Malware Analysis Report

2024-10-19 11:56

Sample ID 231009-12p3xsag76
Target 43f7de64b8026fa16a4e0b74a9a3d1c879db3098c9780ac202fc2113a5577c48.bin
SHA256 43f7de64b8026fa16a4e0b74a9a3d1c879db3098c9780ac202fc2113a5577c48
Tags
alienbot banker evasion infostealer stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

43f7de64b8026fa16a4e0b74a9a3d1c879db3098c9780ac202fc2113a5577c48

Threat Level: Known bad

The file 43f7de64b8026fa16a4e0b74a9a3d1c879db3098c9780ac202fc2113a5577c48.bin was found to be: Known bad.

Malicious Activity Summary

alienbot banker evasion infostealer stealth trojan

Alienbot

Removes its main activity from the application launcher

Makes use of the framework's Accessibility service.

Requests dangerous framework permissions

Acquires the wake lock.

Loads dropped Dex/Jar

Requests disabling of battery optimizations (often used to enable hiding in the background).

Removes a system notification.

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-10-09 22:08

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A

Analysis: behavioral9

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:13

Platform

win7-20230831-en

Max time kernel

120s

Max time network

126s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\build-plugins.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\build-plugins.js

Network

N/A

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:12

Platform

win10v2004-20230915-en

Max time kernel

141s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9A93888C-66F0-11EE-A4AD-7E38B6FF5C60} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5017c171fdfad901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053f6c1c968fea744ae4054d48ac91ea900000000020000000000106600000001000020000000483dad05c70af88770f7cf13d371a826999bb5abe8937f29830c9b003e697bfc000000000e80000000020000200000002a68ac09163370c676f3b01b93d11b9139e15c14ca3f7f4570a6f875e6aa4c9b20000000ab874664c5c474141b7616f0220592849661d6cfea8f99eb188ce6dc2d23672b40000000439e940d961d2af9c41c48ffe9f17bb76be1f726959ef08c838ac0da3a0c9b579d1eab16b6389268ece12d951d39ad7a1f8d2d50e8a796be0992a42f14bd8995 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053f6c1c968fea744ae4054d48ac91ea900000000020000000000106600000001000020000000599372536efdacb6a5175bb35877dde241b1dc28887dc6099d1e6421504a6142000000000e8000000002000020000000850b39afc662d5a58333404a42a08832b0fd3f480bc769edd9839b2b238137c920000000a0c5d0653266c67beed105051b78cc9245847f7dbb178d1cf1eee44f7761868c400000001239b39a39e712d2492d34674e564049fd066623326e788189cd1a4d94ed4fa4193018af9d3aeeb1741b54eb9d3fe4cd6f4ec9b9574711f6f8cf5267a705bb00 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1863642618" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31062781" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1881611919" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1863642618" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403654382" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31062781" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20b9d171fdfad901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31062781" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3528 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 dict.kuroapp.com udp
SG 159.89.193.19:80 dict.kuroapp.com tcp
SG 159.89.193.19:80 dict.kuroapp.com tcp
US 8.8.8.8:53 19.193.89.159.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 9.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HNGI42RJ\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:18

Platform

android-x86-arm-20230831-en

Max time kernel

377821s

Max time network

156s

Command Line

fr.associated.string

Signatures

Alienbot

banker trojan infostealer alienbot

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A

Removes its main activity from the application launcher

stealth trojan
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/fr.associated.string/app_DynamicOptDex/aZiccBex.json N/A N/A
N/A /data/user/0/fr.associated.string/app_DynamicOptDex/aZiccBex.json N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Processes

fr.associated.string

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/fr.associated.string/app_DynamicOptDex/aZiccBex.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/fr.associated.string/app_DynamicOptDex/oat/x86/aZiccBex.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.250.179.202:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 jsonplaceholder.typicode.com udp
US 172.64.163.6:443 jsonplaceholder.typicode.com tcp
NL 142.251.36.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.36.46:443 android.apis.google.com tcp
NL 142.251.36.42:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 wf4sctx9cksg94528o7o.xyz udp
US 1.1.1.1:53 wf4sctx9cksg94528o7o.xyz udp
RU 194.67.71.18:80 wf4sctx9cksg94528o7o.xyz tcp
RU 194.67.71.18:80 wf4sctx9cksg94528o7o.xyz tcp
RU 194.67.71.18:80 wf4sctx9cksg94528o7o.xyz tcp

Files

/data/data/fr.associated.string/app_DynamicOptDex/aZiccBex.json

MD5 71ddacd8a2cb40df18134c90a1bb4be2
SHA1 293b301ee8eb182182214f1a23c9d50c9dcec727
SHA256 7b9a551a5ed085cd9c0d9423e763ff7a51d01fee25b078be7c6e85aefd6c6836
SHA512 f12ea753b2066e1d195969efb56cb226476ce7d86d28cf452ec6b087fc6f1786fff4c20282c1a242063dbf7bb52de74d60cafa8d6f9edccfe89d6bb623492aaf

/data/data/fr.associated.string/app_DynamicOptDex/aZiccBex.json

MD5 c79398dd96dad9fa31b8da95334ef0b9
SHA1 98b969ccd2423bd76402fc96baf24704a8a35406
SHA256 83c8b8636a889d87c90671c1172dbdef67030bdbd62829a8db1c6372001e72b3
SHA512 fe628d0079582bc7ae6f536af76da3d1038fdd715a62a58e254e801b91f7928135b14701bb5960bfe582ea7e88a7f1ec77319f55ed46c0bbc4f2936eaa91d574

/data/user/0/fr.associated.string/app_DynamicOptDex/aZiccBex.json

MD5 0930ec69d81f4b96649d36d7b6f24b90
SHA1 349be2cb09fd8974250fe3aa03b54a43ab1da09c
SHA256 5d30844dfc43fa7dba25603cde401697fd5c3f857e4f59fded3c41db719ad3de
SHA512 0771ec5c54d5c68be8301d5ddbb7ad5904e24f32fc8d1ce6a085410e9985a71653a0e69a3f892868369dbab3c85ebdd5345bb25244f29665f021551f694b3045

/data/user/0/fr.associated.string/app_DynamicOptDex/aZiccBex.json

MD5 9d7303454701903d24bf29a1e8a24408
SHA1 4df0979ebc2064ceaab58a10ebd93a193a8c3b30
SHA256 ae24eef251004b4c48e4c7a7d2d9744120f6acc2f274bf7d605bd80278b4c880
SHA512 64ddf3f379bb36487d501b697822f5015285a5e724816a6fdcbfe83fe25d21d22bc621d9c7b9a597a2828d630f4635b045adff86e59600a17a481aa5b81ed019

/data/data/fr.associated.string/app_DynamicOptDex/oat/aZiccBex.json.cur.prof

MD5 2007010406bd0e5663227c624cc0282f
SHA1 efa48ec5234120ca015ead18602e73bd7341e741
SHA256 1ff21b128c409fd24dc403fe86c7a1039e2cc053a96876e2831c8373d819c49f
SHA512 f17af8553982df8e91463575ad2aebc7599cd17066c33dac790f6c351ff15f2fdae1f22dcc5e996e22339a54cd467a1d926a0dfae855f0edf8e299fd281fc3d6

Analysis: behavioral19

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:13

Platform

win7-20230831-en

Max time kernel

120s

Max time network

125s

Command Line

powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\cue.ps1

Signatures

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Processes

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\cue.ps1

Network

N/A

Files

memory/2124-4-0x000000001B310000-0x000000001B5F2000-memory.dmp

memory/2124-5-0x00000000024D0000-0x00000000024D8000-memory.dmp

memory/2124-6-0x000007FEF5B50000-0x000007FEF64ED000-memory.dmp

memory/2124-7-0x0000000002500000-0x0000000002580000-memory.dmp

memory/2124-9-0x0000000002500000-0x0000000002580000-memory.dmp

memory/2124-8-0x0000000002500000-0x0000000002580000-memory.dmp

memory/2124-10-0x000007FEF5B50000-0x000007FEF64ED000-memory.dmp

memory/2124-11-0x0000000002500000-0x0000000002580000-memory.dmp

memory/2124-12-0x000007FEF5B50000-0x000007FEF64ED000-memory.dmp

memory/2124-13-0x0000000002500000-0x0000000002580000-memory.dmp

Analysis: behavioral20

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:13

Platform

win10v2004-20230915-en

Max time kernel

144s

Max time network

153s

Command Line

powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\cue.ps1

Signatures

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Processes

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\cue.ps1

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp

Files

memory/664-5-0x000001FE6B370000-0x000001FE6B392000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bi4wqisu.pki.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/664-10-0x00007FFABA0D0000-0x00007FFABAB91000-memory.dmp

memory/664-11-0x000001FE6B3C0000-0x000001FE6B3D0000-memory.dmp

memory/664-12-0x000001FE6B3C0000-0x000001FE6B3D0000-memory.dmp

memory/664-13-0x000001FE6B3C0000-0x000001FE6B3D0000-memory.dmp

memory/664-14-0x000001FE6B3C0000-0x000001FE6B3D0000-memory.dmp

memory/664-17-0x00007FFABA0D0000-0x00007FFABAB91000-memory.dmp

Analysis: behavioral31

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:13

Platform

win7-20230831-en

Max time kernel

144s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac200000000020000000000106600000001000020000000b21798ab90c44fa256d37613e553ac5b504f0890ffb13366d2e6c39b955ba2c8000000000e8000000002000020000000592e1fc6b70f9d0ad71aec5a4e1832e47da0f61b322c38d7f826408acd8de70420000000e4501d1d8c8935f76afff73e3450a005971fe131123572e832fb4ae80cf500264000000036a24eefc6848ded1d7267af0524fda8ac74ba04a626db808b96950465e4f7240b624a42bc5c39d51a13749c7352e46f7ce947824822ec9bc805bc9097e3adec C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B7D221D1-66F0-11EE-B1CA-5EF5C936A496} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403051324" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30ed8f8dfdfad901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac2000000000200000000001066000000010000200000003fa59ac8c7e56e7aba316ba1a560c90df718906f57fe4622babb8766f034693b000000000e8000000002000020000000dfb1ef4c3f4dc78781950511fed694a29cecbbf669ba03bf05537d5bdb7d381590000000f97624164f893ca18a07f8469b148e9d52908c5113eacb5d2c6674cd684b741c0df27ebcf917207fc06d9135eb51764090a4975693d97870acfe318b47fe7603c2acc06c865f7505f30bd67b5b8a45c5f207763e307f86778c726aa9ae0e3c7d1b629bc25596f70decf9460ab09925d504bb3dabb8e2f19d3793ada685898fdb9bf8613bcd3aba7f33beb665cfe2096540000000e3956c42520edf40d537426ffc478cd173230862075b122f4164c6efe083e620512d284962175029d2e840a23bec4a416b27714366dfb74b093e726b1f58686a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 dict.kuroapp.com udp
SG 159.89.193.19:80 dict.kuroapp.com tcp
SG 159.89.193.19:80 dict.kuroapp.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab5ADF.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar5BAD.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1267d0182680e214175c9830d1a0f8fb
SHA1 81cdad1f1f64e51e26264806a309e549a27f73dc
SHA256 de2abe686ea175ff702afa803c51c2649303fb705e701ed2a3fc898515c0b9ad
SHA512 6362470f925edba9fa6094fce1d8386b02ed6609a0c4940ec35beefbf0c46eaf008d7a81cdffa54412f9b3b1deae678820aba18668e110b09e5c03183e2e020a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34bae9665dc0f95537c0cb346c0456e6
SHA1 1d026a6023b71f52d83f41aaba36317c43da9655
SHA256 99f9fee9054835ce4698894427ad5298d2cacc89342fd9ea7f07099a7b616fed
SHA512 4a0c3f81c4ec69b6ead9f9959f858cce3d814973496c0508cfb49d8049231c6ee9cc8dc8df1f90f10b00734afe7aa5787534418157ddb733ed20baec9d5da0be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d201c8b451de2f89da5801c116881c7
SHA1 df55bdaf82af5f75ebe56beb9a5768434726c75b
SHA256 51c2a10c966e755d32e507047694fe85f32539f97af3cbfc82095a9d060d6474
SHA512 777d93c820888ac68521affeb35b5a31b6666c05d7a064363665ed487b6d8dcbd8eddfdb1a712fab3c35fb4fa6c5d095744cd7e0cd51dbf936e49c7712d2bb7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70c8a02ece33b9f9c1a335001038d58a
SHA1 bec9b1dccc697b6c8712bc335ceb9869e07e5611
SHA256 18f2dfb6e0162db6b429ba7d73b7dfc8c6b93fa2d0c6680814d27b8ff39c5399
SHA512 5a5aa99fdfd2bc34d862e061d21fd29ab59743d8bcf306101010ea319f19215cc418e8b99e4fdb59d1be3adbd4c1c07fe491422d290f1ca7f6c05b3c1de98f6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 781cd605b557b2246a32201413c5cdb3
SHA1 ab8b7a5d9e73099f04cb92e67cd328ed0b726308
SHA256 62d9dece33ed13adb09016abb723153d8a4934cc67861101ba67ec061e339f62
SHA512 a2b4dffe2c7f21e968fab51b62c16df13ca4dbe3d5d4f94a88d6070c3086ea033a4ef2757aab155d21441e99679d45e74b18a59ed26fe4b7bd65cf0e7d1c0e4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5594362787bb2692fe621703347d5113
SHA1 455b1be9147bb713b418dd0187ff8df8abf7c65c
SHA256 fd17d511a3883a83bb5029789ad71b233a502b7a1b5ec899e3655aad88229f65
SHA512 584a25b4901009269137d1448fa08e10f611d021471579ab430bc1cbc5e61d9265af962d2258a4ff233f604d9561be8a8036f665a3dab2db1561e8725e49aede

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 464734f7cd54ebd7139005c8c7aab089
SHA1 5b2277b8e75dc8ced9877e0e6b172233677bd5de
SHA256 090c05c33d8671908a9f9705510e6f12ef02d509ea23b224876c2b96eafdbfe1
SHA512 d8b4d75abd960c18e2b4a7ef0cfe0f4b4455c34b916315336191d8d7b1e7717afd985eb1a75e450f71e785a17bf669d981f195027eefd8fc870fb1568b9743db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c34cc6d619454bc9697190bae5fcb04d
SHA1 fef43c17ba77a3f5ed4cc90247ef62185b281e95
SHA256 6b4d381acf45d7fdd3094b95ac4f285ae66f3b5c2a2d713e594e03a152939ac3
SHA512 26a5461039ad881445628f034e8cae6e1ffb1731121228fc05c1b6c307d5bc1a9fb5b8818265d8b2cf7d1216d7b03e35e03b10c14f1a24cc04ff03aa2f7827d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 476e960ea6c874a4b520ca858d54f2c6
SHA1 eafc0971f676be7033abd3264e787ea9eb4c8fe8
SHA256 097687f530e7f6330965b0500d9cba1106957d52d7bc799c44803360b73fd7bd
SHA512 bd12f2ea6aff53668f8e21ebf029506055a1680167126fce3fc530774f3907a8972cb2159182071181622ff75b130e36a109b4c2dc68dcb03b854ecc9cd7573f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4dc6cba721ed1db8291453f206920ce0
SHA1 7d1d499a3bfef5e9cbac855661ef48ddd0715ca3
SHA256 da4216acbe2ba92f391fca3bebaa7d3e0cf8cc90142d76d9471938f82266cdbc
SHA512 aaa0c5cdf4ec888e9e332fccc0af3cb3da559499931ae069dadf7eb6ef38bc9e688dea63680f761be17cd2bbbf1a7157815060dd12bef3876ddc8dcb3e785f7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 876d43ce0b5f9b32be5a1ff6264f0318
SHA1 a3fd383d517cd54472adcae94bf99a5822807172
SHA256 db91e63dca7b545b93e5674b9ff0dc6cd8e9fcc04388939aae33bf2863cc217a
SHA512 0a5e0be7ca6f5231fc7a1f71d0c613e47fe07fb04ab6492cd77bf28bb1f3cef31e6b6b6dc8804313690cee4fcd1630ae740ef6d667d4e5f814328ba48b714f42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cd8890ce4f5037178b0f89e293ed146
SHA1 ef9d0c5e014ea3693df47d84118f69ff2938b19f
SHA256 9db3c093fabd30e1003b74e16ce171342b9407acef26fa68e2386d56e899246a
SHA512 9825e29dc0a0067224bf94062c1494a1c55081b607c0d3d11af23f64b1a98850cc53a19f26d0b11ee317ab3714772ae1f7e55b66d6f844fdab3a71c47a1b5ef2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bfbc7d82d144201b5cfa4abe88435b8
SHA1 df53ab596421afc2ed9dbc5c4887dd4de465df7e
SHA256 84e44078f6409be8137b0d15b21c041ebf1aaea87f400ac882cc70137b107543
SHA512 c58265694329319ed8b6a7048f5801d02a8c2a7a14a57f9ef0a8824b912295565d837d6454bef006a09481012d0d73c8cf00c76cae82af3320b792d68df083e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1dd652f538af190e50c97be27adabaa
SHA1 6219ff02eaae7abc45259aed2a7f9dd34c70c627
SHA256 5f43e59132778fa773d2ee50c611333c7b5de633ce6ac73768823dcb360605a0
SHA512 5794cfb4549c273525e4d7b3309e700f2b7224fec91219098f1488383a4f124e77e303923fabcf8cc8176f9118ecddabaa4d43bf6d0f4cfd285dc6555d0167bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06d80310651c0ee8e3a32ee45745d24e
SHA1 e00bf476b6831f07dbefbe43bb0d3ed3c74a97e7
SHA256 d313b89f04e6c803252eb37a29fc4b0ec2818ec5d9af9313616dbd2fd8b209a9
SHA512 e31d55ba53bc1b6724a338b5fcc943610c872a3f47a965c9991b014d8dd3c5cf115acac9509f8bb90d882f2e193b8f6b759bddb5e9d5ed9c59915c9406917ab1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06d80310651c0ee8e3a32ee45745d24e
SHA1 e00bf476b6831f07dbefbe43bb0d3ed3c74a97e7
SHA256 d313b89f04e6c803252eb37a29fc4b0ec2818ec5d9af9313616dbd2fd8b209a9
SHA512 e31d55ba53bc1b6724a338b5fcc943610c872a3f47a965c9991b014d8dd3c5cf115acac9509f8bb90d882f2e193b8f6b759bddb5e9d5ed9c59915c9406917ab1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a9ce983fbc44b15b24d683f09f938f1
SHA1 682322e995565bbd67081ae4a76f2408e39b88df
SHA256 3eb0876fb87aae5a973946cb2ad8f046d36988a49bb75fb996d1c71555b26195
SHA512 77d724b4ba3aa6ad70fd711143b00494157e33a040de9c1b0c46ca95cb527553adc3d3bece5fff4f214aa3e864f8e42ea5d8a72aac961fb826a08a4a4507eb5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5920460e79226f39c63cbd544744e482
SHA1 5e3a3974bcae41035af72291342cca7b7380c6c0
SHA256 ec3c6985313f48358106ff2973b4105c452e66e14a6a563a76811f00f7dd6816
SHA512 2277c3a955c092adfa37f8c5dd10d887e326fe5f671eb0414ccac7ed763fe5ec24d957466342ad556a200b2e72979dc8fc18a001562791d3b09441fa781720af

Analysis: behavioral4

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:12

Platform

win10v2004-20230915-en

Max time kernel

145s

Max time network

154s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\alert.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\alert.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:12

Platform

win10v2004-20230915-en

Max time kernel

142s

Max time network

148s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\app.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\app.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:09

Platform

debian9-armhf-20230831-en

Max time kernel

1s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:13

Platform

win10v2004-20230915-en

Max time kernel

147s

Max time network

157s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\flaticon.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0f9518dfdfad901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b030000000002000000000010660000000100002000000055595daa0213223fca2b1ae09ab65152472acf6b3567b9c7e23d1c07b0e683ca000000000e800000000200002000000034e70973a1181e5faaec3db5c4199db87b0cbb1bf38d3f1c1b179c9fe0c8da1520000000c60286f85084312832b70331511c39f4e800cd198d0496a1d44070f52de33d0c40000000a8911d9c286c4a459aef32edd27b22148bfc5f72620d9073c7e213e2e2ba2ce4c0ae0eecc40cbb8d8d41dcf83acff9d85f0cec33fb5a7acfd51a3cbbf56aa63b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2315335905" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403654427" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b0300000000020000000000106600000001000020000000791e1782b740e883d57ec3e225256a5a1456e42a1db0b900cf7e03d886e10835000000000e8000000002000020000000aa7e8fc2b32c898b9c190ad4ac1e63734a2bbf269cf5acdc20973e43f1d3bbec2000000053ed4f02364d2044327cf8289bc1086eaa805af3c8d71fefdc1e2b860f7285534000000035861370bd6cff4ddba98d54526cce984be73bbad66ea8cea2a1063cfabf7ac041cdca1afcb302a59349ec61a407ffd5939d15e63c459bf1b2146e9355456eb0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B57A12F3-66F0-11EE-B0C5-EA083B40A080} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2315335905" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31062781" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a09b628dfdfad901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31062781" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2330336049" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31062781" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\flaticon.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4364 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
GB 216.58.208.106:80 fonts.googleapis.com tcp
GB 216.58.208.106:80 fonts.googleapis.com tcp
NL 142.250.179.131:80 fonts.gstatic.com tcp
NL 142.250.179.131:80 fonts.gstatic.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7R28S588\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral30

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:12

Platform

win10v2004-20230915-en

Max time kernel

150s

Max time network

157s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\howtouse.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d72dbb839895304dbc3a7dbf8a262ef500000000020000000000106600000001000020000000aed0cf2572a5970d8708b67f08877a1691689954e2b378572a6ee68f8dffb0bd000000000e8000000002000020000000c7f75bebfd4b68e7502e39ebcc315f93605d972df2a7eebfe79c91b4041e4ed6200000004ec83a710a43bf3997d96d07e4a5e10b2c384c71b7b591ac38b8a2b591fd3d49400000002219431c0a71842f584d4b518beb308339613017dd86f5b7ccf97ac67907c5b9ff41b33bdbadbfb184ba74d427fce629044593ae30e5cfea472dc0f123bf7303 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31062781" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{8F5621BA-66F0-11EE-9784-424EF1D7CB82} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401525841" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2846188385" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2845408072" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8038d98ba1e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31062781" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31062781" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 601fe58ba1e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2845408072" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d72dbb839895304dbc3a7dbf8a262ef500000000020000000000106600000001000020000000b5092720a530df0a7aec6a657484e33e6c1e4d3e85acefa8cb85f166d6c1ed9a000000000e8000000002000020000000818781cd1b97fa483df791413b885efea0eea7aa0c12062fceb86f2fe91d200d200000000d6814a71b3e93e87543af5256e4499ad70bc77ad6d2c1e6e2636bc6de6d495040000000a6959c5af3a4d91f3399fb2734af651c9f50919ee7d5a47da8b16e44cdef0bddcc1a88b01520616eb76ee54f27db5fc2db9258d53996325e6cd1f5fe87f34841 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2846188385" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31062781" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\howtouse.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4568 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 52.111.227.13:443 tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 9.57.101.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MBSMWSRL\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 744489f32dced276835ce0beb5258822
SHA1 8610626ba966e00c276213aa5c790bab04c3f850
SHA256 5f40c050354d70a1331bedcbb5390a9aede77c645aecffc7a17228894bac0974
SHA512 95d98bd2c2566588f9062b14582220a33703e0304c7bc8e5079e50c0181021948fe7058814634e1c99fa9b508485cd834373b3cea7b0f3bdaa8bbb9d77b12d38

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verEA76.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Analysis: behavioral18

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:12

Platform

win10v2004-20230915-en

Max time kernel

139s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\consentform.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1861815877" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31062781" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403654384" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9A72E6DA-66F0-11EE-9784-6EA0D22CD884} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1861815877" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d72dbb839895304dbc3a7dbf8a262ef500000000020000000000106600000001000020000000493b6aa2cfdbed8162f48dd181b9aba3a67ce33108fd0bb0bd321f5b48d39c2b000000000e8000000002000020000000d838b4296db379cd3e75e978394b1a362231f44796c2d2e8dc9b5b61d33bb11220000000a94b3ab56be7b1faad032f32582d732e7091693b92033f69b03d264945225bef40000000b6444e734d4a89e5b76e2908379cdb577a14511427fe459bf71bc9c4b2383f539b37915ccad3833c927dbbf4762e87f9b2964bf78952349fee76ae73ff0c492e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31062781" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31062781" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1893691044" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4071ea71fdfad901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20e7f371fdfad901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d72dbb839895304dbc3a7dbf8a262ef500000000020000000000106600000001000020000000f37ae2fc7e5f8f6b0b0512409b4a2f1fb65ffa83e49892bf3899d221cf646686000000000e8000000002000020000000e264dce14532b98ac174db3e02932dd12b1914d952be9c00a0cd75f80532cce9200000006aff260b808e2d1dfc66727ca612a82f093281b00ded1c9c7b1ad0f5b30f4357400000007a37cf27fb46e94927a3294d10befc16d239bc0305c3ed2b367e7d7dbb385d4468fcfc3c524e31c3e0fa01a9db5a6bce111815b561107688f6d7479b7f4ace42 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\consentform.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1300 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\742GEXTW\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral23

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:12

Platform

win7-20230831-en

Max time kernel

134s

Max time network

135s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\flaticon.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c30000000002000000000010660000000100002000000098937b5116eda2f7f8b4b388c302245ba69a74d4d778bcc98217ddc87526791a000000000e800000000200002000000051c6ed2b4d5a4d5b9afb2ad169267630f3c580f443e5b8d24612cb55a8ab800320000000cec2a85f7ef02ee8b3084add39c67c52644d0f285882273fd2a5a78366623d944000000088c8e51e39a1f5606f972006cbf1ddf7f9fce45c2bcd468f4bf1787b212719322f683380e24e6fa705a36b2bf65fb95ad506c8aa400991794fd83042d0c7b61b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8CDE5FC1-66F0-11EE-8AA1-FAEDD45E79E3} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403051252" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0492362fdfad901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c300000000020000000000106600000001000020000000d2b8760ab9b1dc6163525be2bdf1315ce1d53c6ec89a8ef183929b2acfc344c9000000000e8000000002000020000000917e844da5582314d9531589a359b937cf86d2e3d07680af5e1b0c1ee0ec873f900000009d2e3ba0f7142cff03c19ea1959976d2480ec6e367682e8f442d382bdff2c04ab05e2175a1425648fdd78b1c29a9c5fc44d87a067839539578152c7bf547ea96aa48e2f07a353973f5f02745f5579144dacd372a791a3c6421685aa0a6372f7df577d55283f6e5ac357889f0291690707515ee5abf913ba209538a348334f7984bbaa85c9aee933854bbe6066a98a79440000000200e077a6253d4638401acf5c035d4176d54ac668c798e9e5af4e808e013c9cd845cd5bd4474a9a3ed4d2d792577cdc421c36a12b1bddc1eee36dcad19b1a1b7 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\flaticon.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
GB 216.58.208.106:80 fonts.googleapis.com tcp
GB 216.58.208.106:80 fonts.googleapis.com tcp
NL 142.250.179.131:80 fonts.gstatic.com tcp
NL 142.250.179.131:80 fonts.gstatic.com tcp
GB 216.58.208.106:80 fonts.googleapis.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab565C.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar572B.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1879e41d7e8c4c75e8c17a9ef399898
SHA1 1c0866872a82e5b8e094bbc9abfe94e8e02df7ee
SHA256 98bfc9a55be014c91ee8f95444e5fddad739efd02a51e24b992259183aaf443c
SHA512 2275ba7f6eb43bcedb142666cc8afe791d95011275a0291301851b7c4034d4bdcd31f6bd4a1fdb159d377adeac1523294fa9d6a39f682039d74cf96f3eae2038

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 832def70fd0859d7363fdd4ccb294e65
SHA1 aa06c83e2afa9ab05a8e9866640da35f65c2cadc
SHA256 63af1a0c3fce2a27b127393f25e2a5a7878c6430466ee98aeda5ea2b3fa43332
SHA512 05e8c2ab2984706e1ddf44e5d333d8fb9d8634a1387e3a64db5f11e7c024b4267e9df31845d3afba50d5ec60801397c6fa742b317b14c74320b23559a4ba2d08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 936c21a25c36ee5b27d1dadab38c21b4
SHA1 4a79526b3ac9678dc827fc2eea7a7a0628430d4f
SHA256 10db10adec218f55ff9a1e6ea20383014289be76c7bb8112eec44ba2c3c3890f
SHA512 2b5b1386a70c1987bfe132177f0dad1cbe61267ad85651b962b8ce2da6270a24bcf96ca66b3952fdcaf26045765204f38d356e24cad708813617e345b9469067

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e47289db5516ecde0702b3dc69434c5
SHA1 f49a8df6189f39ce9db4388d850e283d3815e3cf
SHA256 5ce2bf1d3730dc77fd7a9c218ff6be6fde69995b524cb6e256385fde439a1f7d
SHA512 576671ef0a2ac443cb8661f187e1b5da97f6c0e24f80e4fed8bafdca4a6a548d64e9c3cc413c3959e023416f71e97f581b874e96b9397d7abfbbc03086bf7a7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a50860b7c0f333736ec807bec504726f
SHA1 68853ae68c9a2a5880685b06640b4871322be75c
SHA256 05d332450dedd14d09d9ae6b544a4ce06e4af89a62fd1f6d283ce0ef10d6637b
SHA512 ea3d3aad42ec6e69055b3fbfb3409c66773576eb249e0f4f7028ce21a20a69f143ca53b3e893ba129f1b5b00993080266c454617f488f0ca486eeed95d87d1b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23f61efb6bef663e44833bb67b680819
SHA1 e47eb07ebe9ef4d0f1ef52b60b14e81afb06e433
SHA256 91589cc5cf2468af219d414409ed6cacddfe00d4ee50720a9063aec7a7bed5a6
SHA512 0b958b75691752245f0f9485cd4b0586cf44f33da094c2d02480926968da7f9622560c98075d8831ea26a6df7b26dfe17a474d48c46d8671bfa1e126a76c45f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3cb9d89b2aa9d25af41595e62f79ad3a
SHA1 7ede0c2abd441fc2806fc6ebc7e12173a63440e1
SHA256 c08b1d3142d3a31ab19fab69ccfc3439ad80f52f1e7cc69b9d7cb76ddf31a675
SHA512 116a01408b228fe193a71a1ed057253c4d5f7c60d4d1fd5d7a5bd1cd774afb2b563d36e08bf53c0455b248f17bfb05e2d89eb291ea1acc07abda7e90d859e7ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bcb06b12e11a9a1bd8b09ca1bbf443ba
SHA1 176db348fa244418a438c77db045dd8099f24f1d
SHA256 7e28560c2dbf553523654f5eb79dc45099782d44238b3f7874db58cb1f39da71
SHA512 e740cbddba6b65f68d0631a1e2264c08b3a40d71b0b5752fa6bcc3c6094ad11f541491138122ba409a2157b7c536f0372f828e8f2e94d120e0733c6b1a48dce9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86770322154aee695049ca29323b5dfa
SHA1 d974b7011190589598f68be7ba5738bccf1666dc
SHA256 ee05365b7faf42f06d7c8214f0556d0aec4edc2363b3e45b17e685e419afcb4b
SHA512 39015423933f1b2c2d176e5684f4fcdce0fb8fc1a6b8fd5981dd2da512d9dbef5ae3956a8f88c043e3825e5bb7365f08cdc133e5013a182fbd3d40e850bbe1a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f16c3f0c6944d58e6eb6dc6e75682282
SHA1 58b12f98fc1d2e6cd60e9d0f85df3a34969e4323
SHA256 566568f15f8b62c4e64285469688b4d20ce05e1c8c6b141dc0b3eb69ca1fcff4
SHA512 afff2378474d676b44f95573c111df36ac431fa4984989b8b0017f6bcaabb067e83088006010fbb2c94fb014ca35f305f5ad7339e1e1b0dc1a524018caba0692

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1757eb0337f17a1b7e1cc7788b7c3284
SHA1 95f6c80b841ed38617771584b1e728f02edcdfed
SHA256 eb8a534e8ab6ae7ce6da27d34fa353ff8a230a6610db3a06f1dfe63077b1df2f
SHA512 2a3e6591a75200c82178bd0126595f3c08e868165f0cd004db4e875005b67c3755b7e1182a46f291a968f0a1ab73b63443d725437af2738b1c90f2acd7f62c5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7025d2eacc57dc1aa8db3283b3ef3b1
SHA1 9ecd82ec5daea6fb663234d0d035086506f487f4
SHA256 5abf71924bd897dcd9ba71d1b07e4287a192defa2bda44aa4f96bd5917862417
SHA512 7a8128baa31eac5f3d7bd0a7eee0e282900a60069ce7500eed8b06cbbc70316b559f211329a39afb2f54ffed7cb5e8f13697c6d61dcbf58e18801fb721aa2d20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c0b187eb7dc175945e2a95fe01a496e
SHA1 60367fc4ce2cf659949328fb4fe87f4aaf533d8a
SHA256 e8577b8a87e1ec00db676c84b034cc89094e0c6c23428fbae1fa5f2d9515ff9c
SHA512 fac9d1def556c24baf8ca52c237c8ae1cb34907bcac5b9528e76db0302255e0b872ac803bef0aea64d179063da981c4ce4cd9de2e378ed03dfca6d670210b996

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b04d0c2594d95d94b9119a6959bbac58
SHA1 7bf7ddf379a456a603acd2a518da1de9b3c80bc7
SHA256 82728097d0b58fe25552a67465553927ed2828987f697ac3bf696ca5f954815e
SHA512 3424ec4c758f4edd60bb7c2db33d8c844b0517922e294e9d368d97a974593dfbf2cf905fc56083d7ee00d885b1deb6f7f8899dec0338a19211db07d7ba7ee65d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4b0c0767f48d58591a82bd36296c995
SHA1 a655a8fff2ff628a749f1583a101e5b20d2d026f
SHA256 99ea3d894b5f689a20ea2d703b1ef1b01e62e148f4d39c9157594f23feb26ea6
SHA512 5c69f0fd3ba8ed2bbb8f8c58d5dc56f597462d5123b29e1347e0f1e6e1cb4658e7aed5b477b927704f6792e6b77fb63bdb1c65c0a03ce8a9099eacd1c42e6b35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6191494aab070cca269e328f4a3e6912
SHA1 96110b784a0484441ad38a61347e0ab67586d39d
SHA256 94e32893e0bb4b0634f76769fc6953f89b8726b10f9f8a3633f09cc1132cad9f
SHA512 0f1b8dd411e3cb4082314ca8c5fffc8e9ae3b2ab803fa871a7553375797e8476b2a894b98f3105b118a00b6fc2bb1848b9221bde28b048094f8be4c0ee28e0d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d45b2a2e7897b00738d99043bcaed7e5
SHA1 4fe649eeb30257edd60a335e5aebe196a7f45d42
SHA256 38baa86e934a63ca5dfcdc8bc0ff8c8962abf5bf111e3a0f741b7def15b53fcc
SHA512 aac3a61c862f95142035a3d78536aabafedce4738c89f1519596af342a8c3bb8bdace9df095246c88c837fdb44e04386b8053aa594c630b6748d1989d0df3066

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:17

Platform

android-x64-20230831-en

Max time kernel

377779s

Max time network

165s

Command Line

fr.associated.string

Signatures

Alienbot

banker trojan infostealer alienbot

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Removes its main activity from the application launcher

stealth trojan
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/fr.associated.string/app_DynamicOptDex/aZiccBex.json N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Processes

fr.associated.string

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.206:443 android.apis.google.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 jsonplaceholder.typicode.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
DE 172.217.23.202:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.250.179.168:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 jsonplaceholder.typicode.com udp
US 172.64.163.6:443 jsonplaceholder.typicode.com tcp
NL 142.250.179.132:443 tcp
US 1.1.1.1:53 wf4sctx9cksg94528o7o.xyz udp
RU 194.67.71.18:80 wf4sctx9cksg94528o7o.xyz tcp
RU 194.67.71.18:80 wf4sctx9cksg94528o7o.xyz tcp
RU 194.67.71.18:80 wf4sctx9cksg94528o7o.xyz tcp

Files

/data/data/fr.associated.string/app_DynamicOptDex/aZiccBex.json

MD5 71ddacd8a2cb40df18134c90a1bb4be2
SHA1 293b301ee8eb182182214f1a23c9d50c9dcec727
SHA256 7b9a551a5ed085cd9c0d9423e763ff7a51d01fee25b078be7c6e85aefd6c6836
SHA512 f12ea753b2066e1d195969efb56cb226476ce7d86d28cf452ec6b087fc6f1786fff4c20282c1a242063dbf7bb52de74d60cafa8d6f9edccfe89d6bb623492aaf

/data/data/fr.associated.string/app_DynamicOptDex/aZiccBex.json

MD5 c79398dd96dad9fa31b8da95334ef0b9
SHA1 98b969ccd2423bd76402fc96baf24704a8a35406
SHA256 83c8b8636a889d87c90671c1172dbdef67030bdbd62829a8db1c6372001e72b3
SHA512 fe628d0079582bc7ae6f536af76da3d1038fdd715a62a58e254e801b91f7928135b14701bb5960bfe582ea7e88a7f1ec77319f55ed46c0bbc4f2936eaa91d574

/data/user/0/fr.associated.string/app_DynamicOptDex/aZiccBex.json

MD5 0930ec69d81f4b96649d36d7b6f24b90
SHA1 349be2cb09fd8974250fe3aa03b54a43ab1da09c
SHA256 5d30844dfc43fa7dba25603cde401697fd5c3f857e4f59fded3c41db719ad3de
SHA512 0771ec5c54d5c68be8301d5ddbb7ad5904e24f32fc8d1ce6a085410e9985a71653a0e69a3f892868369dbab3c85ebdd5345bb25244f29665f021551f694b3045

/data/data/fr.associated.string/app_DynamicOptDex/oat/aZiccBex.json.cur.prof

MD5 f0799fc9e43f8234bbe2f489b0c32562
SHA1 17501c4d5e6a742328331263e775ba7cb8141810
SHA256 8980db4e6045b2086156c0e153890734e2a686f22403b8608bdc11c75fd758e1
SHA512 2357867f163a5ca932c89c6fc62bba524648f7dfce774f1e7d032874da110c22fcd4e69cc195a6cbbc5dd0e4dd01415252339a5d43232a9bdaa359f57087da46

Analysis: behavioral15

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:09

Platform

debian9-mipsbe-20230831-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:13

Platform

win7-20230831-en

Max time kernel

135s

Max time network

136s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\consentform.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f0000000002000000000010660000000100002000000022e030e532263609575b22ca7eea67c1f47f0e69e9a8d6ed1b8dc28ad79599fc000000000e800000000200002000000080dfb37281d8525a2207fe52cbf6018aec0520c38aa9a23982e470d4c531d80c90000000b79e2e61a0660f2e0ace6b4f21d4f95cca0e70f0286aff0479c3385ae98918dea62e362ea9d14cb0a11c03f0f797e021aea4b52ffa30428b936d10482b572728ff0fa08ec5373d021207c62a02fac3fe704e8b8223bc5c096841a9aeebf1c2e231d535b0a4b251838c4cbc6b521b48f4acd3345816e836cc0b4bf3078191427d814601777e7322c91af05a374cb070ac40000000a0c5dacaeb067a99312e8359050ffa1967086fddf3bbb50486d445f43c1144c8cea5bec3ba2dd6e61f1e5147515a8f5beb371fc2cbd0fe2b89082dadc4151e8c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403051326" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f00000000020000000000106600000001000020000000b3c39bc31c501be16b930df320682927992c98fa9790053a6efa0ad99d591f4e000000000e800000000200002000000006d8f560e9403377c23a1d02f1f417bef0bd78289e0db7262b16935bfe4654ce20000000124b489652c084c17bbb805b9ee26fbb0fe071e293c7a0a4401f3e543d67c003400000009083ba689fa2d5ebe35a41d2e248ef1cded9ef9e6e564fa136a5941d9861916a6504228b5da3504cf7594e8748000a291430ec9f6683c15cd56083a0fba5728f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f08de78efdfad901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B7DB70A1-66F0-11EE-8496-5AE3C8A3AD14} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\consentform.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c56ac4aff926891bf1431218d70b4b7
SHA1 22bd1238887c74f31dc2a5387ab5d6de58525b01
SHA256 0e53c6092d70e21f56a9195985abe31791f8f6508b72f139285d6510df7d42ac
SHA512 a2a3cdc03030ce5d420da3c6223d5647a42594d5df5447222a51d87ebc3759a6e0ee2e7a3bbca60d19de4d04bdcac7b9b8f03fcccaa92c13c689bdb1f0e2edcf

C:\Users\Admin\AppData\Local\Temp\Tar7301.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\Local\Temp\Cab72E0.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1183d595c39ff7d39ecb6a0e1e7b459
SHA1 d625c46e6712952f757e859616b82a8a7234aba1
SHA256 462905a8037a04c8234579f12aac1f298cd79edfc3322c2682a20f7cae530357
SHA512 fd0b30dce9908708929b1bf93a28a5051f43a45aa4661dd3c1a735b096aa4e8b23326d206d96130a2b0b6d4d67c9770f851a08d88b93530b6415567eccef9cf7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff4ceb2c39e0fa191d256af83c9a682b
SHA1 715152170dd9036c24ad0866f9e7eed59372bb1d
SHA256 092902101f7b9ca377fb2a527f66e05160fcb42bdd1617faab09dc09d7eb8f0e
SHA512 36cc4c586c5d115533219528e7a15b7cc6c4d80addf4ff4b5ce744f04a1af23bdd611a04bb16bd5f98c62bc06407598700d021c7c93aaa174a33f3fb48716a9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4de5c683cfc06d7a64c15d454d315196
SHA1 45aa97d106eb24ab3f733a4a8fe46caaaf54dca7
SHA256 f5030f06a087e906c4e10bf50ccaf132542283ccf843335d7a4bfd5ccce00331
SHA512 43c20ab31053e7aa58d44506395f571a80eba735aced7c31a4367ea25fea1d0cd483f84dd7aafd9de44b5c26bf1d04d035a77c0ee51af5d766fcf40f5672bded

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89e8e148e57d79a853a3d4d9aba4db9f
SHA1 6c0ac62c1fc3b68ac585d6c6a32093834d3a195a
SHA256 ba8a32ce47cf9ba8eee6b1ff704534d3924e66a7e609555b1013d584b1b02814
SHA512 f6278e19cfd5b8daad1deae60e397785521461e7704f741cd20676d3390a8d9f3a3be88c68e95aa092a9bd2f7292a7f53cf6e11dca7bc36eb208b64be69ea153

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9de7bc845363e07dab779469bdc9de63
SHA1 00660986d4b879292996571c9de6ff83efb0b399
SHA256 8d0cc68b9a9b7afc7a82d69dbbce4733430a6bf8c6d487642f115bdf32a3cf5e
SHA512 5d1753630e1069f16d19d80d2c7472ed656819538faf7faa4f069b39d6033f7347dc179f7188034237b03650c12f83306039c11e42fe7e3859ae7815a72da3a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07b0c4ff5655c1244582258ac60cb5db
SHA1 305f4915edd2fdcc79912e372f48fedd0442031f
SHA256 fbe526011aa6fa7a5b241e9ae1308e67f27d7607ca21eab559cfd3ff57990176
SHA512 1db5dca12b45b229984453bb2aaf31e441f3be0611c4159af45e1be00739c28e6ea8f0f9372cae67bd358cb72a46b44e35ac4f061675e49805e898af59be7aaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ac028de9022ae8f2cb6564262a380aa
SHA1 078aa93862420eb244df1f26a261aa9284f870c4
SHA256 98910485aa879cb6623123c18c318b85c127f727430b9221890714826de78eaf
SHA512 2a5d890b34d15cc706d0a843c0c53cbd92b103fef1d2cbf2822edfee786c7f461d66192033c781bcdc32190827bcb9d8020e06fc78fdd23e83e2ea5ae030f857

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d6a5afdba5d10548804bc7cf5cddecd
SHA1 99df8328d9d0ddec943dbfe4b28343897960d274
SHA256 5e247132e573587bc597b586855664511c06e1b80f0b4cedc24bc94ae6535e70
SHA512 90e88b1f015da2c00aca14b1577614d7676895b339f1e53a5d325e9798d04331e5258641d95bc336a77a49dcd9ba81862aa5bc2d9ee98d27189290a3919f35ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 413e3b2163d945e8358f6366a4fda83e
SHA1 2da94afe02335e925a6c3b7d9b13c10d8ebfd3da
SHA256 fd51cad5df8bf1cc3a0958c8cd548179abb7e301f8e9e9b4fe017d7e0f6e2c35
SHA512 1241432649523746dcc303d4eae56228a4b49eeaac62836f381a54dd102e04e13cf18c2e44b86cd89526d6a3b4c4d760a93c3e04b80dcbbb609b102a17a40bc0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf40e13c6a0d06f4dc63a0932c6f2ff8
SHA1 fa01e4a2d8442406a5091501e64206ef10cf1b89
SHA256 3e8846550c064d168da855cc3351f49e3303de0fe437d4c7cb2caf734c9d98ec
SHA512 25646639b72f4a23d2be44f3dd33f00fe99a414e43d92c32508435dedced2053e0555fbe03cf28e3ab023f5662594c9545c360c28a1df175e0655919d29dfaa8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f54158f73d3738be5054429e0e0f4df
SHA1 357ce29707d52a2a85e5c08ca3aff326c55aa3e9
SHA256 12b8b96a1b930555408ce6f2a41c67c76888d6764df35f6306537a576f75f8a6
SHA512 252cf57c5ce9edea9839bfc4e0868de2a82f5255dec9b34bfd4ce5f8d2c3f83ef21ca5a0f3fc129ea17e50440e40ce66cd487c4c3aeabd5d8784500458d0a501

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 d841cc9864bd68ba14dfedcf3c7d7c8e
SHA1 c1ffccd4905d4e42aa393672ac62f184484278b6
SHA256 4a6d322b5358a25d468e3e7f1299795ba8c0bbe6ec5898f58cca2b56e42413af
SHA512 bb43b631841e6b45c824c752a9346705bbde3492118e39d351cedf57116bde323ebbc5a9e3995bec280642937892fc50b6cd365c2131593b003336e084cbfe4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6eacd154381adfa28a782f2563b632d3
SHA1 85352153abe08f7afd9edbca4585ac8fa91d1e62
SHA256 6f0faa1766bc53498c2039bae42b5efe72e733986190fa625c41ae4d93304b72
SHA512 b720c6d7ae083f7414819f25c5f4bf2768ae0876ac3c7bce62ddd7918b1bf6a148e95218e39acc993df3eaf9491c35b2b8ae63966cf1203dcd7b47456b44d6bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39a95d19b9775b0b3b360d45a69ba4e4
SHA1 4ff5c2553b88b3af82dee259ae39dd99dbd4f4c5
SHA256 dd7fa7d652b56ba61c0e2a94d458fdd760d95f1b8c3bd88fd1426599e941b206
SHA512 72a2823133e6f9c098fb57c68426d79c883d7e71aabd330c54d02059d5a9fd8b41cacdffcef8f5ac07e8bafb50169178ca4670b12a40195f14621aae9f5c3611

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5715e551a0bfb6f4268e55b74bd61fc5
SHA1 15019964d68b6d33d75c212a234c9c54963ae781
SHA256 ed27f38f90b374184861129946ce976361a27c1a9dbba47b6283bf2e0b0c4fdb
SHA512 0d322f0b46aa817000f14a918adb04519eed1475435b3086b268af8be32663a4fb375a75e31f69e3c94e987125e1f9627b27a72c5e837761dd2c2a359be08149

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0edb34425b1b2f1029ebc166b6fd1446
SHA1 8c5655051b6bb6202b10fd7de94523debca73db2
SHA256 b10a0ff0518907ed6ec5f2f1f95ce0539150d2cec536f7bc1b5f0692e0f4cbf8
SHA512 4d08e012c5c754b4e54a48f67a5b2e87f1916d8be7eddb51f75a64df8ff2f16fdd98da2ab7b28d3468029434929bec15193e502975320a706ecc80c692d29ca8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2ed19ffe0e14919b717b7f924209d76
SHA1 d804a5539271716448cf00bebc0767ee6849aca3
SHA256 296c6c1e1fda03e965e1ddb1ffde0ed11ff54dea6e60b2dea1b45303ec099e8b
SHA512 cb98e2ade5db8745c578316205d169ba6e598fbd84a559db48c6c45860d4cfcb8fdda9805292bea1abc9ca18e481930bdef6f3a31dc9016b7d2c925d504dbe7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 afb2817c0b70e1520138c9e7a343682d
SHA1 243b18aa27f9d15d06b1175ae318c510ba19a18f
SHA256 ffd42e055955ccd10297d6bf232dbee0d172f0203d7e4565aa640c88d4412296
SHA512 f73c6904153ab50c7c7663ac21fc9c2909c6b4ac7f5b64555c0e149345aca49847e92863d516e6ba30e57defffef1c9ae1b02a53fcebf83bee0ace5c464ca4e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cb474c7aa6867e4edf14d7fd1f8e6a5
SHA1 3e9edac7777f2990bd8bd982c145481bdcb626e1
SHA256 22dad304522527fc2dfcb4fe95673217325d0ce42ddd8a5fd1f438db01f374da
SHA512 b0903c72a0f6d1558e831114c77a250205f531bbba16173e6d5bcefe6c1a22fa5e23dd3b7ab85aecc3bdc66c36e29b20fae6c1b07f0630d430dfe9d33f5b458b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc78c6e740641e7bffafc59867561fb6
SHA1 9c9f6b5ec89b43588d1629e0c20d295d9f1a3c57
SHA256 3a4b61fac12890b4bff0692ea557d57d8066ffde2d4d77b6553d39a11b7dad9e
SHA512 bd7df44fb986d4c7307670c907ae3048fcf0771e1d8219d20111b8856567968389d9e598c8346e97dda849ef4dfe01f5ef7bcc9a8183539721cda58417266d81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0afb37b5eb35a6e3f988da3840d7c70
SHA1 a4358799659c997944dfc2294a6e1c2925c164a8
SHA256 832d4316386cfe6939330cfd7ad746728e92303d9cbb5c3b4bd97a217c1315d3
SHA512 f6d431f83e3b8b16cf7ba6133e770dffda959cb2f9722c67b8ec1e4a08ce6ffe266a089efd18f118ce5f62929951b0c8b49a84f6efe2d12457e910b22940785f

Analysis: behavioral21

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:13

Platform

win7-20230831-en

Max time kernel

117s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\exec.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\exec.js

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:09

Platform

debian9-mipsbe-20230831-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:12

Platform

win7-20230831-en

Max time kernel

121s

Max time network

125s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\app.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\app.js

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:12

Platform

win10v2004-20230915-en

Max time kernel

105s

Max time network

133s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\build-plugins.js

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\build-plugins.js

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 135.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 126.24.238.8.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 254.20.238.8.in-addr.arpa udp

Files

memory/828-0-0x0000015AB7170000-0x0000015AB7180000-memory.dmp

memory/828-16-0x0000015AB7270000-0x0000015AB7280000-memory.dmp

memory/828-32-0x0000015ABF5E0000-0x0000015ABF5E1000-memory.dmp

memory/828-34-0x0000015ABF610000-0x0000015ABF611000-memory.dmp

memory/828-35-0x0000015ABF610000-0x0000015ABF611000-memory.dmp

memory/828-36-0x0000015ABF720000-0x0000015ABF721000-memory.dmp

Analysis: behavioral11

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:13

Platform

win7-20230831-en

Max time kernel

118s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\button.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\button.js

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:12

Platform

win10v2004-20230915-en

Max time kernel

142s

Max time network

155s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\button.js

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\button.js

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 135.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 75.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 126.179.238.8.in-addr.arpa udp
US 8.8.8.8:53 126.211.247.8.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 74.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 123.10.44.20.in-addr.arpa udp

Files

memory/1068-0-0x000001B2F9440000-0x000001B2F9450000-memory.dmp

memory/1068-16-0x000001B2F9540000-0x000001B2F9550000-memory.dmp

memory/1068-32-0x000001B2FDB30000-0x000001B2FDB31000-memory.dmp

memory/1068-33-0x000001B2FDB60000-0x000001B2FDB61000-memory.dmp

memory/1068-34-0x000001B2FDB60000-0x000001B2FDB61000-memory.dmp

memory/1068-35-0x000001B2FDB60000-0x000001B2FDB61000-memory.dmp

memory/1068-36-0x000001B2FDB60000-0x000001B2FDB61000-memory.dmp

memory/1068-37-0x000001B2FDB60000-0x000001B2FDB61000-memory.dmp

memory/1068-38-0x000001B2FDB60000-0x000001B2FDB61000-memory.dmp

memory/1068-39-0x000001B2FDB60000-0x000001B2FDB61000-memory.dmp

memory/1068-40-0x000001B2FDB60000-0x000001B2FDB61000-memory.dmp

memory/1068-41-0x000001B2FDB60000-0x000001B2FDB61000-memory.dmp

memory/1068-42-0x000001B2FDB60000-0x000001B2FDB61000-memory.dmp

memory/1068-43-0x000001B2FD780000-0x000001B2FD781000-memory.dmp

memory/1068-44-0x000001B2FD770000-0x000001B2FD771000-memory.dmp

memory/1068-46-0x000001B2FD780000-0x000001B2FD781000-memory.dmp

memory/1068-49-0x000001B2FD770000-0x000001B2FD771000-memory.dmp

memory/1068-52-0x000001B2FD6B0000-0x000001B2FD6B1000-memory.dmp

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

MD5 8a6fea8b025e648fd6bfc8d1aa22b1a9
SHA1 da5136e09af69a4d404e3ea35fac1c18b38997b4
SHA256 9bdd5189b7c85edd68ea7c307b530ea07018f05f4822a6bcb9603b3507125a55
SHA512 2a1d015609a8980b12f2cb19732c1cb10a3c6153c58d23a9257a2732f2a7659c4624ef3942fde7f3588d3a6adb23e621a422bc5ff1798035e05a3d4e9f38fc61

memory/1068-64-0x000001B2FD8B0000-0x000001B2FD8B1000-memory.dmp

memory/1068-66-0x000001B2FD8C0000-0x000001B2FD8C1000-memory.dmp

memory/1068-67-0x000001B2FD8C0000-0x000001B2FD8C1000-memory.dmp

memory/1068-68-0x000001B2FD9D0000-0x000001B2FD9D1000-memory.dmp

Analysis: behavioral22

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:12

Platform

win10v2004-20230915-en

Max time kernel

144s

Max time network

151s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\exec.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\exec.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 254.209.247.8.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 123.10.44.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:09

Platform

ubuntu1804-amd64-20230831-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:12

Platform

win7-20230831-en

Max time kernel

117s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\alert.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\alert.js

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:12

Platform

win7-20230831-en

Max time kernel

120s

Max time network

125s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\banner.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\banner.js

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:12

Platform

win10v2004-20230915-en

Max time kernel

150s

Max time network

160s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\banner.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\banner.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 254.209.247.8.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:09

Platform

ubuntu1804-amd64-20230831-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:09

Platform

debian9-mipsel-en-20211208

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:09

Platform

debian9-mipsel-20230831-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:09

Platform

debian9-armhf-20230831-en

Max time kernel

1s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2023-10-09 22:08

Reported

2023-10-09 22:13

Platform

win7-20230831-en

Max time kernel

134s

Max time network

138s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\howtouse.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008c66dacf3255794896cbcb5ac20a714000000000020000000000106600000001000020000000e70a52028f735954819733778e67f7da95d8b9f619106d60bf3baea8519840bb000000000e8000000002000020000000a5234fe5b477effe9947e88457917a05e7c41a0e58d1914b00d930808a30220d900000000c61d9cb5325f317f4f68451c52b342e33869ef4e1759e748eef9bcf098174ab3d6912ab420f834bee652d80f5a621c6f12d5faa5e4f1d80d573c6602524d39548f84f044266bd3cddce9936e17d93679004adbaae21954d4ed53b0e6584c4b08c0a50b30c91103c9b784f2e8cdcad31fc41ef4f284e8d86ad3c02fd44ef629fd0477f130fe277aba37edca607f30eea400000009de0e56d31263031a047dfd008e0165d6f129805c921f631551273bddbdb6747312e9f9feaf95a700c49d5f945a7332d88a279ed0b98b75a9adb9699eeec0fe4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008c66dacf3255794896cbcb5ac20a714000000000020000000000106600000001000020000000465a5d080957a29ad5f0a082465738eb1d638f1a37d77ea98c010dc819066118000000000e8000000002000020000000880f5384aa125fb38b65943e00c98d62d305dbf77652991735cdba4eedb19914200000000893f14402799fc8ef26430d326748c519e5d7b5abd57e31ca24bc7a709f2c1440000000706dec32274d3039d2c172cfb27b103e4d7f78a9c8f63861f02990253a14a0f5fb6bac0174ae59035386112a7a4f03606953327fb134740b84ac2acba6d73918 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403051329" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BA54BDA1-66F0-11EE-973C-5EF5C936A496} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30f9818ffdfad901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\howtouse.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab66FF.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar678F.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36bb931d2058721cf289ab9a8661e46a
SHA1 bacbbf7b2d23600600ffdb1125631653db03d614
SHA256 2236ec43582747b71292a54ba0f779f026d03290044c751ed8a80bb54d52055b
SHA512 4da275f18e7f6011f99e4582e7ae1de16a88b207f3f708c6778d1a0573e9e7187702bbc766854ac2f3a908201eebbf7ce408852803353f35ead7dd5a8e21d5bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f627a2d376090f2bd62cef39a286eba
SHA1 e2018dcdedd9f3e36d393b9e1b95dd273380644e
SHA256 9c742737fd245f1a14090ce90a50ae1b9949fb01fdfef4069bb014a82563c5ea
SHA512 4929757b051ba31f1ec31d44fca6f9f3976f979e53ae3695521b64024c5de05e436ee3ddbf09e771ba8e69e8eb71a1bbf9abd3894cc342c741aa7380b44e9282

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44356c3411b280dc86d9765bd154b20b
SHA1 280f7476dbe2542eb3ccc65669717591413beabb
SHA256 5b8b62183dcfa57fe3079ae3f6a4e442d2e219146bd45f8b90264a2bf957c188
SHA512 f7e83d290f0eaa312d1d1d2fc40f265f969d859115952e7af0a70b723a39d4ae153fb6b826671db72ead253daa859bf899889bee6b2c3daae351fcab4efce71e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9b37123bdb0770365042be813188717
SHA1 a8ef17522aef0d74a9bf62474ede647fa8404df6
SHA256 e21b7ac09d96b1160057bc6e83a0a043ed28267939e7bc92d120cb9b6eecff78
SHA512 474e3ce6567857e8fdfedc4003c661349de7e964003a7eeb0dd1eddb710958d5d558cdf19ffd3f00789eefc3d8e1c0aeb5753e19a3fd4d116bf379d6c6279b3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 226a3132558e82b9fb38ce8b53394157
SHA1 0dc6373bf137b8a280aa4c41a6b69e2514458876
SHA256 80dd4639e8efe38214d7135517fc70f8963843f8399ceb7cfbe3ac362dcb7afe
SHA512 a69da2cc671ab4d60db45162261aa00fa9e7bc09c1c3cdccd7423b0c641bf7e138bcce785de3945def4e7df372fbdb598710e3c26f26a8869b77b6ce6ac088fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11d9d48ab5d0266adf63d67fd3d90658
SHA1 b438b3197bc46e6b3a3634ffd4cbafcc94f4af47
SHA256 ae4e15aa4466358c3a6d7a480cb5ab816e0f829804e255ccc05d8a5d5c75e91f
SHA512 00ced14be8a626a8bb8cdb474f77bd9e73d9625a55d16f6e46da6fc37c32004da63eafe96f93c99f1b13cb14890453f61eb7a5b579b50ad7e198718be765afde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c9020d2623f2788ae0be2fb58890244
SHA1 f10ec4fd7d4020f0f8aaf25caf97b3dbae163408
SHA256 099701f0d8f7835ae363dde49b06b1719e53767364e7d26c75437579298eaf89
SHA512 6f517092a0c2652d1285df58f2dcc85d5f702fb57b979c81e439dccf617fd0a81746e35c610c4b61d63d83328c6466f223a1c64a48518a19a609a8163f37e418

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b410aac28b31daefe53b5e3ad9fbc25
SHA1 6d260c2b0ba33abc1f92a53818ec6b2b82a37937
SHA256 9c16461fbd5d97b1e513fe2c1e2c791ab8f228bbdf8ec4ef49ab0e84f5111aab
SHA512 2fde9a2d97a40159b9a3e286e440d8fa8a42b44bbf1f93a298444ab3bb7c9ea3bc7154b2669ff07320d0947014409ab420cca14436af4c78bbcac65c3daac6fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3422184d5a10b917d5817cf929dcf371
SHA1 8b9110d3e21dcf2cc59fe490dbe376acb078fcfa
SHA256 1971c0a575643c87927130d214044ca9f4cbb909504f45a86909401a180aeeac
SHA512 8e0e702aae63ee4af9235311c114f19c03942128f3178d7f4f2765eb2e40bdae281e4a945150b1b916e095a0d5c064091bb6353d4f8cec78d40f3b240051c585

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76b9379cc5a4836c503d2fb58cf4c3e2
SHA1 ba4237138bfe816080e63ae53611b206e0479957
SHA256 6aa50fe13a6cec6e7ae654efbfe9c154e2dc88a339a9d640cc65762228680da5
SHA512 d489736d724affd96ae9dee899311f0562ddeea15eccc47af857a44e058c7dfc3073fa0f07c25867763e915656fd10153f01a9e5f890b5d31d1cd1c86c6a7467

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f9470b455357a61ead011f781612e7c
SHA1 66dc96d0dc39054fe02ca5883bc6326a553e9b32
SHA256 36413a971c4be02cd2361918e0e06f2b501cef97ddb1fa4727b0c1f453f74466
SHA512 7cf82fa2968e352e505fc201afc3c03738ccf177da0b86b5f9483d9cbfbb8cf17e318ec8095ad8a3691f219e0e3ac23d26225d533151e8343668006606d128f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0199d879eeb7f19d8ed69004053455f5
SHA1 d42bc22f397925af6027170406c1605253a8ae0f
SHA256 4bc4aa7ae29cbed269ee81def095fdc2f9d324e2a80b8839ce499e2433692caf
SHA512 8c034a4a404dc0ac8e708f5b21c09a7dadd6f9922d9ca578f40799a0f4dc2d13d1cfd91cd25fadd48c95a2913886eb919b4605a967ef3fcbf77a7c065ca01f76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b81bbbcc8e663d3880f9d5b8df248e9
SHA1 972410ef632eff8f939868c9b86e5c4105bcd5b1
SHA256 cdb4dbfdf472751002f0bcef9ab6edf960c668461c6dacc5bef7885b323a40da
SHA512 775312655930f368659dc68a552c784414f1ccc25ea0f2e4414a2dbc0189d17639f8dd527f9c28d698d7024b0da499f35113e725c149264f7a6e47d93b558966

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc5c5c016d46c43fc677b0c8ca05e133
SHA1 f08578a73dc43f5250736ec75847007e274ecade
SHA256 b1c19c348e2d3443b287086e82b737b8ebb741d23963c20e4dae3df1c78a5ed9
SHA512 05555750462dbc89bc6e6a9e47b7f7e277b348b29796189a722fd5c97105d0db8f0eac0f1ebf3a4e72440f7fa6cd5c603732a2dd1c371b500c36436d09153b76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f133d23aaa9736fabccb0e448bef9c8e
SHA1 b0d217f6ace98344fadf43b336dfd3ba988ba8b5
SHA256 3be284ddba35a468e43e6178ab6c6ab58609ce560d7a160742ac9e78ee769960
SHA512 37534a6ea9e2c50cb8d79a2c9b4c3232268bb62a0db372e26a659358efcf9b20cbd17282fe5b58ade38bb5fcda644d29b4c3cd925f45297eec00e2fe8720b594

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b473117033123d5c07fa86242eb303ba
SHA1 4bbb710efe9e08ab5a838b26b4264e4891d1d70c
SHA256 59038e1ff9ddc6daad052c8a0adba6b202a78471155de712e8bb91330ee5946c
SHA512 c804ced9e5a0c77eb20036de03691b0c797dd16a1ef5663d58a678c4ce03993d67f805dd3aaa1ac9a03dc0d590a0e9bf1116a15b5fe40b807138798617eb11a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f174776dfe49a8a8c33029d817cbbbe3
SHA1 135ee93477a67b17fc80adb3f4d0ec80fa341184
SHA256 fc261220965ee4eea5cb4493837cd6cf78b5234a9e56a729d377f96f74ee5bf7
SHA512 4f43a2e59b11d739450b998452fbf7d3de7a5b37ecff2abdcfb6b19c950968b8a462c081e75679820e6873f78337379a95de3ff0fdea0d979f88c5e9a51c4747

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ff96f5cf0c92f5f2d1229ec976d726c
SHA1 7a536205b773f8ae31345de894541b493d3c59fd
SHA256 de2fd5e9e324ddd247c6943d8fe3b25156d9db21147684a11a667a518d1442f6
SHA512 971d900c61b98593182f2365a71bb6985b21f770bff62add88df462d4c4954e7b8ca6d103755f03fdc332eb178526b4d085f718c83a32589f7d4849196a8865e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b9990a55ddd6abc65f1373dc03aea58
SHA1 b7fb2754d9702c0f19706e132b143500cda15635
SHA256 bd66a2001a7e28bb2d5d6585a031a301502de25f2ce943ceff75858ce4490c2d
SHA512 e263c9cfd4bbb7665e04ca39ddffea48fba5a4460d77a938db2ff1de1b9ae2b6187deb1a2841516ee7f78ae50bdf1ad93ed00fe1e1925d956b008e96cf867269