6b07d859c5e4f581a9b |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 95bc6314fa9cff6545fbde578f937e39 |
| SHA1 | 21da67c0a01c0eae8989b294d5b1cf647f0a40c2 |
| SHA256 | dba47171bca3efa9af816f547f6a3fd0343c551d601c5f7d64d74578976dbe5a |
| SHA512 | 4e97542337df768a9c9f563ee8f9d23cec4500c31f74a0b6eb0a98759874745512484b461214a70eef27952d17414030689435f5b616d6b07d859c5e4f581a9b |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 3c1999c879c40a2c7f85d101abb0c24f |
| SHA1 | 09d068b12ba8c0f0118701ca09da9a3b1aa6438f |
| SHA256 | ec7ea9b6e78fd3b80aea512c7b4dc93cf1395877f1749006f9ce331ecb4a5318 |
| SHA512 | 1a0537c183cc056a986baae815b626d8735f930f222acf34ab2b47f2518edd829fe4af4c438e1b69ea12690b7a1ab95146bb9a9b768772ed1098d792d145c287 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | cc78118fefe95fac7e4faf3aba8a5372 |
| SHA1 | 1b65dfc726f5e25157cc68642de9bc991d17073e |
| SHA256 | 06f4818d57d54f8b9eda655b0fedc7968c4bb95fb47913bb1e6cf32ec384818d |
| SHA512 | ab15c4eb7466ebb1b5542916f4f65a2fce56acb2b9937ac636e60fd3ddfacf2f42951b458be7b36b0117a0c891b002b38d026615b952979de98b147480ffed22 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 22c89a32fbb2841dc294c93c91dafe52 |
| SHA1 | 5ca644feeb09a52444f35e4e8f9511d1df10d228 |
| SHA256 | 1eddeb5328510c72888d79b4d81f37a1a8f2a61939fd4cfbde08bf8ea6a2247f |
| SHA512 | 29c65bccc2304b91eb90a2910cf581d946154dccde3a9c58c17c65319db9eedfc075cea15068d43b800e71e19b6e0c1865b884071bdef3285aa80a171b78b933 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 7baa443424162c390a503e4c189a38bd |
| SHA1 | dc29398e50ee553fc46dac4cf37b86b931b7657a |
| SHA256 | d457803e4fe8a7fa2ba6d3ac72139ddcea7cf94b95dc4c36d00b3d6e32968908 |
| SHA512 | e2e402cd295643276e9f9a602aa58f53e3021d34c23220967f2da62bc1dd802780bc5a113c43d7f57969061a49a0f54dc775f8859f6b76c6c99ef796203bcccd |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 2ce88d1a1239cec78448f0d2a434087a |
| SHA1 | 25ac50648b3e88dcfe62eebc9b39984f340511c8 |
| SHA256 | e119a393842d44757b903a2a175e01413bf8c42495caf39f96c61e14ec9d952c |
| SHA512 | 14e5d9c330ce5825c00955c417164a5ab12f954138760d6598815f99f5c7ab5e0d3e11b5230dc64c8661930567dbb04ca572f765d852d3bc70a0c45971203d5d |
/data/user/0/com.riverfront8/kl.txt
| MD5 | a03d9381c92b33beb58675c995d436c8 |
| SHA1 | ebfd7b53ed7653728e56916ce818df3fba806095 |
| SHA256 | eb1665af8b591213775cfe470aef0b6dbb317b2408839a39b134375ed9995658 |
| SHA512 | 4adb3ba94c3a88b8d2f2a9fb1ca95ea919846769d03ce7502fb8210887e13095d759defb98c8a1ddeb6bf6828cb838b65e185c1dc54126d833e658497b0bc284 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | dd0d10196e6a74cfecdd863412c57c53 |
| SHA1 | d3cc6aca42e3616fa794baa59bbcbdb2d138975a |
| SHA256 | e37c8db41308bfa2300a6b634578a454e65b8e3abe7a4bfbe99c28e7d9eaa4b9 |
| SHA512 | 63ad3c3dbad593cef04e77886c0c044b38763332a7a55415c8cca37241184863a51f8740e08b3cfbb3d67ad7cb483160d64841f8aa73f5d97864a37b16fc6e0c |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 4ff738ed17bfac1846dac02893b062ab |
| SHA1 | e26cf6a5754b663cfd702486f150f1231aa1d876 |
| SHA256 | 10b659ce9150969ea86a3e74d7a1316e74cb530c86d81532047974bcd1cde664 |
| SHA512 | 93ccd087c530a20a8ea062ee7d475328714fa34993c6ddf7858070ae37c6023d6cba55f478af62233f7b61d548b1179e6c1bbe4970742b5dc879bfeffcace4ff |
/data/user/0/com.riverfront8/.qcom.riverfront8
| MD5 | 046a414913add6f5bb60072c7db819b6 |
| SHA1 | 451ee4f6809260aec622d772fd329c7d0297a842 |
| SHA256 | b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a |
| SHA512 | 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c |
/data/user/0/com.riverfront8/kl.txt
| MD5 | d493991d5abd76bf2f2a6ba03c89d0e5 |
| SHA1 | 8b116a143888ce8b711a00cd3fdbb6266a4ad682 |
| SHA256 | 3b3bc64eaa890dd36fea14c0c67ac5d546c4820c04b1aace53f7735af4d61bad |
| SHA512 | 9c3923fcc01f48382601a11a28c0ff23ef6d056c0f87506bcc4d4f186dc02666e9b7e02f81885ddabf3157d0a0b661d9d7a94fc709b605f97f37662ea746d803 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 538d4ad9ee3cdf20c78335b257dbce19 |
| SHA1 | 00c3a02ad16eb721600986979f572ea078d42b5e |
| SHA256 | 377174218ea42ab15443e597d8eb7105923f89a84f4fdb0e63dc7605e17e70bb |
| SHA512 | eebd7cefee7a73edc9dc19a7fcc5a53208a68f4a86ae37c52999c31fe6af91ebe65d6e91712cf8672e94b8deace2a128495b3ffaa996cc6ba0e2db66c31d8589 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | d493991d5abd76bf2f2a6ba03c89d0e5 |
| SHA1 | 8b116a143888ce8b711a00cd3fdbb6266a4ad682 |
| SHA256 | 3b3bc64eaa890dd36fea14c0c67ac5d546c4820c04b1aace53f7735af4d61bad |
| SHA512 | 9c3923fcc01f48382601a11a28c0ff23ef6d056c0f87506bcc4d4f186dc02666e9b7e02f81885ddabf3157d0a0b661d9d7a94fc709b605f97f37662ea746d803 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | e558da7779859b89e159149962b466ec |
| SHA1 | d29f361c61318fdd484dcf7a9ce25b155153a1f1 |
| SHA256 | 2a6ea534d7713d893f6b87b43f72f7dae78d69b583a65413d61e3d98f2f172d1 |
| SHA512 | a02bc5d2bb60e66246165dec166566759a9d3114c1136397fc7d5c8c97b937840acdca985b1fca6773679fccd43655cfe8d64758a76a482c9416fdff2cbc7ead |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 147ace02b0f9da4cd79f2f7a249e5fc8 |
| SHA1 | ccc4b96f6839e0111e4771e71cb751dc3f787dac |
| SHA256 | 923885eeed68037fe0a47a911598aad868dc7d63982b9a90a41cf5cc4ab9dcf3 |
| SHA512 | 4b4424eade0bb81446d809b08ee75de142afaf86b4334db86043f0623991bd882b141c89371283fcc36b1a2fa447a5ca607e9a6417d273bebbd9c2c1ebbfc3f1 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | b5d6bf05e9a96c941a26d9c2d4f4b68d |
| SHA1 | f46766e6aa4ddbdfde4aac540f67575469a529bd |
| SHA256 | e43eba98ef6328e471873dbe259858e1bb19fadc6a3759ce296dd60a816a3b9c |
| SHA512 | be2436c341a190175bf43ee586d27d702416e2a46de70a01f645042aedf7f06661044e76cc1628d5fcecec866587a784207137673863fb8e5ee48c3f0532090a |
/data/user/0/com.riverfront8/kl.txt
| MD5 | afb4450a78ca459988e8ba175afbad55 |
| SHA1 | f522c0ab16e3467f8a300da35a98d48395b7d768 |
| SHA256 | d344f8456f6172264c2d2d044bedeeec1622dc83bf7cb0f84aa636d79efbda5e |
| SHA512 | 9d26338d97147de0b2952ba2f6b6d54a6395ad449ea2e859126d0cb345c44b3d970a56a7bf6c341283620fa8955f76ab4ff4a00a90f43539df027a7f0ad40052 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 7176aff65da887958bda89a0045a0aa2 |
| SHA1 | 2ae4b68ec62347e0bd637def48c90a57ec34ec99 |
| SHA256 | cd1aab2454762dc0b58db12ef8489ad2488d9b38273aa6c1884013112a172b1b |
| SHA512 | 963b9377d3a8727a2c1a8fc28a7448ec2220b0fe57e7d0a8c4fdde2d3925cd035ce2a06f33059cf2cc54af5b0ba9dad49e8315fe10afb7babad7fab137bb38cd |
/data/user/0/com.riverfront8/kl.txt
| MD5 | f51a4c7594394171b88d2907299bf487 |
| SHA1 | a86b4f73a151e87f4973d3d473f5303319864c54 |
| SHA256 | 88daeefb811cade7fb8a6c021fc502b2b11e45f1d797c865e38dbcc8969946c4 |
| SHA512 | 745bce1aaef412961bb5461c79a6e65580684b264474a798aeaa8db1884103f6a573080c876ed1837624b487b0453db18bdda62c0bb6f5ce621276d0af801836 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 7176aff65da887958bda89a0045a0aa2 |
| SHA1 | 2ae4b68ec62347e0bd637def48c90a57ec34ec99 |
| SHA256 | cd1aab2454762dc0b58db12ef8489ad2488d9b38273aa6c1884013112a172b1b |
| SHA512 | 963b9377d3a8727a2c1a8fc28a7448ec2220b0fe57e7d0a8c4fdde2d3925cd035ce2a06f33059cf2cc54af5b0ba9dad49e8315fe10afb7babad7fab137bb38cd |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 115119be87f6bcec3a1f8d19aa40a0bc |
| SHA1 | 25fea99ef8dfc5d33bb81deff496ddceb7616182 |
| SHA256 | 438e230b2a9297d34299b544f30469c1889f1aae20ae1b1b16f05ccfbcf84c19 |
| SHA512 | b9e7cf0af306bc323dfc1fefcd8db5850e6b54926d62e98fe4fa279e7a2b17f39fe48ef2e8c70b21b7269e109dd5a56365676ad7d2c111cd6d863c4321c51433 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 37509d35daab2f924f73c06177e05242 |
| SHA1 | 8bbb723e7aa2dfe5b3ccf015a3af05eef5acf8fc |
| SHA256 | f688db7a1b51539ff586cbb64e3e3c29d7a319e6205c0f22df9e9027739af4f5 |
| SHA512 | 28fcc63882cb612050479a094372062c6e859fe6968621d6cda22a6e01712958a88d636e29c3bc1de3a7efdccdce23a5f91f5eda2233ba7c9875249f35bef68e |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 7bc23281063293de06fd47bc39a13a19 |
| SHA1 | b7cc599a1f37a65314d7e5b0920ae70ff183086f |
| SHA256 | be3ca0aba5d06f3d94940ac4a15662f04001a00c0d237d0d012851b9ea61d32a |
| SHA512 | 2680588e90f4d14eb1356224043344fc4c3c7f526fcb4941b2dad740aea392c9014767b49fe3193396536b323888ffa76e998ebdc443f4096c092f793d46fc62 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 562531026b06666bf5eb4ec5e8aa0554 |
| SHA1 | 2c439ee58cfe2a8d8110fe7dae0cc2ecb2aab88b |
| SHA256 | d1a667fb443c4c437b4a3a427275088afba1162f56e9ce8f464746e807bb4c12 |
| SHA512 | eb748bb9e7e829ab50a81d7434745e53436880facdc84919809920523398ce0bc2a2ced3c4bca0a443330dcd9efb84219c51b4817021390576a0686892967e33 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 7bc23281063293de06fd47bc39a13a19 |
| SHA1 | b7cc599a1f37a65314d7e5b0920ae70ff183086f |
| SHA256 | be3ca0aba5d06f3d94940ac4a15662f04001a00c0d237d0d012851b9ea61d32a |
| SHA512 | 2680588e90f4d14eb1356224043344fc4c3c7f526fcb4941b2dad740aea392c9014767b49fe3193396536b323888ffa76e998ebdc443f4096c092f793d46fc62 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 6f2f6282e3a7800b8cf28b7001ad310d |
| SHA1 | 18ae78665e17f3eb93226d02b78989bd53d4e848 |
| SHA256 | 4593a94e4af2671e3b3fa4abde4a994ec9affbcf01d84adbe4351baf0166a966 |
| SHA512 | c1bef07f28fce36b816e75861b42f23a796c1b6b38418f4d8298eafbae1ed0a8f9cccd59a6ca29086582b8b52a4ead536fa8a3b00855cf1a97a1b28d56c8eff4 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | c1b8fbb7aa85b76cd4f7869d173b5299 |
| SHA1 | ab89c771766208f63ebb94ddddc81e0f841aaf4a |
| SHA256 | 0b3ed61ba254d34a6673202d975f01d4513c73cb930a82ff1b226eb95c81e67f |
| SHA512 | 6278b210ef0a6410cccaed6a71b9add38fba235edbaf0590e5eeff7e2d58893e210a9fa65ca27a713fe390688403b678b2c46d1015af7c906142d724adb754f9 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 0974984e9ca3477e6dd9fd820d467a76 |
| SHA1 | 8f3d969259244309825f56f076c0b4dd8ecda63f |
| SHA256 | b9c90fe9f0fd2d11879220c696d382d733ef9b39806adfa2b57987246f0cdc3c |
| SHA512 | a853293b00c76e0444215ba020e015ec42be6da6a5e5b853ae8142a660a0e91593eda62c2ce890fc06e8134d6872a5ee4ce8b09f3b07ba86de21239672290d15 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 17ed607fc31610de20a33a2752e09f2d |
| SHA1 | 9bd05ddebddbe5f8692a8752ea5b569cb3366398 |
| SHA256 | 43083744898f37f4efb16283edfe533119a2912ecc6fd2664b8cf4bbb48f9913 |
| SHA512 | 2a20c61601ccdbbe5f16041973bba66e3971ab8a40b1f6fcb7d8eb6d6e9d6aa50b31c882e7eb165aaf7360737a48aa02cd9e95bdfefc0ae631cfa9429bcb4a30 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 72e4321108b0b4dd8e8d5d40a4887dc2 |
| SHA1 | 7ed0393ce3ed5dde2d166151b4560a6a42363313 |
| SHA256 | 1bae5d1d35654b7b9cf93b07a32f24067ab1f5fc35094ca11c26289349b77c6a |
| SHA512 | 329e29eed06ff8fd19325b8e7d7aa0c02bde956d32b64e4034357d6472b8682af2df3401ae2cbdfb3fe2e06e9809e2ce4ecef57b915653f0dedeaf33d48ede4d |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 17ed607fc31610de20a33a2752e09f2d |
| SHA1 | 9bd05ddebddbe5f8692a8752ea5b569cb3366398 |
| SHA256 | 43083744898f37f4efb16283edfe533119a2912ecc6fd2664b8cf4bbb48f9913 |
| SHA512 | 2a20c61601ccdbbe5f16041973bba66e3971ab8a40b1f6fcb7d8eb6d6e9d6aa50b31c882e7eb165aaf7360737a48aa02cd9e95bdfefc0ae631cfa9429bcb4a30 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | fdd2b800aa5c63c3117cedd73daa8d0a |
| SHA1 | f6c4380d3a58e70508811f0b5e9e341bbaf53365 |
| SHA256 | 3de87562e64a86b67301f98d4a705ece49449cb4003c82610c872c9e4753e464 |
| SHA512 | 4e728dda7006bac003139ee12c31b6fba47f4289be2cccdf5fc712e6907f1adfd9dfb8872326389d39d12534f0d03f8f6ec21e6c5c9685a9d308be7aa1459cab |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 72255af71e034483ef2f64a1e6b357a8 |
| SHA1 | 51f9dc6784086b9dd3518741d6dfe88bbd508ff4 |
| SHA256 | 5061364a2da7ce7bbf9ae6b9f0bc5539c0f7c559773e2215800f7b403e18ec4d |
| SHA512 | 717b856da21973e624a118ac9d9ba5d3c4c6d2aec4397c0b97ecb1da8aa935a2bdc994becd002e01dd2618612a20be05f35e11c1343676ffc77d7f4d47912d0b |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 7634b60755e0d3cd946071dce79ca84f |
| SHA1 | ad83746d3a06e207bdf510d1120f122df031be7e |
| SHA256 | 46ce94e33883afe81f6e54347405a6a3797f830eae655a0b8ba35aa653a2778b |
| SHA512 | d23393dbe6b1600af230566a55280d1e973fbbe85bdbc1cccda6e87410b7cd3a39bf719c507fb61c1fa2917fb1522c5846974789154ad97015016b0c903499bf |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 7634b60755e0d3cd946071dce79ca84f |
| SHA1 | ad83746d3a06e207bdf510d1120f122df031be7e |
| SHA256 | 46ce94e33883afe81f6e54347405a6a3797f830eae655a0b8ba35aa653a2778b |
| SHA512 | d23393dbe6b1600af230566a55280d1e973fbbe85bdbc1cccda6e87410b7cd3a39bf719c507fb61c1fa2917fb1522c5846974789154ad97015016b0c903499bf |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 8907626a05e1b0f1d0324afea7a95cd4 |
| SHA1 | cb982c49d0982a0f73389c89a5fb87d80a088643 |
| SHA256 | 6b2cb03b1ad6280a7e353b64f5facfaf9bcc1016585286790bd9169b0d2bd919 |
| SHA512 | 0d01d79b040491337ea10d6b85a747dc77251344a4cd7220cf4056305ea06d743e43e238ebae81170655713981e67dc6b99c6796331d43609d430d74205991b9 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 618a6df8d534801d33bb9df9d40b5ec5 |
| SHA1 | a5969a3357429454508294c8a2650e234973ab19 |
| SHA256 | 26a799f9f84837c911f32167999283d43e0dcf5bec8cd519baae1618ac58fa29 |
| SHA512 | 9a18d72525ec9fb80d4ac7e4eb0c2a37ab2667d8c8278489cfeb016f7327cd4d29a50fb97fc1447c40b8abd42b337278def3a5c395e932bc35b0e3691efacb81 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 8907626a05e1b0f1d0324afea7a95cd4 |
| SHA1 | cb982c49d0982a0f73389c89a5fb87d80a088643 |
| SHA256 | 6b2cb03b1ad6280a7e353b64f5facfaf9bcc1016585286790bd9169b0d2bd919 |
| SHA512 | 0d01d79b040491337ea10d6b85a747dc77251344a4cd7220cf4056305ea06d743e43e238ebae81170655713981e67dc6b99c6796331d43609d430d74205991b9 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 1dfc6a9e8f995cc64b661f47b201b319 |
| SHA1 | 77f114a21f822f69eed1e0b580bab3b6cc3a771c |
| SHA256 | ca72d233702911fbabbb379df00b57c06b175e7bfba2fa55a3f2ea0831fd536c |
| SHA512 | 857e0f918a0ad431e06fa6d6f5457736021030b217fbcb710fef2d23e544fca0663f36da61967c47c761156975c3ff2d53595b82cf5977ab575fbfc66f88ece7 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 4ffe40c9283c4a893cb6d4dad1e66111 |
| SHA1 | caf3646894d936ccad47343a75ec0e9332ecd222 |
| SHA256 | 51f20227c28c89003c68a8883491168535b930730a9ed6220d9941473ee3ff48 |
| SHA512 | 06c05c3dda8e75a82f16e13abab4a79de928736e966d285a2b085e3ba9d0ae71a07a37b8d5997b3a13da9eb67523851fc3bab4dbea92fb70953a08dc730bb422 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 4d79afa2334b787b039d566a82be15cd |
| SHA1 | 48fb4f0701f1611fb9e714611a95f923350a6810 |
| SHA256 | 9a31461c729f5aeeb1fd2c7db26e98cbcadd42bbf6b379ef9d175fa1db2c400d |
| SHA512 | c4370ab81fd9c36c4211b0314646424cc51dfc3c6eed2644085d39ce646d66a5d54c6c1fce0f71cd53010e3633182a131a847c08f0372fcfc317ecdaa632ea5f |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 3c3ff8b3d13cfb3dfa68324395fa7c44 |
| SHA1 | 0d94e02344f7827b7f0a5152e8b92efc331ce779 |
| SHA256 | c98d94daa82b00acd00dbc51c69f13cd69db26cb4bb467b83aa504c60242428f |
| SHA512 | 83b6149a8b4a306636c053d2a796ac32df6075731c9871ee10b1ed0d9b39e0edafd7ffaea526ca2bb606c13c4282e5bef7860eae8fbaa80df7d28df1cfcdf324 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 3104f7548441e08ce0a585fe46afba55 |
| SHA1 | fea6b71bb7e7e1a6fef9db1ce08e75796bd5a834 |
| SHA256 | 477c1d18e3381f30d4c4e03fc046a443da669641435a28dd5f8f54cd58c4d84d |
| SHA512 | 2b39e4a9bd5a14982fe066af7ecce014e1493b853a817d8f1de5ecf04a1f5d1ad7508651a37b32ed5708f196fc7beabbd83ade877f8f64539ae4a3a23ad93031 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | b56b43e268d2025e758f885113cd5622 |
| SHA1 | 1339f6b49b2969cf79bd97abf15b94503deaa071 |
| SHA256 | faa4fb49d0fbfbd9db546ab14b4e10e1996cb6f6ab5d7df5924452de0eb60d23 |
| SHA512 | 1ee37a05b6ab3f92ac3efd722984f80b1f822438e22d22964834a672bf6b01eab9a55782df6236e3b75c5fe04b21188379aeb45aae9a19f7b38e0aec58ee877d |
/data/user/0/com.riverfront8/kl.txt
| MD5 | c9161e44ffafd00132c4f5c374578a2b |
| SHA1 | da7da2f62109a62e2babc02dcfa97369f4d87282 |
| SHA256 | 2cf3213f08bcf06af65b5fa189113523cfbf77db2471c3e14e1bf756853b31e4 |
| SHA512 | db87c24f488755151b13f956d05585d603526a1d455afa5cea670b0e2f2341762546b1d7c1687b1859a532730e6db650b36121cdf9124e01d9496d9d4c781688 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | de8849f14e16842c30c9f72000bd637d |
| SHA1 | a25049f39593d914726149587c40d970f6d7da9e |
| SHA256 | 3d7477dad898d51fac78926531cc5f90b15a0ef55f82d22311a6a8c0c27b0b70 |
| SHA512 | a7ef149e1399e1fdd0494fa7d799f2a56c256a57a4278ffb066c99e125f7e9aa842dbd656efa68b3f36926ff26e455c43737d2b27747c5fb98d91baa3be2fb31 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 122b67748173ddfc7d02770d746d84c8 |
| SHA1 | 6242f9d0ac1c5cce927798e3053c1abdd7239b00 |
| SHA256 | 3aedf64b81d3795e3796ea9c303c0d02661f647ca3f059656834645313baf6fd |
| SHA512 | b8f1e88cbc1d0a1acd32fa58c272458bc18c2153f0d552f067567ec768822e1af329c7ead59be0099a1aa6a6d2982c25212ce91d6af6139c6bca39ca337e1820 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | e196f9c82ca99b7eef2f94588be42748 |
| SHA1 | 02aaf7dd01c0afce3cc801fdeb2f051f34ad985f |
| SHA256 | 805ea1aad0303e0511458846c95bad2abbffa9b85e78b762d7b2eaab1ac98797 |
| SHA512 | 567ffbdc4ab582d873e355ba939257eaf8d80fc716a98bd559cd517cb83d15afa4ddbc19bf7edf1d39c46c4175b58b539f639abd8fed8acf440d0b107ab5c4a1 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | e171f130c4b91e072f38a7855e9f715a |
| SHA1 | 8b66b2a04be7a5663d4c35267f0d116f1860b7da |
| SHA256 | 8acc2088197416c8de3df09acba08c1fb97441cc19c72e164b12ffae893cb219 |
| SHA512 | 47bc0fb1f71bda3795da4405c7c36741b7629693624225a84c179844338954b50d60d817e15e7bbd9377d0ffe9016a0e681ac30e2a807721a6faab31ada59836 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 8c32987b62c82b2fc6a6e09f11f79f7e |
| SHA1 | 802388bea7f69be079818cdcafa59cfc9b0ed812 |
| SHA256 | 45841b4d83f6fba801b529d7d5f651a964344ddeacdef3785a1f3c06ebc2dae5 |
| SHA512 | 602925cfd2d82b3ba568d190e8712408d360308c190a318b37dfbb48c7ba2001d0e9f09e704bfa6f45345b2305c98e7f7908c960a85620311d1326ada59395b5 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 3b4969a87e9a9c0458968c0cd288fa87 |
| SHA1 | 2db51f1e4cd73531bbcaab2659e53cb3633dcf28 |
| SHA256 | 948755dda95b2ace0dddc4bfba9db6cab1890c4bc43f8546863177a7dabd8ba7 |
| SHA512 | ce33f6dace4b65c478468cae8f8da4439ff1c7f1d66f3988a1b73cfa03ed6e5c39cff2f340412998d2a283e0801c60d89f22e2d0f7400cb1d7a9b94669b808c7 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | a40320f006da387a00a84f4bb50195a6 |
| SHA1 | 8f539d4c9729a5436beb6dc78aaa20e85e505fa7 |
| SHA256 | 21f5d96c562fdb8fdc549f315f283387d8fdef9dc6072c199222013ddd1c8046 |
| SHA512 | d4c19051841d177ea371338dcb674962cd68f19154d9401c90735242f30666b17670460ddaf2098cc3e3fb5f39d20c2f784243994ad9dd9c04ebc3c3f2ffbc33 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | e144befe7edeca01ecfa6df7637555d7 |
| SHA1 | a9aa155ece6a664da7e7f5f073ee3ef2051e490f |
| SHA256 | e158965c347f5ea1c74b491b2b3c18878c067d4a6cce656c3b3d8f1085ee9022 |
| SHA512 | 50ae7da2ade2aec5d38fed5d7c1c4295678e57caf3867ab403649f1510a970a892ef4e1797e62024be609563f609dc523387f12b74df2b6a2cad424528eedb27 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | a40320f006da387a00a84f4bb50195a6 |
| SHA1 | 8f539d4c9729a5436beb6dc78aaa20e85e505fa7 |
| SHA256 | 21f5d96c562fdb8fdc549f315f283387d8fdef9dc6072c199222013ddd1c8046 |
| SHA512 | d4c19051841d177ea371338dcb674962cd68f19154d9401c90735242f30666b17670460ddaf2098cc3e3fb5f39d20c2f784243994ad9dd9c04ebc3c3f2ffbc33 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | b67b0ee331b4f428e80d47de79f116e2 |
| SHA1 | bc5ab40f3b7c07268a70702b8ccc4e9acb832523 |
| SHA256 | 2d52c84c483e970f3f56164113c33e11d95e7e90f4b3648cfe2ef82b62be3b46 |
| SHA512 | 568be534e414e44188cf10bfa2b279247284ca5c9931bd4a53c1c64886c0c262329a2d063495cc3d45f88bb957fbe4a6cb19484037065c1445ae13b4e9b8ffe0 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 2e2092864c03252028ca111953a130fd |
| SHA1 | 04827a35ddc6c0c3861b01f5ef7e6073b4fa3e95 |
| SHA256 | a3c8c15e2c62d9b4670e598b308f4b5c60fd93e0ee8fe3c2007b7da689c97e12 |
| SHA512 | 38a2c3e04d7fe5c28f7e69c4f1d06137c2d9fdf37e39cc9fd2e138f821a5c08e2611e625101404750f19b6f08407172a2db1319b103b28eb769ca3b3a89dc39e |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 0cdf2f8f7d0821174a4fe26fef03004e |
| SHA1 | 80de699191196bd3a028c8c19eebd757e3fe841b |
| SHA256 | d329198e7b947edd9f296c19dfb4b3106cdade53074fcd63899d674599c195e8 |
| SHA512 | ae209d4b09dab5d794adb280fa37c2a7fc1435b9bf75c435f87d9e19577c49e64f513bb682dda641823dc31bb4042a21e2d1710358575119e23d9dc61247d2cb |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 0cd6744223693a90b3a1a7183dbcecd7 |
| SHA1 | 9371e85d0a0b6a1356de69f30a27aa2649dcf751 |
| SHA256 | 4c696e97fba20c1085acfb06f9e21aadc221a5dfa644c3dd337e757f9f42221f |
| SHA512 | 656dfa25c241fddb7316e76683f5b83b650e2788e53faf69218066faddf58b3a5a5623d3daf20746833817486e6fd9f340e64a9eae62b521deed40b7d501d621 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | dd1311842130581dfd9f4a99a7e5090f |
| SHA1 | 2e931703fa8135b9363e154e41c32428bd97e14c |
| SHA256 | f0332619e0306923996cf09038bbd6eb3d18b98ebaf9fbe03f81990ee202f189 |
| SHA512 | 28f0f72afc1b7a20d2d1c9ab87fd6d1191486b2fa51d49dc84e6d27f2aee3380b6a6bce531f28aca44f6b4b3a5e0493c9a54558bbf8fbfdb8e044b9b4c76db5c |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 24f851724b64a715c68d5e46b995be4f |
| SHA1 | 925c98bf043baaaad58b25492481e50c1ed714da |
| SHA256 | c9af1f9895e9ed500b85e01ff7a9510f5cccbe308b95316425ec508ceba2b9e1 |
| SHA512 | 9c9fcc291bf169c6577a0c6b01d7dbe5d3726d0ae115ad0a1b40c28c3cf03648c3b753cb66aa853dba1387465d3a066fce4d7298e85522246dff197d4ec0ccde |
/data/user/0/com.riverfront8/kl.txt
| MD5 | dd1311842130581dfd9f4a99a7e5090f |
| SHA1 | 2e931703fa8135b9363e154e41c32428bd97e14c |
| SHA256 | f0332619e0306923996cf09038bbd6eb3d18b98ebaf9fbe03f81990ee202f189 |
| SHA512 | 28f0f72afc1b7a20d2d1c9ab87fd6d1191486b2fa51d49dc84e6d27f2aee3380b6a6bce531f28aca44f6b4b3a5e0493c9a54558bbf8fbfdb8e044b9b4c76db5c |
/data/user/0/com.riverfront8/kl.txt
| MD5 | cb69b731775771f27513d5933cbda26c |
| SHA1 | bbcd7b248f25da1ec935a960c249d9d1de041a1f |
| SHA256 | 4836da5a792b1039578e9e0d852786c0f60afdf31413711424fab52b601f61ac |
| SHA512 | deb5a0d8ae7ffc617cf4e29036c8fa20c699be76cfb84b0e644f56dfb58da7971c50d2e439ee7c3cc38b24c9c8efdc9422f94265c8a545512d3471d1170961e9 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 0c7be8b7aaf758acd224c372686973d4 |
| SHA1 | 3dd6bc989b511aa78dcd31d46714eb3a842cedb6 |
| SHA256 | 87baf47d1f5287efa2e88a8b4cfb145a34788200f806a5c1f61e764668cb5556 |
| SHA512 | 72f7c8627e4d66a0214b3e71fd7cb99016d3f198c2281390c7433a5aa363b7b03f90f58653282759083b240dcf068af87a699a6f915aacf533b2f9a40e946593 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | de6eb73773246f3e3a32b667cc87c20a |
| SHA1 | 7e97bee8385dcb8086336c742c9b400bc0bbb54d |
| SHA256 | 1602f3d3fc511a9b3848dc23b938661c61fe451cff7a8b2a44300194dd1f1ae8 |
| SHA512 | 1eee05ea2a8ebbe6813c9393c33352912babe04f135208799e88b3921259ebd42c4be7293fedc8350ebff4c6d49e06611505f557675f63ea0caac1440a1e65de |
/data/user/0/com.riverfront8/kl.txt
| MD5 | e0aaca6888b0c017aa946ee58bd4051a |
| SHA1 | 94aa937afcd104abfabc80143a553367c415962c |
| SHA256 | 36a1b43b974c884a321618481f1a724617a1d1fd42c70f3d97e00d31b1fa389b |
| SHA512 | 51bacfe273a5df5f42f20540d8d3cb65b7ab8494a0edcdaec293e0cc34806a03bcf577601a0abbfcb47901493751492b6cd7d7421b5a38fa66847d63115f2205 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 0ba4cf2244df7ad4d5acf0ef26542ae0 |
| SHA1 | 859b32848de4670b3d8a5fafef9d3a1dd8cdcd4e |
| SHA256 | a87aba0ccde53aed771f5b948b76f6fe6173495a81f4cc5f2ea37f6832fe20e9 |
| SHA512 | dfa7deec3c4afec73908a0c8c973a60456579b5a3adf2dfad0ec544afac4016df701b0d831c1dbc1d357e99c81974d04c9054ad47c03b4dc4e4f2c286ba7cc1e |
/data/user/0/com.riverfront8/kl.txt
| MD5 | e0aaca6888b0c017aa946ee58bd4051a |
| SHA1 | 94aa937afcd104abfabc80143a553367c415962c |
| SHA256 | 36a1b43b974c884a321618481f1a724617a1d1fd42c70f3d97e00d31b1fa389b |
| SHA512 | 51bacfe273a5df5f42f20540d8d3cb65b7ab8494a0edcdaec293e0cc34806a03bcf577601a0abbfcb47901493751492b6cd7d7421b5a38fa66847d63115f2205 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 259e6f3dbefcdbc70ad50dfda30dc57b |
| SHA1 | be56922314000c4283e4096081b3cae337f191ca |
| SHA256 | bae4b00d7649cf68beb9de2e2de25a992c1d4c27b35ab8976e2bd7e67408dfeb |
| SHA512 | 909dc9329db63471f2f2203095c35ede906df2fa20767588938ea346afa3fddc60ad6623823d0c14db768bdde37d9f2e86ca14938656a5a22f56ff7de2cfa724 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | d8c77f99de5adac850259e24cc3bd8c2 |
| SHA1 | 24fe91c80ebd3581af30d80e7d31ea1e9da298fb |
| SHA256 | 1c84cc7ff797f91ac17169c853fb81c7e8f6e8c14fd26a531c9fe8bde11f7b2f |
| SHA512 | 8ed6a2bce388e8c3589a53279f63c0fdecd1582fa8f16768f9414c48e4675e0934ef438fb8076aa269b835a58cae882cbd1fffdd5bc287316f5e1f5348135b55 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 09163943b29e6379cc923f094949d277 |
| SHA1 | 17440ef84f88fc15c1b7d18b5abc86bf0e2b3b4d |
| SHA256 | 8375a0d1408858f91f3d3a9946129d9d14419dfa2d5a84ae3490a835e71eac07 |
| SHA512 | 4867da26dc451578bedf70eb345170354bcf24c2ce12436ebfd8c45655eaf9c7d84a074ef7d472e889fafee66974fc708206066678cd3b1723ec8de42004bd2f |
/data/user/0/com.riverfront8/kl.txt
| MD5 | f303715cbf57e4e5991293294810cf13 |
| SHA1 | 224a77dd37efc0dfa88aed549ee6b4089de67444 |
| SHA256 | 5d531151c24dcbc2e28582fdc45d7e017c6a723f993260fc6c6f3638e9b275f7 |
| SHA512 | 99a36640f81b9420df5a85635f4997b71a486db6c114b3954d77efb02f570f308d160d7975733d7bde11bda3ec56a5a385ebd6f060fd906bcc0e48ad27f1b26e |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 720d91fb880d38332f7467003513869a |
| SHA1 | ce2e27372e568e7176539684a15536563c95ae3b |
| SHA256 | 2e64592b4acc09ec6f52f2db925f5acdd18684b87809e5be56a49a1c31aa2a2a |
| SHA512 | 5a0e6eb733b701cc513dd2a71dbad04d864c80c2159540dd7f322390a374c1300c155a1bdeafbe829c89597db69a7b0ffd14c9a3dc692c23262bbc3769042e82 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 33fdb53d6c9f5e1328ad251ddb0c48f3 |
| SHA1 | dfafbc94ebe56229a166f3996b2de77afa8bce88 |
| SHA256 | 4a2d8bb0791e552e9d1349ad9625f7e0415029df7d0b74d6761f32e83313f705 |
| SHA512 | eedf988b70e2845bf89f3dfeae34c949f114c93c8077c0802be4f30c46bf2cbbff61cf25374f9415f5073ead95d7b7de31748b9a454e5d8563520418599684d8 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 720d91fb880d38332f7467003513869a |
| SHA1 | ce2e27372e568e7176539684a15536563c95ae3b |
| SHA256 | 2e64592b4acc09ec6f52f2db925f5acdd18684b87809e5be56a49a1c31aa2a2a |
| SHA512 | 5a0e6eb733b701cc513dd2a71dbad04d864c80c2159540dd7f322390a374c1300c155a1bdeafbe829c89597db69a7b0ffd14c9a3dc692c23262bbc3769042e82 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | f17a9c93c114f6fdf453efd90805ff61 |
| SHA1 | a4769a08b327a57bcbf33f259cced50f887cf84a |
| SHA256 | dec86af861fe7ba92ca21e701d18d89bd21b4240f25c89b9893b9f201abf9026 |
| SHA512 | 513485957c9b2ad59bf25cf90446a2e264d6ea2b3b798ce808d619e0dc21d77d3c9b8bf7421e85f14730142f325d08789834e54674c12d009ba4d22ae47c0454 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 077d2c8710e3a637be9cf1265ec88e7b |
| SHA1 | 384c431ad17891d1fc81204c6051c2aea65a0f27 |
| SHA256 | b7b4edde7cb362752181b597eca75ad8d117b28a9d88c9b2523632e6df8cca48 |
| SHA512 | cf35c9a40d0b84d6164a22fdc3fa4225abe3a3977331573e9ddb5f48ed3527eeee7765a568d3d1e53ecd87599f1499cc9c951f3737cc51f257fcd087cdc49ad2 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 6be474cab7db9561f4850db775f8be48 |
| SHA1 | 3887b58d400d1f888ce83f45bd5790f696b32da8 |
| SHA256 | ca450b530b9c3fec977195aabd6cd043719efa0d1d1474912215629bfbf04ab0 |
| SHA512 | 83d8a05534410545dbd257e07430e586a7f7b45ae5845b310c352f2702a5db93df740db2d0810da142435b539577266d8ff3519241e7f85ab9a1b36a794dfa2b |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 077d2c8710e3a637be9cf1265ec88e7b |
| SHA1 | 384c431ad17891d1fc81204c6051c2aea65a0f27 |
| SHA256 | b7b4edde7cb362752181b597eca75ad8d117b28a9d88c9b2523632e6df8cca48 |
| SHA512 | cf35c9a40d0b84d6164a22fdc3fa4225abe3a3977331573e9ddb5f48ed3527eeee7765a568d3d1e53ecd87599f1499cc9c951f3737cc51f257fcd087cdc49ad2 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | f7a36fea99dffd77db5c0d8f833a8e50 |
| SHA1 | 6c71bd09ca9793941189adec99d7595f5ac3d1d8 |
| SHA256 | 265cc5a7904292d92c0cef6ee580898997db909b4726d412d64baae66239c69c |
| SHA512 | 8905e4f814dae7297883ce4743fdf1232fe23c3baf3445b853ae6db5ea86eeb5cdc652669fb38f45deb667afe1cde215eebd6bd427691e595632addf48e5f23f |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 1c164c5638c265866447125e774d42bf |
| SHA1 | 0671825f59d27846b3b01c85f7722a63bd449626 |
| SHA256 | d77dedaaa7bfc9e485ef3dd8fb3e1fae5654f99097cabc414975c261ccfa1604 |
| SHA512 | 5aa7ae390e16207d452ad89fa8bdf72dba12a817f8f67a94bd7444161a3aaf37b39d4ed902618cd66595dd9d253908f5b7a9aa2c3afbecf045714e8b44ad6a97 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 08182e3720d48cd2b9530ddbef6ff766 |
| SHA1 | 655117127739ac60a257f93efcd9302330359eaa |
| SHA256 | c1d0d556f1ff30d0ab82529cb03e4a0890bc5194183544addb5cec0c1182703f |
| SHA512 | 5b385825fe4534f468215d4bcc92f9903976160b84d6ae9213213fafc93bbfc50c132c78bae5144f09985481bdd104f15a0d6304f39053a37064145f1b763f43 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | d714455f72da6eeeb8f5de2a236e5afa |
| SHA1 | 076f8a7f203232e749826a8be89058cecf2b3925 |
| SHA256 | 13eea7f209949f1a79dd89681215efae60d444ae816a637cb49f1ff0a02733ff |
| SHA512 | b7a8575d8c1e73b3d8fb7c54ce580b22cb807232aa102bf1c0eb44b3947d10be8527943e6f51b5c9f5c9118e645395a7489bb4fc906fe87b17e0709ac872e3d1 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | bce59684af954f558bd45d3ede4700e3 |
| SHA1 | cc547db443fd438ef9037d871c044b55bffe407b |
| SHA256 | be40c22c66a50f8cbbbfee00aca2178e6f1c1d82f03de8dc5eb315ac54ee6639 |
| SHA512 | 05cd0201cc89a4a2d87027a38ea00725dc4dda311a1f5fd350da20ed3d6aba5355465bfca88dfe829e0b8b8415dc0b1b393cf5a40ac76a0d40fdfc60da53efd8 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | d714455f72da6eeeb8f5de2a236e5afa |
| SHA1 | 076f8a7f203232e749826a8be89058cecf2b3925 |
| SHA256 | 13eea7f209949f1a79dd89681215efae60d444ae816a637cb49f1ff0a02733ff |
| SHA512 | b7a8575d8c1e73b3d8fb7c54ce580b22cb807232aa102bf1c0eb44b3947d10be8527943e6f51b5c9f5c9118e645395a7489bb4fc906fe87b17e0709ac872e3d1 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 69228af82fe0a36385b26f3696a5e0c7 |
| SHA1 | 046f2340bbc51a9753773f9503c382663644f324 |
| SHA256 | bc7547cde55fc2982cd096035c254876983cb0fecd4d712c6b5f3f05852ef157 |
| SHA512 | c9c5a1aff5202ebbed0713d82da3a57230673c65ce95e089f70f30b91492f3896f81c2b9eed3c3fc997cc4856c619455f5129e703de224081bb6adb7255bc308 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | b98fc0155ec71b4fabc50718e293145d |
| SHA1 | 1e66e3f8f397785897a809c43e26658f11100fdd |
| SHA256 | a350082d4baf9ae2dce7028e5984055447ace3748dfe771d5c7c5f31b44c90ed |
| SHA512 | 33bd66080d1ea96801e0acf37c72aceb734bb244a768b08f80e43be9023ddf60dd26d56850a448c56a6b0ca5372628c6bcc94ccc875b24788db730b8ab2245c8 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | f6c48c0005c7c3a684abc132f9e1e23f |
| SHA1 | 9488588f79e409dea446232d0a34435e9fc4628a |
| SHA256 | f93138ebc0dd515f330ca1728278088bd32e8391aa4f8a8629426c159b9d07ac |
| SHA512 | 6d9237a6f960013326286b6725435869479f8405c50d76c08aa9de53909b4bf1036a1c93820e7b86857e72e6bc714241c3b25ad2e73b947bfd5fb334416b2ca9 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 18b0346d27ddc6fb66bd5be9c6df7426 |
| SHA1 | ffe332d07ae389abaa523d393bdd3147703a1a7a |
| SHA256 | bc84cea1092158fa06e21d60bba265c5c0634ef9f917ae257f09ab977bbbc9ad |
| SHA512 | ab2daa967d48bc523820dafd3b0e7907ed54de567ddd1c2ec970369b5a9c8a13e7aa56cbed1bd4348d33baba14cedb67c89078212ed46f27c56240041306306b |
/data/user/0/com.riverfront8/kl.txt
| MD5 | d74430c954843fa7980afa33107ad06a |
| SHA1 | a1161178ce755e1ed2cd519aad463946196d8d4f |
| SHA256 | 43c8934fcbe7fdcb447d58e227e5f38213466d1afc86dfcc113a291bda7e3a50 |
| SHA512 | 74704a48bc4f4a565ed07a9342c907478cfa9ab719826c5f9b417bf183e3049be4288b0550bb3eb339c813ef5906532f0dacbb7c2cd7a8f553410429d5474f5e |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 2448d5285b98799b804aa25306baf755 |
| SHA1 | eec278672bb011c548f9ad9fa02edbf602e37d3c |
| SHA256 | e1756ed7c8ab0a3ab10174b8e72ecbd14256bef7e74326f87f027f76676e7f06 |
| SHA512 | 7840ba4af633a27686ae560625498a7f402db9adaa35599363c854dcbe271186424942cef38eb813d184b6c073a9024f8dd88d099ccf70dec04b6304b56868b5 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 06d60f8c35022d185fac2444ea9eb022 |
| SHA1 | 4d53d1f41f45babebe8688778b1b09bbd82126d4 |
| SHA256 | 49a97c2bf94a5eedd63a215a58172c88eabe8f69cbf3ef27262c09c4093233f3 |
| SHA512 | a9cfec18de2be9360f1dc425648092280d2b255d3fb7842d7ab1946c26258b3f468e2c86fd9894278435a5942bc66fe1fa6b37bbfa890cfc9b155eaadc90d07a |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 7bca7201e2f2d7d980a64f449a39602e |
| SHA1 | ad9cc24c8d0cd011390595fb48e43301a4a125ea |
| SHA256 | a06e4ba1f1a04c57daf02469f55c39e7ed2438b3bb736d15f9ef144ba45db28e |
| SHA512 | ce7ab8b4cf91c8aa629c50fd31b63e12b93c9bc88504198d085f3dbdee5d44d2e8addc92798e4ea41f5327489e73695cf580ced0a71d5fb9a0f20f46a7ddc6f3 |
/data/user/0/com.riverfront8/kl.txt
| MD5 | 07a8579450d79c3e4c350804c48496ad |
| SHA1 | 05d132d511c036cae66bbf883f0bb3396f24fe59 |
| SHA256 | e6b915be48d0b0a5c990a14f866745d42d1ba6b8b41b579e496934b3125c895b |
| SHA512 | 171d0d3330f913ae82df1e8b5af52257fb75c43f538b1375262523f6c0e3b4070b45b361ddc05ad03e3082dab64a84df9620859038e721126bb8545539a1e6f3 |
Analysis: behavioral8
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win10v2004-20230915-en
Max time kernel
150s
Max time network
156s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 209cabbaa1e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E6FA276E-5BEE-11EE-941E-C68ECCB5A471} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401525921" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e01d3a14bb1f3846b5fc27e9e0ad3560000000000200000000001066000000010000200000007c6ab09a9951f8e49b1f8a7c0afc334040177d00f81afc227920ca2188cde61a000000000e8000000002000020000000449d33f4cdd6e00deb11b3098e803920d030bcf7dfb6f0db5931d45572ba1df5200000001c02e8a88a50fe3337298fecc9cba5efc5570e748c1b0b2c8c1bca41da707aad400000005f11824f9c88868e87270deba0b41b94fff85db704bbcb88cdc0399a9d21c4f770ff1f204b3cd4c5dffd90aa0574fbee27c3d188436d652fb5fec4b0f5d1fc6d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e01d3a14bb1f3846b5fc27e9e0ad356000000000020000000000106600000001000020000000c49babc33d92307a4926fe4ef744a7f96d45f4f05c6b32bed78f28aff2cea9e4000000000e8000000002000020000000483d8b4a2c3bead92ee5e3d728343d02db3da2bd932e8fd546b892fd7e3941622000000085370330e42775b6f426aeaf4057aabd752c80885b50f1896afd7e9e9cf6d7dc40000000a54e54a4c38ac136e487f39eef26fea314dbccd0a78f48700a5b911c3f81db7d371dd055edd8ea5360d98c83cc4db74c56c11bea9f42a3a1027ae86913dc2f75 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40b59fbaa1e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 820 wrote to memory of 2784 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 820 wrote to memory of 2784 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 820 wrote to memory of 2784 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\assign_labels_local.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:820 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.178.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRL3SWXH\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral9
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win7-20230831-en
Max time kernel
135s
Max time network
131s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E58571C1-5BEE-11EE-8900-7AF708EF84A9} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841079" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac200000000020000000000106600000001000020000000ff2680d05cb189b9e5f49c64b68352ea445b522400cacda3f75f4bc321b4d472000000000e8000000002000020000000d1f4f73aa08e6db93cfc1de0fb43139b8285b68f5f283a8467e7cd312343fedd90000000b36cd03e85591ab79a77d8c5c2316ce5b8460d620f0fef1c93aa3e8daefd6a2f7f8864a84884470041bc911bc3d27dfd3ca825b2c63a36308a8cde7426df61f7d7dfcd9c272d52442253c8935ba30291e581a1620fdc949b73f41bd60e3ed337baa1f825632e027d6b78464407905654924edb29282c35744ecd7a08f29b0d708e18ba631125dd4bb23052d75db5a5de4000000062815b03aac22c0dca4ee1fa2d5812e65f9a37a42725e0693ec12099c28e5bb21af6d3f173237342d4645decc9ea74f87bcc8aa7fe403d8f4b8fd9fd0c0791ce | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac2000000000200000000001066000000010000200000005c701c6746e6d574efc872fdb9d462151a43fc614bf30090d071e52ac5bc8cce000000000e8000000002000020000000e3f52d7d7d7671de872fbe4e3376673b038d6f8502921ea2acc636bf89257a1a20000000b3e60f3f95679caed25bc1e8375ebe61d4466c2901fa65b588def6dc1b5b6b4840000000950b300ab50ff1c02ea1fbf63545c2d64fc372c7c052a29b47048e450b46242563c57b5873a9954dcc006fae70ee962701240a56b561333e1a95c73675041038 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20cbd8bafbefd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2108 wrote to memory of 2120 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2108 wrote to memory of 2120 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2108 wrote to memory of 2120 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2108 wrote to memory of 2120 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blood_glucose_entry_local.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabA3F0.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\TarA422.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 053f4d9892b8cef5bdf7e6f2b13ef26a |
| SHA1 | 0234b1379846313cc956d7410711c07d622f690e |
| SHA256 | 22885536769e9efaf6c87dde9c016a3be3c30532733832b98880ffc6fd734bf2 |
| SHA512 | 636a1d83104bb5a7fd70468cd5ed4c1bc4848880bd812bdd0e8fbd226ca0550c6bf907fff77e372b240d73d39a7fb3dea7d3dcc630a3e62b5a39124a2c30bd87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f5964888bfe74a4bd2374aecba41069 |
| SHA1 | c79fbafba073c475f2afa930e610720861c7ef18 |
| SHA256 | 6313e9aad16e61983665402687cbde1c287540d21dfa46953b958efca2ee4b83 |
| SHA512 | 8218d82722b4bdd4393e2124c7a76ce54d1954bedd1c4bd548a0005190b97ecc8ca981354d447d308825b4de81f77e45945957dda9ed27ed85315dd7e1c79147 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 194123a2c0e049caa3cd27813a497d9e |
| SHA1 | c961cf9ca6478aa7c8410a76dd2cfbbb2089f5cf |
| SHA256 | 1e5f5ea24c90578a6d4e3b6ab25784423590990bc406afdf35278ccdcca1ee47 |
| SHA512 | 9c00b346055849e24e7cb1885cc703fb50b1363d64dd9117b62ac006056c588f84b51896681d584d7b74096701108b360d175a431ee8aac8a2323e6d4f7f5761 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 434b1a0c3d816666306ac279f517e58e |
| SHA1 | 7cf7c1d15b7fa9451332b2453b3ea87dd032a251 |
| SHA256 | ca50809f3da2c413106da5cc7106cb23d757c48c84827b6cb7fc133a7f4dd0b6 |
| SHA512 | b96594c9a2a9adfab5873640f9d37c622ccbae8a3709a871af096ca85125a52b6e1df18a1690088bb3ccc369830f4f8b457f73810149678ee96102fdcc4f78f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e89ab6b8166d647bc6fd794af7196de |
| SHA1 | c63b83926b057aa467313841fc753dae9f43f771 |
| SHA256 | 7fdc187904670dc14d21c13745588c56cbf0b3b95d410d9d7f96116645809ee9 |
| SHA512 | bec36b3b4f6451249a53b9a3e4809dfaf278a3ff9a865ad4ca8d51d7b175fd68fc163678c9e434a4827179c1821de5f468cb52cfedd1758f117255a03c94dcaa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2009ef009f3b053755b50a0e10b6c4a |
| SHA1 | 28e3af18d2bbfc7dd6d7631448fc6b3486ec3efb |
| SHA256 | 25ff6b290d5b08a5b40b85d57101de18770279420fc857139a4b36e446ae6ce2 |
| SHA512 | f1d64c80ed30cfb91ba616f501ecf2536019559cd77df57373a6bdc568dc50e197ba88d194e6d0c83cabc916c1894d6af333244ad3609cce201edcd455f95c88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a056c5b8b3b1eb41fd0cb9f766b5d52a |
| SHA1 | f915a098666caa1b172b6a41b333822fd1df0a7b |
| SHA256 | bc85a92e5dec9ca0470b58c459301923845063a15ea55d007d6f57b7b83aa276 |
| SHA512 | 21f1920e007f09a67e715882c2649db0d81e61f796f2276fe2f866d1983350455b74e02fe952962629c62d75dca7443c32cdf869c83cbe844ad709f049fb4c87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fd6bbb20f37bd656c1f99de4ff6d364 |
| SHA1 | f2a6b68197a0f403786afefbcd8afd7c0f552ad2 |
| SHA256 | da0a5d5b0a954b8c4c459fc481a4861bcf44fd1599c5b3c780d6ec63f5a60a49 |
| SHA512 | 7dfc188045c5a72a0671973318831ccd106c145848478e601c486a1c107d803cc962857b4152636d54c1d0379f0494f3d8d8ef20301945c096773dc122bf5823 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1df8f2198f943f15d697f722fc1e681 |
| SHA1 | a3781c9e7c431d8ac6040be9de730708c092e233 |
| SHA256 | 9e27684b6c83292389a9f5b925a7d3fc2618a714eecaaa0bb3631ed3c35fd07a |
| SHA512 | e7dd6d5cf04808c03607ed776a694409ec9a86605b04d76d5b92e85eb5253deaae87515fa92c787ae9d9a5b99c5471c441d712ec9f5af40ed7809aba532fad0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7cee90a77ad42d27d3d23ba078286e5f |
| SHA1 | 6413b0f5f33d3c177d19a729c3c8d1999e4587ea |
| SHA256 | bed63e820384be0f5cdc7abf8d0b0f07a27eb6303fe4b25992f4de216c573a08 |
| SHA512 | 6879033bd8e6f2a235b782de339c20e2d7d5275cbbf6b4e471f227949b249113e44e02bcbf763bd0eeb069222aa6aa8c06e074536357be68f307d2efd6b8bd3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf87a42637a2d8f6d90b90aef17f49d0 |
| SHA1 | c84cedd02346a9d88c6dd98d1c38ed20b1ee03c6 |
| SHA256 | 5766011c6065bcd2d8f2efba2d2cd712e97ba1efe9e1d93656c1e219025a0963 |
| SHA512 | f8b4183202f4b0e6d0ddc35c38a641f78550c796f5055b23bfffadd912d9a79675fa8c7fc1116e099c44392bb9667e3a464f4cbb8410e94f535d014842a373e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6798bdcf6b46742d493f9672a262d21c |
| SHA1 | 4781294b5b100f78c812f42c2e43742afe4483ef |
| SHA256 | 3df8fe8f12bc687841ffee75926e9317df948f2433e2fb0bfb487c2776945945 |
| SHA512 | fe06e3c223c2c142e25abb79fa6dc673d962de2fb20f938b67283cc92698aefa817e8d615389d936ad2eab793a51dc74054c29456837f02564a48b88b1c91461 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39aeb0c8ab12dc694b3197849e15b1bb |
| SHA1 | 813165bb1b67dac6c1900e0a418c337d092499e1 |
| SHA256 | 0b3968b4a6ec4ff2ebc100addfd20e756751c840ba155ef71d3dc6736e5709fc |
| SHA512 | 7176db3b1c1edc079efaaa2ab801849a13ce6f1cb8489c09b158eebe5e38ca181363d647c9082035f23a0b7abd2ba3b095293301c408ae0bc697c5eb8bd0a9d4 |
Analysis: behavioral5
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win7-20230831-en
Max time kernel
119s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\aps-mraid.js
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win10v2004-20230915-en
Max time kernel
150s
Max time network
157s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\aps-mraid.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.5.248.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.162.46.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.23.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.57.101.20.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win10v2004-20230915-en
Max time kernel
146s
Max time network
151s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401526059" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10af500da2e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = "http://www.bing.com/favicon.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\User Preferences | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000b74af784fb5f38f78548959174990c2036283455ff6e04d82b76c30035ed1266000000000e80000000020000200000007ce12637caee17a2177df62744783c124a76ef1d336c2e73be9ed636155ed36650000000ff9dae95fa1c7749acd049d2e39a86d20455517b4a9360a1f2e8ed7a918f1693954ac25d718c5d912e97dfa5c8af374404a5fe9f1844e259fb24bcb1964e2e63ad5a6b4effb97ebd3e091658a0ca380140000000ae5b7bc648b3e39252fec8f7fdb10aae22a5580c19411fab82ab0771e070f74d53ba26edd0f6607eb88a986b8ec0494e9d9fbd4baf16e6cdc3089eb5832f3731 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f000000000200000000001066000000010000200000000ee22328944d3d4f1be1590bede50221341799214541da6d5a1c596108481b11000000000e8000000002000020000000aa04a841764d8c137cbfd30982d0aa20b70f2c521bd2af49975bec518243e657100000008dd03329d8bc340392ae93e07e1b53f6400000007a6a5b6c9771f8cfa2a26846bbbaa5a9707eb072fa64c0acd81dc823e92db5c6d932d767b43dc2a1dbee63ccacac7aa4df24c919b8bdec8fa197c9de1dafe31b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = 042d5e82d5e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30e63f0da2e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f000000000200000000001066000000010000200000004abc65fcee4dc8194a7929553ea80e8a25ebe50163cc2d6f77d220dd2ad42b90000000000e8000000002000020000000d5c5d82d08e93ea7d04b7568271dd215d70fc3eeac99c85f783cf480296cd20e20000000fdcb1d2c35672527fec127e4cbb70c0bf6d203b8558ce9853f16ec9f397eba4240000000a6a8f45e648bd2b7d9554f939c40f164a9ec71ee4a26c86726764ee2f96361d31129a35874549e4550221c419f13050e5200565b4ea31bfd898edf2f05a9ce66 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version = "5" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E697BECC-5BEE-11EE-83FE-CA4DF275542E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IENTSS" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000c682ab8d4c051ec4957d105cdb9d2d7aaeee023edb326050624e97ecc4804182000000000e800000000200002000000086e71a086840585c3c54eb778cd099efa7af4e67e4939fdd14590677812ab1a320000000bca9a7007ce80765deb12bcfcf8294ec3abfdf4b8ea0725c353bdafb4b54622c4000000044ccc9b5c1b0cb187f5b6c25cb70cd62ca54cd993a72ed808f45c54c251c6fa62abe50026f70924110a2dbbdb6b1bbc6406cf0fb8e55fa4a8ea73e37170ef4c4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1348 wrote to memory of 4868 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1348 wrote to memory of 4868 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1348 wrote to memory of 4868 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dpr_report.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1348 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.101.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 114.110.16.96.in-addr.arpa | udp |
| NL | 88.221.24.114:443 | www.bing.com | tcp |
| NL | 88.221.24.114:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 114.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.162.46.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7H3JZN74\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral3
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win7-20230831-en
Max time kernel
134s
Max time network
154s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5E1C291-5BEE-11EE-8F6B-76BD0C21823E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20adddbafbefd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841101" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac200000000020000000000106600000001000020000000a85176c7b55388d06afeb0bb26790de78a366a71897bca97618e8d0e58bae765000000000e80000000020000200000004457b6a75f75569c1037da2b95fd363a283bea59c1b8922548b1cc43bdb6e70f2000000049b4b329201336ea61b11c40c5c8d565d089c9e58a52c2adf07f28b85007e84b40000000d96b94ad6d34189293ad8aa8d4754399b08a5899ca6a1021cfdf78f7c473d530ac5a3c84ac4556082530823c00c686bb76aee89b462f7131c2f2ef44b2957743 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac200000000020000000000106600000001000020000000332697cdde1a3100988645eecb28e73fc0e56e8a20d87df118cbe2cad588b043000000000e80000000020000200000001d99332bf02b58f4452acd3656fea8ca0231a63d3f8170c71477f53ae48f15199000000009f2812809a0f33c3e63f5394f456c86f9a69b149b4c2df6b4ea95669c3997b359aefff3fc0a68824777f1c6148ed11aa69a196d8ac37705fe6622abe94d5c639a78f47230efa5f4fcc6e9e54af9fb16f7e7ffe01e7077096381eba21ac10801ee97dd839fc767f1ed1ef6eaad3c1155e331ed228d1fdda1e72ed500a52fad4766e5494848845ec656f42ad8c8aff77340000000fd2d84a264413f653ef83b06908c8b7e9cd0c78aa1e4501f99d5e8578dfd6e846cd55e77f35aa074b70591dcf152bbe2dadacf2a9bbb837cffcb816d92ba7977 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2220 wrote to memory of 2360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2220 wrote to memory of 2360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2220 wrote to memory of 2360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2220 wrote to memory of 2360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ad.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4656.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar4678.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
Analysis: behavioral11
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win7-20230831-en
Max time kernel
134s
Max time network
132s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c300000000020000000000106600000001000020000000aff036ad1bbca5763ca3a72a3b504fc518bbf186083911afd611e9ab6c60d1a2000000000e8000000002000020000000452903ce94a63e5ba430fe26265a1476442bb7f052ca4ae1024c94f508d78a45200000006b7c6e6426528a52eee694483e208a000858baff84918a4b0fa54e3d97342ae740000000f9ff37fbde516cf7d83a18f1ae7b58da58d3ca990893848d44b18c3a538455d0adbf620a0e645345eb205808399dc8bcce27901154ad3ec8ab0529c8e79204a1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841080" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E62032F1-5BEE-11EE-8708-DE7401637261} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c300000000020000000000106600000001000020000000cab15f28f06659cdb9c0fca02d8a4d26a31ea67f699d011e6cc46313932752e9000000000e8000000002000020000000089398447df84d4aa9e932456da10a8b6a0cd9e58abb073bccfaf584e22c352b90000000d4a305ede3e81acfc51520661c35f2c15f13b03480cf2afb305b4a7d2ae454950d1347e7eae8bc3726a4133a2edfbd3afc4384f820f9dd5eafecca606db0caa910be452d9ff7f20216d5ddfe326a6767624e79be9d44f6c53b27aed4b55627b746ffa16e3298f773ed8a370538c36e0d8385799563cfa536ee3fdd0c443daf56e304cf75d4dca9cb96a5ecf033c4605740000000d62a6ebb6b9be9dd9117fb60c985940a903f8998b92375534259f1529eff5e399b63ce4167aa5620f6de0dddd8eff67838b274da0110f99a22bbe1f48203bbd6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 907bfebafbefd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2980 wrote to memory of 2224 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2980 wrote to memory of 2224 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2980 wrote to memory of 2224 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2980 wrote to memory of 2224 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blood_glucose_local.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5F33.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar5F94.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
Analysis: behavioral20
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win10v2004-20230915-en
Max time kernel
150s
Max time network
159s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\dtb-m.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win10v2004-20230915-en
Max time kernel
142s
Max time network
152s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401527288" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50496ae9a4e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E6A31965-5BEE-11EE-A4AD-C2C9425C9A59} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053f6c1c968fea744ae4054d48ac91ea900000000020000000000106600000001000020000000aef15603f02e28df100612788e6b515fbeef0f5b9f45a8cbbe44a71f46aa7802000000000e80000000020000200000009d5ec3a7ce551345c35a556602cb011d99927693db7265ee6d6a5b78f7b07b2520000000496a7f803edf84672f8f3fd7eda40488374bd55ad98064bb8cd66a00c2939a5c4000000050b1714ddb2127e41451ef6fa8f287e2d47824c7ef2136a3fafc71c2d674c48a9ce394f94ae89e0fa0d85dac59fe2ca8051da2770cd6493d7add758947e3ee8b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10357de9a4e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053f6c1c968fea744ae4054d48ac91ea90000000002000000000010660000000100002000000065f967cf92d453bba04f3208b07bd3fa8bdcbd26e36c39dbd6494c019d75dcb8000000000e80000000020000200000005681271a552bee35379c91fc009e3b5b508b58f4448a1bb2ae5b0d972db11118200000005e2dde10f59ed6ed14de49c992aec8a12a41804b187248e8e913c09ec25d6297400000002358f1ca9472de19ee700ef52307a9d5d55203d27c0f677564f8a3ab0ee67e222db1c16c59b9ad67648191b73877949f75e3f9424724f088c05b639922e38cb8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3664 wrote to memory of 1356 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3664 wrote to memory of 1356 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3664 wrote to memory of 1356 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blood_pressure_entry_local.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3664 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.5.248.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 224.162.46.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZFOAR009\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral15
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win7-20230831-en
Max time kernel
136s
Max time network
132s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f000000000200000000001066000000010000200000007ca9ffa8b8502b9bff1deef371f31f419dea261965a8b9eb54f8cad6bee1beb2000000000e80000000020000200000007916cc900d29170f31c0fdda4d0cad5119d37d88a55283abd5c77a532f2e100d90000000766e95bfe615af9548a299a2ab529d21403d88edbd3aab46eea9f5a763169ee68036faa5f005f6af1931dd1df0af7b596a3d08e2284a7c39eefa9d9f1c85254a37e4c76e1a3d9607ee428fe1cd8aff6dc9d14192e94c6564cd505e8155554eff3483d796cc636cd75798fe8e3871252f38e9c9ff227071784b6b776482f685eef4317a9c22f4455d82c4b27a4e103b1e4000000091b4a9f54d7b461d199af35388865237406629c51486dc3f78aff738b35984779c3e16116c03a4b95332d76f0e23f1474edd71c433b77a35b4cdb4932244c862 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0bbbabafbefd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841079" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f00000000020000000000106600000001000020000000f0befab96e399ec1728d331fdfba25b776ce4c72d0a5ff6030efefa3fd751cb1000000000e8000000002000020000000318d8c071ab55c581b31dcccdcf16f8f649e7b0e77de9200ddecb2b2fa2ebd8520000000300f9b61ce8ccb2c23fa853667634b896907c9dc1e72a4156f22d3ceea556ee4400000003afbab81f411b6161972db2229f69fca3036be14ca2d33138e54dadf3341e9057bb88909a610ea7560973c04c0b7b096b855b2b555edc85452fa839066c77005 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E577B621-5BEE-11EE-A68C-D2B3C10F014B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1268 wrote to memory of 804 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1268 wrote to memory of 804 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1268 wrote to memory of 804 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1268 wrote to memory of 804 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\diabetes_reports_local.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1268 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5228.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar52D7.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d426b22046ec0df912a66d3c8888872 |
| SHA1 | c51b6029d4c09860ae2663ead69d4224f328b7fe |
| SHA256 | 8b155b52735893fa4cb72597bf5b804cdc4139cecbed1a57d2f80c18e04cc3af |
| SHA512 | f549ba4240afc4fdf978eb9d465690ba97fedd6a392a25bc4ed47019a406c0ed22ecb9676d6d83bfb2b34f02dbcbec2c298da4ef8da3142bc4d5cf2a6981ad68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95502c243b6660f4057d37e6c36a6614 |
| SHA1 | bacc86e03a8fe835bd62c29a0633847676e91a53 |
| SHA256 | b7e6e528e5bd6b3791c5e1cf7ba3f737b83dfbdde1ca4932c47241fa4fd07e27 |
| SHA512 | 531d8b2e80248a41d294b67be3b6015d0c1576593ad20a56bd071cec5f1d356d4255d25d6fc973904e615d6a2484ef574aa15a2fb89560422ef4861d85f89a4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea7f072acbb303c11969b86714f93b34 |
| SHA1 | 98a19b5d93273411d07050b257c6b1b14c45ee2b |
| SHA256 | db554e2b86e4cc5503d9b3f305332667995b42bfa49b20a07ec6c9915c438e43 |
| SHA512 | 8600bdda8781e971c144d792d2b1d359b89699efe002eeadfed93a41a500d89786d3bc74f50ea0f7702cbd2781ad5c9bc556d49ce786058a554d09f555afa6a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1a5647814956b16f794c472483fe0b6 |
| SHA1 | f65f3dbd006ff057398a7df8b31984876338a251 |
| SHA256 | c5f28512b371f1c36ff2e0d3e8dd4e36ec8c32f9a7a9304b39ced6b16cafe404 |
| SHA512 | 3a012e33cb3669a7111488ad47dbf1ad1a454b0ad16239bbb32476726afb11e9a93fed50f1f2e5a9a803725c6c22a9e4b3e2fbbf1b1489790321da0e4899a5d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f05208cba52a66187db3221874e0edf |
| SHA1 | fc52ec24ab1e269b3179b03896e15258503e56e3 |
| SHA256 | 9f748c1e7781c109a93704de160afe198166fffc1c7d91cc2c53705043ed9df7 |
| SHA512 | bee2798e378721ac6481375bae1b38cbc9bf9de940f282c6d79320a9457b2ebb92e6e3631f7ea2b6caa30b6bec06887166c65d1cce5748cca24b5728bd9b7a39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22ec8dd4407b1d7f7a5ac42ca2d343d4 |
| SHA1 | c4ed16c208e12a2542b39f9a47adb9fba4083572 |
| SHA256 | 17a14ea4736f43982091be389cb9175ae1f33c19c9fc293af71dd235b63d21ee |
| SHA512 | 6db18303f82af6c7e054c5967ad047b831e3722f54c9689a3796ef812d5cd66e7d0ce769b535d2c7bfcaca88f596fd379fd0a8d78fbab6807ba2867377ef733d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49250392d900ff6475b344686b20fa5f |
| SHA1 | a4aab55be5fd3b9f307b120a1b82c60c1c9c4cff |
| SHA256 | 6620c5276fdd5a67015eee8b33b902523174fbd66635d64f38846290e01ef6e9 |
| SHA512 | 9e930a178d25a06727b2d17f63346c6d2c443af4800131b269aa554b8c2e99ff56eb8d67765a78eeafbe5f027daecb7f1310c952ef6bbf179a68c78f874f74e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1cfd196196f4d0ff2af12c0c73b1b65 |
| SHA1 | 4ba88e630679fff79601675a302f28c1bf4cf153 |
| SHA256 | 7546004044a71bfa56093883e72877c06e6e88083248cb94d061defdf86ef8fb |
| SHA512 | 61bda7c52b9326727158f255e9f90a9e360cf4de82de253b7265e7c77ca2a246c3c2731d51ee96689c63ef3797d3b0c1214deedce648a79a2764e64ead9476de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ebda97be10b7306110bac4bcc81b621 |
| SHA1 | e5072700c918bd24acb148b3387916df38c99916 |
| SHA256 | 10fbbe0cb3f39ff75c70e6e7619c6a6ccddf9802d18ff3da41ff6bda86c03510 |
| SHA512 | c7c654c36f728f46b7ea334211f963954a69f8615bf9439926450fc33377ecd788ed9e4cfb2dfa5cdd96496dceb25332dc563079f0ca32fc176d15905b8cab2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ee110aa0e13b9a661bed38218b910b6 |
| SHA1 | fe07985440576571bc10a2d9428ebc2a1f9ec84b |
| SHA256 | 0f12d5dedb281036256fa50aa67f51fdbbe70a8882bddfb28c0d97eab10cda23 |
| SHA512 | eb33f94b7c002ad57c7de2f58b35399f34ce283bfd07e8f7c3b9a80aee9e91256049c1aaa0ffe6f38c95b5c18a2966f5a2e2a8194acc7e38ec8b9d696098c99b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb917d056701d4389a36085372fcba12 |
| SHA1 | cd3f086b006c5ac478cae8b119082d33fe4ff45c |
| SHA256 | bdb37bab7776b78d53168d71a04abcd3579391edfcde2f0a1a30f6d7693e8e67 |
| SHA512 | 371e425598a85f623ffcd285893a16a7468c85da5a0efe83c99e7bc0e1d4677da54c6acc28be60a5e7d89e270e25487bbd26b4c96808ac37c3e1aa09c66586b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6cc03432a6a73d21a1e7e9eec9d61a28 |
| SHA1 | 60cee1c8a4f8afb41eb7c4fc6325bb3fd25c5170 |
| SHA256 | ae960647694c6c0d23f4838152012ec6d60f4b4c8eb704b5a23d98c1fe2325ba |
| SHA512 | 446d797e8c15f842a9667660554a65ee72aaccc84454c57a69150696272b23e208a4cc587ec868b91486edc4f3ad09d0e6b44d34402c6317aaf8c45e78080365 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1df743e054a8139571c394965165abc |
| SHA1 | a7281e9794b2881017984b6d341f3718d88d2510 |
| SHA256 | 01e99dc84bf5ac2a004d9e56b2a2cc0502592e454473ffd6f7781f979efe1a46 |
| SHA512 | 9d05cafe747d7866abe448613d1b6545655632789b78ce309dca9dd9811820b3738e03ee29236435b16773ccc8de8937d877ff22a757113746e49d0bc0366b15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07e21b9f276fed4245b626de47e361c8 |
| SHA1 | 73131aeb444c57e1af8f63d8008f5f008e257587 |
| SHA256 | 2217a3463d4697021742b3737ef0669452e37010b6d06005d65add9d0f53a6b8 |
| SHA512 | da117adc51cd168a0525270e49b96ff7bd6f2173a649e22456bc944a7c4763d6cae5c1fe5b05a9468dcaeb3cc76be5f79104e69fa91eb88d6e85d34dcfc1bcc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 275e0734c44ecc4b7565835661712d7c |
| SHA1 | 10ca69e69d71263b9a1631b29b970bbd6d734684 |
| SHA256 | 4cc60533b26be695601d16c9bd8424b2ffa6256c118bdedbc07265ed339b9b83 |
| SHA512 | fb1319f4a2486535a12343f0c3f1dd8f1c9a9d964ed8417db2a794b0b7cbdf385b7328929ee97471738d93bb92282cd9fb06b5e4af9275a7e1938ab7d1f13ec5 |
Analysis: behavioral17
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win7-20230831-en
Max time kernel
134s
Max time network
132s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b0000000002000000000010660000000100002000000075ca18327006aa9aea689b2633285f473fb3e18c72b2735643d52436cfa7caab000000000e8000000002000020000000c2cb5116b0ac02ad19fafed5c51fbe3084ca6b3a731e27e750f8eef430c074dd20000000199c0d3184772dfaae6de97ffbf74c0f6ac158168ead820af8965c92b040b1e040000000970c5e1a4fb0d1d00fd510e92dce13854ae1977d773d19b3de0fa27babda150941508b42ec8580cf5ae887610c2610c98c23531e5e06fe3faaeac2dc3d897f89 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b0000000002000000000010660000000100002000000014272704b551a014381d41af0eaab1c577de9514cb2032e88d126232d5cb56fd000000000e8000000002000020000000eb42c5519a849beed72a6a02bb985202dc5d9dba0f9415a509fcfea5508bf4e5900000007a19187cb88073a4a09f15b56c52eec0b36758390c84213a4360a8a9582794678b3edad3e6ecfcf3a27010ec397c9de82388984bb556524b9bf855ada6523a2d0f428da6ccba1c4b78ce90f82dcb6d5cc5da51b9cc18a0018afb96df8317a9857423bbe5a0f6433fdbe8c6936c1665b64ad4ffb8487816646bf748f50b1574ac6bb75b221bc2a8e10ba93ae50983e55c400000009128147fbbe2edf45efbfe9c0ffd88837062eaab5a54d163de919693ba7e627b75f45abf5f7c6fbcefc60104de90cb5bb2407ebe91ff45fb8b3cba4acaa62f81 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841080" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5752DB1-5BEE-11EE-9877-FAEDD45E79E3} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90877fbafbefd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2176 wrote to memory of 1916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2176 wrote to memory of 1916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2176 wrote to memory of 1916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2176 wrote to memory of 1916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dpr_report.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4B73.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar4C43.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a92c9c10d63f1283ef13987f8efa3288 |
| SHA1 | 97f4a1efd5328049b99cd86c0fd936a95c81430f |
| SHA256 | 175b403f200bd59e77e2e1c676228c64fb14f4d9fd507d0b5b6b348cae046fd8 |
| SHA512 | dd35f6460acc2ba2c13c805af340c84380dbaf3671d9ea5c6d01976167aed5a0c53e930abb627646ca4ee58c6c2f68baf739035a7f11b53cbd84a7769786627f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8b99f0e62c0265cd2cb5f45e6e149a2 |
| SHA1 | 7f229995548d79ad3991db0fa7c8f11d615e5156 |
| SHA256 | c873eec6a748a0b1f691e8cc2115ea099932d0a72cb6992cb8addd2cd0949593 |
| SHA512 | 0aa4847f76e251dffd241954b081af11f6589e1766174ca27527554447ae2c1f59e624c6a6496881f53226be3f4cc9aeb1dffdc647c35ffff62a20c2459cd46e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e57d290d9fb4334c8aceae3c19645f16 |
| SHA1 | a2d3d85182869227de95284ef1ebce37bffd631a |
| SHA256 | d0717d104e0d9a08443c84ab3c939eb9e14adde0adfb38da84c6add02f372bea |
| SHA512 | 56038d83d18a97752d238d62112ae6b06dae15ff0d8625135e71b7da89c793d35183b9ee123e40cd59e3b35b405a0dea824074c3b3050f348f82def036e79b22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7baf9cf7b073fa4903e2c4c7a8cb457b |
| SHA1 | 031b346089ecb9ee278790a2844111cf02b91531 |
| SHA256 | ff4d24aa4c0a561f79c9b066d5ce6a9450f8cd6168934eb2aab08b748ba6655f |
| SHA512 | 7d6f61bb001c8501e26fe649e6ee47be9aaa600562b65d8bbe87ffe9325c38f96ba79058062ccfdf54b3b78cbdf684079dd873ff3032a617fb9b0deac764c3f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d620a0331cc29cd798925ee0076a53e8 |
| SHA1 | 2632c0ebaa69510da93002c945f97db331b7b73e |
| SHA256 | 4bdcea56ce2e82f792dbed385fb48a17c102595d2a9f5b8703f296567bf278ac |
| SHA512 | 77c7dcaaa78f2106c8bf84e91772b582d94f6afe17d6b4dd7b64fce476526b8f9a4aaa976af325250109a97698040cd3cd6009c47a7c3a6d4110f4c79de8c379 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 581c297e307668b29455355014fc5cad |
| SHA1 | fc51668853a31bb0d8d785d707839cde230d2c0f |
| SHA256 | 5b119037169db2a0f67ecc1956d7865c4f120b763832fc82295778dc94e2619e |
| SHA512 | 137489909a0365ebe1053e146f1a231745d5c2bbad1b1c4a87e2c767760edf1a9796a2f1d6962f1236b322ddc745b425c7a0a24142f873b27dcb89aad07ec7c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67a2bd181dfa793ee642aa712a0b6e25 |
| SHA1 | b56af83c1e5eb55b204a13cc8d3b311347e94b77 |
| SHA256 | 975af974ac402de3f6e34398e16eed183eda2981810ddebad58d0d77e706f8b0 |
| SHA512 | 64955ab32cc6b6a9d087e7d610a8a6a431f10fe3eebb614d7ca69efca47c2b8dd0011927154e91ef7497dae09fb39dc8e33b822b19d00ba73bdf1e1d6b7fb3d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 807669c93e853ccc152d8ae3980144d0 |
| SHA1 | 7e09bacf57a6d5644bbbe2d060db4071787e44f7 |
| SHA256 | c33eb96d5d5ac6d6241f03b791894d8df8f8a6c3f8f46286811a92a8a5f6cc50 |
| SHA512 | 7c4e35c0b91fcdce285deb25a5a92836b52b03c12ad4b3f928031073b3eb166455c76ab841516abe4234bf660f492a1772c2f12efab7f0496d9a17e104ac1128 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e6009b40754b97fb75d5176f18f762d |
| SHA1 | afe3e878b0666176caf58d6d912ffb06aef05ec2 |
| SHA256 | 217e09758ff5bc33e6ad2aedacaae3da87c06eb4ca5b009453f0ead762282369 |
| SHA512 | 5790cd488b1b59caa1acbe78c46b4100f79f47c3f588ea67dd485ebe4a9c6afaa5a2b15de91d4e762bd810a7966f220d0bd22586521c45a166b11f225c7b9526 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4def47344fd9bcee8518ccc380b03ec |
| SHA1 | 684730c65fd6d6f4982a5fa8c9c4bf0991136de2 |
| SHA256 | 6cc799f1b8efe318f7db88f034529c4aa8f2bebd1efdd282d32bbd8cb16cbab7 |
| SHA512 | d1efc3af9791a7c9a3fcb9824f0ea4e8ec09d6b5e69ac341c81cb951d9b32fc98b355b2a905d4955be3b47e5635912e81c02477ea014015609d95ddf6f4f4f47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efdd0cfc50a8100578cccaa3cf8cc8be |
| SHA1 | 5cc2251b6a0f2c06b50c560da0bb52ac61f5c242 |
| SHA256 | 7d20b288b16182b52f1ceb4d08a820561f6164f20424156a2713aef61d43822d |
| SHA512 | 60ac1bf4932ed6aa83b0078b0b4f4df9df63691b86676ea8a095e18ee7c4acdaae3048279f7e843a0129c3a0655e10a6338e0522e1bd8fa430b36260c721e63e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a89a015fc1ed16088339178600cb2a4d |
| SHA1 | ae4a6dd4c1bdbe9c3142b15d22b81198e7236fee |
| SHA256 | 0a450169c0a7f370956d899a7eb081c85bb2736c5eaa4d2ee908bff77da1562c |
| SHA512 | 3a300659eefaa0e48453d98e4ea7615701ddef2aacb49cfee95ea5159ca5db750d70f1219dfc90a43be7009195b1bd1eca87c4e20de1ce8b9f49c572bc49f0df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04f79e3de1e165aca803bc387d8cad79 |
| SHA1 | e8b6fd65b8dc281a3aa8ebe01edeaf83f13523fe |
| SHA256 | cc776b7a0f215867f62cf291024c4179910aaee90207eca0c139d611e1a1bfbb |
| SHA512 | 26ba6c344e13fdaaf3a683f48068f21269e7e771932da791b013b9adc71c76447f83ff3332802cfcaca41b8d8e4d4341f52f702a912af4e9482b8b0f1d6e6c67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a27412983f0fb84c2f13dd48ec25a1b3 |
| SHA1 | 6929ac6a0b0f3882024049aae86cbfde0dcc9bc0 |
| SHA256 | e28a1d03ca977bdac51fb3a2b2e8c82b96d8e4fb36ca46f30faf3a5fee9c3277 |
| SHA512 | ef7e436a0e02e9a6900620604d40c1c592b2c4d50a9bd96e73e90f63f6ab1b35730c2166a3f8a65b70576227435c81271999921ef2eb595f7cef80b5ebafe84a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e817e7683b2d0347c0cf2ed4dfdc391 |
| SHA1 | 9b66171964a7bab833c0ac9f0f6b69352ce55ff3 |
| SHA256 | a9d05f60b2b84779cb8f1d4caef38e8d0c8eb17c9917bdf59f7757af112a6313 |
| SHA512 | 8da94c80f223d13f6c115c13b7e92d3651358b1ce7771755259b2075d863e9926b161c08c5c837bb442c79591ce839cb2690f8b7811506433f5fe6d67e8d6f3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40a72a5c3864b3fbfd952fe9bc2c6f68 |
| SHA1 | 38ef21fb16f68dfd84166e75a9e7d1981713bde0 |
| SHA256 | 4a326e9a38666f41d084f17c28a69ec03234071e0d3119df5b3c573f0c7ad478 |
| SHA512 | 3c3f47e857a22b8efa793c2271b798b2440b0a4e23906cf01801cb9cf6f7aee6bd4eedd747567477bcfac5bbd5909ec8e69b6ca0dd8e858f6e913942db4a0c29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19d32fd156d7c50cba5a3febaeff1291 |
| SHA1 | 53e8e80240d5884e0ad93e007b7c3e917fff2a50 |
| SHA256 | 9ed2904127615865b462144edecdea8ba53a3e3c52b233df9996bf270cd0b800 |
| SHA512 | c298b165cc936b6908ddbfc09cda82aa63b1b0a39a513601dfd49bea32cf55ce5b1e26ab479bef99bf4c95e8a42c18ccb064b71de5fa297e6ede3b605e17425e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4443cf700265926acf86fe1fd9e83493 |
| SHA1 | 1b2392466c23594924e7f3b8d51691a41776dfe6 |
| SHA256 | adcc8d68df90a8c6e9d4e5e04baff7d36759bde3104d842adb591823f927ccf6 |
| SHA512 | 2e0920cba88949951ac00a9b7ecc3577e203abae755b17780d58d4845794d832d7c0b34a61df538faa239f98ff47210c67a0c49bc69b67bd8e808bf28292e970 |
Analysis: behavioral31
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win7-20230831-en
Max time kernel
134s
Max time network
136s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5FE0CC1-5BEE-11EE-BB58-5EF5C936A496} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c300000000020000000000106600000001000020000000c8dd3473039503d49e67881eb67669c6b090a44537d81ca43172a8cdcd8ce1ce000000000e800000000200002000000008db69c9c4701753362f28dfc0a6670480a4a2c8d24ed771c230d8a8cb1fa7ee20000000c0b43ec24f28d2da4a4dcf11ff409cee3d9c39952e1e62b9c33cd7b6c256094d40000000eb2a49398b7865d55ccdb4ea961e89627a0aaa0013fcaf13869215bed0d1664d79a4dbac4bafd8779a64a2ec19c24dde60866d30a8b0695c4deff4ab096ec1aa | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841084" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c02e48bbfbefd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c300000000020000000000106600000001000020000000527ea681d55585ae2c2a9ee6c75de7e24a0ef4836279e7c941a7d518320abc22000000000e800000000200002000000073b1d943741845a3bb83e1b30f51613286fb6f3f069e7de4acc4b7d5f77b263a900000004b4ec56716b9c89ba70eef4c8b4a2ee80aa632eedcca45f131252a4d4d79a6320541f5debfad8694eeb292afaed33dfcb5f7436e2357ff47a8c69a511be20d7bdc38054cd364f3923d983c5398d81611c4b8285e9635f5335bcf3fa16f50e1f847cafd8d53e355657c1a84480571650b26a7a44b34dc2150b3f1633d03482361c3f20fb6d5a3da0c12e1fb719724c6f64000000070397e74e6004bab6da7afa6f2570cc89bb3f6aec006cc4044fb6d521e2fff4a92d16a66c791863eaa96134f955c1eff38c53a233a50751119e8d297bf07847f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2432 wrote to memory of 3036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2432 wrote to memory of 3036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2432 wrote to memory of 3036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2432 wrote to memory of 3036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_static_endcard_tmpl.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab546A.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar54AB.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35946e380c662835ea75610bf09688ac |
| SHA1 | b8d2b602979347af4e559b0e7f9ae9da30369001 |
| SHA256 | cbd6a59c2763f417a7ed322efee9113f2a88acad533c8e1f91cceaff36368438 |
| SHA512 | 864f80767ccc0451f9786fbf05a3b726f442da54dcae02bb07bd685da320d58b57178be1f401f4e40080f768f5864d8915ea5dd4cf80e4460319851b16fcc923 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01b5578d6831cc9521196b89712b9fd3 |
| SHA1 | 8113b2bb4f35deae0bd58a9b14224ece3ede5853 |
| SHA256 | 726dc58393e486f0ba271a7bd4d0b7a931c9c8dd0d159fde78a53c76659bc0ae |
| SHA512 | 6d5b1f734794e8dc28f1a6bb7141a029b9534cc3f4ed7364591e41d54a4bc7162437ec7d25a0c0566467baa7783d6c14f2c087063cbf5c6fcff62ebc4e507291 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bc7ca9d09ef64299d15052634da502c |
| SHA1 | 812d4c4b5fe40483dab5a40bfd7bf45bfe08913c |
| SHA256 | 99d28aab5b276b9a469a522c957015f37b4e0c2c8876a6e8d2fb400325f49542 |
| SHA512 | 6e9d300b0c688c29a980e19e739ec8697082c8d42ded0a77064296d1e3ffe7228aa6923546ee4a3f91c2dde5001c2a8e251726f635e63638926bd973d8ac0eb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e8eccc38e32453d66d7b1df65e27d7b |
| SHA1 | ac19f32deed5bf6895e024cfcd31242c5aa435b4 |
| SHA256 | a0e33547e9044d964bb2f9b475b234d537168cbc0c941cc3472758c1a5ba40f7 |
| SHA512 | 62d03f33a49ded2cae48bbd50917ad76c2f6ff4ec67ba1f57eef64881f5d0dbad36bf44bc2d2c4ec64a5e2f9228ea944b1f37c71c0233798ef9bd67ed5837f8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd1a1a5e098900b1d7f5083510948641 |
| SHA1 | 3e682c635ff2ad60069853efa670900db4cb86cd |
| SHA256 | 7ee04acfaf746126fdaaef3380f9fdde1bcfe8917b0d0eb44a0e2f5bd1046b15 |
| SHA512 | fc918265a978cae03561d36e0f25548a9f09fe308ff965b9afbf63cb371f418daf0d3100c17b0a196cbecf53a7481c2b1b7c4fa89a1d6e2b04b20b807f467d80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3884ef764cdeeb39fb3e481de62e5dce |
| SHA1 | 5e996e3c705aea29e602bdc059753b2fd4a06b0b |
| SHA256 | a0bbf07fc5e166c0366da60ea3080c2709ef2edd010a0939b4f768d92799e81a |
| SHA512 | 269c70aa38500b69b53e8915d71c719727936f59331364dbfdad398f3ddd5b0ac39401909959c326e74fb868ddedfdd394a5d6a41e95f10bd569eb13f1afda56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 250d248ddb9bd2f4d5e34e498b911a0c |
| SHA1 | 965d8c7df89c328035eb37a93b74f7fcb42fb939 |
| SHA256 | 59eded0fdb2e7cf5088b52384795a7a35aeb15f37754e8798fe1536dfac0a618 |
| SHA512 | 3444951f7de571527d4ceca530fbd1040a9ff31badbd433be0a6ba06168e93d7df1c81ddbbcefb13d0f35a46214deb40b7d9ab955307eccfeaea2920f76a11cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c4a0787e7968f7553cf9cee6c9f9848 |
| SHA1 | 7d51167cabf111117392716e5af414798581853c |
| SHA256 | 895bf14d9412c1ca71d1b6aa4671238da6e62d1d78a26d352141200e9c86bde1 |
| SHA512 | 58d81812f5db2c496941e05e36a00d918cfae3e65627cf9f1aba56842eb83558ec7b2acdd80c7db7c8fda7c11baa6163520d01cdec51d711228748f29e8b61f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24f226b6e5c746cead8361ec4e0f8362 |
| SHA1 | 472696fac2699416af781d2aaa0f96817612fd99 |
| SHA256 | c062e14e10bb86fb669a5b621922bb140c5a91aa03ea88cdd4cdac1a03eb541c |
| SHA512 | 6be35330bac60b8c471b200010dd40af357ce100af1cf6921f0c2f62e451d5f79c87275f4b72878d59ce127219ad3cf89764e255d06b0bb5c0736c0e1a706827 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bded94acf12b71d48dd0acc5afbc0d18 |
| SHA1 | 2efd6ecd472bbbdaa48b9aa53e550ffef919bce6 |
| SHA256 | 584189d1f0e14a1b2805010f22c11df323478796a87e3ba24855443a0cc7597d |
| SHA512 | f85b9b4b9b719d9874dd01c8a4b6711207554b5986a67892f8d1727d0a0120abbfd7183f6709b32d9cab55fd31c72abb58bb9789fbb6e59aefb7f4d8772255c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ecab3d3f9ac5c00f38804742201de5b |
| SHA1 | 1a4405381c3339e417288079f5aff1b643663300 |
| SHA256 | 7c9c602c6999e8ba4a4f23072c7a44518cb8b697d8e454bf56b379fd64b630c8 |
| SHA512 | 90fe34fc9f2b81e706465e867ef77a1f3b459ea3769f69c1e099c6dc8f7f73ad6536dd856b0aecf625b6751899f785ab64af4023422271401d0935be2ff0d76b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e825a0c6f530673d1c0c0b005dd80435 |
| SHA1 | 3464d79b003b8935080055477c521667f0b12253 |
| SHA256 | 50592d3d05bdc51f66056756612677ede3bbe053d67641c513d9cd64e7ad53d0 |
| SHA512 | 5752e4adda545e15800ffca044345d15a128950e53df9df42499633100a65348567a9c7f223a1f58186fe6e42fe66fe80eda95c2fcf5d7838ed1a5aa548ae3f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3da5cddffd362d568589fc4e0658fe57 |
| SHA1 | acce305c157b675b54c34396493ad6a2a955e471 |
| SHA256 | b5649c3643441d7c791b54ad2a2a8c310caacf922827efe1cb2ae4a53e095fe9 |
| SHA512 | 71348f49f4d8451556e4bc3373650e2b831a837d174fdc6ba3529bf16a0594e2bca5a5372995ca02990286359a74be09ffced16f3b7bfaae6519c8edc9e9238b |
Analysis: behavioral4
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win10v2004-20230915-en
Max time kernel
149s
Max time network
154s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e031df79a9e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E70F0518-5BEE-11EE-9784-FEEDB4A4667E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d72dbb839895304dbc3a7dbf8a262ef5000000000200000000001066000000010000200000000b9e3bbc7e09171326d6a4fe8d5d01bbccc0fe71688aa0071542f06af476780d000000000e8000000002000020000000c6621b4d9f860a07e9974b00b51bd7cba89b3b4e953effaeccc5b3a2d436b60f200000006e9c46cef7dfc66e712d69f75d07d4ce18a8907066b99745bbfedd2491d0d3ff400000000c610188f80720e511f545a47d02dba8c7ec752d07e1ec6d32cd5fce98b96abd0a6de6d1171196cc9d53271215807d334ac469d9b8f4312bfddf23983a11f7da | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d72dbb839895304dbc3a7dbf8a262ef500000000020000000000106600000001000020000000b7d1e30b07f4ae114b6d1ed94a7dd5ea3a0f0a0afeb57b4e5a125b6642862c0e000000000e8000000002000020000000d543dbebdcf1316c2087a62b99566d97289e06744677aec045a508b0c97bbcbc20000000b81fd77834c6ea1a4b9aed42c825fd2b90eecbccbb14a3e3419402b4150871b040000000a3f184fd60d272df7068158ad793135395dec68cfce6096534ec0be721238d6e78e688dc1355ed34a3606fcec07cafefcd289203f18bbec875a42cb53c142c30 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3038c079a9e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401529248" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1088 wrote to memory of 4108 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1088 wrote to memory of 4108 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1088 wrote to memory of 4108 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ad.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1088 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 32.101.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MBSMWSRL\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral10
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win10v2004-20230915-en
Max time kernel
121s
Max time network
132s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E6F545AB-5BEE-11EE-83FE-EED69A4A1DC8} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000da30296d7c6010205d8a32f2db474919be4dc716371d84fcb4c447f490b7bdc4000000000e8000000002000020000000e80c91facdc7db33e072bb471558d9823f9679240098794df4ba4848a3059df2200000001cc620aa6bedefc74b03a569e797712ca8f8a93c9c88192445943f8d8823341b4000000077b23d0c9d2ebe8bf9c85501ca389606de76e562e2bdc856ff612a3bb02e4b3b929583735615ab8cb349f8032bd6746097e456ce0f5fd0b7394a00c0a88154cc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000e0f82c754d5fb7c5d94f07182081ba8e9dd34f308a4744893b20fe9aff74eebc000000000e80000000020000200000001129ac3f9cbeba46fa025885f33a0eb910b51dbcf184914286a3c5aafe6e5fbb200000006c74ae83cacdd5142a35fd104edc1031b09faa6fb34c4cd8fe249f7ac4038cb84000000023c94a38d045d8ad8d2e2718d7a229b0ffbd864b0a3fa9d0e57d726fc3b2e833ec77740e80f208aed47cb7ff8d7080c8ed990aae18ff826e949ef90cbd6b3eb2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IENTSS" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\User Preferences | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f0000000002000000000010660000000100002000000058d82b68fc932d05071be1530f2cd88a0fca3e5e65054313ab663b0d423ab29f000000000e8000000002000020000000562b5f977fb577f863a4b3e03b123813e9eb636fae31c976e5a204df8ba4d419100000007e47987b4dc3bbcc90e895775c73224740000000cd7dd00d3bb55d19f39840a3f556f210d861571736a5623aa5db667f7c0bb112050366cc90a19f883cff6fa15ebf01ce54e0da6bdf3cdffaefa348c8789831cb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = 042d5e82d5e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401526081" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70c9fb19a2e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f000000000200000000001066000000010000200000003f44e127115cfd01dd1c892186163a40838604fce58ebefaffee678864985c3f000000000e80000000020000200000005adaa4c6e16d3dc53ee30fa0f2649783253f1e393da26af19b6d1a0f531d0130500000004e5bb981a08b32fa2a1e1ffebca96f3973a0826e9b1898bb8644e00b3951329ec5a0921ae0629001594bfeb597a5cf4635b7f2800595fa5af92d7ba31bb831d1364d44fe6d4452234825adccfa8779034000000040e52417ff2b65d35a5a7d4310c1a73a9fea8c00b6840a2d7d60bdada3c44edb8ee2989bcb8849789d2913fbeff10104e4f70ca64a4665aa43d903446edee78d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30b50e1aa2e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version = "5" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = "http://www.bing.com/favicon.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1228 wrote to memory of 3304 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1228 wrote to memory of 3304 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1228 wrote to memory of 3304 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blood_glucose_entry_local.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1228 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 114.110.16.96.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 88.221.24.114:443 | www.bing.com | tcp |
| NL | 88.221.24.114:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 114.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7H3JZN74\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral13
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win7-20230831-en
Max time kernel
135s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841080" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0dfe6bbfbefd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E719ECA1-5BEE-11EE-AB7A-7EFDAE50F694} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b0000000002000000000010660000000100002000000078784cc16c3be0f459bcbc689694033f0aaf13c0ddbcf7dadb9401afee9f3c3f000000000e8000000002000020000000cf1c62f3746912719bbfe1b53413f2df16ac182729faf6eb3e7a3f879f18ef3a20000000b0956be8ec6d07aeeca02fddc24cc44733534d82c4a447226eb63d243240d7394000000057e6992589963d346d778b09513edc49819b0966b78ec7c9e80c5e9e026ed3ce73d051f4d5b2f41719f91da5c0f717efe94d211b8a3ba0b7ed0fb6ae66078e6c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b00000000020000000000106600000001000020000000209df6923313c516707df813137eff50a5346339ec34536698459ab6c066bdc5000000000e80000000020000200000006dda03d55ca8200c9c62183dd75becc3bb0cafbd4921e3c1dfabd01cd3dbd1b590000000485a4e39afad32769ec813a46c81b517a9bdad5fe068b8f399d2dc98a9fd4a56af8907f1bf74881a3b6b405d4560cdcc4540b22c57d8f68d9fb60efc33cd22361339368833fed618b528bbe7a68c7cb6e00f0a79a1a162885bd17d4c0d6aff9ab554b47f1256318d41e7e845fba9ed1195f9619d749e9730cfa41773a129b00b0bfb507c7f16d866a90963e97f2aeebb40000000e082f63a896cb2b0630e2474fad79f9cac99a4ee91251a022849950fbd045e72fd9e1157d7394fbaf141ce553495353ded61f2b2969fd7ff5ae88cd463e833ee | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3028 wrote to memory of 2644 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3028 wrote to memory of 2644 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3028 wrote to memory of 2644 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3028 wrote to memory of 2644 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blood_pressure_entry_local.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab81C0.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar81F2.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1ecb3caf3d931ba5590b6f752085e28 |
| SHA1 | 6b125fa0f6b63f905847c9a68c6cf53670311066 |
| SHA256 | 2f1464666efbfb3eb24380437621cb4943bbb09178868d60f6f8d8c4ace86bf7 |
| SHA512 | 207496dd4aca5b325fd844e678b77824b1cf36093915fe7d46bbdb99931918c0dedb692b238ada7d39fbc78aabc8361617dd9e12e3e8c83e3692f67bd1fe266a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f79489704268f1f84772c9d3ce699f70 |
| SHA1 | f64ad5543cf384d2715b1c186bbe8f2d9431ad87 |
| SHA256 | d48e44f5a3ad840352c32d110b451ceb33fd519ba91a9271b21eea437407c6fb |
| SHA512 | 03123f297ff79be33d408f20e50e92179ceddfa4e3485c346f5174d9fe1811cbe04f72edb55c5a0432d14f6e42f085773f3a916474106f473d03d818362f569c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e30f543ba8dc5ac9027a4d571e6c894a |
| SHA1 | 4e4276c678d13730bb5ec31246333da39495eaae |
| SHA256 | 5b0976e98eff870e5298d08164fa47b45cf4526851a71e69b7a859cf335cc117 |
| SHA512 | 019c3b2cd7a60c1f6f538957411a144cea211c3b48a7d4f47b36d7caa7e4f399cb2976b457a9e202c9f41cd101cc248eabc70e2f8521d61d0ee3de0a5b81c0e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d87539d91ef3e05e548632c89a3bd92a |
| SHA1 | d731cae34cc72201694fbf8a6cce54877610fe3d |
| SHA256 | 62a79f1e876a30cdc1c53c975f69e14f59850014f0278b692ee72b038f0e8bf5 |
| SHA512 | b020de97a3ea39ed4e9b457f809c0c2ff2ccac498e2f69cdbe2daf801a119d09a107b1410d9a887a1ed427a829a885e9154daaf698d067e77a94c5dab1410938 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 990aaafdce38ed56718f01ae7b148851 |
| SHA1 | 25ffa44015f2bdf81784566e7344815f1014292b |
| SHA256 | 1f7db71c0183dc3a54436674bd6e54f86ff21da5048a717152c723f58a1ca259 |
| SHA512 | 2c7c9f487ba2e05e2434e02cf718e53e0e65c8239c05e0a4364da66341d3271a12c79236cf5362ddd0968a00cb7ef55dc483452b7fe9a814185c4b060b01f235 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecfa2393126742a39bebb3397c090b8a |
| SHA1 | a615b234c9ed3212e00b8706a46ed1dd433829de |
| SHA256 | 3bfc27db74295e4c3c3998fdf9a6d022cb8037838b6ac2514f2c49c9eced0021 |
| SHA512 | dfc3a33c6669fcbfd8082587f665dab41b8fd75bfffed3f109688c3398c23b99e9bd72f1aa95893bc3bce5bfe5090d168d12bd99d4b6e970c927cb00af94fc0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65e9cb6dba5d2b59be1730852b9a9f84 |
| SHA1 | fc920e99e3543baecda32473d25c22f96d742cf9 |
| SHA256 | 831c45f2aa9217337062e87cda984fa8ff359456e76f5e6f143524e963a7e22f |
| SHA512 | 08cf530b5c00b65957c8e03a5f5392876fd4c387f494b1285b4a2f55a30477fa508588716f53286f0d580f43763596f9f418f93f1a97ac037daaf295312b9434 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ac03d23cdeb6ccb27673f5a14b3f462 |
| SHA1 | 98e833c6632efeeb0c2269ee50df7b94b34d057d |
| SHA256 | 49f5013e06175977caa1a91ae88cfecf102c73067b622d1eaae9ee481aefcf9f |
| SHA512 | 2ad69deb62a1938dc30dcf7915e90514e44ea27eb31586edcd529b4f7e52e2a78ce822528666eb441330974d903627b0efb0c12bd732c19edb49806d8bb968f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92272e31f8b4ea8993f2816adf52c313 |
| SHA1 | f85e411f54a80fcd1d87adead96da525b4bb337e |
| SHA256 | 8b79c2e1ec05af359e49aa7cea6c27f47620895aad7832b5c8d2722aeb962001 |
| SHA512 | adfef90a23d7f2d36b6f60c4ec565b75c215632bcea1b87d868cb4f928176d5d5cf41d331c4d43bc9d99443a14da2551f59ce5cc0b56ed4de8b26353e0abd5eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a089403c6f28197522a320a3d4a8a07 |
| SHA1 | 9c63c27192acd7d9212e49b1a253bd693aa91f0e |
| SHA256 | fa87a5c89ef631494f0303ad51e029396a142807e444c139b26b183aa277b79c |
| SHA512 | dc667eaae751aafb1203eab84e13b2b484dc2bda07f734721aa16b7cda955b9cbe6855b007739170d76d37f9736e4bcd81515b22237cec63cbd869d1d35fd8b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67110d1b2752f690fa67c5aa3ace1f34 |
| SHA1 | 7fabb74a84eb514b4c86afb5735a36e483b635b5 |
| SHA256 | 1b4246dc601b24199c5caeeba3fd1b921c4724519961bca5d55b0caa50f3eaea |
| SHA512 | 4262948a5618fbbdef7ad58cd0016a6de1d500e40e280eb373106e29f959fa12b8aedf1783e8c49dec69448460425bc1aa59521bd725e71053626d827209bcf9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2357320e7a0799cee934585cb9f22fc |
| SHA1 | cd1c988b71a2bacf6df919f0118da1cefa40a87f |
| SHA256 | e4100c8772448688469d03d1f57e051209b9d8d9d5b970c7eb0ac11f5ce84b92 |
| SHA512 | e0070c48dbb3c47488bab80c09c9c17b79760c14c6c5f52f1f9b8e54a8bb23a94f74456442cd7034696a368f9545adc416ad73e94596b0cd8749eabd9ed28ac1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c7f7ca514cb784f0c09735b26e8d1f7 |
| SHA1 | 2bf8a6ad77710b09a57d0f7db5124a3e75f6ab6c |
| SHA256 | 96aced36a850ee8bf2679afaba4d7c61a25d5265677475c581047a5f1707f90a |
| SHA512 | 5666bc69c51eb3f418a2356fb47b2a486358e45582ab200f70f2e5d22660a09796229a457578546e02abbd25b50e7a3d721d3d16434b07de47061609326e013a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bcac1e0cfb9a711bdb2644c1c9e03a3c |
| SHA1 | 988620652e282772f2a1f43edaedfda80c49cde5 |
| SHA256 | 741a5c806385b6f64296deefbd6518c5d0a9e2e8089081aaeefd799dbcc9e195 |
| SHA512 | ea10bae3c96271f97e7980417e8b996d612c45079e8311d56079b4888f502975de469ecc56feef56d3f443fd1b1a9cb9e3c728e2672f0cdf6806bb4851458c27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4350ea5598f907e0f4214c59c5c5bdde |
| SHA1 | a3e3485a02bbe53530984179b2acd7aecce61ddf |
| SHA256 | 1a4b79c3aea1e7296a02f741b77be014c4dd7dc7fc8ac563ee27f971c7f37dab |
| SHA512 | 5654d387f69301c121269f56e114b98d6447fa5d8070afa21e30d963262380cfb87016388240c6fb611fc762f32a4d2e3d19f3a9d52f96cfd3f7973d78a5b81c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2b4889c1918e8fec0ae9030c1bd1c33 |
| SHA1 | f4053fee2d9e4c2bed7239fea9eb26fc7e029c1c |
| SHA256 | c2b17eb3a5cacb31c8721152f06d5cac0f17d067c533b1aa519138afe2389f3f |
| SHA512 | 64d91298cc046c04d0e7d8e7661b73d9edef1f15a600d1f141dbb424b8d7d08e1e90669afdb62dd351aaaebd66e1f17d53d1006e671f77380c0e691d5bf68de8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94eada585a9c8b7f70f26a83c03ebe75 |
| SHA1 | 6709c5418f38004f6fda8b23c65187185c781276 |
| SHA256 | f9d4855fbcb175088f4399165eee523d2907e8b35fd81b2d5404da03edcef830 |
| SHA512 | 83e4c90c895612101ce7cc9ffcdf9e86125a6cee2eff8f2c3e3b46cec5338aa4ec81909d3a3024334c5a092dc6ea8f287a7dbdd3cd2089a47a09325f8ef9e9e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e396c9b67fd87a82cbe3a9bd5a8e8cb |
| SHA1 | 42d60c4db64dc4d5b323a650cbec225808be4f9e |
| SHA256 | b7c55586d2eef083f3e2996f573ec0dd2fe76b8ab441532fdb3711e8ab8a0d5f |
| SHA512 | 992ff8122d6d138ab826d01c699c6a8b9906263d3711ddbafaa5b7817ffc679a76e38db1c61e2da2b39523aaf566549019ce8761a1f5c46e521e5eff4cd13845 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afd28e4236ddf565a183b5385744d80b |
| SHA1 | 8cb8da6efae92c1b671bbaeb04a34e545ecfae9d |
| SHA256 | 6ac9935286c10d8384425e46604684d4e2627fb391bb86ea66a232f56d57814e |
| SHA512 | 86eb046bd269ad6bc0d6212f95560cb6cd872120121e92390879fd664aeef2709237b32d6f1888bbb472fb6674abe4ba74ad010eb16a0cdbfb006f31bf73ef21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f16c9d03c7f2eb317426a0571428f45c |
| SHA1 | 4f1ba935237b2ac6a04cd919ed9b581dd3dde43b |
| SHA256 | c710b01d1ae4991432acd1592373361d4d665d01fca6f229bb6f524299e269fe |
| SHA512 | 4bf7fd3425bc33cca21dce6bc0584dd66ffa1faf634116b691f22c34d300aa9c1aee96676990eae5dff57ccbbfd1edfc03e0c143ecb4b3da4870b5d079fb1b5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32d27e500f48cd2a3f2a8265e90d7398 |
| SHA1 | 171b1f95039472d6f6959973cde91634c2144662 |
| SHA256 | 72a2e2c2469cc5e2291ac897c63c88077051d49d66ad7506a209d9f0867c7847 |
| SHA512 | 61d2d9da2abe6092c2ae79e2bd3dc340307649ef0e3a3ca410ea2f6726bb987586392e2937165bdebf4dede60a8851ea0d2fe8a5a93af5d72f8244166a710991 |
Analysis: behavioral26
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win10v2004-20230915-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E6AE7C7E-5BEE-11EE-941E-7EE370C9B5A4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e01d3a14bb1f3846b5fc27e9e0ad3560000000000200000000001066000000010000200000007374599888b1fc68a73d077900b389f3a6457030d5080c83248e549bde3a67ea000000000e8000000002000020000000f911626e2e6cdd138574f487999369a07b7ea27b87b445000a511a6bac6b8f6c2000000095767670cdec2b7c95f7d5e42030a48ca08afd0a9a38544b8946f2dca2b0e58c4000000063553817b5f21dec82e501043cd1c632bc3b4fd5ea9e4a21bd20143fd17fa0de6a7f202938b106ceb31c62453bf2c426d7a0ee2785e98e5c3eb9d6d2929658a9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e01d3a14bb1f3846b5fc27e9e0ad3560000000000200000000001066000000010000200000002d663d0d3e990a939458cf3b5d995be9b9970b50639c0a483a904c9ba1aa2703000000000e8000000002000020000000ebaf0abb1570312abf419b9bc0b485ccce7120e838c9da7cb0222214f09eea2d200000008cfbbba817e62a3281061eaf6b8e2d1b953154ab2ebf2479e744b3742adbfc1340000000b16f0e01df66b2c48e63e3fc0d9d26b0ac4631177912170470befb1c5f5fcb39c781977768361820147a97bf6bac418a92bdf96d5395f1e11e6a2785e774b81a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401527867" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0daa842a6e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 100d9142a6e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4924 wrote to memory of 224 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4924 wrote to memory of 224 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4924 wrote to memory of 224 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_medication_local.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4924 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 3.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRL3SWXH\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral30
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win10v2004-20230915-en
Max time kernel
143s
Max time network
148s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053f6c1c968fea744ae4054d48ac91ea900000000020000000000106600000001000020000000416a576b91bbd453b41d2ce767d00823486a7fd1e5ef7a1b52372a95848f9e56000000000e80000000020000200000001abb5aeab0f37cb2a0ebb4d1119e986a64ab3974bb4e99e471abc82f2e9cb04520000000250d626e77bb88281cab7960f740df4172304767dd5147ebe7e66a4808c66fe640000000e166e97e2c3422682e8625d57931446093447f23d1d315a49993079208d4925ecb664bfe323eb1dcf38def516403cbe25a6a9c2e38efa3c5569424ce3e4892a9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E6A826FE-5BEE-11EE-A4AD-FAA769BFC8E5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053f6c1c968fea744ae4054d48ac91ea9000000000200000000001066000000010000200000006a758ff821ed48cd9624645a23915a52dce24541f6b8091150ccd03881f34983000000000e8000000002000020000000e5daf9c9180773f48d3f83e9fabcac710c1edbaf458cb95b7c669019ef4c7e37200000001274c854bd30ea5aeb697db72a2145474ae6d78d6a258775c94a41eccb1a20724000000016a7602a980b81609f371b1041694ebade0f254d180b8541c2c097b6899bc7a098d893c6f561d0bc12c5a315f6bb9fb0b718ef52e5822f942724821550c8c83f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c08a0c2aa7e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401528255" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80e7212aa7e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1492 wrote to memory of 4928 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1492 wrote to memory of 4928 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1492 wrote to memory of 4928 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_iframe_endcard_tmpl.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1492 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.3.248.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 224.162.46.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZFOAR009\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral16
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win10v2004-20230915-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "34847967" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31059964" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31059964" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b03000000000200000000001066000000010000200000007faf8af0fc87e97b6ae6b815dfee32a908bb80713e82e6f2148d88fc7f95cb46000000000e800000000200002000000083bb8b434b09107b01803386ee41d6276d3eb8a892e6585170bf05bfbabbfea2200000003b20a8093d9d1c72fb6e880956390c4e1b2737d4f6914e21bc14b8728a3e5e5a40000000ad6ef458067e06f39a86a09ac36f6a96d529454a817b03b0c8377bcabb11d9ac26dd328d0c63ea04ef55b48ea7656a222ef52a8ca1a239a4ab6494147d0b4e09 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "34378489" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31059964" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31059964" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E714A92C-5BEE-11EE-B0C5-7E38B6FF5C60} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "34847967" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90d7d776a4e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c035c776a4e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401527095" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b0300000000020000000000106600000001000020000000a6f171d039927075fb2c27421820800a0ff481e7778f33720886940eeab59cc4000000000e80000000020000200000007ae8761f2f6cc2488743663edc92bfb13383b2cf05028709920240beb2e1cd72200000002c6cece3dcb7eff3405d24361a37dea6a2fefaab1f19a45cd1ecbb14aea99620400000002ec02389fe3f0bb78b0c26975a9336a32c3f79a62851ed0e845abb9eeee4df8ab6f206c1e4fb3f161a4cae9be529387f5eb42cafa9693031763e8b2e6c58d4d5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "34378489" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1816 wrote to memory of 1656 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1816 wrote to memory of 1656 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1816 wrote to memory of 1656 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\diabetes_reports_local.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1816 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.101.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.57.101.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.178.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HEITGDYC\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | 88cd3e775ab85c67419713f439769cfe |
| SHA1 | 6682ff7cfd8dfac67532740c1ce56b22162f11fd |
| SHA256 | b36e29f571f672140cdc0d876f05b91cc05d79fafcff37511763ee5d6f528c95 |
| SHA512 | cc9fe65ad4fa33eaac8cb6e6831f2880763ad9bc463af6badf588330d74717ddb2860745619d05ded8d8a0c10b9077cecb60b1a61a1609291f612a2a0f64fb1b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verF524.tmp
| MD5 | 1a545d0052b581fbb2ab4c52133846bc |
| SHA1 | 62f3266a9b9925cd6d98658b92adec673cbe3dd3 |
| SHA256 | 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1 |
| SHA512 | bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d |
Analysis: behavioral23
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win7-20230831-en
Max time kernel
134s
Max time network
132s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac20000000002000000000010660000000100002000000095d6ac556ec3730daaba4a8a5edc8b89b5277e45853e86a784a27061341c6113000000000e800000000200002000000024f820a0b6575e2542bf711bce8a787d6778525e13f48c47f00e4aa04a006353900000008dac610fd783e61bf0889cadcaa9ff7c81e87bc2a3a6dd96f8c03641fa5b3418e9fe01f7a09fa5d2b3c8b91b7344e3e392e1a0e1b3605265557065b8bcdb8a0f7864b0cada23da24f2d6ab57fb2b13f9c7c6cf0e92caeb08d61c63b746b58258782861cf87a6d1fcbee92712ef837749680c7a9f7ce34f1b4eaa474d3771fd3305d798adb5e56679fb03b4d1c8b758af40000000e7dfc73a640ab6b904b259fae30461674e3ce447dd623d13415b2791354f3b46d2cb19ca3deed4c8cba495e41cf0c9fc2d46d4b3f35a15c53819bda83919b10a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5DC8AA1-5BEE-11EE-A42E-EEDB236BE57B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0b09abafbefd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841079" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac20000000002000000000010660000000100002000000019f2ca69797989bacf98803a85f0ee6434182cd61c79f573dfb8e3474f1b60af000000000e8000000002000020000000f619c019b2202c89847e2500112ad671b1340235e6bb187bc10c942d91e7e5132000000085b15b66722bb6418bc7ed935acef1d0bcda4289b9c65a69a2133743edbedf0b400000004fe0d8e0ca56a06e17d7948281992c7d97b925ac704285a3a98590ca320972ba76ff1b97aca44898c931166041ead78717a5c9d99bd0066d13017f90f7f9dc48 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1716 wrote to memory of 2264 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1716 wrote to memory of 2264 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1716 wrote to memory of 2264 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1716 wrote to memory of 2264 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_labels_local.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4FD7.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar50A6.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4b5fa128310b372b41d4c0fec819f57 |
| SHA1 | 1a6f42121478a1a7e7de6b67926b5e6b8a2b23df |
| SHA256 | 0b04b3c74bf4d0efbf5b5577671afd2b10427c930eb1bbab135a70ace3cdef86 |
| SHA512 | ed2a3655841f16a3ef86cedbdf120854dadc6f2f324f8cb5a52f6c135ce02c27de9def860d9254ede3a6d9867a01cc7b37b3f3b61aee7349a3cbe990a2519a05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afa27c7bb52d27e572cd89a546c05e7f |
| SHA1 | b73215f2140122144ee9fed74749282be0634ab3 |
| SHA256 | 8cf8bdd76cc700f7f3ba548f038cb7d77e5e985eb5bcfc089b7b51fe9c6e75cd |
| SHA512 | 2621b7a1552a3fb82391386042f2fe52f5f30395b39c3270aa6dbb628b4fe2f0aca5fdebeb137191374b230ebb4d4ea63496a53591ee00a4baca072f62b87e23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03fe7b64b47e1076f2ce8e072e5fcc1b |
| SHA1 | acbb9e15f951f5db8dd9dec51ee5d42f6f599926 |
| SHA256 | 747a6fda62e5d061c9619fdeb941895fd8fae62c2630637fef523338d3d3e830 |
| SHA512 | 05e158947b76b4124f41a46e278b53dd8f9b7d23b1c5c43738858fe637a929be3fa88270dea7a56a24f4fe651204ddf803ed656abdf804183d79debe3654110f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c16201144d31e236bf11b1e8593f5ffe |
| SHA1 | 4735fb59361edc783aa79aa3eaa7cb0fa508b952 |
| SHA256 | 535afb586bc037a50596a09b0c5b5e71c237247eb7f9998465eb147aa087880a |
| SHA512 | 27c96e696ca7f1107e83cbe901869d13fc94d2916d6ebc9f81e3530caefa7bf463a0a5fa5d65476b52bc639fdb53a439c4ec03a7854b81216c15c3afd48137eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44c588d00ae5f3ad1ffa13fa5416368f |
| SHA1 | 4a299b8c3d3a8d4e54a785ec7aeef97093a9d5f9 |
| SHA256 | 9c5bef6aeb099baee4b4fb19dd893efeebe01fb8ba917f8c1c7cb38147984324 |
| SHA512 | 0567019ef12f35a640cb74934fd10c06b7799d4af78a3bf430e7e2de1515b5eadb35faa2aae9064dbed6201067efd35558682707c2d8672d482c8945cdc569db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80211502203adfa4f59f746ef7517e08 |
| SHA1 | c79df6c20a52f59e0f56136bfe2ea870d29597e2 |
| SHA256 | 96e6345de87c48cf1ed7e4ca1c05d628f43ccdc2bed6965f26b9c6c202a6b81f |
| SHA512 | 7de759d57bead37f765a5ae2514ebbd31deadeefd0e89c26396dc840087336812166d686ddb5988e63f6ac0eb5267138074536c18c940945a080a4eea323a5af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efee02399fcfec29dd68f97c26391ef7 |
| SHA1 | 4f9ddeefdaea7297bf188615c9e3a317ea735348 |
| SHA256 | 49a29468e07eef3dd88927c001c934c7c8346ac41cb96562642c3c843390735a |
| SHA512 | 69601e826cf004d7ed336e65657ef9835554c002d9aa8411d54a1e1f223188664277fb14458c7718df2969a913bd0a6ba4e56042ec17aa2da3c6439e9a4f7709 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ea9b7ac8dcb900ef6b83f7c39f2a0eb |
| SHA1 | 6b8d266c5a670bf6be93fe166bb8b16b8e00ea25 |
| SHA256 | 43a3b36a5e1239ae695249d100408de933ff1fe3cd2424138e50117e4dbd008d |
| SHA512 | 3941e2b704f4ed0d21ac8052885ea5797a5d7e565e22e5cc695d31f4a5a8b01d8a41e30fa5eb6445103c5e09699fb77a56ea1f7c42950b8b87b8dcde6098f6ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf357d2330afe47ebab6987c50bd5124 |
| SHA1 | 4fe50d494983a4b974bb0e6960b17838af6347f0 |
| SHA256 | a2d0793dec78c0f786e4ed2568e1f015a9ba6a7d954c7869f39fec6da68ec392 |
| SHA512 | ece6975b98b8a3b8f6e86995396705c90127d1fb1a468f77127153c1cee00cecee8be3e006ef26d19f903edbed79f7f6fa776d44addb73189dd9f299e8328c3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54b01fb5aaa4d676c8330fbff665c953 |
| SHA1 | 13e142a935a26e46ee187fa6b808513229c31c8d |
| SHA256 | 9c180160ac682ecfec610bee6c0a87b2e407f4c1f0336a61c4029e7bba368d9a |
| SHA512 | b6bf06caa453a1b2e35d689be7f6baae7771a07767d44e72db2940bdacc8bc508bb4d521b86d023fa635933b10fefab45fd6078d33513882e1451fa9c318b804 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d9d4c38d71049e29e77a5b729ffc8dd |
| SHA1 | 18f00fb21926f49872f1ab1ca9388df627667559 |
| SHA256 | 9c11581a704fe3accc9bff634203ceafad666acc78b5d16d78c9a06d6edbdbf5 |
| SHA512 | e8b9a42d8a89689d5b71996aac1a83ec12d75c0bd7c22831951a503e7d25d4b5487d75791ca107943d05778c2c4180f77c6b2971fab0ee0a3bf65ce724b598d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d667b2bd677acba5582e992d7d5dc90e |
| SHA1 | 9a06269a0c1f35380f781682416da1dc11331df3 |
| SHA256 | 6114e29df9e53f23fcb76a111ed0b19462fff02c0f5e24db08ab3778a21999fb |
| SHA512 | ab88f1817623da4dcbf2ae4bda9875b44881d4e733c69403302363d505bb6a002ec9a8891240e983bad4db5dc67058e191c21da7a13857f5bffb777758fc66d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37322fde9ecd784126dabc53e2a29229 |
| SHA1 | f7847b15230d92d5542d079d0aa50d4b4b3e5c85 |
| SHA256 | 3e0694063cb2c5e39e294db7bad0e26390beaf1244a6fbea688ccf94653d321c |
| SHA512 | e543d9f8452e203a6752c2ae35930c604b9f6db8873119f26b182891e276fc15f53d06aa8241f03787a97eb5d26457c94beb97396f8384ab55491a3fd1f3f4f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 106c0befb9fe4f2185e53161dfe869d5 |
| SHA1 | 63b9e611537ec62d3a9f1bc280ac89bd93c75335 |
| SHA256 | 510faf711a2a501bee387ebab2dc1f71a766f96adf044e77867cdfa6aa7b5e1a |
| SHA512 | 40e84caf49257861a066bbacac40cddb46e245e19548bf1a8e358674a36b62527f4eaf8abc3b9183a2302acfa52da1b0b8a35023eb9dbccd93adfe8ca6f7ea25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c29307893d495721840707a4f2015ce |
| SHA1 | 13459920b6dde5dadd87269f4ae1eded39946051 |
| SHA256 | 913e59d4eabf51a6ba5b42bb844c6eb8ca5227abf6072cf0c49e20e11793e5a6 |
| SHA512 | 29116bf7cc1188e79b780c74f1d298b2a118db3591cd4c6fa4bd18634448334b9088bb4ae29704e62d9ed8a521c02a40f7f87b5c74aa493125774a50afa05de4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c85f216d91dc846bcd7a407cf113ffc |
| SHA1 | 2f8c3bdc3df235632c56753709371784f3182585 |
| SHA256 | 188593dfdc45283cd65281ca0a71a11ff18e0979e6403861412c0189f14894a4 |
| SHA512 | 306c6717680f793884eb2f2a62ba8c23ca8bbf4c86d57bcc4bf9917a6a55d61ae63dcf418255fc613ec4391d27263d00042c7cb076c56493ba3108d0bee82cbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce6cf4051f2690c64b9d3b66d294bd39 |
| SHA1 | f23196423da22d43ad2881b3a2e781c017fb7987 |
| SHA256 | 56062f6cb93be15f548b359a351f13745a522bcef555dd54fefb6bacbfbeb9f4 |
| SHA512 | 93716d68d7cd9cae91bd48c5fdb87f1251ccbbe610234bbd01e8852708fd9f59729c3797f3b1f778e9d9198d4388bc1608a0a3cd533f94c7ef68a939651e2299 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | badb56bcdb4833966a67dc06efaf8f8c |
| SHA1 | 8879b09edf3864385e06063ad7d90435773a638c |
| SHA256 | 4bb7c2cef9a9b739fd249521401ec4ba6626bc692fff4499573459fef0b620c3 |
| SHA512 | 5e91512681b747122efdeab9abcee331a4811b0283865eda09411d9bc836b0bc188d98b51b343627bd47715291fda1b183652b35a979ebcbba9cfbc3918354c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06864d750014687cc5bd778302bb6e31 |
| SHA1 | 4d585d5c7a7f91cc3122f2e4a2b842227945c7f7 |
| SHA256 | 02799a7754691c7bc4275944236c1e7f37834126cdfec98284ded2e0bcd51bf4 |
| SHA512 | c9502d98c8357a1052f703e10363875c397698c527d89534650bb3b9fd7eb0ed5f15443e7306a748ba8639861440935fe00e58775d1fd4ceb083a2f7a24a4b93 |
Analysis: behavioral25
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win7-20230831-en
Max time kernel
135s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b000000000200000000001066000000010000200000008ef627ac412c5dc0cfe1de737406cf6ae42886ede2eecf47382ed5333a5bad70000000000e800000000200002000000022710d853d88e7c349ccc8950ad14443b09891cf752a3b130c5dc97ae7dad19d90000000aa7b83502b2ce4a75f89a2a57f641a67314f340b2d4d49dfd02c95427d1cab124f84e9017c2bbe7f0bb583623047b6d949b7396de9f70fdf306a9d80ef37342165367a24b9892fdc216cf8d9d3f3141587248b9c39fa21d20924e4721d9828c0b0648eb776d551e2fbec0009d114fa26e78ff3212ee8f48c1e638b715a5e75c9758354530afbd0ecb462a1c2ad016ac240000000c04a7204c764b0268e488a190ce66d26ac77995be696e9f84a107e6350804136940749d2337c658ff89dd17c1c3ac3f6f7f14ff0e3f1a25a6347e749a2ec0ec8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841081" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E6A8E321-5BEE-11EE-A164-5EF5C936A496} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 708b95bbfbefd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b000000000200000000001066000000010000200000004809dded84b7ca1fa81b6db699cde908667afcb92ea95b4a5bebb7571755d943000000000e80000000020000200000004c962ceba5fd4f6a0c81652f4d678e4aeefae3215526f09d40c0bba4b9c03aea20000000cafd591ece0729cc9ca6c7a7ba6592bb8345cb76c73aec72bec4088289521f46400000003c1897b58364463ebf3a16175259894aac34315658cf526101248f0ec94a8e3d2c0b8c00646b2322917e9db563276e7e1fbc8e241a85822405a37103f0fb51fc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2204 wrote to memory of 2708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2204 wrote to memory of 2708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2204 wrote to memory of 2708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2204 wrote to memory of 2708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_medication_local.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab515E.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar521E.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cef2be7f578f0721eaf4edc1783cdd82 |
| SHA1 | 125e29e09c0bfeb2d4ae896ccc040779f6e81e77 |
| SHA256 | 366f26fffc98b40b89a8853d9a615d4c6b60f227f0cd4892f1fc532b6f4ca744 |
| SHA512 | cdaaa0bc939e9a1e3f2021655a5569dfcc01ba9cd60333cfa65dc443ab4bbcf4adf81bf13852b3c3bce34223ee19f94ee029c9be036c7b80bb56f6859607db91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7d07b6af1f09950428d58c3521c20e6 |
| SHA1 | 680586d344eac6c13e3f0864e2b04c85e936e0f1 |
| SHA256 | 5a3a32cf997166d0a8beaeca72c05155ac7728b2f26519b02641338808c6e87d |
| SHA512 | f0cbe97fd4644b1261eb1fa89894fe840ec628e90eb46041e54160ed492d139f4869624dbf0f1af213896c012fe28a62b5883dad44b476a1419239e661fb3cd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3856119137d6ab7baf73160106c7c0b3 |
| SHA1 | bc74fa9de91eff3ca1462135097b0aea942900a1 |
| SHA256 | 1ed011d90deff9b8d278356a7bd11b898045740b7d7c5c56d7ef68e5d3f96c29 |
| SHA512 | 703d3f8610f8ea91d0dd245885502b0b4c3992ff86111bc91b2ff0a25791ed3fcecbe0043ddbf1130baae7bf4dd83f0070dce72bf495b1e556c9942093e255ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17110e78cb42c04bf57b7be19c25b772 |
| SHA1 | 45f39ab33067feba4039ca0bd0c8c9ab2215783a |
| SHA256 | fe2310f5d8f38c866744ea8ed85d629dfcebe4cdd76d560dd186294636290e5b |
| SHA512 | 698bc1fd132d5b70d9cd317aa5141631896e2fe86f8fc1b731fa6b3952f8cdc8c41b353c918e77189f5df139b74b060d860d2ed196a884c7ed6ce7f05f85a9bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81436bfe34d7e1ccb8616cb0fe75bafd |
| SHA1 | df7e7d1498cdcdc1a78450373651daffeb18b44f |
| SHA256 | d5ba289c052cac7b3fbcebc5a11300b84acc80df477b6addb5a6b66d6d89b6d0 |
| SHA512 | 11c0e380ffcffe4b028a9df7fb38145a732262fe57e5b3a795fde4041e56027542b919712d6b2d1b9a15d105bd266e60713459bcc74596891280d509c6dd266c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b2820d95567a1639b03d80125d6933b |
| SHA1 | 683888369d5d064763b579a366643bad4cc408c9 |
| SHA256 | 8ab03c18891082802e50d0e6b925f6411da8cced0b8a1b8bfac50f8171af55f3 |
| SHA512 | c33d1de68432f21e8d7d602d72ff0260ca987218cc505c38c2176e1f8c39d489dacfc6ce5a9e0a6ec9c4a087eb4057a6322c20947ed6fecd2f5e694baa00eb1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc84414356c01f0caeb86428c125f8e5 |
| SHA1 | 5d91d20e33539f77f8a5ca8fcac808e1640f981a |
| SHA256 | a26afb35ed4973034afcdb230758a31dc5a8c9760a33cdf6a7825923effe3db7 |
| SHA512 | 0da32c564b0b3e44c8deff3944ad1ba7de2a3f066a71fa10112402a235b424199c28d7a62a3084a01c9af7a47251fa0263c34ccdfd007a8ced893a531d90b145 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6b4112191611e5e0a937ed4f3ae74d3 |
| SHA1 | 4de750cecefefd8586b83889b564b2dff0b6fb44 |
| SHA256 | 65cfe081942af9367a8fced602892fa9fa232409e688a4f8ab5b9e507d867cc9 |
| SHA512 | e99422c92ace8f7cb82ae44dfcc1ae9f7d4ef00d50040a1047d5c1041d84f1488bb76a9294d5000dc9b92f8ada914fcbdf8164055ff6bf0410bb225d8e4014ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1614b59bc68a4bb02d1b661eabf517e3 |
| SHA1 | a3870cdef8d92572c3696cdcc84b64184f0ea9ea |
| SHA256 | c1928cfe787d8536cda8add1dbaf57156062779de238e9e8bdc353812d26b19f |
| SHA512 | 6ce48ac86e7867fe308cfe93e161161a134137296a76e6107bb3835e41f53a6754dff443b0badd8f7965a9e5a6108d0de8a99b10dbbc85ccfb5b213422f10da4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 383a3377f887fd1e6188a6d991d48ab6 |
| SHA1 | 2e195485394b9cac457a79e53bc98ba4244323c1 |
| SHA256 | 298e7c4cb0ba07a35fc017aaa7ba0b48b2ce2ed7f26077c77dfb5337707a4d3a |
| SHA512 | 1411bab94bc78fa2e3e88da13e84db75cfd86b9d810ac541a0933f85fb0272afb5d0784a279183458a5f6b29a7b8971f18ac44256ff382d823dbcfa0b2c0b1d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c29a4c1109631ca45507edb04c0caee0 |
| SHA1 | 99cedc7d70275a59e529c8cba4a29641a73fdc4c |
| SHA256 | 74ed311e0543e71c5fd3611f8b716682ae33ce1698189caeb6678a565ea07ea4 |
| SHA512 | 1389ae22c1fdac6dde64148c83ad8264770a48a2c46f1a4f23293365a52f828310916637e1fdbdd249825944225b7f75a6e00d1db99f01a4a3572885577a358d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd96bd89da1556e3da385349cf36c16e |
| SHA1 | 671abf0be1318ad1fd2af5ab93e38e325487b69b |
| SHA256 | 6d29b50485f49b759ac3e661f0e8f07ef37d653d1861662d7af47a30f3521134 |
| SHA512 | ea4f42ace159b8d814159ebad20df85000693150a8d25c53d23bb2ae4489f4e4a43bb0358a70c0cfb2bfefbe181bf2ad789d96e739a7208b51aa7278f7022b5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ce6769da4d2b3b96361979294444d20 |
| SHA1 | 8b1950f476f1d4179c0e684adf578a1b8852eabe |
| SHA256 | 8bd6c59290632e341b3d851d26a6642db5c9b73ddbc7a3ca773dfc868fa9b56a |
| SHA512 | fad1aa508f4725246df35c67781298d7a5fba7b17f34a21af6f1865f1df6350a35119fc33ee7ee8a8d40ea96d45c3828cef2e0a31ff8bb18c5a62f98ae42c757 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da43eb05b1d8a0c63c567af00d643442 |
| SHA1 | 7b73693053413cc841d3fd4381839e3fac7697cb |
| SHA256 | 1df8776726c8c38ae7e3b0b0afbf2b63951b3cf8dd82c503eeec6049f3e0f345 |
| SHA512 | 377877a180c75f6d802ad0f8b6f2cb91a12d15f95ce928b21b4b55200dffb39c0555af019d86702c9050d843180b563493b0c3ee403f94c9556457e8c5264543 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ea8333c9deeefee9bce13eb6dfadf5b |
| SHA1 | e7597358a820cbe2c8251afbdd5ce3aca12087a4 |
| SHA256 | 742962f0ef9262e55f0d182a2eaf0cc31fa891142de8d504f407f3d29697c732 |
| SHA512 | ab1fde457227833dbe97ed6cfa34b5c95c38da6ccc046dc017f4064aba33ec60a9966a7cb75bed64a162d77f483c8fa7a4ab141e09a6a745580dc49ad00483bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a542628f82cceaf5586febbb3bd4cc71 |
| SHA1 | 7d1bb674090dd6f354047be991626006686343f0 |
| SHA256 | 4157d9be46b53b06ce6270cdc6daf587d3a5cf1f803b4f527580a20c7af4aaae |
| SHA512 | baa1a590c091d2bd5749b6c908c1cad9c002db571cb1f7e27d4996aedafaf71360f1c97d89585a64e812453acaf12c86607eed85d9fc81ecdc29291d3a1f673e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8a60e6dc59ad5015bd4c4fac786b11c |
| SHA1 | a42ec119c86450dc6583c2ca4e653d7bed106690 |
| SHA256 | 9fbf7b0af60ef6d475bba60a9e7673f8e24ae17c8b7a3eab1ea1f6e611a23dad |
| SHA512 | 586c71bf0b63fdb059f1c18343a5e57bc37df9c73974092d73c8532fb025d11c6ef295b82a6ae9a2218f6d4143729d6d6e3caec6b8664bffe13d8b624bf4327d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e20371568d95ac4fe9cd906ccb0b19bd |
| SHA1 | 928057e58c2b2a70e02d3a7c14285c0df38ce95a |
| SHA256 | 67932e7728f55f0a914f75c6dcca1a1c30adc888f3647f208abb0ef13086635e |
| SHA512 | de49014b0a6a1a8a37176dfa4a9cf794f87fb994304a1f22d5b6e35be00e86e40129c20ac8fc09c1eb505ddd9630f4118e66b88931151cdbaaefda8d7e6c6458 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb2e2c44ff48a1a99c9fa65d14f9b7b8 |
| SHA1 | c10938026c76e6d265d337d61e5d9172e2ccac69 |
| SHA256 | 2d88823df27960dc91deac5966e6ce6eff20b85f44063a69f037fc96c31ccce3 |
| SHA512 | 03f0e66175da6e93b5103d99bba141d1452bd597e43c8811bade6942be273a9231d87ad135d9dafc107e8175e2789a87a35bcab07dfeee64e71cf354830a0d8e |
Analysis: behavioral28
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win10v2004-20230915-en
Max time kernel
139s
Max time network
150s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f06bba8aaae7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000023945248a016ff4caf831eebccac29d8000000000200000000001066000000010000200000001cf193fa645fc807794828c50c520e2eaf3badb4230eb36e3dbbe0f12c715c00000000000e80000000020000200000004078cd4aac65bc7e31b724488e32d0bd03c459b098bb118f29f259ef41bf8aea200000004c4c2e3c6a78217c71d46fc5b3189d1bcbd6a594445e274c1d1630f93666f945400000001cce6783c7d30aaf1b35552d4b76d1ef917884ddcb5f827270ba8657bad9d0d82414a49d27c27cf40eca56cdc8eee6edb9912adb2af0da7ab1be6e77f843c0f8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E8D0276D-5BEE-11EE-9359-6A906B243823} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401529702" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000023945248a016ff4caf831eebccac29d8000000000200000000001066000000010000200000002846de6302b49993a00c8e651a9f99e858656ebe5241d68aa0487744807a6610000000000e8000000002000020000000e35e365dc344837268d6cbf36c4a732b52edbeecd162637682aa7b540680f58c200000007bc9e33123644a256059527ef8ece4068c8ecd5db383d6aad14743105bc15b3f40000000efb3e1420626d901dcbf75a281dfc32f5803f63129bb801d1839056d34d2b6c2437c35f15e4d2aa13cb0c9f313cff610bffa33d1c5cd909162f0313065841bde | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 309ea28aaae7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1328 wrote to memory of 548 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1328 wrote to memory of 548 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1328 wrote to memory of 548 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_tracker_local.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1328 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.162.46.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7A5L91DP\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral32
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win10v2004-20230915-en
Max time kernel
150s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e01d3a14bb1f3846b5fc27e9e0ad356000000000020000000000106600000001000020000000dbea2cf8449cc9440b5b60b5d753f44522789c44b38e3b2bc4e78d2b52d13f53000000000e8000000002000020000000823759ae8aa6b4eba538e4d6f3d9939bf2b9e4b9aa4c4f6db3224fe947b0667d200000004ace0dd2da4a15cb02ad2352b72f046f79db862b4b6b60f12ed369e614ff33c4400000008f54bf3be02c1cebe1ca0aa75374a8b9db441a23bd64b42c96e92b1374745483eebcad02819a34ca7d94af2fb569742898560f7b08fbdc72c1b3e47b863fed76 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70ce5bbaa1e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40706cbaa1e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E6B378E4-5BEE-11EE-941E-462F79703E28} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401525920" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e01d3a14bb1f3846b5fc27e9e0ad35600000000002000000000010660000000100002000000023be8a371df0a7f656dd3d1443b8e41214a77ea640d98bc3a7aa7d9b43496c78000000000e8000000002000020000000a57e9e65c0c45062334a1b580cd96d8b39cae377f5e56887fea51db4157f1d6c2000000040598b744e657eace4e3c65ad9b7e50089df99b12a84c316e752692d5387904640000000f52c7898a3e37038188049f825934fd29745fa00b30d99eddfd187f816ea8fa4baa633ca0fad3ba7e4a15c651258fd2c3cfd59f01d91942a1c3b394176d52a06 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2232 wrote to memory of 3448 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2232 wrote to memory of 3448 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2232 wrote to memory of 3448 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_static_endcard_tmpl.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.178.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRL3SWXH\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral24
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win10v2004-20230915-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2089ff80a9e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001525ae190b18d34db1dbd7ec819325760000000002000000000010660000000100002000000005cbf2b36eae9b63e9416ce8d34e0b464da5ad1e83f9f2f7e42d4c23a92ef470000000000e8000000002000020000000e905faf54183c0c5d402ad868678e49c990ffabb7a62ca1979cffe7d2c96d4dd20000000266766f6e112d892ba8d407bf6d71f6d662d01040f0b6da262f0f5c83ba5765940000000293e00385bbd3c25abc7dbfe0142bf55460023cf8434d98756193fef11fef71990362e0aa12abea719e20a4a6659e0e1ae65d8e1545c7035feca8ba72ec0362a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001525ae190b18d34db1dbd7ec8193257600000000020000000000106600000001000020000000d00e26b683d0e142e113c98a388c8719d535e1c68f77394e26472b1fbcaef5af000000000e8000000002000020000000013af9e430e6284c8d3acbd4339349f68a7d47d8e5737ccae76b92abbb2470f72000000007e16f9fe59ea4f335ef9cd50fb6cebc73177e7c03add0b6cf877afd7e7254bd400000009ec1b76fc4c9938ba290f744812eeb3b85aa7045546657d608bdba20b2721bb6cb074ee67a05a83aef2a76b18ead440147bcbe68138fbe26a4c0f06e1e57e1a0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50e7ee80a9e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E6523E24-5BEE-11EE-8688-CE3E7C77A9B8} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401529264" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4052 wrote to memory of 1848 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4052 wrote to memory of 1848 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4052 wrote to memory of 1848 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_labels_local.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4052 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.3.248.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YQR9M4BX\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral27
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win7-20230831-en
Max time kernel
136s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841082" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2006debbfbefd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000918258b1c6eaef44bc85c7515db804ef00000000020000000000106600000001000020000000db843725cfb46074129db44cf12765935098bb6a775a5b1e69d9bf91038a92e3000000000e80000000020000200000008018d3f81113496f586a15c9b82bc932f5993480414d3ac3f25d00c525ec82b490000000a3bc83e27661aba4cd68b9c3fa3426c5f1d70c81a3e76f9e7da8acb41230511effd60dbc3e748923e5edcc2232fdf6994d07225d2ac78c76265dba60866b5ff94782d9aa7aa63220dc8c9e065bb832d00a72f5b4d3be5e513a4e2d9a68d12f0e097e8f0d6a896e55b67114cf43d88deb100c99ce1730e2fa29f063045f8aa703bcd8718d6f01a01f51fd29ff1c593507400000005fcec7e1a986a03861d427fa79680ba42c75807a8f7ffa7da19b3549db9e4df4c658a81e10d87189d032e503d65e1713421e7e4fbce1235326041a4939f75502 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E707E371-5BEE-11EE-8E84-7200988DF339} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000918258b1c6eaef44bc85c7515db804ef000000000200000000001066000000010000200000003efeaffa554e49bab616a55c4cd798986683d90d14bea164a2986bd13ad614f5000000000e8000000002000020000000e0257f97ced4d0035c5a94da0904526749b22cf8632e767d1680cd95017cb7082000000067fb62e46be1366290250838e86826661b89f4a31386c9f25c5227aa7033f8fa4000000069ccfd9cded18bb971bc14f3e731cdb9409f2bdb99f5d46fbcf895ffc5422e22f002e3bdd2a9eec41fcd5570e642b1d70efe99a8200607f38c56e8c707d24b9d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1864 wrote to memory of 2332 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1864 wrote to memory of 2332 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1864 wrote to memory of 2332 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1864 wrote to memory of 2332 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_tracker_local.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1864 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5E97.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar5F07.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcb8822527cfe2bd5d21f7f6b91aa373 |
| SHA1 | 1bdfd1d03c0f27fc8c05d390ac458fab1f06b631 |
| SHA256 | c5aea6ab1b4b9e658e9eccc8ffcc2617b08188aca89afacb472a354d6cb8155c |
| SHA512 | 73820251425d06cf8329ac69670b5b60237446c5e655a2b2d4c138049ad20169396527d31f84691446613391f070e1762095e289fc0c844d8f1cf4745d5487bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8cf9623e8c2daefb83b0e252aa48a3e |
| SHA1 | 42cff33ca59e7d68e4df268702d9f9e679e8788a |
| SHA256 | d97c4a1490d8ea96ce7cdc1feffd2c87d1db9274598c9a78380fe7360e323684 |
| SHA512 | 8e730d03a311631d8b577a79150cb0f456ba1b02c01d4277fabc488afd336634371351866bb8757de169125c7b1f7bf7c9cad247d1874da67733f2d2cdbcb253 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8984d1ddf49235ab7b5f272ccddacc9b |
| SHA1 | a17e78eb99efd4abfef09229233aa9c5a99b684b |
| SHA256 | 3c1e3d4a685fc65185710627e72ef01d6d955994dbd163e9bbe3992a7e93c481 |
| SHA512 | 26d7544b3af7b8ad0b260e10c451660ce245a7634171e286e5bf5fc10b392d8d1f6578c513e503e79e144b513a71215279ec2e9e4cd1d3e934524fc2abba33d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 451d1bed2b94465711cb83ed9f859a4f |
| SHA1 | f9b9620e46efe192f9731be0c520ca742844d50a |
| SHA256 | 55e609c7aa327af62da74cb28692a497ba628bcd923a563be1070164f116a5d4 |
| SHA512 | 68cce4d003992f137f958048cd64da99418a3cd47ea29c9dd058ee1e3524cf96dd9a9dfb733f355f807f8cd64d30b24ef3ac94a47310ff78c730019e8877aa4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a5c1ca4fc953b4273f1a81f8f9002e2 |
| SHA1 | 7a8799bf75b0fdb1a7e47b0c6aa14013f61a814a |
| SHA256 | 503a1ba9e085c76949da82a3867120ecd0d5fd1b372667bf69c70879ce01d308 |
| SHA512 | 5def62da172eda5ae8d65cff0e95c24ec6451b5d5859b9a4c13d1b126dc3a085f0a1e5676e65a36ceb2f6669f2838b22d4f2e166da91c1871e39460e5d53770d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb8d0eff6306289561ddc09f79a14cb5 |
| SHA1 | 78945c9bdc10adf21df3a5415612509295cc729f |
| SHA256 | b375ff639d7ef906c866c5785b6bed77901b6e741f27a9bb232d49392c6b347d |
| SHA512 | a88274ac8fa85bda615608dfee5cddf28872dc74d888247ee7fcd3eabc4ca29c4d6481ccc9fd59195ccb47b8f7b01eaf485bda884f99ab10e98eb788dcad13ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c7ec905e12cf9dcf771bfa40b779a35 |
| SHA1 | e1b0c3329e2dda5b14e28e89bb2b76c85b8ac8b2 |
| SHA256 | ed22da05d15cc1a5f6f5de40b43a9ca9cf06f90b03006c9e61af9ed7fe00b459 |
| SHA512 | 6fb4de696426380407209c4b3fa33fc257a00ae6bbf530069aea3d40448f7a1abfc752ff1439f1aba8b0af71ad0b14b37c5c459544966f70bc4a9c055ff72a5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f6b06ab26a977d4160aea14c7027b64 |
| SHA1 | ee0dd09c66f7c17128c5b270b667fbc7f608c28a |
| SHA256 | 5194e2eeb145c3da68f57fdf92d2b8cd79a345b664ea229183f5491592d96829 |
| SHA512 | 3527aa07fd5b6a3cb9fb889b3109a1b7bec1ad4ff461fdf64f8dfa44853ee8b9bb5924119bbec27c6b794916e0d3da4583ffb682bc9dfbe2052916f1f321ea2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05060897be2e51d031f85cc8c6929849 |
| SHA1 | b06ec67e95b583d9816277c6c549d8a5d3c56098 |
| SHA256 | 2d96ae286fde59d16384d14ffab9ccf3549ea11a024823907de6e60bdbee4ad9 |
| SHA512 | 09f700d0de9a6b3fb745f620ef0ab63f045621d1f080cbfff4d4aff8077e7b0c1a1a4edad9b3657f41bf19ef7dcbb7ba2642755e3ec77bef7bf7afacfc8d5759 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c500947dfd65dc7975f8376d8427510 |
| SHA1 | 285ee82c019acdfc12a48e204340eb6ba90ae38d |
| SHA256 | ec5fd6e5302650a81f5cd6e70401a0aabbc7449cca23c81691e878fa19d6c0ed |
| SHA512 | 94fbef8707221ca30796edf13576ab6604f9003479d206104fe1f0853a55126cb20018c6e66358eeb68d86fb247ee12faf320548fd25b32e591e6661304584da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e0313613b4f4d9950dff5e920b6118c |
| SHA1 | 84b74fb7b172157598d87ae5883cdb0104bca742 |
| SHA256 | 1d529516ad1cffb972e7d199e5caf1b0245dfe7e994249fbbefd91d654858455 |
| SHA512 | bf103364ba403250897895c23ec240816c05f1152e4a6bf2d281b078f6236741e9a003f0b13690f86d5eafb87ac69e1fe2975ef9276e09cc40b666e6ab4b086a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5580a8cf131002938d984f249a62840c |
| SHA1 | a0645ec37eeedc609378298d59c0d8985ccff68a |
| SHA256 | c574962b8efb5a25fbf51aa3ddd20bd02ddad95e83a6eeb847a14672194360dc |
| SHA512 | d443e431a493ee12de1485deb732f863678b72efef4b8b22876e2a504c4a32f4ef06a912b2a4ab07f69a0c04e2e3ddc1311e8ec20ae4ad10653eb39cef6c9f8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27f82558f5607fcd2beb56c2f1c75229 |
| SHA1 | f2287ebcc8f4c6205865a830a8fb2a71b759fea3 |
| SHA256 | 9a4c26117390ab453e8d3e37aaef0972598ee355657c4508e1cdd88480ad7f72 |
| SHA512 | 914e6e3308bd67a84a42fa9d92a952c963da0dafec6aabea4083be649a733f3b5ee28203b916bd24355982caaff025d789bb0e3ea7e7c9a5c8a01040b3464afe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7e2ae6a93b9976b69bc44b1cb46e829 |
| SHA1 | 0ee4bc2d6e47f40f8e83414277c82609f1ff7ffe |
| SHA256 | 76c2a699d388361626ca74d3ca4c1bd43459a134acc2fae3610c1cafe3818cdd |
| SHA512 | 2a593333d19e65860ff4a70fe11d551f4fdc5c38c438d502de1eb3e250a7e9805429a049ada5e2f70da30d1b0ddc86920f31c151b2d814cdffdb28423a109fd8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d28b6f5e5da84ff63f87f60f243f47d |
| SHA1 | e8b5308af4d568f4aae8f521567fe802a278027d |
| SHA256 | 6400e741169cdcaf6050037ccc012fc6fc0ae75a200d30f1dfc8d5dc7d877def |
| SHA512 | 2d011310020de718c0595f88938690df917239dbf4667671caa6d2b11e97ad0f507c8d786ed7c83190cb957093aa38053d0c620ccbdb740260eca97178f2a4ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9628bc32967acd664733ca63ed4d88b3 |
| SHA1 | d7d9faef92b32b527dc4b16ab8b881d25619a386 |
| SHA256 | 79ffbf0ba38ce59afdc8c5e636d4d8c60192121527da6a54c7a6c73987ed788a |
| SHA512 | 598d51bd99e79eaa12e511c203ef309be37dfb4a6f6c69eb4ebf3f0aca7373bb5057a1d882f488878b29ab71e26f5df2ffe5423d63161d50cbff31dfdd1b9163 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af9f36f20417a1bfd01e17865c0bb4c5 |
| SHA1 | b5c6e8a675fd2df563b65b096283e08910f1c031 |
| SHA256 | 83e106c146646ac4b3c9be7c1de91f926a1dc1d5f6a56856ac9b043764f6771c |
| SHA512 | 9eac91c650b8c500ab09f369306a28d8a89eb8723c9d149d2f255d0259c12f6514e133862c72ee2495841579a9b38794b93cb20e8a792adf7655bb39b9a519f1 |
Analysis: behavioral21
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win7-20230831-en
Max time kernel
135s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841081" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b0000000002000000000010660000000100002000000027674baeb3af7fb510810b0401bb1f5e43cd2e7a3fe90ec9244a125377294b71000000000e800000000200002000000059498cd025bbf863a05933f5305e0282390b6ad341ec9033f567a8dae066ddf12000000096a5a8402b70fed7fb1766208b9b524e82ecef106452058117835695f1302cc9400000000c6932d5b4daaba7c6c5158094c7d1765ad69fafde20e675251e361bac8736e0d9e3d83d0bd29239b2d3643657a404ddc32a7e46bf81c049c1f317da907e63a5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1067f1bbfbefd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E70CEC81-5BEE-11EE-B710-4249527DEDD7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b00000000020000000000106600000001000020000000fe3f077fafcf8d83c65246f7c90176a687315a37350abd1eccfeb9b4b6ae3333000000000e800000000200002000000015865c61d4d1285b7496a7b22629d58029153bcce20930469d5ee3d0775529c69000000084ce96ebcc681ebbdb2dc38f8437d8171782bbcb1c4d7656d1a656c16a4bdece48e3673f6d2e620fa1087bc18c98f82bde7dd421cc8935de7e0300b9b9481ddfb40ecbc8883e361b604eb9518236f2d5dc8501d20abd65abee7c6f80cf4579e42ee1d514c8d671e3c8f6b7d8245b085cfae473a49df3b9de7cce440e0b3ee9a35685569f1de644c7e3457c253b0af13140000000c85885b7d7e0eebd46805672416cd06971072c53d111f141c638a4feeedb771d679b369375f4ad91a186ca74afb543b3f23ea9df3537f98b10e44223bd43981f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1572 wrote to memory of 3056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1572 wrote to memory of 3056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1572 wrote to memory of 3056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1572 wrote to memory of 3056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_insulin_local.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1572 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabA094.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\TarA0D7.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02a24a42ff32165ef37ca35f07f4682e |
| SHA1 | ddc484441e215c9250a1e03efce23bb248ae0f3a |
| SHA256 | e3e42eddd9ffefd44f2edaa4c6a1076959a7ffa7ddacf37590171e3db08257e2 |
| SHA512 | afc740873015575b0c201ed09d55942e381a7dbd4a5e04473ce2b11f63e3b387b66e0bf9d3618350e5f1ac921ef3c0ff254ec8ee006fdc05eb74b2de055bc2a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07d1d2e4cc1e578a7affafb62623cff5 |
| SHA1 | d0580e62373d6feabf2781481bceeae06db583ae |
| SHA256 | bfa69711abb30bce02b9decaf1fb0a09d86fb0719a569928a46df0ee9a6ad039 |
| SHA512 | 347d116207bb3ec05afac8f75edae0c74e37fd367a251007cec4964025b4e16b5866faa9988e6775df6743b0d6eb57e08e66b36c5ca7651a36f1fd7b0be9fb22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c62fe5c5a3b9df61d5178f6a35e8bc5 |
| SHA1 | c500b09763829c34b557f937c7210b66e1dd0728 |
| SHA256 | 0516d6761dd0c4f2d083aac749f2772b034094bdc7186d126cf3c790d4e7ace8 |
| SHA512 | 3a1fffad906132c85a850b57dbf70ef43163cfad162357164f67da00b74710ac89abfea8d27b8db25c1f64d632019ff114d826499ec1a31e074d14d2eea7e4a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea786f96ec6757518bce064b5512723d |
| SHA1 | fd2f12de44cd70923cab5995be8cd9cb2f238045 |
| SHA256 | 475259c61d68314c9566ff2398a205a18cb7b34f0d4f4f55e8c2a0b7d75cdaaa |
| SHA512 | ac27c278612e56abf72a3022d453344177c97d19a5be5fdde6e518a9d7a574e1febac6698c3c41f92aad34bef5670661bcb2296e3b86a8dabde8b8b51a6e21f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea4b9fadf0684dcdbf58cf2d5d5c2c37 |
| SHA1 | 92415042f960aba59b347ccced9be826c5ad4f7a |
| SHA256 | 89fe64b14de6b75d8df43eb8558b9028d9e9944a28869e9d2d86525b7881bfdd |
| SHA512 | 2593523e1d34d2c7561706db1abd415107fbca3d4e9689e5a58524ed0aed79f19a7024639127a319d37db7a77e3d3f8d75c80c8d832120fa20f2a1bdd35d4984 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfe90bcc6ef9557ebe3f68d355822c11 |
| SHA1 | 70a3ba5ea9ca28201703676e77c686ce8b480e22 |
| SHA256 | da703d1ce517a144cbdecb61084e0dd607e73b03eb879d905a2a7d2463fee6fa |
| SHA512 | f6d0ff7ddd8b76981e9010445de2631ff6ce943fb88ac510cd4e94f7524b5b83858d69094fd80de4e227180136b31be21bf129c2c91aaba72e815cc8ff9a36fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bd924c564c0618f09a4c46e42d1a433 |
| SHA1 | 2f24576007518afd75766a9f8f783dbd40836c2a |
| SHA256 | 3527d3a6f7a19f1b3256aa24ce62951920206d37ea946ccb1b6daaeacb7f9feb |
| SHA512 | b56003079efdbdf761b9f5900273e4f6a3b9cdbaa1231d412dcb85c1301f6b29fbe06d07474849b560575f8b4b7456c566444092752ce307b5e4b5a3ad3ec5fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0dcc4c8e80381b12c421abfe52b91747 |
| SHA1 | 9e5c8c56b2868ab2f03b2157f88ff5e9f334eb19 |
| SHA256 | 588fef2fa25653d52c6ee48f937123ff8e5aa5b6e1c833368814297e21289fb5 |
| SHA512 | 0fb6d8157df058fea7511934639de61846486447987b429de55c2cb741f7f1dcb39a92ed1978592f24d6d8750a27964bc5bdc3051341b5157cb984112f8fc519 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73ca42915c68c315f30b197a38671400 |
| SHA1 | 1da4d81e62531c6f6cfb8fde17ad8cf98bfbc589 |
| SHA256 | 4514c2b0579fbd1eda17e7441a8bc73cbe016f7b1d8a0c291f6d923c92d6ef77 |
| SHA512 | 3c7959d7da570a19a67f27a60f9735c94e4eed73b70baff6d56bea438d458a0f53313d26c38f77f949e958df4a938330e251e4a96a392785ac5e4379422ac57b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2725e8e4e25520f10dc6f5e126aed3e4 |
| SHA1 | 523460a74e0575b62e52eeee7cf3f862173e1db6 |
| SHA256 | 9ff05abd8d5fb9fa1bb73402c0131487ac9bd17d00a1fe99646a48c4f0e85d80 |
| SHA512 | 3aade3c1c3acead1a76691533ea9f82ad9af4088f2699e4166448822d61dca50bbe5724937ad6db9f5330216397363acea06ac6fe70aa1dae86793448b6357b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a483501e09536a2437073027e99e2f0 |
| SHA1 | 4d33023497725790c100997494f06f120cad90cb |
| SHA256 | 3537ad3a9211e860d68e80c7dd45bfc197e93f05dc7d8d7365320cc2d0c9b85b |
| SHA512 | 13cd1d8424c9babfe5bff415fbd47e83610e5540eaaf53312bddbeed7095e5678b0fc46420bc723adf1cbf04db4772e955e07e57312b502c9e01d338200ff8a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4c34a60b0f21d419c16d86ab4b26f54 |
| SHA1 | 5bf54e9041257ab769980c2c4f885c20423c5f1f |
| SHA256 | d90c61fe61acc924908ce9d8da199676d494c1a4b93a0853fe4a580f7a820496 |
| SHA512 | e5063363a91aa1819958bd1655cafe28dcf6c5cdadd0d30d2d042384abc3e24b65423c93392caa42e82aac7298eb2d48ea7634eabbaae66c69c7820003094c2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30008c08be6d75a418ccf232d4bcb15a |
| SHA1 | 859af7b47d5bb926f26bd27298d28d3669f838af |
| SHA256 | b0dad5e4b2d7876a1bc005fd76c8d5d0797a33963cbeb755b3f2bb4f53fdeb35 |
| SHA512 | 71dac8f802468649e043377f3926eefadb268f9062586c08b1bdbc0f4e1acba089224c1ecc7579c8b6005e8e5c3157c8a1cf764decbc794e1662f210ae1a53ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5799ecc524110582c1260626b3fe8110 |
| SHA1 | a7d1797071daad8322a4ec5e2762e0efc839edd9 |
| SHA256 | 0ee977c7f49453844f4737e177cc2adb02cdd4c39263376496528e177f065e4c |
| SHA512 | 968fb74fe868cc63e2be147d2cef4b0fdb0718fe1d5ea86e9d503faf0f0860eeec093f16dd7fef443c86410ac607a19412c142dd75f34d2438c1732a398d8fa2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe98e03895e2c7e5fea8f8c85ff7dc68 |
| SHA1 | e6b70d233fdb16c16aa3fe1a81a4fc351c2b8b45 |
| SHA256 | df0777832d607ea645f86977ec5537063fd6582b6204ee18671e0aeed640d134 |
| SHA512 | b145dfc8bd0c80e4a89f2baf2e73a0f7eab5fe3e9f34c93733f4a96f4ab70dc6876b590bf65bd7a49d1de65432c0b313cce6754dd03967d819031758a50dbdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12967da9a3f5dfd7c4c40a93a85dfbb7 |
| SHA1 | 5115a3aa634f3a37ad5c869e7dff9fee3a08fc90 |
| SHA256 | 3b7402c18cf00b3b88d24ef7aa39f691460f93e7438469005d449179f0c84d6f |
| SHA512 | 19a2d5a495f0f03af2f210073e7abd1950dd51bb4372df731e335ea7c701e52b139c9c14b940865cc1fe8f5c4dea54bb4d22c8a2141dd038af93c457a1935628 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2a5568c2843f38ad77a29136719db9d |
| SHA1 | 1638cf49ca6c956ca93dde5308798a238233db55 |
| SHA256 | b0d63158830b8802c12953c1947f0063886ff73e5801407b041d8029575b1a84 |
| SHA512 | 58ebcd589d61b5b323c59d35434c1d6dc658fd13f160cf3c7712e45775fd3eba60b6ec9bc964956ae9950aaffb765cc3a7a117b0ba184839c795c00e5f671ee9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b132fc32a69fb030255968cb395c6a5 |
| SHA1 | 8b5552620aec6cff29621ffad7c09f75dfd787d4 |
| SHA256 | 264b04a44821247faddde82d9b03ecadb34cc06f04f69f0ccfe59e9841ee70c3 |
| SHA512 | 596897df0236ceeaa4d7ad45ca70b0bf24a29c6d522b913424c601620f4835899ee8349e8e081113ae9de7c1bf22ac6ed85feb43091c682f1a30e935291f1d10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3fa6815a0eab6cb3067d5e1061472db |
| SHA1 | 357f7e381ca9210c27c9c54db16006733e5057bd |
| SHA256 | b8389c24ea0534ce826de4ca5f4453ab11b915adb743cddad3b3eeb84f451b92 |
| SHA512 | 41f9fae5714b3b1a429228a475e7d73699a152d9361d834d3174de134cbaf2028b10f576798b12eb987bf4922c8a9f6354ca31bd6743f150901e75871693ac2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35759f1bfaf9f377983d38e0224e1e42 |
| SHA1 | f80e84d2af1abe97ceb4614f0735fa37555f99e3 |
| SHA256 | a4317cb78e8430fa9c0c1d6f7d5d2a19e59138d0cffb72c71593fcfb44fb4c9f |
| SHA512 | 2b83457304acc6ce8856f4a8bf4fc296df1b301a57bb6906e4385d9cbf08281fc0e09e2127983dfaa7a5d84611c13b28dd32cee31a5d3d42ac2f558eb02940e5 |
Analysis: behavioral22
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win10v2004-20230915-en
Max time kernel
147s
Max time network
153s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0172549a8e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E686A5E5-5BEE-11EE-A4AD-C68ECCB5A471} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053f6c1c968fea744ae4054d48ac91ea9000000000200000000001066000000010000200000000786a54e3da48af01c2df9952c0dcdaa7e4129f89f480c45c5e827717691b4eb000000000e8000000002000020000000f3d4d06f536cf1544f18cb4bfe6234524cbd4bca653a34a7b842791dd2fc2525200000009b24cd5941ebb58a02228df59f5d153b6ada2401772e0465acbf458f0955676040000000f037eaa0361fb605aaf60826d3dea62132a4c90925ca359a1c338835bea29368472e3d09038f8b63809fee6695c4031fce77e4f50fc1f12f54fc45c4ec561012 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10c01649a8e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401528737" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053f6c1c968fea744ae4054d48ac91ea90000000002000000000010660000000100002000000038e8c36580852b92dc7a94a2132bd588d1e2d95c211709ca09c01f0dbe3e68e7000000000e800000000200002000000029144151faf5885d36ee42035698f2444fe4719d5d8b4550334a8f20cfb8bf7d20000000891c4a5b76cc81df75818cd70cf5ca70b154cbda157d8ca2123b9e07b36d38f640000000ffc2a9b9cfffbfacc17ac067d143238513c8e2bfc1b3a874f54e4b6d80630ad5bb30ee477b76d7bb2f4d71cfa22a399101cff05e5719b084bff0f7e250129069 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1132 wrote to memory of 3208 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1132 wrote to memory of 3208 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1132 wrote to memory of 3208 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edit_insulin_local.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1132 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZFOAR009\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral29
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win7-20230831-en
Max time kernel
134s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b00000000020000000000106600000001000020000000747672b6fc6a08ad37a8af1c4e5456db7ca8d8c66cde8a7cec57df2af1b808cf000000000e8000000002000020000000207fa217a4cbd2ea39236a6cd3035109a928a141a005229fd3f663c3c002270590000000868c49734c43e576661749d8f641a5624b639bb47194e82091a824aa91ef91c1f5ce2edea7bf7540c4cf62c921d6adb70456f2f8bcda9fddbc943f597ca3a665fa362f75b5086ca64af418bbae7652027e173ae879028035e533a10fdbd77309630046d11936b4c4fa5a485efca18eb5bd56b462519c3c583848558365b1a07688914084a61687f6887f51d08b1d8733400000002c4bd2471060dd9fe393dc698566766c1a6751836e48dfc282c74641da17f36f208de21c5776c11ef465a1fd1a91e4ee0ee912c057bb3fe587eabdd9e9663951 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b0000000002000000000010660000000100002000000084384ce22336f0004146ba96cfc20897b572dd3e81ff9850df7bd10bac8bff06000000000e800000000200002000000062d9b474c914de3af8a387df108f98b231d9e4127651e77b3db909b0647053b72000000033445a6fc9d7003eca6fa21013b5388032fa71cfa5047aec22d099069de4db814000000049ef29c3893ffefe77a18111ccb5a6debf8381bb211e7f927df3b2d8bb70379ee5e3e4d2e6fa17bdc259cb952344c808b4e45f2691b341173cfdd1627e58692d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841081" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E7134D51-5BEE-11EE-B32E-661AB9D85156} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80adfebbfbefd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1740 wrote to memory of 3044 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1740 wrote to memory of 3044 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1740 wrote to memory of 3044 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1740 wrote to memory of 3044 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_iframe_endcard_tmpl.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabA2E7.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\TarA32A.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9dc4b42c6a2ab54f09dbbdaca5938b8d |
| SHA1 | 492037a1ab0493bd77a2e2c0301d0f29ea1dd404 |
| SHA256 | cff14e4258b56be1d2e78181bc930b4239c10dec4df0c0f6a14edc7ed23a9c5a |
| SHA512 | 88a9f483562a0c6fc6daedef4703e5fb18bff3ad05d279c45aacfe87ce2f2be2c3848055cc6dc6c2245d43b820c14a2ebfe4c9fa501915ede4f59f0b17b6ab1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fd45f04320ffdd2b593839b72f047f0 |
| SHA1 | d000a6edbc2f7aaaa85de5181dbcc0076b721aa1 |
| SHA256 | a2ef3561d9b24c7a59264b35f686975a4f8cd0e012f9c2fc056603dce5617cdf |
| SHA512 | 688194c5a037319691c49aab673831de4802f46318b1066291271154722632733244f089082afe76ed3d3b832cca2c3435c0feac3b75ec74cb8ce8befbc24344 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcd9eb520b84f608bbf56e0346106190 |
| SHA1 | 6160d57ecfa72457f33a0c111cdfed246f45ea5e |
| SHA256 | e0a100adeb82152fad40a8708f113f95ad347f37e1fa314c270f207fb9848715 |
| SHA512 | 2c5d45c0d18c009ec4b481708ea3af91d0d489eccfcbc89848aafaca5b0b7dfc517c7bd003e5369cab16207fb12dae40ee47df6338e39d6e90484b67c9a22f0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b65aba3a7199bf822ea13406882aba0f |
| SHA1 | d9004cbca9da70b07dbc0330bfd363051f32b597 |
| SHA256 | b89d5bac744c38106f4d8568714b5bf1c6fd289dfc5b08d1ee5894f98f1d2338 |
| SHA512 | 5d3ba6dfd2da4b1b5dade68589985b82f6e67c44471e570d596df3fc86784232393801344203e4e1b2fb0d5813c92d80beb21acbdd45cf82a997e9b4942cc162 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb0a707ecbb72ba14bdf4909c00f98b1 |
| SHA1 | 304acd07a03e9d9998711e3deb07bbddc9de3922 |
| SHA256 | dc3e19b014ae653098121a97211491d1cda1a839a344c106b0331df864d4adfc |
| SHA512 | 384399662a9b19072cdf75ca346b16248389b5095c9c07a6352f0bcef784e747eaabe12862cf87fabcb7492a6f37c4e84fe24bd1afad580c94e6c2a36c27804e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 990aaafdce38ed56718f01ae7b148851 |
| SHA1 | 25ffa44015f2bdf81784566e7344815f1014292b |
| SHA256 | 1f7db71c0183dc3a54436674bd6e54f86ff21da5048a717152c723f58a1ca259 |
| SHA512 | 2c7c9f487ba2e05e2434e02cf718e53e0e65c8239c05e0a4364da66341d3271a12c79236cf5362ddd0968a00cb7ef55dc483452b7fe9a814185c4b060b01f235 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acb6d683ffb271aa02f416a1a1db483d |
| SHA1 | 9653347616830f1fe08229538bdab0a251999ec3 |
| SHA256 | 7613d0fa312448cb28f19bcdcf27750792d5ba7653502aec64fda5326637bbdc |
| SHA512 | ba79c70642e44e5cab0075f5c8a25a9b194064691662e58f4c41c8d23396d9a7f01277eee9edf426599f8a94588b74346a083bcf6959343fc3dd1d232b135a59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d657011e47c4483b110baa1de4a8153 |
| SHA1 | 8f11f33242d259b2f0d21aee6c22f122909b2743 |
| SHA256 | 6a7655a023325a810d76777ee3de971e5a880aafb7b12b64d3a07a2b9270d2ef |
| SHA512 | 260e2bbd058fd5ac0aa56f4614f5d1066bf28c507e8641f8f14835b43774671c2301a6425eec900b152c3ec889892803acdd6f31e163238887ef3b076b91a204 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c1141fd5265a620dacf8e6171903171 |
| SHA1 | 6a93993f54e295d8391d67700aba206117af3076 |
| SHA256 | b521bf56bcb33c0334fdcede3c58421283cc8807c5a0aa0240359ac0e223e267 |
| SHA512 | 44470e5b3cf4f45e0d051db82dea7e9e319142972ef6a00e0f388d8c02b69446459464ebe6c16ae1b661ba9de4f7e95ff63a43ec2cb4b625314e492f0c0a2660 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b4d996a9291470aa3082a677adaa8db |
| SHA1 | b803c2431a16185f295adff2a43d1e59cefec79a |
| SHA256 | 6caa29d0ffbfea1d746d371ade539cc2ca4b944b21a178da1a7b9de357d54c58 |
| SHA512 | a1843d5229450bf6f30885777034b32d7fce967afab2dc23feb458d9083b1e41d10f30a62b22a0844ccd9dd72c2ea85c29f489cca071e0c1c5e0f50a5fdc54a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d008507ff1a40d5ee70186899ef3eb21 |
| SHA1 | acabda75b2c7b9eabbf7a24f4237e1a2bd44e7a0 |
| SHA256 | 3600ac7e7047565f5b7c03089a63790c14466f1102a88b105c8edc5e71855deb |
| SHA512 | fbb145696ef33ffa3a7e2a950b4bf40b5555b701580b5f5868ef4e0c9d9ae10451e10b772797a5aa75ab5cdc5e45932079f48018a990335239e0119745759af9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3a134feb68871d74c2358fa12baafda |
| SHA1 | ed0c5bbffe656a776de3cb6f5a4e92015d95f6be |
| SHA256 | 21725326540d4f42f694e3cfeb973cafc66e7603462d8d6b9bad7116cc01d494 |
| SHA512 | 563da52f3d09916e232a6d12a82cfd34c9a73fc5dc8fbbe8161cc1a9b761a7c9392fbc8dbbd55abc0202b62c9a304815fb0d46604e33a12ffcf4a1f6fd3fac76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2b4889c1918e8fec0ae9030c1bd1c33 |
| SHA1 | f4053fee2d9e4c2bed7239fea9eb26fc7e029c1c |
| SHA256 | c2b17eb3a5cacb31c8721152f06d5cac0f17d067c533b1aa519138afe2389f3f |
| SHA512 | 64d91298cc046c04d0e7d8e7661b73d9edef1f15a600d1f141dbb424b8d7d08e1e90669afdb62dd351aaaebd66e1f17d53d1006e671f77380c0e691d5bf68de8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5eb2b2c5c0ec10c911bbbc500b54cbd |
| SHA1 | a41f1733a39f0dabe43fb07f4935f8154090edad |
| SHA256 | 1c683c7e51442a2e09a909a32ad7f5638221ad7ae560d5ea61741200a0b397a1 |
| SHA512 | 9019ec2d750a653fdc28761f2febfd1b4695c3352a3afc7169a9b622212d016ba0c059a61f6c52134a00c233d0c9e17c8246686bc7d177fc8c50c035cf18372d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b9e14cb89853fdad5ef495f9a6b0bf9 |
| SHA1 | 4ec42eb1ee132870c6abacd189486968243dfb23 |
| SHA256 | 5f688098e10b1d3e831d458ea21299487c72b0b861292d0195b4e58086bf3a6e |
| SHA512 | adadc2ba44cf06959ec16c4934966033b5954d448c8c3a66ab5dba72a8a4e488af6026c7fe01eeee810dbc197eabcd4bc9bfd32b5494f2fc9a6b7e09786e8256 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf5829e407bbb9063559e8fcaed68d0d |
| SHA1 | 5a6ea6a06ad8d7b3423a33a948cb5f35a835a509 |
| SHA256 | ffd00ebc9f0b8f76f1c6c4383d1e3c9339715bc73c3132b9c16ab3e32c5451e0 |
| SHA512 | 98076f7d1c06be8f77a7778a574284799571a9c08c17bd58e9c569fbe9a2fb82ea6782d80d898b394c5d579088eba21c618f12803d058ce1506f9e124fc85010 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a91382ecd7b1393627aaa92f92162807 |
| SHA1 | 982d5fe261d01a25a72c8debf90b4ddf8cc69f30 |
| SHA256 | 8713901a6739e4670a0386fb7c860247ee56a6e2fc24deafcdc8be4394239512 |
| SHA512 | 139d154b55dd90d70adee274116de684cce957b9d5cf68a85bd0dc8536e3528994991b9e862b115f9e94f22774d41bd5f7764075c3e6e77d34d49348298ac39d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91884bf2a3153be307480cd89864536a |
| SHA1 | bd0cb05946b49751e1cf9c7ce750cb2e13bea985 |
| SHA256 | ec7c15cc96524cc4c39a46cb21e7e486f50ea0deaf04259e2443e9928d695ccc |
| SHA512 | 48b590379e02c9f02bfcf64622b49a69af979e813ef73fe441f77665994116182bbfa45be1571ee981c57e94679e58f93b816662d1178db128eb1cbc55b3cedd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5ac06b76ea260e1d661972f797496cf |
| SHA1 | 389d30b655ad12802734d4d721f07f89e214dc28 |
| SHA256 | d82bec3b0c21ad703514bb596dcce2c7233d201d5e503dedea36959c610d262b |
| SHA512 | 88a4787e258fabb8de62333f4348b7db3deaee0ab3c8fab213c37069801788371d3cd6129783ec97cae93c9a5a4d3b9c6d9e37cafc82456f699a1936e4e42f42 |
Analysis: behavioral1
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
android-x86-arm-20230831-en
Max time kernel
3462248s
Max time network
137s
Command Line
Signatures
Octo
Octo payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
| Description | Indicator | Process | Target |
| Framework service call | android.content.pm.IPackageManager.getInstalledApplications | N/A | N/A |
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.riverfront8/app_DynamicOptDex/HfoGUZM.json | N/A | N/A |
| N/A | /data/user/0/com.riverfront8/app_DynamicOptDex/HfoGUZM.json | N/A | N/A |
| N/A | /data/user/0/com.riverfront8/cache/ngzvnyttctwi | N/A | N/A |
| N/A | /data/user/0/com.riverfront8/cache/ngzvnyttctwi | N/A | N/A |
Reads information about phone network operator.
Requests disabling of battery optimizations (often used to enable hiding in the background).
| Description | Indicator | Process | Target |
| Intent action | android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS | N/A | N/A |
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data).
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.riverfront8
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.riverfront8/app_DynamicOptDex/HfoGUZM.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.riverfront8/app_DynamicOptDex/oat/x86/HfoGUZM.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| GB | 216.58.208.106:443 | infinitedata-pa.googleapis.com | tcp |
| NL | 142.251.36.10:443 | infinitedata-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| NL | 142.250.179.170:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | jikugac818v.vip | udp |
| US | 1.1.1.1:53 | passajire555.live | udp |
| US | 1.1.1.1:53 | www.ip-api.com | udp |
| US | 208.95.112.1:80 | www.ip-api.com | tcp |
| US | 1.1.1.1:53 | zaglefolki1.info | udp |
| US | 1.1.1.1:53 | majestike8ca.top | udp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| DE | 172.217.23.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.251.39.110:443 | android.apis.google.com | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| NL | 142.250.179.170:443 | semanticlocation-pa.googleapis.com | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
| N/A | 185.161.248.142:443 | majestike8ca.top | tcp |
Files
/data/data/com.riverfront8/app_DynamicOptDex/HfoGUZM.json
| MD5 | f9d7541e53b3da21b07114b994c5574d |
| SHA1 | 0dceb9f2b238c417f877ce2c5d659c342a55cdde |
| SHA256 | 5938a3b4d175985478b8bd2c7ec400fe969855493528ef982e511ca6cb4138ed |
| SHA512 | 00e2cc5c4368472fc9fa8b574b55b6c0e18b0a8accfacaa905c7be7844f6cd41ea88fdea35002bb6531e3706619d686434abcead6c672c994524dc51273070cf |
/data/data/com.riverfront8/app_DynamicOptDex/HfoGUZM.json
| MD5 | b3f54bdf5727697c33a0f7d3076987c7 |
| SHA1 | 56477825c1b2731afa1a9b76ebb8c533075df827 |
| SHA256 | 11c9f73978d5a9a12e89bfa4f3ac7c36fd9281438798e75f113cc5a6004cbfc3 |
| SHA512 | caa8f233e77b585f6d8cbb08384d974494edcb3705139e9b702a057eac66b9b03ba556c58d5340de6d30ecf64ea7d80dc7afda08b78de6a20e2de238e14d6c92 |
/data/user/0/com.riverfront8/app_DynamicOptDex/HfoGUZM.json
| MD5 | 6a77912b650e56c029a71f6865345df1 |
| SHA1 | f87804085c6f813bbb506e0a0e26f60b494383fb |
| SHA256 | d1ea67963a8e3dc3e34ed70537cbd2c8c8a5971ef27091831c88be1fda02671f |
| SHA512 | 5cf7f167ed81172fc9884bf45b48be84f45499bd3bfba47615695ad5ca53f5f6f2fc2f8532f4811d444f6179f9cea51148211ad108cf1ab5e88a92c11ad8c68e |
/data/user/0/com.riverfront8/app_DynamicOptDex/HfoGUZM.json
| MD5 | 5d64d0e86c763406334f7a91e9776e6c |
| SHA1 | 0198b2c619bdfae3014ce35834504fd8526c245b |
| SHA256 | 92a1cdac4eab99a2ca490d942dd1b71fba264f847504267676c1b2757fb03ebe |
| SHA512 | 32adff32c7006bb31125699998bd2b7fb1fa96770bc2257f181742f2bc767872d70ce8578e74d7233c40e52d3f128473569dbc7d913261e50fe0ea53ffe04469 |
/data/data/com.riverfront8/cache/ngzvnyttctwi
| MD5 | 20efb40c46b088b3d7f833f6c3cfda07 |
| SHA1 | 9e61943af7a5c19362385f4caf6c985bcc554995 |
| SHA256 | 7eb7dde18db104be32b6da57e4fe59968d1e91bb22f6522586ad1f7a87411ffb |
| SHA512 | af487b361a9d6aeddb865f3f32453b88c9a96698b3896957a37afd8c32f97b3d2420ac4476436dfa2173b1cb32da6724f115a30ae07ff1b6540c97f9958ab8ce |
/data/user/0/com.riverfront8/cache/ngzvnyttctwi
| MD5 | 20efb40c46b088b3d7f833f6c3cfda07 |
| SHA1 | 9e61943af7a5c19362385f4caf6c985bcc554995 |
| SHA256 | 7eb7dde18db104be32b6da57e4fe59968d1e91bb22f6522586ad1f7a87411ffb |
| SHA512 | af487b361a9d6aeddb865f3f32453b88c9a96698b3896957a37afd8c32f97b3d2420ac4476436dfa2173b1cb32da6724f115a30ae07ff1b6540c97f9958ab8ce |
/data/user/0/com.riverfront8/cache/ngzvnyttctwi
| MD5 | 20efb40c46b088b3d7f833f6c3cfda07 |
| SHA1 | 9e61943af7a5c19362385f4caf6c985bcc554995 |
| SHA256 | 7eb7dde18db104be32b6da57e4fe59968d1e91bb22f6522586ad1f7a87411ffb |
| SHA512 | af487b361a9d6aeddb865f3f32453b88c9a96698b3896957a37afd8c32f97b3d2420ac4476436dfa2173b1cb32da6724f115a30ae07ff1b6540c97f9958ab8ce |
/data/data/com.riverfront8/kl.txt
| MD5 | 6311c3fd15588bb5c126e6c28ff5fffe |
| SHA1 | ce81d136fce31779f4dd62e20bdaf99c91e2fc57 |
| SHA256 | 8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8 |
| SHA512 | 2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6 |
/data/data/com.riverfront8/kl.txt
| MD5 | cdcf98b844d7d910d2cafa1b55c65014 |
| SHA1 | 5773912b163bdcbf83438cc1c82f1b0b007fa534 |
| SHA256 | 6ab4f090022292d3716a260f936ecb77370ecef4424c3b92be931ed34b1df512 |
| SHA512 | cb0592f637fe3a81b797ec4c79071cef06c532912f52e8dfb8992f043f2b5a6fe70b1ee069e9faf0fda630e1fb38b56dbc28de792f493d3f46b3f0a118897e88 |
/data/data/com.riverfront8/kl.txt
| MD5 | d3cba7ede8ceebd0b9bfe110a4c62961 |
| SHA1 | 1036b749b0099cf5720677545ec03fa897e0156d |
| SHA256 | 56319f3f24210c32b7f77b446b9828623e2313cf2564a9f5d66b39e7db6dcbca |
| SHA512 | 599dfe5ba108904d34d984999c8f5ccdc9e8f60ee4067a923612a58cb6770417c0e1e5c1d9d895705cd3112a20cd35744c350fa876c4f84f938d90a624b96592 |
/data/data/com.riverfront8/kl.txt
| MD5 | 2dd98ca4233196e57353dc36c581fff1 |
| SHA1 | 86ad71a823446b84d0bb15fe382c069752736060 |
| SHA256 | 140074f0ac30577522f820f30f41e816b70985394e2ccc466a2916d395290b23 |
| SHA512 | 19f3131b34c4019c68250640cfab3ebffd53babdc88f013695721b61f891a1483f8d3b5625e494ab64c19185c8888b3845f38c25a26536a0298cb62df6ab112f |
/data/data/com.riverfront8/kl.txt
| MD5 | f9cb955d4cc7f99fa932b419d7604555 |
| SHA1 | 95e311fcbbadc8b2a75f9cff28b7f265260d8d6c |
| SHA256 | ffe88db93a1ff0e5a3a5a9eedcaba8848237288a947a06eddd0935e88b14de19 |
| SHA512 | 0fa7b6747ab4322232eb1ba8bb152013cfa72af122a494a58b0c4612602036a768790fe29e09efb9ca7bca1ac44b38c92c47366c90b1ef89840e68c7707b76c6 |
/data/data/com.riverfront8/cache/oat/ngzvnyttctwi.cur.prof
| MD5 | 966f272242e1e0f9620d1f8608eb49f1 |
| SHA1 | 7b8fde098d1a895cbd2bff501b4b86c584875410 |
| SHA256 | 8daeb799348268fb28ef98f7e1cdfde354d05c8cee7b9076d7ebd04a5729798e |
| SHA512 | dc54ec1d47d317cdbbe85fc3922ad83a54b729492932f55b20b9b586d5acbc8c83013a93cf84f6662c0924ff254cf5138481665197dc5598eaa0980951c732ba |
/data/data/com.riverfront8/.qcom.riverfront8
| MD5 | 046a414913add6f5bb60072c7db819b6 |
| SHA1 | 451ee4f6809260aec622d772fd329c7d0297a842 |
| SHA256 | b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a |
| SHA512 | 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c |
Analysis: behavioral7
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win7-20230831-en
Max time kernel
134s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401841081" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008c66dacf3255794896cbcb5ac20a7140000000000200000000001066000000010000200000006204af27a38130f802814388c2a1f21f0d15b0fe99ef21660f5ed287f34c572f000000000e80000000020000200000000664b71a2b3535febdf191ba7d8a8ada8f6680c2c3b576a4b91fbb85b03a8c1f20000000719cc280ee552afeca18002472436c21c6defdf6fcbb29ab486dfa0e83d4f85a400000005f4640e047c84679f812a45def3cbcfb8734f4793078c0e877e6e5d5704831ca15e0789080f2f3783653928333fbae9714c03c54f7a1171e6983eb5c45e1173e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0e047bbfbefd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008c66dacf3255794896cbcb5ac20a7140000000000200000000001066000000010000200000000b0f1b8868551de110bc3e89a52e74f3c523dc0923febb508034a257d3fac6e5000000000e80000000020000200000008e359f13639636d03013951e43b3bd48a682ff49c872dddf0c581903f0808032900000003dd033c62fc44bb0d75e185d6e0578437a165617f9dd2fff8beb0a844f229c467ba96bde3148044a038c38ab4f0b20538de94f46198c031381f8010a168a331bc54ecc09060b0f41c16c010e5d974e4dd97f98c7a40ac4cccd15929dcabe9454c94a4beb63d833b447ea2533a61e42ba9a6446b60af3122a6d183327871803d23942e6218d901bc9ff087fc42c42b7dc400000003c26025d00416b3216ac3948de8569e8606f4c1e4f8b9ef528742d297ee3d9f998a95228825a796d552af9048e93bff51996cc315dabfc6490ec578ca48da465 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5F8E471-5BEE-11EE-964A-C6004B6B9118} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2996 wrote to memory of 2140 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2996 wrote to memory of 2140 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2996 wrote to memory of 2140 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2996 wrote to memory of 2140 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\assign_labels_local.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2996 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabA40F.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\TarA49F.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bb3d370a93103aa7e9f213e5c3c4d5b |
| SHA1 | 2a8e058cfb338a87eef5eaf9b88003a89cb13761 |
| SHA256 | ecc9cbb433931df9271c60a8be26ea09f909c7862fe6d3bb73e6363508bb0e5b |
| SHA512 | 763a99ac6898775f0f5684f8ac5c20a2936fb6426f424055d6c3fdc6e0ac33b25ef6f39524c15cbf109ef9cc9c828e8f0347d484b0c95ce7574006cb43547bbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 395d2791b7edc599cc1ead0d4ba57b59 |
| SHA1 | a7bd9268691a74e9db0ceb6853375597f69c6ed6 |
| SHA256 | 74da80c1043729402d3a1b6adcfdf07c85c1c6425d315e237ddf75c0160c949b |
| SHA512 | 21f77d631e92286cafbc12a2156efe223a5dfe8e36ca46a8c428bdf7a1a33710a96a45a65f1fa0b7f4561f147df75837c18312a40185e4fb5f1452a39ef93d25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4c8c7f13d7722b66c1c60dfa79187bf |
| SHA1 | 78dcdf29d68323eeb77e9b879b367e8d910fd12d |
| SHA256 | da9e5a44723ed849e694e5584327442a647d4ff63f05924aabed8826abb21633 |
| SHA512 | 8b1053254863dd0efdf13efe54e4ebe40a35d72d8ba1603d771733776fa7fb06da6f0ea2a8aa7ab4a520b16bfbc137ee90499e9fc88c962b624f78a4d0a111ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7bc3754b677d39a1609d2ded00089b3 |
| SHA1 | ac83dc64b446aedbc4989ac56d2785ee978872c9 |
| SHA256 | 8da9590c6270ca627c7e15059cbf6b483102035ee23c6cc1eb0eb638f7de30c9 |
| SHA512 | 02fb23b3f34be193286c65c1addb719bc2a57a4b99ab29c2d2f41e11f1ed59038c64b6e6f03180755c7b0aa3ab4895e0d054f1d2edc2bb3d96171ca65eea2ba3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d022cf8a07a366efae1df1c3ff94998b |
| SHA1 | d6cc0c73f1b0b7894d9c94b1db62468f45f23620 |
| SHA256 | cab245977ed3b7a87b6b09b1594b804a9a513506b4db38291c391d859b7b6344 |
| SHA512 | 91352ed14a4d8cf8f4d419a3b313dde5c5ca603464a4ad33aded4fb12e7c5ba1215f4e3e5c9b6d8db40f2c6c6983b5f4792b155a658bc3466a68de93f17e65a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4637bea73ba56c00b9c5bef7eaf7df85 |
| SHA1 | aa496c8cb6ccdaad5d77a586e4958c6458dc2b67 |
| SHA256 | fc1178068fea8e3b728da53fd8e7dcc727368039bd501df7d33c85e22769e4db |
| SHA512 | 87bf52945a2f934871954d236d797e90cd0bf85a4f5cb5f8e1faa52afdbd4646c8d07f0373326a0f53b1172b614bcf790dfc3616b4d091d106d43c4f05b35092 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 178cd781da60eabafe9789f7049d12b2 |
| SHA1 | 636e651d089260a2bca4fbb8df66f718cdde0699 |
| SHA256 | 5ac845189c3ad49789a8b2669b4a9b093787acca0c372ac911d5d9cf3e5098cd |
| SHA512 | b0e5bae628937c2108048a402d73e311c987c1d247479655b65e5429bd1711137aef543fd2d787cad4693bfb132592f333d2197d1a0e09ba4b94a0fb9d149df3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35ebe0670b8baf40f3aa834f31882a87 |
| SHA1 | b55949e46a1c1e960e66a3fbf7f1c0c0435e7392 |
| SHA256 | 17185c372fefefba2ff828e327a8dc669fb957903a3817a18c00dab9e3a41b10 |
| SHA512 | 1a658da8ac512c92d05202d2d889e4ce5aba74cc83a93423048f5b6738bd1f3322d2f65fe44322a24849752d2b6fc40c8005d8ff0b880cf3ca76198efbe4da26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fadcc7a13f5d2b69e7a7ae5ae767b26 |
| SHA1 | ddc1e18a78284a22822039d8a236d5cfd2b343df |
| SHA256 | aafce0202349327c49d33d77807064e639620c14d775e0c2b9cfce6df29fb9f4 |
| SHA512 | 4bd099d4424ec446c46da461556f1021701371f2a5f47a745931d467f7600efc33d913aa1c005d484a1f1b4fcf2c1b0b4b52271c78b708b4793f56792fcdea95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 040fa6f7e9793b8e7bbf6fd52dcbba3e |
| SHA1 | 923ba7e2508d0bdd79695bda63d517f2726ad901 |
| SHA256 | 3a4bd595f20d1216e1c3e09882d65fdbc85745ad5b7585500fa9bac087b9c773 |
| SHA512 | 5b0ace73c0a7060a310b76536b56eed676c5efd170319a5f1ebb90bd526892e3f12881ae80e03cef1d37fc09a26228c1f58908853fabd1e96263d91810a62692 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0d95e24c27467abf7eacdf8cb3d874a |
| SHA1 | f08119545528398c71be6d6aba5d1f852e95de98 |
| SHA256 | 8371d2c5ea9096e3ec679efd0489c02d1454ca63ac397b195a991d3e1427e54f |
| SHA512 | 3d65b0d85de761cab9e071803b7e64a276a7e9d105097752aafc9e5e4c071b613b7b2ae29cfb16cc70739779164c886ebdca9b5a8af69244fe7e6b4010ddbbc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b25f3636f17ad8eab37f1548cffe473f |
| SHA1 | 347e18e9e68fca5567290a7c44b13075b9b6e9ff |
| SHA256 | 0263c7224ccbd6c37314b994a28ff2302b5e1c0e374016dce51d3b367955b299 |
| SHA512 | c2cde88b33ecc4c924126634da423d65fb30afe3693fe89cc8f38924c6486d4d6ef187f44c9839410a424dcf035a06b9a4ccb88dbeb2c7df4d4d530afe38cc66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afb944f6272e4694ebb9481afed9cf63 |
| SHA1 | ee19ef4c46a22e6a2ee3079e737f9c74f57d1517 |
| SHA256 | 50540c146f64d520d243429252110e6518f4375733a227e3ec5721c71b0dce1a |
| SHA512 | b498794545b2f20a63b3ab594a32619f5f631bbf9d6087ba7986f47a2990778d686dd8c28829ea560c79b2b81fe0a935ca6f77c69fda36e751aef35158ba89fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bc509f82856911f7ea1f1de31c98720 |
| SHA1 | 300362835853120698fc00b664e81fac522cd12c |
| SHA256 | 5d898a244c47f67cee5c94fa5cbefee4fe1d329cc5389170acee0c9ef03d9d54 |
| SHA512 | cde2ea7050d030b79ba63cb6a720ebb2ad3e2589b2f2c56607c5c6e48e84b92794e02340f0cd9b1ddae055c6639e7f426a2225360ffca611000ff2889809f7ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2522ccf7628b16fe9889e7a99725536b |
| SHA1 | 65cebac0e04020cb8f66948b0dde2bfce0ca81f6 |
| SHA256 | 911e90b14a46824fe3ef69fac46d29aa5047edd1ea26481b71f1c4ad5bf7d4a0 |
| SHA512 | 56155506ca3660ced12b21c1299f7a96d978fbe896986eb78700bd01a0eace215f78152b45d3d9b2807285a2e39a6e1961b5f2a1c6b1abbc7905f6986cd38614 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c144c6c4713875e5bc4dc9e01a8254de |
| SHA1 | de101dc3ff50c71fa0f5e13ef97ebc118c559a3a |
| SHA256 | ce4a899840ed64e80eee52367c059a95c217c16b2e249a10e3f037bf0e1563b4 |
| SHA512 | 90981b9a22349ccbf7a1e089867e625e55ff64a9f509c024c0d9e344338547b2723d612dcbce97e4fe73c6920150717a2b72e37786bfa0688d792d582c58c26b |
Analysis: behavioral19
Detonation Overview
Submitted
2023-09-25 22:00
Reported
2023-09-25 22:02
Platform
win7-20230831-en
Max time kernel
122s
Max time network
125s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\dtb-m.js