Malware Analysis Report

2024-09-09 16:18

Sample ID 231010-2dpypahf73
Target Instagram.apk
SHA256 9f23df054570cf94a0fe1efe0fae1f6e7b2f66fdbd2700bb42c49c5e23214bbb
Tags
airavat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9f23df054570cf94a0fe1efe0fae1f6e7b2f66fdbd2700bb42c49c5e23214bbb

Threat Level: Known bad

The file Instagram.apk was found to be: Known bad.

Malicious Activity Summary

airavat

Airavat family

Requests dangerous framework permissions

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2023-10-10 22:28

Signatures

Airavat family

airavat

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to write (but not read) the user's call log data. android.permission.WRITE_CALL_LOG N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:40

Platform

win7-20230831-en

Max time kernel

135s

Max time network

154s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dropbox.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C4993021-67D6-11EE-8B15-5AA0ABA81FFA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f00000000020000000000106600000001000020000000ea19db9187d64e478ce60ea91d2104cd62a71da34b6d7f41a84a9191ead81e16000000000e80000000020000200000004a318205aefc3735183c9b765b4242cfd59001843563dc16eea473e75955dad020000000e87f19f86ca65ea58e6020b13d94f6bfd747c160cbd2130de97792aff3b91c2d40000000161a8e5a8dd3bde6ea3dc6b0f66784a4ea860d94b8c1f58450473ce46bda80ca148cc48e2da37a13458425c72747a06ec75bd746d2e743da98856442a6dbd97d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403150151" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0c5799ae3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f000000000200000000001066000000010000200000009535148834e740a9ebe383797ee268941fbec5651bbfd9657497beaca9ea150b000000000e800000000200002000000002d073bcadf015ff617fbc3f89f522ffcd0a496dd39420426798a7596c72cbe590000000775bac033bb5027fe0f58c2a96ecf4b9df8c5697814c0c0277ac780739442c74ce051bad873908b4731811f278de72470d78b3307a146f62499ff306c1958a7029297318a0f212f33fed0cf15856798e7f5adca3ad3ab2bd3f5f3d250386dbe7c879af48dfe3133836bee4fa33565823de7eccb257ac5c5d96209a42dc43e3578b36a754b04e6106456af7a2b8acf32640000000c44e3c233b97f6d94be609878cb3b55b23db35ec280bf4f35d2584d44076f8f1e09ae58ac03f588e9b5263e9c58b3b93d3ea06a1a0b03522af18ee76013cb4e4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dropbox.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2224 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab59C7.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar5A08.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Analysis: behavioral20

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:40

Platform

win7-20230831-en

Max time kernel

120s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\jquery.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\jquery.js

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:40

Platform

win7-20230831-en

Max time kernel

134s

Max time network

159s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\linkedin.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b00000000020000000000106600000001000020000000dd0969979394bbc243cad62ad83063a040a37db70e5667260af65887fdb03314000000000e800000000200002000000015beb0bee4d23aef786c1441ad46be0f8c15a2179d3dd696d1d88d678c702f0c2000000055c48dd9634b04c5aae4dc2172feeb76330c02e8e40a7979614839c9a21d12c440000000bfb287edd7d77a821ac17111cceb26f37f1fb447ae252f8e00b4f5a640d0b1b572704e709fb9f095aa42b5a373043dd48e7ea779003595e9e1a10869d9e6e7b1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b00000000020000000000106600000001000020000000838073d8386595c9d2131c595f42424ecc749e3b61840728d47ab428bdc5641f000000000e800000000200002000000051dcdfe26357ba226c7a81fa4ceee6449ed2be7b81ee592bd1ba4b7688ec83d0900000002cd77d27e913d833430b2cd11a9662e76fe4923f3aa20d42c20eb8fa6b97479f479f58f4b07a531510d732b025b619e60498930078fab5c64996d9fb5f9c7c5ec0e0d7f3db07f639a7bf1c20f0f780a4fac5af32b3ebcab7bcbbe23be982e56b09fa2054794947da99e1da14ef65b92bc2927603e5af1e6633cecd4df93cf3b257ee93c55e6d357abe739dc08638179e40000000acbd767bf6b47776624f8019959220b1532f86f6f5c666719a1a12f940083577f8a418d3ec4f23126f68a4d1a8a60679f8d0a5c07152fb1b24ecf23450c2eac9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D96C4DC1-67D6-11EE-9DA4-5A71798CFAF9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90c94fafe3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403150168" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\linkedin.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabACB5.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarAD65.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d81c9534dfbb3d3e0c32fec05252553
SHA1 84bebcfb90407265d744a0db04f31b179cab3302
SHA256 053ea741187df4685cabfdfa669381fc7be30968ad32a5534623805e41fd3dea
SHA512 1b6720d81c408717b326f8c1f034326b8d364dfe5cf16bbbea74c1a973377f0bb4dd356d6ece36af6f4080868cab36ef92337bc7de2cded946075096838858f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61ceb7c6264ae2dc84f506d159048173
SHA1 80616f09409a8a6f0069b6d63d1c4ba77370c259
SHA256 71a928e316daf8f7e7e6efe8391ec012a4ca2608751107604d697d07783676da
SHA512 18c22adcaa926def0de305a7229bd4c3066a69142685cbafcd0ddf9b72772d998e87fbd9e467e66960b9476cf37f9b14fe6adcd4d24c42be5423cc687e799984

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09265b7d03137dbbb25df2ef017a27c1
SHA1 372182a04813497bd71e901772760e5b7fe697b6
SHA256 69461b5ade56cd18cf279a4a0e2ef6154d32fef80db1e4c2d49a7783768d57f2
SHA512 fef660edc6a0a8720a99c5d7aecbd6a3ff43372c3264a9fa4ae25bbf39b5c22027cdaba32c8970dcc9f96107bef73d5eff9677b4c369ad6b5ccce6a4fad9e5ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd4b648e7586bf5082205fbe0d8dcbc9
SHA1 cd9cd973ab24f35660b61bb0794d2f3d79f0c47a
SHA256 cc24dbe918f3c79fd8f3f61fc774f44f734bb2871c853803698694e732f3a789
SHA512 0e43a108449bd1a27cd63dc0d37f8a486024dd693a2f2f99aac08c9c6cb6b48af58089d6b75cf1e7503d2df4dc4b44c70878202c6b3af7d0cb9d57e1abb30165

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f71744e36467674067781e14154c79c9
SHA1 ff713c06e6290ee7523673a94c55bf5defbedd2d
SHA256 f83ec41cdc3372adcfa98cde645baa196c589658114c9a2a5d00d14f2660cdfc
SHA512 ed6d3390d071c282e5a012af22e8ae7a0f9501ec7a78017e9e5c14159ed0735f9dbc9d9b2c78ca998ecf8544ec882052db0571034d815740bc8679452a138d70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfd927bb796008382c7b06b20c7afd29
SHA1 d281f1404813d8daf696ab58ba61269872b9e022
SHA256 d2d61cd25edfb3cac88a0a0bc9be10e14e0baaac7ce450f38d9ab68f057daa53
SHA512 64c2877088faa175a0baf5d992e780157918bc3da29ad3e4badf0f4ea54a7044cd18a866a0fc4c7c45a0cb748deea6349682b2b7e23cf50539380e0c6eeee7f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2686716b0f937d1c93e1ffcbd1ba5105
SHA1 6263b90df43261a52388b66f48b364826c74c424
SHA256 0263517c28da8b4e6afb1b9ade80007e0065b16a145156ee4d7bfe91b0961624
SHA512 de9215a9660249667323af11fa1312d8aa8c39951302212a8bfdf69ab169e1f85550b87741452385a15243ef24290406f6b5fd33d39d413cd250f6ca385156e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3741f42b4ac3b2f6e8ee94e2209d046d
SHA1 f6e207858c9f39ac8ed34286f48d8957960edc53
SHA256 0773161e1fe21bc22e53eaf45b2b7a6695024c59f6a7da6ae5a31892fd6f24df
SHA512 eb82673aea46b04c19162ab0845b1deddd465435ccd4d17842a2da0a1ba39f0fdbf7826e2820274385d74bf7bf6a5c3ed933981e87e24149cf4ef56831564b03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c568c0515df8836f1093e25eff54c69a
SHA1 1499542d26975065b37dc3e72acf3a510ec47722
SHA256 1fea3810812757742ab068cd64b7ff4b1b3b7951d024414430d2d54e94f9c2e2
SHA512 6c09a698bd491b895f32317dee9ec8e600d87c4c2a292be6f08f6b6ebdf294088d6ef33ab6cbc31696ee8a282b1942c38b726621b9814d6661a9f4a9170df9a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 412e4b71864dda29cf14177b701d6b33
SHA1 8d63d41bca23a5f83069201b2a19183fdce58447
SHA256 5e7487e456641458a9be056a683756483f3ed67b2af94ce005297f932a289d6f
SHA512 2e8251b046496330b4019243d2845608e40498a0645f14d93fb751d78fc7cedeed5efcf76ec9d1b181255215bdec0a675c616e3329bc198a50bf90acd5b17143

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f44a1f657a0482253a284337da606ff
SHA1 2c4df20f0e67b7bdacd1c6802dc06f2db5ee3ede
SHA256 e4cc4ac6456c0525ceb1028f6b6bc0c26734ed014b3bbcca05e870d13c59d8f0
SHA512 21e7217feb799b7fe57e2df51915a82b18f4244a369ede753a4e1fe8ad3546dc813f7948daaf00fb447f54977eadfff29a5742cf9bf575998d85c66c786b126b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3d1f5d9fe149ad1d59e1d34c033f3e5
SHA1 da6709dfabf95ff12b02746513cd4682d9e1ec89
SHA256 ee605af5b72d99df51697004317d7c9999472b9ba70164cc056098e87ccabb97
SHA512 0db912fa11aee806fcbba458e16b28f43f8dbc44b04eab058397cac4156c3d94d4dff70805edc7c317765a93166c2350b588b117c58f2db6eb4ffe62e9e2ab86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 434415f71f4262a8b0e271269d4f18d7
SHA1 c1c392d66d54c3485a50f5711387dcbc4973a367
SHA256 c4a070c7dd548cce91090a68cf294504157b402c5e91d7309cb894fe8a3fd184
SHA512 3fe14c2f178a54917b11193ca8ace1abe301311bbba91fbe6b54c95fd71c56a10568cd0ab709c55ea84b8aa0a2268a55a57a2757b7a21f9e8722543560e63d55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3fbf524604c612160bacc10f9479f52c
SHA1 53fc427ca51d2e40200663aef591cd1caa0b6b7c
SHA256 4735ed3eab7d9cf12c8a03f53bb43af447503086edb8450ef6c2613a9ecc2fa2
SHA512 d9baf46f5a8a4dabb4452abe888600d903bf529457ecc03a357b4080227b9da9fa4cb4c30e10355814e92a6b4084b15bf26b62e9c4a3ea204d666a7531d881c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95b6f96531a4fbb25e214439cf1dedda
SHA1 0a4b8e282b0dedf3cc10e3fe8f662abf81bcb9e7
SHA256 8506b1f65087a922d7fd50861383740cf04ab874bf4656802dd37db0b32db90f
SHA512 759cc78d10fbc2aa6e8ac7efa19490026b76ab2b54b43c62f9882e49d89963b7c77efb30843e20cb4e569c08768d53db08845f2a1abfdc846678182b59f01b00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3889ffa523726f0ea0298882e3c8ea2c
SHA1 200ec6ff0e8b52eb407281d1a86b4d30e94d1104
SHA256 a61132666126c1d9846e12c5700bb64b37884179ff6f9866c7513d9b5db031cb
SHA512 0a65499afbe98b1997c3a5f6c1c1b1d8c00f41a2775912808e9b67d797683fd24ac77a8941827e5b6b41eb3ca7aae414edb55dc2741ee1f31c234ff398f8aba7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1534d543911386a6c4c0939e2c2e09f
SHA1 3a947e3be62fb7d723a07d652d0a2b4301430459
SHA256 19c45903602cde7dfcc2d5445bf0e4998789be511e6666302649b4a6fa25bf76
SHA512 7b6290ce7a38316b778425b2e41af5f667256aa1b7f62b411d470a98015cd79d1503e68675018fe0386ca2f0e1f2b8d63b1e4fea82209a58110557a2d1306452

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e51de357e653cb3be0f668ed74f541a4
SHA1 298faf531ccbc8c47345e68cf828114ea1738b8f
SHA256 5dfcf6a5eb8b5ca2f51463b650a591b7aa57627a717a49b67eb73aa040482ec1
SHA512 cc4f508081f02a080a2b254fd5db4add8ec07974829bbe4e7d7e79336eef584eb08ed0efbee8158977861f8509985d1861d7b567de9c30c4d7ad36ccd10a502e

Analysis: behavioral29

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:40

Platform

win10v2004-20230915-en

Max time kernel

137s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\netflix.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063011" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C46BA017-67D6-11EE-9359-56402FC161CD} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000023945248a016ff4caf831eebccac29d800000000020000000000106600000001000020000000198855676588f04b64416c0f8faa60b69eba8c17aa850ddf8c7c2fac21d4204d000000000e8000000002000020000000f3a82b0e0f294751a3cd0c13f637c687cfea8cc5b4cfed917e878f254d268ba5200000009ffb147b9f23aa672ecc879bf56b8a2be639654873b9a635767f58c0cddfd83c4000000088e0d2d01dc7fdf59e8e8394410f907167ef7a35690a19c30443a2f4a0e099bd73ee1ee4c9a54950e840c8c409f86801eecf5d9fe8861b5ac6fa808d1153068f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c08afcace3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2773482847" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000023945248a016ff4caf831eebccac29d80000000002000000000010660000000100002000000008779ca59ca59d6b1b4dc1f30c233c2463ee5e340e0f008e97996b8d19743504000000000e80000000020000200000006363d27493327607bcec72befe5d18ff776b5f79a1545ceb1448ab5a852a2262200000002d989ccd930a2059f3e78475a1ff74f663aeb2eb21f08f31eafc6297cb0709dc40000000c9f1bf49c3e9fbc8e0f105bab1efed0d2e669547e641a4e6746939a6f5efa2dc7c6c3786f3f4d967429f645d6acb6c59f9f198494e3c54a5e1655ef1de4e5fd4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2773482847" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31063011" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2083d1ace3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403753255" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\netflix.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3132 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OSZCC7QI\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:40

Platform

android-x64-20230831-en

Max time kernel

476169s

Max time network

132s

Command Line

sigma.male

Signatures

N/A

Processes

sigma.male

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
N/A 224.0.0.251:5353 udp
NL 216.58.214.10:80 play.googleapis.com tcp
DE 172.217.23.202:80 play.googleapis.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.39.110:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.250.179.168:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
DE 172.217.23.202:443 infinitedata-pa.googleapis.com tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:40

Platform

android-x64-arm64-20230831-en

Max time kernel

476166s

Max time network

150s

Command Line

sigma.male

Signatures

N/A

Processes

sigma.male

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.250.179.138:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.206:443 android.apis.google.com tcp
GB 216.58.208.110:443 tcp
NL 142.251.36.2:443 tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 sfiwwjdivih udp
US 1.1.1.1:53 nayqizfhomkimez udp
US 1.1.1.1:53 crcybeeuvewccq udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 nayqizfhomkimez udp
US 1.1.1.1:53 crcybeeuvewccq udp
NL 142.251.36.13:443 accounts.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.39.104:443 ssl.google-analytics.com tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:40

Platform

win10v2004-20230915-en

Max time kernel

143s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dropbox.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063011" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2561286134" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31063011" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d72dbb839895304dbc3a7dbf8a262ef5000000000200000000001066000000010000200000006a342f4057a115d78d3edd5aba363fca2fc16986bf7028924e8a538c8b5eb377000000000e8000000002000020000000e4d06feaba660139817578a526b9ffe0f14ac38d76623f44b1e9ef691166af8c2000000086848c752f984a01c6af5bf33e2a7cca7969bc7710a0370456f92210cab6f5a1400000008a6495c9fcae777edfe20184dd3420fb2ffe7b7deb95ac954a04c3abedd928bfd783a892067e528334690f49abffe64cb2158d3e4c512088a00e21e7fc140966 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d72dbb839895304dbc3a7dbf8a262ef50000000002000000000010660000000100002000000059360c56bef692c60b3573dc42f579a9dea29196db678de6656efb150444dea2000000000e8000000002000020000000e28f0dd150d9f8259818eaf4216eff28e6c52c83c17da66fd2937628427474c4200000008b0ca8622a05183fca4f6c067881381ab23c0e339dc789a0331174d3a7d3d33e40000000ff5193949ba5e3e0f9296a1edd6f2d1b73b05dfb3292f5f398be2173f1390001eced91c53085db0dd4e90e49f656f42cfd4bb825c05dc0e8a75c27b841b7b4aa C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 503293a7e3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0065ba3e3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401528782" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C158B2AB-67D6-11EE-9784-4ADCBAA31760} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2561286134" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dropbox.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:912 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 126.21.238.8.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 9.57.101.20.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MBSMWSRL\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral21

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:41

Platform

win10v2004-20230915-en

Max time kernel

186s

Max time network

192s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\jquery.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\jquery.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 9.57.101.20.in-addr.arpa udp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:40

Platform

win10v2004-20230915-en

Max time kernel

139s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\paypal.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31063011" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D67C1933-67D6-11EE-9D98-DA422A6BCB39} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403753271" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2870428683" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000044e7540fef135e499edf4eab70c71d2f0000000002000000000010660000000100002000000058495f04f53f683c0ac014ddf3a127368499cd1154014abaaba92c74821b6b01000000000e8000000002000020000000588a0eb22b07820d59087106fefad63648e2713f9dcd57b4dd9e557eacff39b3200000006197c7720a88bc37b77ca02477d3e093b98a1d11ea1fd6df9251827c181cdf2f4000000037c743a75ac689aa689efcfe7a3885f0f6456c4a240b4905e29dd69619bbf606374197140990c493df4f1a0fbec96d296a964a3adaf7ef0f039d746e1b03cbfe C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063011" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 808b3eafe3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30855dafe3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2926522052" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000044e7540fef135e499edf4eab70c71d2f0000000002000000000010660000000100002000000040c65cecad699fcda61edc587a178b1db98c9c33f89ebc11502cb60040eca7bc000000000e800000000200002000000000e29a80b0dbcb4888475a87fc1ded55d33ce2d7b855243406f705a7eef6eafb200000004321249b5e709be586c01f535509fe00c8bd1a4290a079982b97414d2c3a0f0e400000001e335fe07308f697812bd719f220e77253c5167c982b8dafd0acabec96ae78cfff5ac4298ba3cdc89a1a4e857f3522ab46640d093881033a1aff96528b3af2ec C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2870428683" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063011" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\paypal.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1320 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FXXN8G02\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral8

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:39

Platform

win7-20230831-en

Max time kernel

134s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\facebook_desktop_static.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac200000000020000000000106600000001000020000000c6448fb9ad1c2ef3a43825ce4d2df39c6766315bc027a1521be67995d5405795000000000e800000000200002000000017f05243718aa3f44f8a94c2c00596ee98743013d0461de8f48ce390bb3e75ff20000000a4c49218d3739a6bcbcb4258751b9ba944b3b83ba2064d6dd62de584d0f6ae93400000005a388a399a4c0b37cc910940dd1b1c2d74f702ee872392f7e3255aee1d52de551a81444bf76e583ef50c712eae3734f9312aa6a7916205a0663d25a65fbc03ee C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403150113" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac2000000000200000000001066000000010000200000002551239b590bd41caa3a4b1e3f6637986bc4444fa84f17addf6900a532ba055e000000000e8000000002000020000000534fb599003856e2dac99028cd0f7931870bc8c5c166cf818964f40c5e148af890000000c0ef60cf956f9d5a8baa60bb7a58cbc9d90bf241fe5edd935c75ad5110628d3f7d8f7f1503d32b64d25ad4d660f92a221defbbd9532687bad7a946c6b1ec7b3435b69cf7af8b71fe9e64ac65d0568419e0567d0e7616f3367e923b49dace770a0e2f1deaf06d7df12116c98e4849e530902915ec3dbe38d135f5bbb7d17a534fd480e5bb4de6d8fff2748e05c22cb61a400000006202e2d7ae9aec248eee929951e88f319c99705a217eb6986d2dff4f821eaba91fa3c39b993347117d74ddf76c0e4eb4ca1618fea16544255d8a4f4dcae1b17e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20a3d38fe3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BA469451-67D6-11EE-A7F5-76A8121F2E0E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\facebook_desktop_static.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1824 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab629B.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar636A.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef4193adc956de910d0c94d6dc16e127
SHA1 604338f2406e8d2a61e241f6417c551927d47947
SHA256 b00780828a719e7c5c5eae83c64706f774c2d8bc8c86977cf1ada9803aa67221
SHA512 ec0e64a7f52eebb548312d3c89a25133a43903550c268e12d7ad50df64aa5c9dd8b54c2e94c7b55dd1cc964de25bd72a61da5ec5dae970d693203196e5debbe8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 446886c4ab0aa0232e336b55da403b5f
SHA1 f4394e966ba0c0095554f92f8ac8c654e8a4168f
SHA256 e775eef032c5737b0a73a4602c19352e8ae13d95cc55cb70165c099c2c9d2414
SHA512 29aacea2394859bc05e25bf34474e464ed5556c53c10213f57f4e65f3b0c698ef7af5ccc99a61c434eccf57c288f67afb7e0244210b6fbcb4ed9c6f50ae56093

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63b132203dd8406532cb72361547922f
SHA1 d93c962174771727bdbecb6c9d242d0d977e73bb
SHA256 916b1c15d885e981594daebba918ba2b89608e616749aa4c8d08fd823fccc239
SHA512 b83eb6a270a68cf79bbba31c52adcb90fab11db2106e6df7435eaffa6d1d42f737dc7052fca7cb7c8481344cfd4b911787e1a80de651316f2b59f8adc610fe64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 027f5f15292801c27e54224a500cce75
SHA1 655fe82e29388f7a9a1134bffb64ef831608a8d9
SHA256 470ca472019ba07a0ecc19a6445db1b5307d2f988395cbe4945b3c8a56ed5b69
SHA512 f02ab1e799546a7c843451f0c7aa0cabca56ba56daee51d0fe0f7655513f0ef2c34547135b2f489a5002830a90775e8fed63ed72dc814aaba0fa1c00704de102

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7bff75e1564d2fc400297a2664aebf94
SHA1 460d206417341d8a803fea751871814c1e450085
SHA256 6a2b753cb8038c861c9e34999bcac2c8c3285c769b53510940ddb28630911fcd
SHA512 c485a3b3ffb2f662a74dce093c57a843d519b2832d06f1e047c0f6346790639229528499d99007fa65c511c8afb1a5a0f8570742fa9904d351690476b7d7854b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce607e0be17e83cf5ab9ee3d405c5681
SHA1 bf6d788de26dd7a2c1856b1defd75ba86208233b
SHA256 c06fcb4e7779988178db28ac434d9a247a07d0002b1188cea37a4b126611e238
SHA512 bb371a415e49d75ff9ff5367f076a6b490341f80340ce9fc2daef85ddbf06ad1efb1637faebc3725ed5fdee16bfbf2b877f625ad1373f14ba75115586a8312e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ed356e2e7a36c83910dd65409fada0b
SHA1 0a05e4a6fcb8c96904920d71e5927252e967b25a
SHA256 7df371d20e3817e7f45875ae2c5ebf3e121712e32c0ae75833773ad6371bb02d
SHA512 89010b1d9604ea4c7e4aca63a8b7284f48109406cad2118853573b39bac675b17fa2977b7da01cf2d75700199b0d4fdf8abf01e9c50c05711743d9bd9f394c8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae453e138339c4e4a3fa071a60f3ce3f
SHA1 a6ef690eea87df5aae9fa91aaf2fa0fa75b3e495
SHA256 37c82c63714860a1a43b28b3681a65fbfa455a57c63fa9a2b7a7a8954263be19
SHA512 052bf56cc78b5c0760152fe3545720b7baaa871003feaf81689ae6f00a5529a530a4b5135d0089671ff0d592d26579ad69b903d30c7542cc183b342ebd60f357

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f783e5bc65cfe51a53f6c5675cf2740a
SHA1 060ad8855848806cd086d4d62ec5a9dac7477f0d
SHA256 d9884596b297f8d02c17037ed9e79a8502102fb4e4077bd631363a881b1d24dc
SHA512 7d0cc52c82ec0794ade933c06ecf77761fae76607a6d6911dd481101b17e8d7ead8f894abdaf44c0ef6c757fe8b56102502cd9d37099e88598e5d9c67a3ec22a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e871da96748d8713aa6fd6f21c38e6e
SHA1 03272f8ef620b8bf412e2bac7088f4a561c324d5
SHA256 4300bf8515c00b72ae16168af02c6aaaf0af9f5c09622cade2e498769f5dda4c
SHA512 a2043210dea948196eaf7e0931bebb04b9b0837360e6d951557fa75fe69b3d9775941491b31e4cb020d5edaa622ef6316f59489648de7d9d0b2db88bc81884a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 962b679b04a51e664d3dfa08e5f3699f
SHA1 76ba035e297e13619e6259134091a60f50f86897
SHA256 92c41f0b55ac0eee7282705530b3152f08516040ff445199f9722290b36b7041
SHA512 8b1500594fd38eca101ee6e3c7be1fd09ba77a8e10ecea70bc685f103b18b3f966777ec511b1f6e6455a0a6257523be4ba40124fc036dda63d5e84e546bfbe5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5b134b46311ca5bd7208983617278d2
SHA1 093d77af9f0f6cdfe0508059cb9a9825f5987ee2
SHA256 dd342bd0622fc1e0726c872eaefc1bc57a6143f4433d94a4fe6f7b00f4b3cb03
SHA512 c77bda43f41ddf72c51dfbb9cdff7f7e5505458dc896e6ee83077119437dc6ed7c290f4e2e6c2dbda0d82cfb5d9ba8d2c33a8a7adc751093bc4cc9d5d762df46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d4f628e35643348c81af2bb24fe4e74
SHA1 83e434191f2413703b30e714898ff79875bd8446
SHA256 bbbf55253603f406cb987eb0507ddc194f2b8dca824da457c3c7f8a608590ea0
SHA512 1c276917a0083c1839492b6f5bcdf6edbb65e2abd921feda3f76f5fac1e39ef6d2417412a285c56aa76886a1030542d263891472d8bf64fb78e7130255715947

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23c20f849cd232227c7798d9ab19a914
SHA1 2072105096ac45a4096ca284a299d902f42f8e08
SHA256 f9e6ec2d970a0b992331ead29459305cf433c431c238a12e5a1929b6b7f41a0d
SHA512 24eb288c6d4e50b063fdae2092dcf55c00ca180574f2c8670845afc958aafb8478b2b0d916b4f01ba4cb75f9327594592c7a476f23e51a35e5deeb84ade51a4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a05282a174a414b9847e6be7af9c8e7
SHA1 511b657db86a7cf00ae88c4937c206bc3d0af85e
SHA256 11446f84e5db5b779471d7ce447e31f7d31b876a0ffea9fa9f95bb71f52b3a05
SHA512 f415a59757b5144c05a16de56415490b7a17c30188b37ae6fd712f5e94c59afb7610406816fc2f78e425269359670817a7963d332188b278b28b5c7c44ccc4c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8a8b074441ae434919b0b934a1e4f14
SHA1 1d86cb1a15c8345103e59aae78aed5d66ca1263b
SHA256 7ca0bd04d661b646c8aa02b4430c554f61fd91a89631dcc3b37c408378c7a764
SHA512 f45eb2b632ec0f65b0ecca925e80a576f43090c847f1392ebf084bd1a53959746acd6cde3627d6fb10ab134810e26eda5c2cb1072b366cceaffb3309873e8907

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c9be005b470d9b4aacb3a8099313629
SHA1 e1448ce05675ca966539102336dcb7e42a707576
SHA256 85d5e85389c35214dbccd65466fc496bfff207f4bae8d58189729ce7853d79e4
SHA512 0ccd0e6309dd27b6b8afadd3e4d67ac6d2eaded614b8b6fc461c7d8712f8617400a035f032e9171824df7ec4619a5b30c9279199566b3245863698c8c22fa0c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9d5d31d34d8241687f5dda333655ae2
SHA1 dcfc0d2973f89d0c317b46b2f3fee1624261b554
SHA256 4e259bf8d732cbdf7b2be73f9cdbb249720ac6b6e02974dcf1d9affe431e0fc1
SHA512 48f673fc5671ba12d03153f26958731bf13c8072fa02df9cf9dcaf4b1d7d3ee1068ce7f7d527ef8bbeff3bf88a4d75314ac32b3386669c9b93c060d723088a56

Analysis: behavioral9

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:40

Platform

win10v2004-20230915-en

Max time kernel

184s

Max time network

190s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\facebook_desktop_static.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053f6c1c968fea744ae4054d48ac91ea900000000020000000000106600000001000020000000259edae9bf9c5dd87d34fd450b7372e400802da732c4c0bafcc1a4b6d9520ef2000000000e8000000002000020000000f35edba4ac512a1180b8d00de744d5bd9b346f3dc9927fb1576985f09dc4fa4320000000b4ae45640ce794287b91a08f5751c37f790e9877291aed8a0d677e5b7be31b2e40000000a14eed2348e401b305e060445f08ad04c0636b537ea4a9ee8786e8d4b268567536dabbff15f2f6170fa86ebf11f782223d75f9cd8e6627763eeebf2aa4eecb69 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401527851" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{DE951547-67D6-11EE-A4AD-CE3E7C77A9B8} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1013373ca6e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e04cd543a6e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053f6c1c968fea744ae4054d48ac91ea9000000000200000000001066000000010000200000002ca92d557f61fe3344830bce3af5d9d844c5d867843695cebea0e6eaf8dd4bda000000000e800000000200002000000011357dc8d5fc383ead9f1abc55b0b21d2fb0137f617ae07c5ca8ec1d9f9d89a62000000066a5baeebca64c45040c62c0a9daa070c7ebe460f19bf5947bad00288f08f96f40000000c03860323b319cf667021a6a08a840a2f42a4698f9666b9a9637b2173af40b56f763436211ae9a406c190042a9010930f47590f9b7ec0fd8d353606d6f93e27c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\facebook_desktop_static.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2332 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 126.21.238.8.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 9.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 9.57.101.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZFOAR009\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral11

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:40

Platform

win10v2004-20230915-en

Max time kernel

133s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\facebook_mobile.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2864547203" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063011" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31063011" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b03000000000200000000001066000000010000200000008831802f5008bc3fbacf10ac827ecd907a42f6d22f068a3f224b230a948ae83d000000000e8000000002000020000000d7a2bd0d7e075fd358109498104a6de9e36895ef13de61390dec83888961140d20000000513920cba2dd234899ea86bfabe3bc01ab05e16ec67aefc07f73ec61e7a22415400000004c2c2a5e5dcd1a11b43f152f657289ac74591b0571bd5a0fca5dcd519cc13edd56651889c87e243f44bdb48eb154e1a80069820422291ac13616b402a148d708 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D62911C7-67D6-11EE-B0C5-4ADCBAA31760} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b0300000000020000000000106600000001000020000000e24dc51bf7f2d98d73e7f5680eeca7a3fd8dfbfad4a70aefa620907593249dfd000000000e8000000002000020000000e0066206ba9698a6da70c6e13363db83576c67cd3baeaef4b8ef88292a59e33d20000000c943daf0605714c8e5a1a5f78480339032ba5c0cbd6b51f4ebe228bd643bf48640000000ae7375a50046cb3c00ae989fa2137513a63231bd67c27f9628380e5ce6bf2f6b889c001220bdbc6c89f9f70da4fa4fb155bd3ebf1429b142dd0ee04742f79ac0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0baaaafe3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2864547203" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063011" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403753268" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2941266186" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f092a0ade3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\facebook_mobile.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1500 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 126.21.238.8.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HEITGDYC\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral18

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:41

Platform

win7-20230831-en

Max time kernel

119s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\instagram.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f000000000200000000001066000000010000200000001487ce458f7e9795e0286bb0b1cdf33e8be598f43ab312a240bfa8bcc3351df5000000000e8000000002000020000000c6f24070b63170e757af53f99524fc86483ad265d52ec75b7e61a5a69dc28a1d90000000be7a27cece2cd5c4af3963d1eb24b9e5c16b4a87b6364c9137db44c87478dcc0278e0eef2ed5c791a7883aa7ae77cf9d1f2ba7df5cbe4d048ab89ca0ea7a703cf5eba4cde1b92d62ea56f253bb9f8996c970df3fe912e129cd0aedf41db6848a2b31d1d08a70546758d0648ca02317210c2f638a4a9fdf9391da979e4603d0549ff5b47ea7d92eb3a4eaa24cde1a8068400000000709111c30ac439ff0d6b344ad42e6410cb40cf0f36233628543e135c69c153872d4e0d43a75635b6e8a812e270814f87c20b7ea1e76c82428838d366934427f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f00000000020000000000106600000001000020000000cb0d92322a37d591bac40cbf0b9e909e032d6604151654ce0698b5622ce3ac4b000000000e8000000002000020000000bfcc92ed8e53e730e2df69707147f9000745c21aa3914c172bea11310e99080e20000000b9b859a6ab5078b703ef35f4f87eea90836672f8fd7222373cc18d6da3a06ce140000000d6609956bdcbf9fe04f5b2a54db789a1e560752a22587408710830bf610f80e18605b3b5f092725cf39fa5797e73c79daade45969c80d5a5fa401ea9f8ca10ac C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E483B861-67D6-11EE-915F-6AEC76ABF58F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403150184" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70544cbbe3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\instagram.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2480 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab6CF9.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar6D79.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 946d506cbdfa411f31a8e231209ac71d
SHA1 98c382aac031cc259088a6ffa0168ffbe5158373
SHA256 0aaf1f4690488302f202fb25ee03d6d8529fd3f705b5d50d4444092f4a234ca5
SHA512 bc6710f90e97b2e95509b56f2383e88b4c87482aeec98ffa92fed00e657fb47e495b32572ad94a4ad9b67577db1ba08d2492912775b523d3005c834b812caa7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82d32810d61bfd151761158149bd6f7b
SHA1 d1f989a21965367bf78ddf7638f6af4f870cf60a
SHA256 386372bbfbd429d69e7d8126bab6e4f7af0c010c716f2d3c91ab74c8d8eb0fa4
SHA512 c2aeca9b13dd126bbe90247e564d1278ad1f39e365cc0e890b877d40a3c70dfadda311feba79f3c488616d983a6005aa0d925988169c588ee1af4fc03b078bea

Analysis: behavioral23

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:41

Platform

win10v2004-20230915-en

Max time kernel

160s

Max time network

178s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\linkedin.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "394181318" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401527410" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "376213232" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063012" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e01d3a14bb1f3846b5fc27e9e0ad356000000000020000000000106600000001000020000000c4dc053196370243655533673f4634d393b45b99db8f71d6eba92062aa79ee97000000000e8000000002000020000000744a04a0355cb91680509c090ef6c896fbee67d67842da2c47fa06030414abec20000000d5b4097d0a8d0dedf3798849ee805705af0d9a434b0c8be73fdcddd7eec21e5b400000005c938d21b5631d7c5d1e1c5a9cb7cffed712030efa8581995f691a67be96ec60e9988cd4ea04c19025606f6ed5c6d8b6205d351a7866af09fccee9f389cbe5c8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e01d3a14bb1f3846b5fc27e9e0ad3560000000000200000000001066000000010000200000003a4b54cfc8e4cd3ba8e025e9a61a4d23de08102d27ad042fb66092bd921cc20f000000000e8000000002000020000000398598b884d67ce2d9734723ca74e127f402c63a3c9368e491b43d7e82c039b420000000fe177b39a202d82a7dd3b34f40f51d13b177431f7d691e99cc97294ece73754e400000006c31dcac15c300c49227eb92a777015836ca63820ac5509785e4285c2c4dc2ec03ab7dac91d67a29a2fe6f584dc37303a9f7032f8532aff23ab9f7e70756cd27 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8033c235a5e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "394025691" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{F73620AA-67D6-11EE-941E-DA5D5E1D8AF4} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31063012" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0fabd2fa5e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "376213232" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063012" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31063012" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\linkedin.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 32.101.122.92.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 9.57.101.20.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRL3SWXH\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver272.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Analysis: behavioral25

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:42

Platform

win10v2004-20230915-en

Max time kernel

193s

Max time network

204s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\messenger.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31063011" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{14BDFBF9-67D7-11EE-83FE-DA9BDFB2881E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000f0cd88579a09d6477fd38d54e34b8ab9541c33d8c0bf8057c2df0c056d2a87e4000000000e80000000020000200000006624d0f31bb777700789c2442407da50595fb8aa795a263dcc0154492ad362b92000000070df32a5a6e517bd9ffaa92073cc957f9fc9722cd9fcbbdb9f98e160528c099740000000232666c6b44613989a04eaa5a8bb22c2f5f82f64b40005e706a313c451f8b5acb8302c4a48f97dee55e9c4902b6343e7bc28dd8873bee1250991afc79c66d128 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70d2c9f6e3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version = "5" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3984025071" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f000000000200000000001066000000010000200000002b6ff8f54d8df4da6092509ec4afd34c8fb057097ab29bd2f6c3fe3356996cf6000000000e8000000002000020000000bcd15559d4249439c52fa7ad8dbca5a93c286c6fbc1c8789873ac780bcb3e07110000000080c5a9cd4850041ac5d105070380055400000000793b9d101dd75f0e6210b80756d907e4a5b434782efacdc02fbf54f8b8f00f252c6cd9c2ba59a5b76da957b757ee99a41a0e60a75823571e20162c98e626ba1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IENTSS" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403753396" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\User Preferences C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0a279ede3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000f4fb75f69dd3f44e5d729942e324c403434d42bf68cf8916e602026bfdbff895000000000e8000000002000020000000ecf79afe0109e9d4bc43df4bb5f6f345480f8fcaec243bdf49b043d68136fa752000000043194c47d805bd9ac0dd28578ce044ed99b721ffce2986850c2578f310b009e440000000b2dedcb6bb002ebb2202e74295ff4d29930456660c14574980c994ab04d6c44d65d2e4ce2b7837da9bac901e2c4732ee237d8138304d86bb61ff02a869d4c56d C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3984025071" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = 042d5e82d5e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = "http://www.bing.com/favicon.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f0000000002000000000010660000000100002000000025883078df523587455c80ef2c65025371f69857deb23a99d5fa0b4d953a78a7000000000e800000000200002000000089fb1d372498a7276d9a998f36e875c3d5c0440c29293a9851a1f972a89ad0cd50000000e27bfcfe14c74b00ad562bc8b5ac2de808eeaa6166396630d7a69e9577f3970c752600eb57471bc2586584faf1730fca768b9fc769ff20a89e383a7240f73d15bb2f60b2b74dacebf5979c66a19b742440000000fc17d25a5f565872c3d5e45719b066469b2a850fe315b6e5360f13a8335cfa9bc237ad5a999193f2f1345a9318d219392662485e4721f2e8c44406cc3ef66cf4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063011" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\messenger.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4024 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 83.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 114.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
NL 88.221.24.18:443 www.bing.com tcp
NL 88.221.24.18:443 www.bing.com tcp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 18.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7H3JZN74\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:39

Platform

android-x86-arm-20230831-en

Max time kernel

476157s

Max time network

131s

Command Line

sigma.male

Signatures

N/A

Processes

sigma.male

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.250.179.202:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 172.217.168.202:443 infinitedata-pa.googleapis.com tcp
NL 142.251.36.10:443 infinitedata-pa.googleapis.com tcp
NL 142.250.179.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.174:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:41

Platform

win10v2004-20230915-en

Max time kernel

144s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\garena_free_fire.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3139843533" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31063011" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3139843533" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063011" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30f620e9a2e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e01d3a14bb1f3846b5fc27e9e0ad356000000000020000000000106600000001000020000000d019e5d0115f1f2eb86ce01561ef02554ddba00e6816fe39fd2fdc2bb06a4516000000000e8000000002000020000000155fef1520c4e624892c80da548dce7a9b2a910cbc32e70be2be36e05d7d2f932000000069e9be763b07c0a166802d18e5ff862ffa12b7fc38ec825854a02c728eb47e85400000000fc965f960c48869c71b268818c8b793e969f586a65bd3ac16c0e7f7f6d62e5dd323f8b27f7748451a03e521ad869423980835838e3d13c57416134bbb2563c2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 609aa5eaa2e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E535A82E-67D6-11EE-941E-EA083B40A080} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401526416" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e01d3a14bb1f3846b5fc27e9e0ad356000000000020000000000106600000001000020000000e221cfcfb945738b300163ba496bd2243c8786230f80ab0734201faa2e7f4882000000000e80000000020000200000009a137c5d025f059cafaeceaa15c7901d8dc7cb5d958df1019a2e95f763c836ff20000000375a3681ac844af81671f8de3c6b386c3d294897ead8043452d193904ad7de5a400000003110297e41c12e18cd02c2ba68ab82342e2b20597549675cc6ca71f826ea924a0add06bb86d84d899dd5c6bdd6dd1593857774030f49e3771ce70671b747a8cb C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\garena_free_fire.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4608 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.113.22.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRL3SWXH\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral28

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:40

Platform

win7-20230831-en

Max time kernel

150s

Max time network

134s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\netflix.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D04466B1-67D6-11EE-9EDD-5AE081D2F0B4} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b0000000002000000000010660000000100002000000071d51808df94e37d8916c8bfdf91857eefdf842359786775a31515901a7abb4b000000000e8000000002000020000000d9da3e4b0b9625386d30de5d8e49e3feb303d9ebfd674910b80c1085211f89ff20000000b6bb6acdb5e45db2625e7d2e89f977adb0fd192f591a82d424001a7a9ffc7994400000001c16dc0711016be58effefe53966c304ca819181caed1d5abbefe7ca469b7e8b4e3497fa52c0d8e75e77ed1fa58b47cd24b0795ccc0d977b9ff95821ce70c408 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b0000000002000000000010660000000100002000000006b82e3d96640a4f2f25006f26b6f696be590ebe505a56b9d24ea0d433eea7fb000000000e80000000020000200000009b8af0e04488ddb5b71202b5ebe60d3a848aa50e9836020587298e98c9c42b3e900000006a285be0c884586e249031f01690a86fb66a874819a4a29c427d630ca1783236dff07475e322d950e3ad2d802b69890594b790d76cd427b928fa1b336f6afa20066525e3e90b9bed8f259737238d8e8c9905e61626f2b6464e134a240c8c69e2cdb871cc707080985555ff4fe5c55ba9d3ad63fd2920cd530b0e279356e9c1dc7d58da4c1f3a0556c16454f36827f7b94000000008ec1989cbb711c3d4349718d6a896beadbca620d9a6889ecd44ec514601bbbc410630b29ed8abf0699672c2f4f4cecfd533e8309ac74c5dc6e50323b190f63b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403150148" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 803873a5e3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\netflix.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2292 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab6D46.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar6DA7.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68d4a496424aa61100cc1ed716d9f08b
SHA1 7a5c719bed7af08edff12862e652adf9b2ced19c
SHA256 0c98efad8a282eee4faa3e558b2954652630076242de9724b9733f583ade384b
SHA512 dabbf080c4f2bcd0ebc210eb56019ec9d3698bb309abb296e5e944078fe087b93958dcf8e9677b127e68037b6117e672c4d84e492aae4a089efbd84b79c73a38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a35ad7f8d3249d67f0f4fd6172b1eb96
SHA1 f899d4316a4ac648d60e12dbd74d749e917129a7
SHA256 e644576db1f7b7d3f7a97e55c8c76b46d01b0f6591e112bd1f092f8f75c2f1ce
SHA512 ee420e8728a3495482f30e419d7a0608cf5dfee1aec5abaa663c14f80fc6a709ee5b0f34188fa3db753529dc1f97483d6d58a5f7730f8184df59c24be9a235d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb059f6279065c7fa116536ccbb59784
SHA1 159ea924f503d5578a7ead17ab370fcbafae5423
SHA256 9faf108e6bbc3973f3d9ebfc1e435c4c63bc75bfdc698959e93b6e73669f8b52
SHA512 1c39fea5cfb5f28d175d4adf0b3c342805fd477d330b25e2e613f89a97e8f1aef63981b59cd2a5dcc32ed60ced3224fa7bc6c13cbde03f96d3595623c719e1b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76c90eb8fd8568c27641139f4b0b867d
SHA1 daf4d868d8e5c0bfcffc24a6f07d2b94628825ed
SHA256 1a997dc777d4fef7aa2133abf153a393f36226b12de3cc9d26d1471f29430366
SHA512 564ae2a260369c035664ab405bc35bd1cbac9b07537ad37dd38b6e0cbfb05272e9b51c8cc2240eff89b781f3661324bc876c4e31da4b6ad2caf61f633c902536

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12b4bcc9cab4b3db7be911b2c2e6e904
SHA1 162f49e160fd1f3bc4455a225dd769e0bad4be89
SHA256 aeee84249b920c38c05a6e054a10305c3d82203000617f5b64f54fcb1640caf7
SHA512 df7303221ac8bfb2582dbd43d47c8a1f91866a0a9f659732f75ed8e5c5061bd76e523fc0704c0f193231c5694b897a68cf2ae823fadfebffd3dde422db3cbfea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9cd78641fd2724bb4b4f249980045364
SHA1 72684b7dc4957597bd5185af0a0db6cd0daa5d03
SHA256 6f20938d88a2dc6c6656848596cc617a1905b188e7865b14143f5a658f89efde
SHA512 376144f16d4ce472a3cdb01d8dfa389df76766a8570bc7efb7465321af181bce6af14aa52b6faf8907769ff9179d21201a708943a5f34b67d8806a61c79eeb78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b86a635850225ba953d04b2567f705db
SHA1 fdf2bb96acdd7a51476db7a92d17ffff75a13315
SHA256 e897c87bdb6d7ac6dd3b549c59e38cbb4c1fabf12cc1c11b49db8a004f9f3c47
SHA512 1ece1e5969c704bba2c67a068f7703d1ff44eece8e561dcbcc264797799316b6824dc9c83ba288fdff5d00520eb7e3ba79c8c4e5a41d76a5cdd0a86ab2462b0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f1ab6879fcb96fb39633f331f4d27ea
SHA1 19ff1e5907d87dac2e8ff66a805531c470d67d50
SHA256 01c9d73412e9e381d9c292c8b901395bd3c35b714dcc204ca4201950d0971213
SHA512 1b2f0f6cd0eed55a0bf84b431ab3869f7d643bc778d92e49caaeb7044395bd9085ba5f9aad3513df78b5befb63ba52c43bf811f7790c0db7ae95586e2939d30f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d95603fd593367671077c7535ccfaec
SHA1 f9ea9cc19ced8d9df4a61e19e8924983337fb4b6
SHA256 b0c85c348955ee42ef1ca90b3ff25078b63e4b2d2782c11449b4d5889ab5a339
SHA512 959a3e4ee3f1d67d5a39c8619b50fca7680339e1d0e344c70ae2c8622532578c38faa78330b71a48017e56473ae7e220391c4de0f662558b0703213f6265f22e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2cdfb2089d98c05b79b91f3d8ff0f90d
SHA1 3f61ccb9b3b0281097b164230d2961f0faa48cec
SHA256 d66a0224d6de892971debbd983d6c074da113b65a2a1bacb4c5a20a495f48f20
SHA512 365fb212ceda861eb130fb039f19a010e89028a86730af884d2e3919f873c7349cb7c773d22f763f2d589a3948e17eb47df5794d877642448c1be41a5ffae54f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7fa72935c4d9462cfe8f55e4a32730d5
SHA1 5751a43fb174ff5e03b086d4bcfa258b7ce5f290
SHA256 2f4dda73964f7ed629b40f08d4f866e9f56a22532ea0822165efa7f63cd6176d
SHA512 d3d2487e94c1f931cebb6d7289fd30128a17306fe71fefb94b0ae10e3125da7c589a9b6b56ba98edbe7698f62ed0a78bc1bb594ea0def1eebff773d9166fdadf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 520d9277adf18991428da34f85e9f93f
SHA1 780f7ba843fa65bff5e5289024fecacde6fd731e
SHA256 67477e22c02dcc2ff2a7240ae11af2b39c8da2d853592836d310701bb6ff2434
SHA512 74e32bf8be0c5d5769be451dd0e5796cfe8f5c32c2cd6cb50233793dfa6684c1a3e9dcbf32b9cca69a16a384335e841d48f9891f3a02f7349f55223f60330d43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8b509494c15f7c58f35921274b21969
SHA1 4ebd2fd47a862b62027c2ccb82dc14c30a997d9e
SHA256 b2052d8683af5df018e652974cdd125409e91ed0149683289dda4e1b9d291a91
SHA512 1196a37a791b005da62c8ef9085bcbf1b5defdf3aabd4ca6a58effc121f77de38c18b1766ab2b6c5c6fec8bf266b8fa9c377a461d65c0670fdbbd16bb3bb615b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce3f04c1b63b09a9d390be44eaaec24e
SHA1 5eddb260b12430277c876ec1e7208607b86980fa
SHA256 a6014a38812438cdfb159a777d09111af8f02d0f88d9a67674340e8c8dde4a5b
SHA512 7de03684538f8b38bd69fca786c0feeee3efcf93eb26588309703a82be2358fcd5fb2edcd6296bc011b17b2101204b04d6d452c3759df7e73766c6615ef264c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8ecaab7377a6d7230d337fceb9f613f
SHA1 c4ca1f7ec342ba54df8db3d2b109316118a61e80
SHA256 5246036326147632ff709106676ce8a92471244225ff92e2637aca2c8807b60c
SHA512 b59efc276c29044264cb5dee5937a7b828896351ec8c795112512b07663e3bfe8f19e481c805d957f8aef258aa62b781b925bc9ba9f8de4d8cbccf0b304694a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 739e20af070b6ca847d1d1af64e10b7b
SHA1 d8193db331e9a9d988c8fcbd9a25c60aaded5a79
SHA256 025ffb586eaa06530adab0a3ab3099b1795362b2473704d11355bb72ef0b0323
SHA512 c3b4529f8e99371563ea1a3f2ee62a991e086860f2789d9c0d6c02d3f2b5f8244fd2e0d87e420f1d447134679e7e62e58d4eb14081aef328f71bb138d728243d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9cd6ce6d8366310bb121d4463036f12d
SHA1 ddeac6edc6c298b15abcdcbb10fa1dc63ed3ea2b
SHA256 246c337b1f7c075b064d91b0a6bc3fc053b0cb83862bcecdd67c2ef40fdbad77
SHA512 a9e6329fff69578d23e15cb910d948cacdfd861735d0757c20235ad8affd55c9aa603673cbec9849ae7ce2be887673d891c299e9329bef2972f808813882db65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b41b009155cdcf0e1f1979fabc2c13e7
SHA1 ff1075c34307108e4b0bf498f22c67aa80edd639
SHA256 fe88c9d1b789d2142ed4ca6d798bc3bc640ab442dcea3b98f9d75386e57cc163
SHA512 7bdf2345bb810d0344b0a16d24a63b08eb3e731d4affb4f98ab405c3926c5380f3438baef85583a2a82ad61d5b019f77e5def642861203819ac029f15069d1b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 deed6c7d623edb562436262853b16b0b
SHA1 d783acdbea9457550dd91da0a51ff724cacc9545
SHA256 da4878492e56fb9b5a7a9662c4dc74a8f5690f8be6f656f0c61828e30f444622
SHA512 95b93c282903a611d28ca24b850f4371c574f2d378b30655dd04a05c59b278f463dd02828765d4ca4392461da6b2e72d23e0273ae751d9fa1a4122928b10d4f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a87aac6c26cc47d28ef45958d369a96f
SHA1 d029f8052490af67ef0047b6830a8fe67ceec322
SHA256 750f33f46eb5ca1a3a119d6b7048ff1b95ebf17bcf10f2194da28482125e82c1
SHA512 b7e4c8c6b1bc62bdc5c19af10ea02cc6cc9ac6080c1aeff5d521bc898081a68388aee3425695aaf2c43aa243dfd1aa0b62b0509c8e0f7c24b820308d8277db1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d001b5ca41eb413b0a6f8e59e9f5f959
SHA1 bcd0384f70b781cd2a65b6a15dce052b79b89884
SHA256 9cccbc3212962f5ed2e9651582537b5f89481f0f574fbeef5d5b010ed3ec4157
SHA512 3ceaf9054168dbc16fc47ba09e4966596f6570533a935598c3a9de83d4f93160aff6cc86f7eaa53db8207387b9ac0274ad4c43853fa94fefd4999cb6e7e8a349

Analysis: behavioral7

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:39

Platform

win10v2004-20230915-en

Max time kernel

144s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\facebook_desktop_homepage.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f03dbc0da9e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{BAE5E21B-67D6-11EE-B0C5-56CCDC1D69F6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d00e5791e3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401529057" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063011" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31063011" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2417473151" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b0300000000020000000000106600000001000020000000fadb55803f73ab2a5755dd0fa3d3bf14bdd5ecf4bc719cb3d56ce7be24b9937b000000000e80000000020000200000004c1d8eb76ef5e287a2871e6b4c8e1ca008c5286a28281d485bc4c46cebb7f30a2000000010802085ff88103a3751d87056d4122c826e6f1bfc05a19c6aa81f9f20b6bb40400000002637a7fdc147c35770cbca163aab4882db2c6a81485347f8223a0815b25d8016e63c2e8c5762b319fe312ba4368beb6ae9a2428aeaecebc3524000a75d44b1ef C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "307635011" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31057833" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2417473151" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b0300000000020000000000106600000001000020000000ba31ded1dcb47f6d5727d69944ab3404fdb805ebca476effd9efde6fa747d293000000000e8000000002000020000000a8c0e366b6f3be078afd193fd92e2cd10e4ee84534cd83765db53e06f473f5f420000000c9bfbd89413685861b9a3723eaa74ba73a5c073d6bbbabb02a6f87994f22e006400000005b8018f49e0107c77dce9475303bf5be7b797277eb0faa0326e0bb6dd19230238439ceef2ef0ee81b7e0e8f910ea732aa845d60790e83d55c1ae5331f59bb0e9 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\facebook_desktop_homepage.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4644 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 126.21.238.8.in-addr.arpa udp
US 8.8.8.8:53 38.148.119.40.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 104.193.132.51.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HEITGDYC\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral10

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:40

Platform

win7-20230831-en

Max time kernel

120s

Max time network

169s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\facebook_mobile.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20aa1097e3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c30000000002000000000010660000000100002000000087bc5367957e383c69b20d46adb439f84c6ad2e129714d9748f2be6599839681000000000e8000000002000020000000946529e43ecda50d764abc831bb0581b138833b2a0e44fbc519c9cedfc540249900000006031157b5e3e6b9d55e3a0f42ae7b2fb69e5859c3eaf0b0a0c59eaa17935b3f2801e6e326e30ea0e0f843b49cc72858238d0d3a81ab8d100da6680361c8628c59a2797a164a94980f40148565920fe6d8fecde918400aa15d5ac0840b40094b5ac8cfbaad7d56262c5de82e4bf463a6ec99696f8ac0cdee287b3955b30dd592c7846e81497299ffe2883c446b06c26c44000000072e1bfc4f20e612b068463b8ed73c68a111edd746a658a4359eb5e402a7bb90f1e8e7ef96521d204c9272c7359b3011ffd5386e8466669810094c34661e69f98 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c30000000002000000000010660000000100002000000032330fa0ef642a795014e0191a4c7816809c31ccfb5cd368724c9bcb910bab03000000000e80000000020000200000002b7a1abc5a585435dda73afc0914faf2b0ed5c847a4ad0cae3379b282f61c079200000007ab88fc6127c1c04e24f11e4ef87b2f82e9f3d0b039adc2f6913cb65414ae9a24000000057cfa2eaf4ad8fbe9ed32d495969701822ae9d6eb8017bdd8cbc81399e0a99b36036e1f43db320a840fac8b3353ce469d5c553c748b4c4f8cfed06f6de03296e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403150125" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C1D610B1-67D6-11EE-A354-7AA063A69366} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\facebook_mobile.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabE266.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarE2C7.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f801b8a96270e0898854131fae4c3dc0
SHA1 59c422279f58ff604ec23d6c3575cc5a0e9b8ede
SHA256 1e7b0ca788fe48ade4fc62f4a2188c0977ecebaf181ce8af6a6c9b2f50118c3e
SHA512 f0124663c36acf3d309571c9955e81ba6157594c39a07d7f14fd84f4c7eb04d1a193eabeb628c76d5ffe916c3094156e18c886d391be9b7838bd5c342c1c97a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5dd67df0a2e28c7eed0459bc329c56e7
SHA1 114f35e1c8c69a034da219c74900f7487a03485b
SHA256 2612c90afec495f3c5ad7723eb735461a92b8ee45e34a5be50a06baf28e9bd1d
SHA512 0e2543be9959ea62386609cd1ba1041c29eebe4afaae13dc8714f66822aeda318f8b363087e59451e6d2eb5de7249a57e56dfd2fa860e4afd59eec7f0328dfb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2254a3cfdc779dca02b589d680fd175b
SHA1 247cd01bbce64774f6326bbf2db3ff7f4671dc3c
SHA256 858e262b6f986e82d10ab8007c03dd515247a45521f1d908463c9055b7486c89
SHA512 450294bfe09af7c6a4ef8d87dc163f657ce3debc2ef92c3013e74991f0c28a8b984394bf5bb27ea0085bc0890126f2da3b501e24c70718eab303abd0d4d03227

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 176b2a7c659002929b3b8340065cff19
SHA1 1bff547a60b3ec90a2667cce25fe41130fa81e88
SHA256 bf19a83c9640783f2dc46efe7f4d6d9bee1b1fdf157610eaa9555dbd4997da8c
SHA512 c040c34415d2e37fa27c66d6fe7c36afaa151013b10ed8b8be1385e4c32920d6373556e4064c9de3c1303d75f35bdb2ed1ef3a24ab04d5ef9c118f4617f7bc49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cdd021ee3396ceb6de0a582cda706a6a
SHA1 4dea599bf66b3f8527e551c79a29d97f05ee46ea
SHA256 7952f06363f5d9c84b0d4b1450d2984096477cbd45b7159420083dcf7a0b9d79
SHA512 20fc3241a6f41e161da24cf5d0723e47e72e24baca08567789f286ce73626b7256d318663dfda1e081789e2c9fdc7675b9f1e862787ce648474d21256a5e9304

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d459dfe9cfc6a4fb628829c19916d662
SHA1 5603f454fdbb02373e267b7aa77e517a42fd3cf8
SHA256 ed52330cac847948064ff5b7efd2eaab09541c98b175ec7d557b8a13ac19fe61
SHA512 8e6f1889e6122af0b711d15029bf351b5af6c32de04575a3ca622e6538357ec950f9ff26ef234684cfa597dbe18c7554137f59d4ffb8659c503b29ced96fcdab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2b9130cba3ab6b781aa293a2bdca968
SHA1 231433656f346e45cf06beca4a938f43107f94b4
SHA256 7cdbec75ef04e4e9f94f469b4e05ada6b1002feae021112462bd61d14cb840f4
SHA512 478e94f66512095c1cc68e704dbb32878b465edf6ebbfa5891eadeba1a7886b509a73c6999f7bfa6d6056b680e97057473bc38f08145e078ea31ac024fef3d78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b96ea15d4405fe9bd1d0a6398d46ea91
SHA1 d09359faa3156f5c713860ae309c054bbd4dd7d1
SHA256 35527dfdebcc5ab39ca3352021186402515783c1545d8c9bdce60dbf587cdd6a
SHA512 47f2d21f16cd2e62059dd2ddaca94a1baf192fdb0cb0b4be1900aa2c08210f0ff72bd2d995a6189f4f968862044ed82b3989ca41297adf5de6763734015c555d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0be15751bf87c5b4b695423e0edf035b
SHA1 3fce3391de7e76d26cf169d0588acb8c49c485b7
SHA256 588dc370a9f7219341bde8b9e6be32ff97fc208b49f2298e47bbe5695af79656
SHA512 2dab993a6bc6e8b4d660227d5e033e492f14375918d1b08160675c6f2c9e8652748a70f5d6ee74932a2c8215938a0ecbbd734bbcc5d397ddd88726279c21fb42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92bb606e2d9f4c6594b637b9408ac81c
SHA1 46cc4738a3360ecf9f54a2c045938ce3b162cedb
SHA256 b4bb40d47f02f8b0d8ed74a7259189ea6f211b095b2599feaca29db367cfa379
SHA512 0a48f8bbdfb80741e1a25527f75fb76a44b4c80a221c1929b1ee464142a439108802ee92ffd0e7b7d2ec953a3a4223c4cef647d0143cde1d63533ec1e4471aed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 030b367acd9e4baf04bb0a904f2f25cc
SHA1 d3cfe16efbebb5cfddc8ef513de2c076d875a1f9
SHA256 9846f8a63d1d0529b04032f662901f5284ec641c60701a9097c58a9cf9763f08
SHA512 b67e636825164646e9b68c99de6b407c9a5e8fcaee88530c882fd039dec094b58ad29d1560641613dff9411570be4821f037389b623457e4d6327a57a5372ada

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e8009ac52d7978ece9e1defa474fa09
SHA1 a18f0e2693f312ac34e46ae359b7cfd8ec5317d1
SHA256 336915a976ceb8a177978d4f15a7ad2440c45087bd79bb67a272227484b7a24f
SHA512 ea8db4357834f122e39e1336521eb806964c912b9a26c4297dd623e95496ae1405cbd62536780a4eede8c5029c25afc2d440297fea6c3d76379d78aeb8fc2f5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3935fc514c88271d717690d3feb8e82e
SHA1 1ad38c051392086c2be9c5fb5c5b25c7f05bd470
SHA256 4c8d16af2c941d44fd54d7eebb18337c8fb2af9f89b46988c379bd9036e59540
SHA512 362e409a9679a378d911b512f14b24d8e4d18e3fe728490b1340a92b1e4c5f504d319099718558c83fbb0687a872c3fb0c43662a333732595cd284cdeec4e522

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e02e0484fde8acd7e3d126fb344feef7
SHA1 9463d778cb65284266a2c813e499526b5517d418
SHA256 f98a473119aaa77d1e95e0ca7063496059b3553fd45cf3e47fc1d71a29d7834c
SHA512 c40d940d3589329561fd6d35c2f525bdd3234684936fc4e041036d2453148d88f1064166d71cd5b5a81997705f5dcce0256f7a315ef7788817887722d3843a34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30d563ab2593ce8b276690bd499471f4
SHA1 771b08181a6dfcd291b1d12d6c7e9c94680132fa
SHA256 4a73abb0e074d0e40a106c79ccf3f21138152bc0cb55351ed678ad7dd62d81d9
SHA512 a973b4a20c76bf7381a697172a0fb0abd84283a016b63042ebf88c622fb2a44c32a9b6c98961bbb92cddd98248d489b943d56bc0d75a821dba0547ce7fe62eda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b4bededb068a54ccc280fac47be0933
SHA1 d4443850731664a9b505f05d80c9f579e036a0e7
SHA256 1dedd4bebbc5ebd8600e333c6ff79536b5171d1671ec5752e535b1676866ab83
SHA512 f8bc8aa9063bbfde63b0426d776f7c66d0c1716bef660b96a0fa018f93fd51e700d3c1b931976c8a514ae97a59efec7f6ba4c6b1e472cdc9567682525974d813

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d67944011f710b1ff07d2051d11e57d
SHA1 a8cd51c1f06a2079cf757aa49c24cb46e592fdd8
SHA256 408cc6a821d441dd1e95682f349bb41b6aa3f574190376eb0c5051f968d86936
SHA512 01631d97e0286c1c27fad78c3f1136da50c4c56fbceb0903b30036e453ce8c6dcf4a5ef7abe7b97e8dbf6696b48ddfb52a8839d2321d906063ec5f202c9872d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0f966dcf42ee9b8f9a6fe902e4bf884
SHA1 1f6655cc539dc58ca90c3be28d83f6cb0848dcef
SHA256 5eab88f92a6e2f5f9d6fbf7da0804891898a737f3a6426ce3edda23d478ff190
SHA512 38eea43f8b407daf26c22ef3fdff9edd5baa27737ed0034e93f3d2539558dc53d67a4da80fe004dd9e89d580e6aeda78400e75a73f04dbfda6d5944dd27ada46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c12866f480b91764f15208deb1dcb637
SHA1 e65ef188d72e07cd3afbdd0be4282d84039a3dbd
SHA256 871f9bee63ebb671a331aaf05e6ac2aefff162363d00448659e6a646550c3adc
SHA512 6708240603f918b6a63359ec239e6394020467065b7b5bbbf420275a520a3cc345897c47547a288f180f1ee92b7aff2a4db515799e0bd89a6846dad8c9a27f81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5704e254f9d030cb4a2f21a0fdb49994
SHA1 e93e9eef451ebc0eeacc4ccbbead722c3b5a7c27
SHA256 3a308f65d54ca2533de64ba95572ba753481a585f247ab39fcf16c959cd0bc17
SHA512 7658a9c2ca58b8aac25a506eba009f2cf5448e284f6d5fe058f44f671a539f900ff4650806c7ec9a023e51612b3bf6cb0598457dccee9c9f7467e7f78e368575

Analysis: behavioral26

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:40

Platform

win7-20230831-en

Max time kernel

135s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\microsoft.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2065309ee3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403150137" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C9220BD1-67D6-11EE-AB7A-7EFDAE50F694} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b00000000020000000000106600000001000020000000fbccfa9598c95cd80c7cae86bc422ed38af9630ca35228262efbbac866dfd4b5000000000e8000000002000020000000d7dc15d3cc722547ca831f5753c02e02e5a855fb5eeb4157e60090b69ca6004420000000acf26dab1ef5e4547673c64206de41127098f851433a14346b37e4d0039e92374000000045a933a143f4331d70a0b03c475d214daed50889a5671426fcc69a79ca1da863d1933ecbb1b27b7e1d127744ffc83e6b5d84d4ed9268a87a35fda7e1166b815b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b00000000020000000000106600000001000020000000f4a0576e8c0f4c7cc826b39bc53f65269133c7dfac5a7099bbc575928922bdf2000000000e80000000020000200000004546c196523e09a97f2ee31accb9dec96f7ccf7afe02476137aaff8a725c1a5790000000f6219b274c7b90c5d274b88c4f2b529c78b59ffb2887976ddd3e4dad546aad531d6a617fba48c7fd80bff97f28a8c4502e213a0a636c8b525fc5da26fc5e6f1525ad36454f0de48cbf2d4249781271248caf15acde1d03a604526b9a065d91193932ee3db23de2b0dfba4fe91c40206f1b4d2a310c017a262c1afd2306cd364efdc39e1999487e574030df7fca2784d440000000a49c2492d73e6bb75be0569620fae551168a121389ffe75a943e3a53ae9684d99d24911011fb1b5f9995f99250247a37f6a94b97b9aceaf09c340456b70f27ac C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\microsoft.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2996 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab8402.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar8453.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 673850834d5e039bddf26392763b6805
SHA1 764b0da81ee9bae4d4c4a1f1fc6b0e6c14f37af0
SHA256 6299dd190cf39de04fc09ebc3893b1872b3522bb8e8ef5c785926e79d508f634
SHA512 e8fc5d4a779d3ab0876d6e786b4f1c5bdac008c0a3beee5ef2fc735dffa4ff988fa104990cde1090953f4a79084dea91a31ad8234ff756880f5ed989dad11367

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39708b34ca0e1693f7fdf0bb7363e2d4
SHA1 9e3ec91270fe3e1fd1bdaf0c0cfefcc52be50f35
SHA256 5ca32bee1b4a9e7a358d09079586140dbe5bdaa2378868a638cd8fba920662c6
SHA512 083cecf531c4ad04aa2fdcb619bc08d4134ade80acd6ad8d47327e8dd4fe051c7981116df115f19bdd075520921551b956b06ddd02203b11543537d1870849bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a3385cb9b1b0102185f67fb764e9724
SHA1 2ec88a25c4d1c592b1017f302e86e6a20c62fa96
SHA256 fdb7d0e47bf86ea5714459e24ffb7994b2f88c640b006577a9c3a3d4eb327c41
SHA512 f53dcd61f273f73cfaae7258802fee71b3917c63c606dcc2bd7621ce48ffc75062b8acfbd93448733918b3f96d832eaa2eaa1d4e1013bb4d2d5401c3cda08ad3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb6fb82f2c9870c4aeb9a2cffa32d904
SHA1 ed9e0a587871a21a0e1b2d7731160f528cb0cc57
SHA256 91cedc9486d81a183ee075b8fe4dc89e54ecf43d783d6b84b0b41a0c2d5bef8f
SHA512 45520e6572a86c891e78733c44f38dd6512b9ff661e35fbc12558b3f2565ff2f7533d3c4bcb844e0530ca513e8a71b20ef29515b725ef4f566e311fcb792d831

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60f8eecdae5b111393dec3ee73999b58
SHA1 a29e3c3b563b21dbc1610e53d4a2c7ac0cbb2b01
SHA256 1b276e71e8d0ed7b94a9637896b113445ff28b16d8ba85d8327e6033421a3a24
SHA512 db66731a7c8b9cd998e563abdfadf181c70e04c1e76c8b586e28c8e527b14c604ae22985933c58985a2a6efcbbc2dd62721a4f4ca687e53e4c071644923d37bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1d4982689f6dc2c57ef32c221d60dcd
SHA1 3e1882caf04aacd0ec7e0856d44bc4bec40aacb3
SHA256 77c46d735a4612ae2858c4ee69dcf1b90acabecfee14134c4af3cb2fde65617c
SHA512 96f1e2642f7ff7f14b8457d6c395be2e08888457033e5acd991c0b343377348282abe361fe2740efd0a222399b0c78234e4164eb6a9e300f54890fc96884684e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca4c897de36aa78eba52018395192bf8
SHA1 cefb93484b6d9be0c1a84da7739ce372dff58e1e
SHA256 9f7b78a8fdb16c07601e069e0f94d60aa921dd986ae70bd1d685afe9fa424547
SHA512 e3cd0ed4a22a4a49e04faa99e5d92ac25c69129759ea3e953827ac2b8b2094cbfad71d29c8483b5af9cb7bb126692bedac14f10db069a47df9bbf9b2fccb2fd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7733edbb0d8b578ccda1cad839c17b53
SHA1 30740ce8f6bbe04fbfe64ba2ad67ffb0d2192f7e
SHA256 ce0b9efc277f6b40379590c972e3e3a9e2202e7fc4fe72f6a3565f15b57b100c
SHA512 b0d03088f5d601e7cd44ecdeae902ea8bb454885244deb16aac421578b77135138b76f3f2a61ee662c8623c0a94787cd11e5a739e5c249bc0e98f203439604ab

Analysis: behavioral12

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:40

Platform

win7-20230831-en

Max time kernel

118s

Max time network

169s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\facebook_mobile_fake_security.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c30000000002000000000010660000000100002000000082827ecd4a39d554aa38390ed30902254cc016e5c6abacdac6694eda1c39e5c3000000000e8000000002000020000000a5e635f9755e362fb8ac698f5e49eb58877362767abdbc2e497689697c74921f20000000d8ab6f7966e07ccd978a254d9ec41ace8119afc92483766302feb14ae0200e5c40000000e829b894f123f35a9df72c0963461c782a9c880b86ff38675551e9c89a6982e580bb71d73aed6e3e5f8ae093561e0e2dae5f497933f1d3a1a69d8e9f51f2f4a6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403150126" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4070fd96e3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c30000000002000000000010660000000100002000000058297b94cd3a84ccbc08c5fe993561a9306231516fa938355d7db65116037f67000000000e800000000200002000000011bf9b3374c7c50882ebdf3836e65b011a6b00386f5d880799601cd7a7365e8c900000002963a7ce46ff992e253b7df1c66bf18bf8afb047d9df3ddd86576fc3ac188daeb45d1f42fe27f37fd698cf315225d01a80a49faf5bd3674cc71bbf41f1c4c0dc38d0664c68e0a771ad33f1ab6ee60fde3468bddcb14d1bc48689ce4bf838fe30911620d39db76e606f106bca9014e2e53e4602957bcff854a4c669524b0f940b8f39b257605c653792f4dbc4ecd704d8400000006da30f94a4080cd32d37e97ebd4a7fcfd9b5cdeee6cb75b4207a12856c7ea2de2abea9dea75694fbead3c1c957db9d724ed465a81303c4e788fb80f9e0f426b3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C1B48E91-67D6-11EE-829B-7AF708EF84A9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\facebook_mobile_fake_security.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabE996.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarEA17.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 771b297ddfc1be4015c4baa93ed79a0d
SHA1 2c4e6038fe2cf1d6dd9d815368caf968e245809b
SHA256 35b692811dd25aaed13889acbfe63535ef74066bc0339c9bcc37bd9eec3363c6
SHA512 30de51a6161ba2ccb6225b9eb7120c0d7329cb4df0e975664b21257c10c6d9ec5f7c5d8410776797d8d3959226d0a9f0348800ff4153102d2d9315b1a180ddfc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa2fe6b5c00065770831c0a7d2e16e6e
SHA1 70b35904306242e8767798a9c8555f7cb84002fb
SHA256 afbda8a20033197b86879c62b73a30f8d40da37b12e3c949fdadb96558f0f412
SHA512 5c9f5f5bdbf7cc526ea475509b45bdc3b1e7abff63ddb4625072d9c5cc9eb2649944ddefc6b05e8e9cbc6cff0236daa488f41c290d602de15434620d80842e45

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31fe8a7882a3559d916ec4c2aed4a0af
SHA1 0391c5f74c385358a53aafbbe322aaba923801f6
SHA256 dabb7308a0515eebdfc3a51c0834e102cba2438db5feb560240c1f8dd25f2272
SHA512 6ab0bc3d8b0b5b7dc567714629e79f93fee52d6b05b6f254e13fd3ac6fe151dd222c55629c063e6ee1ef9b4faeee9998722462af6d98d31681df67b171e623a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d18834f179f41d69bb947a540df7d78
SHA1 cae2f30f69c42dc51f27d70eced3117f685605b6
SHA256 9b62de0979bff80f503388a5ccb43c5d47db8d379e3f789154972ae6bc6abf76
SHA512 74d7b60a005556620abd996e279e62488c0b3e5e8446a17541a3313cd856f1a9b6a25be56f7f7dd52791c5e01c8ab0bfae922e0d5769078e706923cdda948bda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5ab449f11c168b20dbf019adcd76429
SHA1 54bc84363ef3e64960869498b7763303679f29ec
SHA256 bab20b410243f0f750efb6cdc672c788d643aa5d096b0057245bd854ff071834
SHA512 3df8829505e2c10cbdb525fa8316301b90067ca3151d41ac85cb886c20c1a4bf662aed51ad7227b1e5f84d2849163311b84599d8720fe84f4f9f9929cb68bbd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e765bd66d67c423481d4a2092a4f173
SHA1 78f75440f1d204d4c199216d480de59b4a7428a5
SHA256 813011290940ba4e23ef10d2e43fdf7206326901581029e1621c0690a650f99d
SHA512 d4daee63d03ba189795e732e75f0cf7209437c2166f2b051bcc51b6080536f7727f2592d444f930a9c63aa3a93ec830041748664e98098262470339ff530dcf2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cbcf6ba92558c2039d0431d5f20ea176
SHA1 1cdefddb3cc1f85394c5bffe0ab5e63db4a5f13b
SHA256 e8a06343d092f150856627d71fec3dd9675c0f0dd8d5f208a587d3894bacb0ca
SHA512 9731babede1a5c7ddd1eae2bfc0aeafaa03480eeb62e3c1a9603bd99f5f5cf9d05f6a02ae5f2723ecb596c2cf3a271321560d8206ad55e39d2c5902ee23e2311

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34b6f40165637e727121761558d84f3f
SHA1 a0b9f0ed12307960331599f42c2e35bec2569164
SHA256 3292e5e292dd18fc1298f06d14bc3c04fc442dcf7814c35a88ac6879dad20116
SHA512 2a38b86186f9572a9678bf277d0465aba8577174505a7d464ceae6eb7fa44ae277a2b3835a79e4a34bd2ad087bb044bedc1067c1e269ae52d0cbb78d9279e5dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5591ee073861d592695b1bc060340fa
SHA1 18e7eacd1323809b2d91c60f6a255b532e4304ef
SHA256 7d109203ba73ffba8ec1635227f6dfe99be7a74d08e526e9c6c84cd4f8ad9f3c
SHA512 498c67694d457bc557ac541885c496612a398041d770eb48e15e2e6289199e4cc432a1092a9f352062c821e03791cf6dcde727b913696d70e2f4685b26accfc7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cdce07297a50c327bd73c98adb61e6e6
SHA1 6e0ed71a56f1b45f3e622fa7018df9bdf505dcdb
SHA256 3550ff8cf202a89cb52c8ff0fb0e3e499b0f4742add54309b90558e9d8cca8fc
SHA512 06e403c1c4dcf2677756ee1ebe411c47256680d1e4c619fd97df9316d7b76880cfefaa2dba2de6bc6148b97496da2ae03aaa037067be9283d9703282ed2cbedf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 631ee4d9582f3ea3e1e74c941e90bbb5
SHA1 cec96514a730205f045695db1a24c679b882a7ba
SHA256 0e156a8584b15ef7c5b1badb2b45dab74648fce3166762373530965c7470e620
SHA512 e6d54c4421b156b22da4267cbae140f9a8ec318352d9d05a185252d755c5329adad0b1389fe2823b8b20283689b7ea74dcecc855b43aa7118c71b1e3ad969287

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8486189f6bed540ad1336f2e4456aafd
SHA1 b87eef98bc0f358d67a221df5980195f09e7653f
SHA256 7d6ca0a4df3a127bf6b8a6e754b98b4eaa02e70c8435ad7b48618072f08542d5
SHA512 1418a221b9fbb16946fd110be59e93e2c8b16cdd83e8853b293e27b0171acdaad12084e8d241b501b34896b20e89b30fe98b6fbc7e788d5479199a7903236b1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f982b5122e7ad930a0fec1b6f6364db0
SHA1 dff7a84cea4af0eed084bd38fb74ffddc6d08a14
SHA256 433ddcd3fc2912bbd8ac94c9d57e33ef3d672dfb74ab036548d12c7bcd54afe8
SHA512 e5856e00d1b3559929c2bafbcdf06a6e945fc921278eac0edd08862ddbdbbf9ceb3450af01b20b2f60c77324bc02ac91eae4c442947b06d2103dacefd1a949b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f982b5122e7ad930a0fec1b6f6364db0
SHA1 dff7a84cea4af0eed084bd38fb74ffddc6d08a14
SHA256 433ddcd3fc2912bbd8ac94c9d57e33ef3d672dfb74ab036548d12c7bcd54afe8
SHA512 e5856e00d1b3559929c2bafbcdf06a6e945fc921278eac0edd08862ddbdbbf9ceb3450af01b20b2f60c77324bc02ac91eae4c442947b06d2103dacefd1a949b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7289d6a553cb7be08826384074d2c57
SHA1 388ab686979de9ee48802c3a2c44675a506cba7c
SHA256 65c22b2be65eebb6af89da37a0c89fb81b5530d10b41444a436c471829851d3f
SHA512 69fa787fc8d860b6fe8383350cbf608325689034a225c8ef124e03a63fd99616426d65b107cf47d83778d02647d5e7b6dd731e06f69842420a201649a9e6f4ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e1baf5a2f067e2fdfca707c40e6e7cb
SHA1 d3fac532d3c56e711dc87a7b4d45c5454ef1b619
SHA256 3338b4b9c64f7fda25c487da647eb566173cec40caac2d0617b2b8e10ed2b198
SHA512 8c335b5cf3d670afbf8cf4efc569c73ff2569382f7aa2ff33ef1ae139f956dc05801aabc94a0e7d2f5662fd71dc33c741fed26952d75b8d22c719b36cd60c951

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fd0e777099692bc9292a09384eed0f7
SHA1 ecfc7f72cf56b2b621816a09870c85c58ceec250
SHA256 0b00f830c370fef8c68f79e4b6021d10aeb372158b0905ba12c0d1ee64e253c5
SHA512 5b7ebf0ce530ed19a22255fde0054b093d0783a95652ba492cca95469c6fd7113543a0477ecabab264b14f8a3479100f73482621ef03c94d4261c63324c7c85e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81199757ed6702d20a79a6420e598ead
SHA1 95bc36016d898d07c4bd6a481a9f9e876593794e
SHA256 36b3ca63c653e3a36804d435a6ee7808510c6b2e94f2f896175f1f2e16221ecc
SHA512 dd67802673c92845a26ccdcbe3b3f15892e6c8970b9a942e1745e5ed7dbbd9230fb1cec869ad5827a5d246e42d3b2d7a74fe98e985f0a2667b9eb96fab120c42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c95c91ac053da8579e0d7564e76aed4
SHA1 9c440fcbaa213462f1f5b966ed99e4f1a6c8ce00
SHA256 3ac94624e011cd811e90727a395b1cf3c305aa6504fc0690b79607ec189a1638
SHA512 9d75ca75978146a473016394c3e4e27f25024c75693885e7f1720ecad84a8203f2369f0921b3b4e35007f646067c7ceb542bfc320993e6ccae30928d3a27030a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46075474979948aec020c3f799382a2a
SHA1 4a4b07830dc6c545df994dc1ad578bc388d07a81
SHA256 9fc172b834ad0496e10a94569763afe262f0a382fab4e49234a6be667cc24143
SHA512 488b9616c383bdaa119c3172cf66e183093ddf5980b1d42ae8f68f6862c5244abd7f6316e4ef1d129ef36446beac8420cdb83a422321edf6a01df7eb7fb6e618

Analysis: behavioral13

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:40

Platform

win10v2004-20230915-en

Max time kernel

144s

Max time network

152s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\facebook_mobile_fake_security.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 708e300fa9e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0a7b40ea9e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401529074" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{DB19E808-67D6-11EE-B0C5-7ED7EF050214} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b0300000000020000000000106600000001000020000000ec97fcd30f0c4c7ebcb4711a9da1a4db8fb5427594e8a6c716a948f52b8d28f1000000000e8000000002000020000000c1afb233cf4fec44433ef403f3e14e08ca935936269abe063c01a0db2990aaaa20000000d218b4979c1f47161a699093018e7addb0dbd682e7e0f4e596f3c731c6472adc40000000cd46cdd59e3c437dad8e1c3b23d18d4611354a2e0831aa98fe34cb5d5cf51b652470bc4ba26d5fc47a1de423ba7b9bb61d9cfde871e4f8c893b0a62e86b83b18 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b03000000000200000000001066000000010000200000006247f0b2cd90f372c8da8a2733cf3d38a8b63a7d3d830db4f4f560d217c84707000000000e80000000020000200000001fda4c442f962222c085a5f993c3753fcd6e77356bc5642016bff85e311084982000000067ab9b3be006a0d711f0d383b01dab94b14afdc323351e03abd03e8ae4f40ed340000000b38b2e52b0e242bf069347333cfb5b68fde918db9d86e4dfe58719ddfdf2bcd206bda738d2463c76059ff8cda79b0aa258e75f9456712acab84f68c7d74c2c45 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\facebook_mobile_fake_security.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4080 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 126.23.238.8.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HEITGDYC\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral17

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:40

Platform

win10v2004-20230915-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\github.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{DB25535E-67D6-11EE-B0C5-66F797301216} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2984283682" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063011" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b03000000000200000000001066000000010000200000005f36a724309222430e52c86bf92c8c7233c92961288b333685260158f628b6dd000000000e8000000002000020000000c4a47027071528bdb4bc8b60f9243e21076bfa5cf2028a1b9cb53f337fa39ab820000000e597ed307a938a083f30bb0d2fe0314a7753e146d2b2de947c2a93cfd4e751a0400000004a8bde659476f7de8361a6df92eaccab99f77a4a988062c399e77b193c43a5e1fb5747b99087708f5c678d72c53eb369b696112d60019ab8a71e05ba2e02921c C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31063011" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b0300000000020000000000106600000001000020000000feefadaa85437e62137cae3acc9ad760da332c146d58326f362d330be002e275000000000e80000000020000200000007138018a71ca35f9f40399b557adaa5711660a5b3d3b6eaf6ae7d5599058ec6d20000000390bfd4cc63e18fc927794dbd286391a0d7984099805e0e44359c96c728490ce4000000049ff0465603606bc80a1fe3998a56157ef79c7ef5ca7c4556947cfd7c7daa9a8f68ba5544dda3effcba075d412c280b49be8a9151af911aaead7f9bf3319570d C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2984128172" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403753287" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c01698b2e3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0602ab2e3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\github.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3184 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HEITGDYC\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral32

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:43

Platform

win7-20230831-en

Max time kernel

205s

Max time network

239s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\protonmail.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000918258b1c6eaef44bc85c7515db804ef0000000002000000000010660000000100002000000040e5d30211dfe0285a34da8038bf50952e64b9e639d2837e9b0e6261e759c749000000000e80000000020000200000000220e086034740f7036e53e488a7d87a53a8d6b10deb7a7a2696060cee55e76020000000836865d01a15851aadb5947ec8190a1ef041e250dd0e292e9a614fea83341da140000000e962df91a1e2f09ee47ac39477c8dc21e3f556f8f3e59f0dee8fba9dc2d041d82c20fe8a755057d898df5f5208f371e126291ae3b241ec59742647aa9edbd3f2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403150363" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000918258b1c6eaef44bc85c7515db804ef00000000020000000000106600000001000020000000d6d2a13e1de31409c64d2bebf4a024aececd32fd5f03dc857d428ff610c01b23000000000e8000000002000020000000959397f68c315c58043272816700102ee797e8d087009300d036dbf1088b56f290000000e6fdb14dedc58aac961a413c7d204f3b7d880c1ebf441b69b787d825d6134e36121278c4fbdb3de0e1f2c060705ef5a5d880f7f520b81546f0e9fcc510978f872f817bfc3cc493ec6c1d2a25dd06a4a94275f6c0bf3ad89dd50cec8a38f20a00d1ab7c9dba89beaf703694a22c7e2c2a8bf84dde62d5d9b648915cfdab498756071a45e5194dd9fd344ec7fa64eb241040000000460bbb73445065e33a9cc6f0ade6ed2d5e3201a63a177bb5dd2cb8d70a85990ab0ca7978c3e9dc8a5afdb4ef2bb89985b88a33aeefb3e4fd108217c050af0f3a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0fcc52fe4fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4DEF9300-67D7-11EE-AF5C-C6D3BD361474} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\protonmail.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2776 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab4655.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar639B.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bf259bd88d25f104adead3f1f564991
SHA1 a1651bcfc9d9bceb16f1c824eda69d97b068d0db
SHA256 d57946047c688b30314a1ddafac89acda66186295e8ccb13d8c5fda2f224f958
SHA512 acebaaaa84696fd1585754660b319c68624be915613ea45be74e553d73926b7527f2534a9f3abfed62cdc4f58d755e5f6b4f857432c51165af2f4911a6e5f4f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb06f7fb1b92524493e100806ad0b1f4
SHA1 6b86c189fb6b62492c778acdfc602afce8ffc1e5
SHA256 db437e84b8abb7e6aeab7f6c460d4ba3a3de718cee0e4170e590b0a2dbf25f16
SHA512 2de460bd79c03ba5575ab4f92b842152be6416f7a91fda65e6d0cbf5359b18a4dfc141903fabef4d637891fb8b3dfc6c6ae6a38d164677ad425949c705dbd13d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60737b9c50467eb55db5f7ec6baf693d
SHA1 85c4cba61c802c8c98d24efb6548078acfdda46b
SHA256 76f4b22abe9ada96e9562a18cd0a84f473f0d8739ed55490ce439f337c31c399
SHA512 cc3b8c442f08d81c01fa77fe93bfe79ffddfb7cff7b6801d807dd0b2c374b60a8de8bfec452e73a2124f09be1fa3fb518f9550ca06b492ede4dba7544998866b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a574dc431155cc2b82e58e52ca5fe44
SHA1 869afa1a391aadec667249cc58dae04f97b2dc73
SHA256 fd8112bde374b0d2bc711f371d1d0d08781d96948649fb644c177cf3da1809ea
SHA512 785cfd58bf874616e720c83639655a690af8a693e1665aecfcb073b86866dd8688be78ed02085aa12a8735330d9b14e267aeb0d5f6bb443a883ac2ef47838f4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89fbd8b1cddd3dfc8929de32cf3d0d26
SHA1 d2d8fa1d86186368071c7cc7cb5c4ae4fa0f4709
SHA256 9adef7593c8b0f5fedc8fa8d26c1f43308e1d5b9cecf804f1314a045d610cbae
SHA512 f4c717debfc211032c4d47e171257efc431cc3db740358f38fde2a43739596505eb3588592e372ccfe726f4c6164c6a3c99192c263506dae6f093b0000f037c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7110221f2759371248d2404437c73384
SHA1 bdce5e8cdb5c0d9bf8c4d63fbac33047bce69d14
SHA256 65cfd4eb1e4aadf5e32583e0385049a3cd8e5f518e6bd6e6f8ebf4f4f1ada361
SHA512 808f2ef3f44514e09a882f4442a105e12817098ceadf7e037fa844a74a41d339e040050577dbba983523bafee9aa1d8faabd1ef62e9a546bac5d364b98d85674

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7712e4bb7abcfe21db2b9408e61d196
SHA1 e1b75a922460e75d6a9f4a4f6da4c4951e266201
SHA256 dc1a8ea0827bd75143f2c253cd7c38825b80e5b0403fd2275ee0cbe5f2baf4fc
SHA512 16c0a39245c941c48964cc49515c2e7a0afcfac45c3c2b7020895b06d7a91ba40bd0b28180ea09d5efc57916a0b44e780f7666e9da418f6ca13c4a805681ff08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c3221130e7ae7d3112b22ac25ffbd5d
SHA1 d961b2d5d992f156979dd0f43860db5e1ecdc1f2
SHA256 5843db02a175e0f5201a8c52a84ee49ecdc34bae4f502cf26304d0cfa3d2d7f3
SHA512 1d8f402c6f11d9e0b9324db1544f1bbb0ed342e8db6a30bd122b286ac710caf7804855c596e6858cbc7a44b1452efe0a54722dbf726fc8d9232cfc2a0b7a0a21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aba698d6840435f5e0d0766f41a1d7cd
SHA1 c5040486dde46d813d9f230b827b4400424461bc
SHA256 d11cb50dc5b16c4344afb32b968ae35bb9b6487b9a700c421141e7e76263d8f4
SHA512 15f983438f47f7e1b54c3bdbb2f0fc87f51d0f78a5c7baec559cb14f2583ed1db807c70a8297a80e17ad39c6e2c5ed62f652881c85d704efdf6ac3875b53b34b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6b9127c1943508af4a75943b3c9d8ff
SHA1 7884b47c68429bb31af7a60d6c46ca40d57749b0
SHA256 b21e730d12c332c3c4b0071c4e2a91b7f3c656fb8de22d2a595f08d8b22fc437
SHA512 bcedc1304f1071e0e2c117502fce799a5a18b7233398e61ac62c6d80551bbe17ab6dcd65bc0b0ce080c1fb500b3ebaf631c857e4cd3fabfde81397653858a7ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35258f9958ae63f05ca20e287511ffbb
SHA1 1bbe8d7cf6cd8870b2ac0ef55a08674ed91aa19f
SHA256 41bd1e21964d6f873b69089a4f3164d1f33e679e62ee8d526e3f51721084aae2
SHA512 400efe65fc5cf664eb15a6c5ac7cdc5956f769cbafafc7f2f7d18409514a8ff9728719a599dd1986f81381ac6117ebf3752d6d5303532cce9843c4cb3e376568

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f7fe3a2230f1c89b294593297973668
SHA1 6d0aa25d4d0d9208979ff6d796665da1924c6a25
SHA256 6d5155845de176414d1427b917d953aae0269f0e4993a8803d41258ad2e01625
SHA512 55ac69c907ab1b309d6e30bf1ce6705c3802b48b6672be3a6010475433164f1f01049d953fe518df7139e66af861b1398f0bf37ac32dfb28d711a35fc7de0ccf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4a9f1ce1fd6f7cf8a64f11383c0f0c7
SHA1 f172146aad0509e08bd34a471a0decd608411f02
SHA256 4623d4a331aeda0301f7b809d65deb0e5dc7f9cfc4462fcef40a9886c476fd80
SHA512 48f904022558afbd4d9ffb102f80d06890d949f109a5b1f1a007145363dedb63f94c319254283b05df9690ebbb09c3404f922ea271ac29d382e0ca6906b73d00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4fc46ce1b2787e066ceb1c599b8cb37
SHA1 71a0e260809a3145ee05879cfe379971534d8f1b
SHA256 19fea0d2d560cb62a778d9a94cc2260f77391157398e989a4b2a368c03372a3c
SHA512 07990478fb4148f2ea73b732d859c3769fc896a742f89bdbe663c89b1de0c49827ed3499720bf7f486a67d45fa689905b9f7952800c95bcf216da7bd024d7637

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8304e4a6a8b3c76ce3e0c7ec4ea22e03
SHA1 256adfe9e372f7a71348cb06692c28bdad8801c2
SHA256 5bf308ff32347fcb6265f111155a3b8564bd5107f5d9e1582c8d1fea020e0732
SHA512 c517e9f42bc02903d19e26261a3780b78b0443f86876ed34cafc9e24e1e5d87424a5d6d7cff9233f403191a12f1e683008e03a564de0c3bd9937a04a95d196cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee050407dc83300f2dc79de2ebb5a28c
SHA1 db0cc171dcb437fab95a51a1ba07330aff249329
SHA256 d895e67fe96a70255e66191fb1e3fcf78e59038ab0c60a30bf07657531146337
SHA512 5780b5bce7ea56cabeaec50273a8ce63ab89f55fa9662db3c2baa8d09769f21d7ecd31533b705bf52737ebe1ef1ddc3afb02ae100f7079dc2b8d958d43a58cc4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8bf04b73ed5cd513497767c159ed3ae9
SHA1 dc47b7841028ff7e35db38398f23b2d3f7df17c3
SHA256 5a079d3ea2a8fe295a37c35508d3eb05c99ba4aa71f8142e74bcb3f3675d2245
SHA512 67ec26c24bd335159c1af23f3d5df7b2fab1999f8e9699d9cce14c569c8c0bc1bdca41c74f7ac2e2ade5c7b397c3cc10168f97cf5ef172025b0bc15d39a3774c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76ccadd21766211701fb61cd9a3f3990
SHA1 8ac5f1aa41686ae6da07d670853669670570048f
SHA256 dfcb8b67df850483b8dc4ad5fb17056caabe0b1adbcbe2e40ae2af13a6ee1bb8
SHA512 d8c33ccf14b42553ae2edf436cab7ea4e5380ae6b4c8f2f6cd2557e73978f5132bd8af1ead4f8ed27c3c33a7f4044c69befafd397f66dd4bec0b0979f1357a94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6774cd62285d0836174c6ba6251af178
SHA1 961026f4c2a280ee74bde06fdc0fdef213303324
SHA256 61f6db7f67d15d1ba1fe60a765a8ca77b9f2a49f4853d96eafe1aba66ffef5fc
SHA512 c9783921242b2982cba818e2fcd83d67b737a8f31efbee162599a0207794ca34add3daabd299cf9f6a52cc75c9052675ecbd7ce9213b7c1c5e1cafa392a26664

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb0da1db0385065c7cf2f56bdbc6aee7
SHA1 1c4e59f898942ce862096c898fc22f8523e2b1e9
SHA256 d4708ad49b233ef878c1205dbd5701723b81b2f4d6cc28223a1679de502f9dd7
SHA512 4a3ee5a39673c18a72edbcff4a9e1616826f709139a3be4f14f29a2a2fb8c41406236283aaf3129b607b477355fff0dad6a2a770161561a977cf0950656ef13c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7bb9ff6bcc0a84bcb58e7efb2746c172
SHA1 244b5f8f296cee0eb5fd586d57158954e4250e59
SHA256 43df617135fa1371bd9e22f1bbcf18bbc532e37eda34171c5cd777d88688c3f9
SHA512 d2e5f558ca3904a193cce2988bcecbf6e0a7845245c089ab67c3ff6e5d3b58eb69920483807d759b50953fa3d9fef3e7d25f9cea762c4345bdb0387d1a44ed22

Analysis: behavioral24

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:41

Platform

win7-20230831-en

Max time kernel

118s

Max time network

132s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\messenger.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E563D761-67D6-11EE-8654-7AF708EF84A9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403150185" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40d268bae3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f000000000200000000001066000000010000200000005b76228e8d179914ea8cd879f76500a27e02cdaec8acb4352b3581a7655ed0da000000000e8000000002000020000000842ded0b1b0368f0d94c208c13223aaf68c128aefbf97e1bfd5a8ec810cf71809000000010eb3adb0cab093d43f350722ef0e96376c1c9855b415672585274eb9deebf69f70d2733f75d0b5cfafe2d3f609093e81ad6a9e275771e9520caf0f24764ea2a1579946e528ea8a7946d03ebe0a18660727d2f4a10da2339f8d5f84604cb0a8d41c6724d32e3251060d4fc4a8b4a97fb25e982ed077fad1095af40ec7026eee0735d560481e627d44a73720b815d662140000000471f23da5e5903644bc1f521a90d135e7856cf55b0d38a03605ffd2b1a2e4908c56f02cf1af2f46e9d810c134f7a6b9348c0180662d54c4f89b3f2e4f15427d4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f0000000002000000000010660000000100002000000007cfb76b447c815546555b9c0d1539431b5f6f7b939e67865ca03ecf79d0e179000000000e8000000002000020000000fbd94b096e42aa8fd903cc66b2bff9a78c8c93469758098d247c14f897a27d6c20000000be9e7be0fb9cb0c9e2f97469d93a08ce3b7a82a2348409b2eee53f79e88fc70940000000bf290e5d8a61f78d5576eac0c015b46b955f86012a4944056af5691f0051aa4bfb3018a857cabeb006e0dd0d9627acf5a7dece243792871da703e35a4c79edd8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\messenger.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab5EE3.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar5F74.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af63d824d1034465994a46d42bcf36d9
SHA1 db366e422d1274a3670cd6b7f5fb57e6761ba25e
SHA256 06feeb28dcc5e6bb0fba318d565dfa903083910ad567c3f82ce7992b7ef3ef8a
SHA512 2dd0a196856c9085d1dd22511ccf4dceaec8bc686b59c9e85aac8bd2e766263beedd983fdd7cb317b537d3500f8c84f79bdc4ed16d3c1187b612e368cda2aff9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca60cabd3df61eb188ca84c989e9e408
SHA1 7cdb71aab6ee02eb209a8e629cf1978b10365205
SHA256 5215e6291ca475cdb48164a69c133438d17d1f8fd8f6a3f118be88f17e7487f6
SHA512 4e5e18ec5e471541d1a6bee6bfe66864bbc0023a98b7bc25ba44fed88b4eeafd97347e1173d6dabaec11eaa92574beb5857b82714a976ee9dffda5967ad581bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4266f2bbf0d2340031a685c77d4bd29
SHA1 e3569dc0abd1dbc1723333ca9048b3a586e30914
SHA256 693c970c1ba8dd68b01aacdd89922f7998ec4691b88bb777c89f92f0e98b2d31
SHA512 ab0c4ad5173144337a274de76608da16c8ecd262932eac01bac120ea372ea1f8869a7e06d146a4f5401a3d9f935c11b64476f04aa617fe78c382bc67f18a4652

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3dc239b117451407a9f65ac550fa7da
SHA1 941f3e15d5fd1d83e184508d1be7d9f4260efdf5
SHA256 2627ed5a230de542d1979520bb3a40b41226ce0ba73e74d01364771fdb2bbf0d
SHA512 7d0cd7f43ab3c389640637de3669d1d220ba2d667acdba967915e661f600814a58b4414759274321232146e70ae4a55aa60867514b1d5293cc7419b19c7e84cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00e4612eab640f7b2fd1ec72349b7547
SHA1 eb842c44bb36f61bc2c05f50e2dc7632a424c87b
SHA256 81af29311b6566dcf722b2a28cf9f39b70eaa9c177a015c63c056835e75fb093
SHA512 7c96932bca954cc24c427216feaaaffb835e6427f39fd10b307e1ad3606664ffdb16d0ba6da3e2579b1271143ec272f6d51953b6762a144775ea2367a049ed2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d48d8b46e8e348cda0c7e05ce7699ae
SHA1 1d9064b783e8383d9f90d76046ad4d342c313eea
SHA256 4d6cb1b9b2105ece4ead1df812962debacdefcbc9f667b804ceb72a9c624ea33
SHA512 d6759318f0f1a7a7d4466706ed0ccf0bdb804560ba1f61281c2ba820eae882ec5cc9fb5a2d73edc2d3430c19b916fed5127ce841b1a65df71c1f309809ac65f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd3ad7b5b25bf7f39162a1fa4f4806de
SHA1 ab3c4d2e13c279a156f22c985b549363c22dec06
SHA256 763226ca3ec38c8e68a36feb2f14094167f0c5d287d4e4e4fbb143272aac26d1
SHA512 491a106be66d0a8726cd39f8ba436cc98ce9d0a337f4f5836b3f73739a118ebfd5535e9c937a70ff10e27eb28b944b2eaa55550521ffdc42bbb42e35cdb2e692

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c78d4a242bedc84f9e69fc7288888f9
SHA1 d4b8e80c9be3d3bf033f80fc0fec18f79c03d5bc
SHA256 9e45cdded481e0b84eb05ff718de30898c269fc21b98f09e535f30992027e52a
SHA512 eb350cb6f8e9c90c133286e2e23add1f07aff96fd81695d8db53e476eb16c3e5c2b87fb4ac476eebd6f87df815a896e0862662422e62cb6ca4c78bd7b3b1d5a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 260f74c1f0664d595c57b731add12700
SHA1 8e757e94a2f09e62fecedc8fc503b7f0d18a06eb
SHA256 b1c8928c9729edfe6b2c3b0c274d1a2e3aff3b78254055868533fb515deb233f
SHA512 e4dbb05b7b763b71ea06a8737f2c86174ee9af767b2144668cbaa3c4c2778dd6568e6e5bf9dbe6ed5b91ad07c6f92b422a30513c547d0d074b9e9a1e2a1de76b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98ecf1e84b3c8959df2355feacf8768f
SHA1 fffaf6e22cd8319f94ba981f3373ed4ea6e16d59
SHA256 5506617f8fcd300a06ab568698ff3e9e1863561bfe7f1eb3acb9fa7dd8c50055
SHA512 9fba34c2cdeb74c56e069d2fe7f4a8df22c92479bcdfa9c7d1487be05abce19d0d98c0c34b35da6f0bd3c713584ec7871cf0298aab9be36db615f4ccbd1dda4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 942c3f80eed812aeaa7ff2ff6370a736
SHA1 0edd7574b513ad5aabf622dc0e5a392a7e049084
SHA256 4089a74ae28b0638e894b155dfd50efcf576eccb1deac82be129de28c3a25cd7
SHA512 afd1923765eee81b06b9f8f912eb04d4de4e0183f505aac32ae348f623de860fd312dedc04e8cad79c4651d4b12f4b7c14370c38d47efb55a2fd4b56a58d2e22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42016a6bf5ef26872365369850130c9e
SHA1 319ba5ad84490599ac55a2474b0cefdcd87ce1e7
SHA256 c8a9602f955c7e757fc7b898210060c20fd28b1a568098b7069854cd927947d6
SHA512 feec5248b05afbd387777bef053b83590374f2d4a2a4c5a5ac2b7eff41a92ad50d6e3143351078eb8fc8bd1073dbebc6063d75d2e52cd499421880f9fb844f17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d01bd3c3d7f4373fc0970f7558a7647a
SHA1 6c337511e37bb7fa25398a81519e98f9a4bb4409
SHA256 fecb5f001f4d2ae72f308067fc654d1e4eeb126c4c434a5d17c9524b66f489c8
SHA512 bff825523bffb62e0634c42e6c5b34e505bd5f17302ba965d23b83508318239b0b1eea17a249a0784b5a220bc0342fe12f1828bd1614b5312b45012321614fc6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c10f6962304a42d2790e3ad5aa60c3a
SHA1 36bb9f7a9d3a37899e3e7e9efd39673d3ebd840a
SHA256 f602a1a7686a6dcb0f42e8593c974b05c52311bc3a53cce9f0c76d662a0055c8
SHA512 da50f937935273b890728cf436c12e360092334955a4dadf80ebda3d3652a82c23e75c7af07d1103b1cb51c9f8a552978378239c00eb9bd18b1521d4a88567b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8794751457ed66d67a059bf1b925fd87
SHA1 6bb708f4b86a2a517bd0c681f93e8e8025a538ab
SHA256 d545f65fc196baab9ebb9dfb66843309fd9bcdeae4e48c367051f28f654b43d5
SHA512 751894f977ab77314191bf24749e8d62077780243a4cccb0203f0129f725ee6f68bb03ea8685eed9d03ac2880c063cfd2b17eb62bb9288a582dbbf60ac777311

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 111603204c966181cebdfa367972046b
SHA1 f8881751f7b5718eca6b76c391b34df89e8b0d22
SHA256 e0c17ef124a8c30f19babb61f74c5cd20c95b64e2971b6f24d106d6c691d8b3a
SHA512 0a1a7bebedd426f77df63cf57b225649f25094f95cae0bd7d03b9b6d6cebd9b94301aec45ab0bc039adbb31436b9bd25ef83bde072ceaee1b6bed8adbe0bb3e8

Analysis: behavioral6

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:41

Platform

win7-20230831-en

Max time kernel

137s

Max time network

135s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\facebook_desktop_homepage.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60b32ab6e3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f000000000200000000001066000000010000200000008d3ee0b47fc39e1b337b883eb2f15dc39f808ee773e10d31f5876f2fc4e7f928000000000e80000000020000200000004d9cdc74b205644c3043ada9b9d4bcff274e5575f31a59af0009c4203325bcd1200000006789d360cc84b60861bab4746249ad1fa74318eb0e2295911162178c7c58485f40000000cdd9d3ce4e1d48639ffc0f74f239f7c4e1f3d521a1c08424188ec6894577573ac077995770632344f04b87e00c0e39e9118e594f437529c04c1f77c042a4a9f1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f000000000200000000001066000000010000200000001f5ff01d73a13982ffe54a7a781960002cae8908bfc9e38490c892a931006064000000000e80000000020000200000005cac3cfd4ecefbef2a828a060f87240b71615026cdead48e277416a1296973fc90000000687b31864dc9d483d25afa6578cbd3a013135dedf274de521fd9fdf01cb3785849a86868c0ad59c9f11080a4079823a442227236c31fc5f276263a1f371c5127e2896df4761c2ed7a05930884cb6cd4089682c581d89ac02d3a39fed8144d281e071554c1dca10f2f813c0c44a32c9478e784af34eb7fd9792f1894253ecba6bdaa714a43529f4e1dcfff39cd66cce7840000000388eb82fcacbd245681989f335aa21c5a3a5cf42a640c33d2fc52487c2da17c876fd39ce3558f213d2cb89b34fbdd0463e39b325f2910f393d0f9f279c9e5ef5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E06C24B1-67D6-11EE-BAE6-5AE081D2F0B4} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403150178" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\facebook_desktop_homepage.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1292 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab6901.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar69D1.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a23d121a33dc9e95b432f11bff56f5aa
SHA1 6c6c84f7091dd719cac79a8fce2cde04da23b908
SHA256 7deac7f07799b6a15c10b86ba778ab56242fefee3bb09a5a6975400b4823072f
SHA512 9b9359906fd2393d337cd0524d5dd1b6e737297847e8b45c096c449ab035c8e06d7324dc8eb049f8f4c36b58c7899549000ae2209a79084a0aae335563e5bca1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78ca43f935712d2a6b9cbe0ca5af9604
SHA1 5e111ea9e8e6c3b467d7459ab2122519a9e383b7
SHA256 f20e80f06b271bd2a228351ebecc62f0c9f0d0b2fb8767ae9ece9b751303d892
SHA512 3be67e7298c46eb1a0e318fadbf427ceb9bdd956a869e324febbeb23069252b96d04c163161ead076ee6123adebd1770bfbeba47f677d8cd712cc4a110f362fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 006b88f2bd4636fadc5f97a93a5bd332
SHA1 37f824b383df5fdbc5cac080ebfefa476b3b85fb
SHA256 b31e8918878c2fb649b833d74876af9b95a336fc93c17509c60af2aabc40e5f0
SHA512 4a3ac349798d04d4e60bdbae8e18b79b56729be69354c054f4db74751834be8aa2dad1eab783fd4eb4bd3c60e530cf95983c5fb8257ea965c80eddb9bf9546a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c95fbc7e8f9650d9ac4de3b0a2750fc7
SHA1 33a2ee0270846c80f72de539aceeaa7487527be1
SHA256 b29f6b10a0905ab5ffaa0c3d73a4141b4cdcda3a778f6f30e470b3e2ddb1b8aa
SHA512 858dd6a758864fc86b724db6ded1ae0996658e152a61f9015595787449f5744b8ef9208dde9a89c8d90446934879a0613769a4799662a958eeb000f3daf2f544

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee1d7952a88a9bc85dce8f91147081dd
SHA1 13ba4aff66d9b614b4431259477575390e7d95c6
SHA256 49840c21456eb169ee4dfeac204e3428fc0584b39e7235349fb864eb71d7de2d
SHA512 4b6056f2ef7e0b0b0824480d142f9cd3bf3a7f9dc929ddfa1a56a5a48fe7ecd89f3d7f209193b2ba3c3e94b9638adb7143c117168b4bd8de3096d155406c63f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c469f81905fc61ad057779774a1dcfc
SHA1 b123fdd67317aa76d55f73f8e81a66abb1b1c63d
SHA256 a0533b4e1527feac3509e148b0043cdbc76bf4bb972315f582409ab8a5cf72ac
SHA512 610e5a3000e00bb2f065cad8076f4636a23a8a51c9ae21ea0ac8295a5e6042260a6b125a95b65f534e9f90e218fd24bb22a19b522fdbd05d43b485e89f65e7ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21d9b8438b9eb920236854bc3e2726b1
SHA1 484256cbd7052e8a1183791680797a6474675a61
SHA256 599a17e0c5ac9967fc78b994ab1acd4eb6673f8a5c1e7d5817a640c9b883e404
SHA512 f0d21f801c6adb9e64465d30dad72a6d9920885c787ca495b9eb87363bff1cd9292c4cecc03e4ba73fb93f5dedb0c5dc53b3c48e271b42b3c6467c7e751ad822

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45123166f3e329a5d80fb5c1a1d2e55c
SHA1 f1f2899fb8ce05cad9fb711bbbb6899876720f44
SHA256 4424f21688d448522c2cf083c22c29af3836f014aa6fbb46d95289dcb90d5188
SHA512 bb062d7d7b6e884092b0afae4da49b12e4106f2aba91527e04a5b0fe0eed53ff3532edce8408633de6277537e4a82057ffdc5997dcb86a79192fec461e90be14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 080ae8f915cafdc86e00d14b93aeb364
SHA1 3bd167b59adcedc02bf60c80d35b1842a4b37438
SHA256 efae8f3b1d9450cc877360b1d8a3f216501c2a1252cd1429cdb1e56cd44214d1
SHA512 2a98d569c8418e3b35dcf3b6d224efd072ff87334803386df47194e9d24e1d43c91b17af16efe54ed9c932670faf2faaefa85aad10362f3aa540e83081c1dbca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10a806b023e8626acc3772bd9adad528
SHA1 21e99b038c4cddbac2816a8b2f71b14ce00093ef
SHA256 dd7cde4d691b59e7c96ca1b6a81abe583d6fc1b458bdf5f1f2e735d4335f6b19
SHA512 29ccf1fc405a0d901deaca36aaf85cc00350acbd81f5d41decb4ee4216180f64b9d7dabb44d0041af803f6ec3637c9dc08e41eea5664004c17426b849976e1cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 524112f51b5c4f12d141252b59b1e241
SHA1 c39194e1b9bcc9727a0358558879768fdf14bd46
SHA256 856ea8005b78a82aace1a0a5c93d9b2973d52cbe7bc7cea104263bc4ffd105d3
SHA512 89ff718680e194135ab82112a21635364c1a9a98dc140f941a6f1def3642ac22106aef33792d4e0258c44f293f82c1150a80b43d853604ce7650d256aed8e097

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8652d714f295f61ac2b6c4ff5889433a
SHA1 2d0fc5cb5f4cda884845fc021e9a5eb2223ec5e5
SHA256 c5e25a964994c2d94e8a6274364acb26ab6cab9205a2a5426f4723cc5eaeb6d8
SHA512 4f5acf37c078816b58a55d47c4da0a4fdc2ca6203b95f83328ad0b7e2aab6d2871a1d133917f3e104b30b37c91befadf32193e865caeb4a92c8b03621087d86d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e317de96a42e403ceca431b522d38ca8
SHA1 23ede048532a957a9122e7dac5302a4fbeae581c
SHA256 ee133791f321d7f36a9c1a999b233438d364cdaff93f3a6d7dfa26675493742f
SHA512 3e1a03514dc3197f143f13b565e71397aadbeabb39d43cd1853e82e6b81a61c1cccfbfca51b8f21d4fb50edb1778194ce2a8cabb923d7d48a1ee2adba9b55ac0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0905f1ce022e02015d56311ea1c51bb0
SHA1 ffd9690400eab1895350cd55998267ffe1926064
SHA256 93d845e82c24d399fd037cbf04f13e705ce58d8a89386394770bdc4661224acd
SHA512 21c143c6fe86f309597651a7a2fc2f23d3e6520ec46c01cefab5e0f1967bb05d8030aaec801f10556036d6455dd98c74916ed01364cfd9577736f858685ca28c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ee17b52ef863adb091517d715598afb
SHA1 eb80840515434718b69d96fa9387f274e2a25f3b
SHA256 fcba9c8c511974f05cd9cb4372d714bd56b3d639fbedae3481099e33accd3cea
SHA512 5fea9cc4c4dfacac6fecb3634de1138e7a34c7681f92897d87168f2a87500fd209df50a109c0a09a50fa756d790d0a9b25dc839a3d116acad75f24a6063e7460

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee476817ebaf76a1ca39a6a24182307a
SHA1 023bbc6e076e3937a7b36ccdefbba5daecd632a9
SHA256 3575f5d9898d9a828d415c2416255c1c038786665f4c81844cfeb7f94da4cf49
SHA512 6d933c92e5009d5a5f8d52b87f67fce4a35bc291f2141becacfbdf8c6d3fe484cc75f7b292773779f465f0114ef4a0a06136431eeaa3b43528145ad099e9f481

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05a1238618641538f6576381b5239580
SHA1 4093c3ea151643ae92b956bfe6be218b517cb10d
SHA256 1e22a791f1b5a2d312fd985695b90f8d2d16d2072da74295aa44b5b010591cc2
SHA512 47908b8df5d7e5d902754f9178d6dc43bd908d29c02cd6a88daa415cf0e85d2c22c996944286c5c62309336b005e1898d5d9b241903080d5bf7d4d9fd72b7b28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02e87ca8a28da1ff7a6aecb3dbf1c147
SHA1 af8a2affe8db47ca6fed81bc503e32cb034fa367
SHA256 d032ae8fb05a7d419b3bfc395c951c20517b3baef5f06f813c3d90dd237caf2d
SHA512 1fd5593fac5cd749a659a13fb3b208df5112d270eb44e4be135441f49120193ba6398daee1cc59b86a7446c6274fa88cb53d8d6ac2a457365c6a2a320f4937bd

Analysis: behavioral14

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:40

Platform

win7-20230831-en

Max time kernel

134s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\garena_free_fire.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b000000000200000000001066000000010000200000002796c5fc6a84e8f5b0c2273887e5161d1c312946f49d900b1df224aa6a830f99000000000e800000000200002000000065669c5a6dd568fb468816effef5415c6a4681092bbdfcb2616c8226f70b0beb2000000052db335c1cf12765014e8dd4c304411e51e158fcc10ea50faab168670f91c454400000001effcd515c09f5c5186b89b940b78def82a507973d6559ff266a6a49575d57a2e153d9ec0456fdf2cd40e0cc6f96e4d2d73c79d06d24f7860f98dc4df17831ac C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b000000000200000000001066000000010000200000005c817e9070719731e3f78d596412241205d65a338575c06170ac8a4143390b19000000000e8000000002000020000000394fcdcaab646622e71358e1503f9cfcf6b3b4ef0614c7bd2d0bf918ca5d59da9000000099d74b0c53c9a6888ac8eccc39fdd580fbcd60245bc9cf699da6f67bc3338b466fdec6b8449ea2e2324452e05dfecf8522556b2377d835c03330a2496330bbc40283656c0540ecda190314ffd201b79c9afa8ea47eed20cf590a86c648f24db0db29f557e8335f9355bfae01009b37d129ac3029c5c38fa8992323aba17de047fd486a6c82376f62a42e714f76f9c11640000000fb831dd8428347b115b3dc06df25835e4ae8e97ae070e4424004a41f63de52b5282d6c7c7f61d7e4a33a8e89743d2f95cfa84a14cfa82f7abfbe1aed5c767b27 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403150121" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BF999DD1-67D6-11EE-B899-EE0B5B730CFF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 906aec94e3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\garena_free_fire.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2924 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabA5B4.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarA605.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f40d124d155e99dbd892520cd677fe3
SHA1 2e3c4064a955d66dbdd0926ca117133905b652ea
SHA256 44150aabcea67a6e0500553508a236551e7e53c3349ecfab920493bcb919915e
SHA512 7f7ba1d564120c243f2717b64fc569882c9740b125a7dab8050a7038c7df713c3600c0805fc0cb872b073038cd64ac9f00b50c7e02eeb1a51fa675552c5b0c86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce00705dce336136272290c12951f5a7
SHA1 33984551f74ff9320a67ce916c3558d1818e4750
SHA256 d3832926ada5f378d1fbe1d0d3d4ec198211c6e3a4a19fc06055189918976c76
SHA512 9869f765ead349fc27e74215c44d49df913b3bce2a279f6d68beb4c2001a0c59b65ea89a978be215500af50761e00a7a8f6e9dfe26d897bbeaf3b3ed57b75a50

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ec700b3120cf4c5292182c6e163f98a
SHA1 fe9e10bae2ad933e2854a3006004106c367efa9d
SHA256 df486e806d674762ecd584e087aeb43ddf9854d185abdffd14a6343824f0cc3b
SHA512 56e632649b48aad0ff54c1b12a9b02e6c892fc494bb6fe12269c675912ef2f8ffe10a0ab52501ea3a4df753c817209602fb7438127cc9db49ae292f28cfd3fc7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 212075f9e59e799773684c538b8c9954
SHA1 fc72de6ac32cbb84249e81900ac092f6cdc75ee9
SHA256 c0cb8ff6c830d3b8d7cccace3af7df4bca7ba987b2385f97371de94e4978ac50
SHA512 4b9fdc38b8632a9e99fbac7b1e902b9babef626b4d491aa53e519601edd608e1476d235ef3d9c40b30c01a0e504f5e63ba8af26a2b6dbb7485389d9b96682da9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b98f93e0f4854b2ec3a263b1034088e
SHA1 80cfcabfa2f1591893be1d05c3303c4ebadea147
SHA256 9536e0a825b5490ca0e6ee95744f3acc7ef58c3fb77d3f6db733d34005660b23
SHA512 9b8936fa625f7d06f54ccb3627b93645a073d87c0c66ab6c0765bec49387660006411bc78397ef4a61eddb8c0902d422a5421b8657bdd66bb4c364d9c91beca5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be85458d3269ba132c8d692a965e8d2c
SHA1 905bea80c43b5f8cddb05d74a6d5025d9f25e2ac
SHA256 db10e9f2d78b6c6c028d479f718d30253cd36ba644d161c99474ac7ed6ec1ea6
SHA512 6f756050084bb5247c11523e73a8e2787c79ca140a33bbceade35048a1857e8b52b708adeec4207149a8a66a2f12973b422e9d7ad0ef5463da2d6e57e5776094

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0f3b67c5013fb2817edf17b15c26ee5
SHA1 c9c646f31fe65e1349e2f84366369f14a4cfb7cc
SHA256 2a81fb380c35285be1a75e1838345e7ea3a06183c836c0cc8e62acc792cbc940
SHA512 331fd088e159a07614085b69746434457768ca1f516e01014280ab17e9a7ff56e1f861f85f5fa4a27bcc54aba765b82dcc2792a8b95cbc6e68acc70b12c2831b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7f4b3c33b8e8942cfaa23744c6921d6
SHA1 6db5cc2eb614b904758313c7714076d2824d1c8c
SHA256 4530fa896f1d9e05ed9b7e562c323b1053359962c1c91edd43c8a066b914469d
SHA512 a13e48c2ffefeef308b66fa9cfd957043cfee2e2fb8a7a93f49dbfe948c7cf5b8f8f863c584a70d1be7c13a3268cfd0ad972b620773894c42b67c32bc07815e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f15bac679851dd01593b4af175b8c39d
SHA1 63c8ec25de13371af87e381fb0d5e587394b89c9
SHA256 4abc851b230f3501a4f307697dc0aee859d4cacdb2d42bca178c1c0659895695
SHA512 049b3f60e3ab272f947622285600cb548f916cad73b87b3eb0b4f5710fe9331620cd45b5fdf322c3c59ad4774452f3f6598e52639095760e1144b2d312df6423

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c70a6f09824f1fcd715fabcc97c16391
SHA1 28bddfa2a439acf7d87fef840e81434c192c3129
SHA256 f4d801c037bcdb8c94733c9699f4d7b4ab4ad474e1d511b71628170aaf337752
SHA512 01ad72781a88e92d5e76fbeb35da1a66e7674826e164f7a43fa4d29d5684c71085c1ecaa0e970a1e9e496e8af111f6137d28c6b3a90eab1f7bfd57c9b6a445a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3916887d99e63399e42932372208782d
SHA1 f8b6d8972be2146cf568482f06b9d324263c6e14
SHA256 d9d9285644e2a888edb2444548670296005361dce1bece2fd3071a3bc90a47d4
SHA512 1b398bcf1348a13991bf6caa752b9879afbc03119d872d55b3ad338fe9e9c82c7f38e8069eb00f7ef303df86b7214cee4dc9cf303ba158ed85fa084d5b5d1fc4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b6f0e6e3c4871f897a57427c0487271
SHA1 89b24d5261c7f2afbf6ac7bc188aa4c6724f2756
SHA256 de071fc774adcbf151b03ed8fce5c3d180215a5dfde9fec912efcafa9769d6e2
SHA512 05bdfa28ffa2195776a5b93fac0791dbd27954bd64653a22d901c1601d829939940a161b923f9feb82d419fb6620af3798c6e9487e5242b95682f6a76beec7bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b6775d127d1912adfadeac64baf087e
SHA1 45ab12fb9fa42dced3076d243558f29651a21e32
SHA256 8a652c24ffc1fe7a8fb13f50fec7ee98029521f8e1fb69dedcef4e70885fd96c
SHA512 479be4a4c8cb75adc6ff19be0e3ea0e1b1a86e037ec3419eef06686c126a7db7d8b22b8436f7dff1cbb4b5d7a1b2e2d294e0607bddcef0f7731e326bd1d343bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 293d869dc06bd2d0cb195da7383890d2
SHA1 741611d10dbfc4050011d624a35cf2e89eb361df
SHA256 00c8703e7fc696b28b0b085ed4f405bb496dc7ae244c5b68bb6a478fdb3a1543
SHA512 93ddee06442fe434c053c3b64c3530fff83032520188e293fe2aed1fa3729d347e7aee26515487ca7028741546c49cecf4efcc4ded4da8c52f5913149a6f372c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b100e717fc9dfbdd82560bed3f6d2af
SHA1 694478e493e79d7843562f79f54a92d33e385b39
SHA256 ba4d627c19e0c31a1e8c977e0a549b0aadf3b7f80bdef0aa8972846bcb25c359
SHA512 f9792bd69e177b10a697e236add3d7bb479c8282c19ffe8840fd9d0cb252a62245c0a7c4ed4d22a58302d18abd11b7a9297766c94f4d6840d7429962d5723149

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b405eaec9c17197430990da27a27d04d
SHA1 ac9cfa3c5b9d48ef07e270b395f03fa69473da4b
SHA256 24f3a241d571794f3906f7ab7a5a4f18c837d019ee5afbed3457dae06e17cdc5
SHA512 b8ec07d09414caebde1deebe3ae571df9e1a37b6e8ee437094107a7474507ba739efbf8bc010aa6a9453263f10393544947cc307e77013a989a3d86877a21a67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9c544177022c609dcad6d6861b1f2c3
SHA1 5f47c937d7486aef6198f2d31fde605b40f6a267
SHA256 bb28b7aea7128b71281c51db2cd7fd569351dcbb96ed50a735b40e7fd136b949
SHA512 66310219e7f218b6c50917c4f44136e97e49e0f217aee70514a504cc22229a2d1e7450a58f728dc9d64b089bc1ab72e90e9d24da0371a91cf779cbc13f2560db

Analysis: behavioral16

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:40

Platform

win7-20230831-en

Max time kernel

134s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\github.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b000000000200000000001066000000010000200000005559f1d7648c973082f2ae92684d58936d72d8e5a39c9e9e907518516c54d1f6000000000e80000000020000200000006e3516a3339ec868ee20adfafb68f0f156d15c6659183639c39fcefa8cfa7fbc90000000fdd2897c501f8b73027c00378a1e6b75f3f0ab03d3ea5e60ec5564da4e5bd2f817a0861420906b90c7ec300d3240022c56cf31507b4f617c05452f6ba5396bbfbc11f48223cc543e078b89c88771c61b92d542b0cdfb602945bd557c5dca81262d1653331b36eca3266a6bc079237248a237bfd82ede02cb85ea0800acf6a6a5e890ebb802ba0efc9957a68a36dff4ae4000000071978a712d86f6e022ba6ccfa600a790740769970eae506a7cbff46ba19584eb724d5837e20cb2c9a2f8be5e081a6eecdc518fab9a8b29060011142f01f07a35 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C7A16EE1-67D6-11EE-8E0A-7AA063A69366} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f01cf09ce3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b00000000020000000000106600000001000020000000d83abc93855b98b45d83b1076f6924b7caf5180a900e4b0ade61f12a81131a4a000000000e8000000002000020000000f2be142beca9d6ca210e997a8bf299e4b378451339d58f6a617a141456b822f920000000e0c7736d5f9a0606cd44011bafb65d80675eb44190caf82f2682893ffd42842d40000000a897d0ba2f788004d49431be86c9a66693191cbefbe9a7973e3b21a85db383dee17d006878f7657195d7ab2efc102fcbfaea7a0ec2e1fd5f68220369cfab117e C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403150133" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\github.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab73F9.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar744D.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7eecbc3a68c601f6d56d26b24d966b4
SHA1 4bee30a260998bf17ad4afaf14372a2a6b5b6096
SHA256 2fb6235b36dd8fa9b56f67ddee3ab24caf7739c8cc425c4650ea1e458fc0e041
SHA512 0a9191febc23de6ed139e2e625825f11ffb3a71452154fffd23e0bd34d5d968dca3bbc76327b666ad55a6ace851e469b70f1f4947ad514a11c1cb4ee51244b8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ddcdbfdf3f1c88b3b243f8fde578a451
SHA1 0b00f1900a7f138bcd56aae81a636b1a731803d7
SHA256 550c5694f173f85949bae37fa6d592f77f0ba728c65fb4e8cabb9b26aa8f3cec
SHA512 27211f0770d731506540e7baa468b6cb0988253e49f64e3950d4b428088b007021d3ceaa31b3b84271584404cf40a578aa6f1405e90c92605fc704bd142ebe3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ee61cca37aaa3738273d4e9634b690e
SHA1 88e6637f1b4b8cdc9e5ff5c8ef00b2ce16831f06
SHA256 9d6f255fab0a6cebd0402c132c6a1c3a1a3f9ff4554b2681ba0862a68f854667
SHA512 0ec6eea3638feea5464d0598e4ce1a49ed6fc10759999c9bbb2c4b2e265730fa7cc39791f935dcf84f2bfd47486ace3123eb1e013c71418e5ed5940256980e33

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ce5fe4349e1fbbb1206875c1191aed4
SHA1 bf6fee1dc3c20829575702f26d9ab5c1acf6a680
SHA256 1445c04f32410784a7c20ba61fbebda0566cd97ef0ad936ea22a2181e16378c6
SHA512 0b62fb7c5a40ee5aafcda505b87b3cbf13603eaf11059c22b35ed3b916ee830eda56e96e74af3cddeec2884076479e903fd5dbe93c20d8f8aae82091a36dede0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3c9e9facebf0625b772b2b48985c9b7
SHA1 4bf1b815a3351e8e76f121e9d2cfb7f04b7ddbda
SHA256 58d2bb53354090f6be8dfdc1534c9990687e806c83e861e74583d79e4e9c4c58
SHA512 60aca3968ca015605a7bea90838d720c0ffb017d7d620ebea6d43055117a42cc195e7e20ed92157484410be76708110536e01fecfa8732eadc6a039bcf30b7cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 983c23b100a3b582ce893ce0dcae80c9
SHA1 260976c8c470aa03020ab4e9e4fd286e717030cb
SHA256 cd358e0a3edf2b9c19738ef1ba359244e3746e9083ca13a024add573051bcbba
SHA512 bbb5c9405c6b55cc47592de98f439461af226534daa731ad4396bdc64cdc89f01a3e17d79adcf27c57f9302c6a78189d73f1727119b3328c57ebc3a72064ed03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6bedf7dab31d155eaad4a463304123c
SHA1 ebabd51e5c6c0c7da8b05a6d37739b44534002e9
SHA256 518b26a2e9a6e52108213ce1fce110917c54a9496fbaa3a4048f8f78dac0f1e3
SHA512 d01132292723a11feb0ea32e79f18054bbb0e97e7470ddb74bc949414f076b14d2a7d9e1597792909c0ebe42e9b0524db9e8bade73221a833aab54696af3e9ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66f13b00c86c8e466d3d9261dd6e165c
SHA1 6976a4a6b3f8b7f64984e7a7246a321269d1db69
SHA256 4889cc486f9201014ac46b2888d037b3aae2819d2e7b2cc16c8e059ff1914872
SHA512 37924a8b6f4a03ba6b639af1d2c591cd0a9165a897163c43af8c35e8b280e5587fd617838d2c957776af7ad0cb230bb46b08b9ddffabef4bcda67dd99e493477

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f3c22b606dea409c12f0e987d06b605
SHA1 c2defc1aae2eec07f21f7116e86020a0fc101d05
SHA256 0ddff3cd76f8c27e93698b876ee34a15948382ddeaffff006f584eb4bc902220
SHA512 4b6481dc5d556bb46f7350aaf218f3ed6b8608d4b3d66110cdfca81e9ab7294c023e68f58bbca5cb3521d41dd64791a0d81255c604cf53b5373495625fa1e6ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 230f75422ae0fad4ac92da07c9315f95
SHA1 106910d37354e0e02bb8c39b7f47d638a95d8498
SHA256 4b50f3b29f30616d54d540016a10c434d4386296772399eb93ae21e73927d4fd
SHA512 da691f5d1ff8ca00a3619152363b0da0636046f8933cc80dcf39faaeb76c332f4635f978add2b2165a9251f6d663e3fc383137f0359e2401a08e9313cf3d9966

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a44d645770caf1f9a728ab52bcb5d2d6
SHA1 88d2dc401920094ca2f28eca39926d418c1cb3f6
SHA256 e22742ea10e50fd536c7f9c9e94b893b8f3a439b3ffd4ac11f23710af4ee58b6
SHA512 e7f289877ce471265df0dc5ef3afead73d4028e06f2514f0f9adabcd53317562ad8a40971e01ebf5b7aedf1d085ab44945c7415e5bde08a86787c7d2831787b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 905b4eca90dd6be9e8fc337d67054e89
SHA1 538137b7dc384c28fdabde7380e2efebc038c28f
SHA256 d1977c8c136846a376fbe55dca49ab1fa96a73b87e8064149c2ae5e7333b5e90
SHA512 0832408257a0122eb72c1b088f9989ec2e3767f0d673234859ad552495d6acc12416ca68aa4ed6aa1118a14d30303d80122769cc2839504cb2992a98d211cfec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9cbd90e24c1d86a0058473935a54c780
SHA1 de50deebef3a2de964b6d93ba27a0d228979f97e
SHA256 e99888240024858af3f065d747023f6daee7106484f90ac6ab8026dc4530ee5b
SHA512 e6649bf34d334e85b5220f76b978747206cbbdc32fd0ca83186cc1e941778bcca9d56c85e2bda06ed489abcf407fa35e83d84cf3c9409239ce9bbdc654ba7b49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77fcfa53871cdd3e814148420854d2e1
SHA1 9fd662dc67d64759044b958b3c99dd4d199ea296
SHA256 acceb2c3749c806b0040ee2fddca33e90fbcd1869227dd8641a8403daecafe7a
SHA512 649a07f8c77258db910f98ba2158cdb11214051a12e0df89b3ddbf65c70fe71e273e4b63112794ee1262d489dcd912f2530928eb46bd86da7fa11c75e83710e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e26fec4c575c42b6a39c22e39563a5ee
SHA1 8d7b832a40c8cd164fe2d444c7ef6c89ca8726eb
SHA256 a80cb3a36241cdccb9145698a88cb980f1ad62aee7ec2b8d4113c465b5ee71bd
SHA512 331daf70ebd5c23c49b9cb9d7692000e3557a5399ce85cf57af020cb1452dca9155d9f2341b5d7d38802e6b12112d810b41477503496b1278fb4ceefa49e8406

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46733d9bf505506c7df1b76cf45c3437
SHA1 d3da910ac89d6c98c09e7443cd9f70b9a0e2ea91
SHA256 e97153d5f9b07b7bc31eaf5cbbb40077819cf0ef64fe3aeedce10dff63df0440
SHA512 96e19d20699e37c3a2a5e0dcd1619c3076de5649e7e29f35b84a5aa0bde856ca05c4814f5b945b715c4931da5efb3e9f89889ba97efb2e4254b559e1a0f9830b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f76e3c010f9279470a0d2f5e033f5cbc
SHA1 2bd5ce21fd8752994ba71628797969358f753202
SHA256 950b13012c09046020e2473d3c81d14f22f1fb72e13e479bfa1e8a9775fe72db
SHA512 e99433b4b5edad6d56f8e8b092ae73ca2d8c3c11b768ddbd8b749d103c1c5afe24ff8070d66af2fe73c133f427898c4a9e039e3dcd28706dd1d1631b2a2ab7df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08e46e7c5e61cdb9e4652b61e7a5c0ef
SHA1 80e04559425f1ab7d6f6bdc9a8b9f2ef8c808219
SHA256 3c285b9dec367ec8218d91f09138d334e2901aaad6f6c497ecc3314abc4a4b0b
SHA512 9619b1c8863a7b9ebff4385c5c324a686003511c8fbd33ce942efb9b7d0dc21df3962bd976555707f50d5b69c42f8ac2d33578aeca2a2cca34fa55240127a038

Analysis: behavioral19

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:41

Platform

win10v2004-20230915-en

Max time kernel

147s

Max time network

153s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\instagram.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E60B7FB1-67D6-11EE-941E-CE3E7C77A9B8} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3144171680" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063011" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31063011" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 703a0ecde3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e01d3a14bb1f3846b5fc27e9e0ad356000000000020000000000106600000001000020000000da8b5fb9d4de4c98177c4fbc08720b0e8d4daf7cc63ee45769f5e3cd0bc02c88000000000e800000000200002000000040c27564695238968e7136bd2ca7c82f82483e195ae9b7d0816473a0730655f82000000037ae235abcf36cac67dfe584fc0a6a00b8b19d1b51763390d6ade4356027b7e440000000117c23b0c1149504b537968e071917c6da2ffee39c95b654b7076e0c52a0002431d35ad47020afa74f84f834e9be3378295430ce92207359e622a0b46eb381c1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31063011" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063011" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3200578016" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e01d3a14bb1f3846b5fc27e9e0ad3560000000000200000000001066000000010000200000005048d1ae7d6865f1160340845d733578392dea4cf24c88214c29265dc6cff023000000000e80000000020000200000008a5642bf9ec7e58548ccf794bc7a53b7bd0f467f2a5b5bbcb56d95c7c7e6f9002000000026f41a78f04c125d1d60cc5c8fbd1e6b2312216b5a9ca5506662362c11c1a3df40000000abd331aaec7429ccf73969ab8a79b645a32d4a0a34ffabe63b51d78cf73e7d6ad3c53c63127c0bdef6f3f22e5c195b5a3ab114669a356d436642dbc9e4a4e534 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60ef6cd3e3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403753298" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3144171680" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3200578016" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\instagram.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3016 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 133.113.22.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 254.111.26.67.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver59.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRL3SWXH\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral27

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:41

Platform

win10v2004-20230915-en

Max time kernel

176s

Max time network

183s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\microsoft.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3941904990" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E051DAB6-67D6-11EE-A4AD-EA4CACEB3552} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063011" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3363555131" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31057826" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401526376" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0e5f8d4a2e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31057826" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053f6c1c968fea744ae4054d48ac91ea9000000000200000000001066000000010000200000008cf83f50341201a0ec918cf78af32a9ea2bb8b398d82531a9a395566f1df00c0000000000e8000000002000020000000093a02b67ada5a3b36822ffcffb12e88ed61b290b38af79d8ee794318a1d575a20000000cd4bebfdf66e51b036c5259b152197700bc1032a90a63662fd8770f77b66bb8b40000000b48c81f0ca7a9e563b477e2c5daf58588f021c1bd032c598f60c08b58655c3cf488fdb2c368f82b550f5168b785f1d5f314e4ce3a2c60af15f4a9c40e559b847 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a01ba3cca2e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063011" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3363555131" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053f6c1c968fea744ae4054d48ac91ea9000000000200000000001066000000010000200000000f2274a777373e89d1ec2582c687a13969052064a42d080e3c9ff7a451e11b03000000000e800000000200002000000058cb0ca631403bb35d44b15fe00bb9b6bdd583a224716207f5a193a6c2e65690200000000df9f0c0fff43f505d775471ee928c69af77f9a77d259b9e42305fe9ac8f7af4400000008298675f0a82f99d714149f07e7e182541adce421aaf52e23ae7c14db11ea44236ca047f752faecc30220e4c2026cd14f7bf05ee123cb987ed7525becf92b242 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3945188013" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\microsoft.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4436 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.113.22.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 126.21.238.8.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 9.57.101.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZFOAR009\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral30

Detonation Overview

Submitted

2023-10-10 22:28

Reported

2023-10-11 01:41

Platform

win7-20230831-en

Max time kernel

120s

Max time network

166s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\paypal.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008c66dacf3255794896cbcb5ac20a7140000000000200000000001066000000010000200000000d3e9d3ded3b4927037d113b1e0a7b9d12f83c304b508f39b004603eaa8bdd67000000000e8000000002000020000000dc9e42e14f26e36b5216b23df81a849fa5d1dc0e97bf37121d40038920f4182b900000000528189fb952a8b47b6bda229d2556e63974bfe6b159a56ffea320deda666f89a26e81f142f1f375be03f41797eb99628306f1d23c301304a4c2e54c7fbb66ef5deb29931f732f03df28667b1f70895910fd2a5846b4de2ea5914d9abe67aa1f87ffdb7979f793b2977394fdec1b3844d8da11944e21f5ed9d369d84eee70efbe5073f13c263e4dbe355aed0e6c5102f400000007c4abe82a205182444b1f85a92b9357a4720841727ac0bde5148100808cbd10845a8185139e9c86cd1f52b44425fc1f0961e3ee41069174ad91d5d7c4415e624 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0c9c1b3e3fbd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008c66dacf3255794896cbcb5ac20a7140000000000200000000001066000000010000200000007de0c7b1c43d13ce2b8c5dce8e4f51597bb55389445565d4dc456e0be45897cd000000000e8000000002000020000000f970a0bd8ad69e319573c8680c99fd1d799f9f4afe91f1b39b5a1155c1c8716c20000000f153fd653a9abcd1ea434a7c872d44fcac2d169501911295685d483a3af9dd79400000001e89e1d022c0783b885be4ada4c467290a800bbf5778bea874c57c1cf10f8c519169301f4bb3e83532e06c3f27b256e45a9b7ba7a212b73facc2dc7c7752636e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DD131E41-67D6-11EE-A478-F2498EDA0870} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403150171" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\paypal.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabDB16.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarDBA5.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e91e08a15c783a2c9925b9edde5daa6
SHA1 444352834e9017f2b3173596a1c32eaa9b78d7fd
SHA256 98e0bde4afb62bc4662c8e92e7ae438177934834cfbd9d0f2a67ddeb2936227d
SHA512 8e989eb3b15780f610caa2a9bbdad57a04b5a599b68f27cb4ebb50b20c21c05e298f7b0b03321711854b0f79f06d06398da22ed6f2e835123c45f3f37c984b25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 440c8c9e775de1cec714da88844143a7
SHA1 5c87dd8a950a3f82323f901f58354f618260e586
SHA256 e2b32750bdd464ae7376600946aba48fea38db1c090a18b7dcbfc1cfe1e3c34c
SHA512 088d004c42150c89b3f0c19fd6528e9dd7bd49e39bdd3cf687b4236b1426a6bb4d9aa42f4a1b179fbd8ad5f74911fe9ae0c16888ba263ddf952f4d4dcee7be35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4962cf4e5d2663fc3e3ce2b04927061
SHA1 355c8066799662c0c55ab62964ca6c08ca05f4e7
SHA256 0861f68b2fb213dcb6ffd6759539fcdece135a50c69064b55b7e37d10da6a55f
SHA512 e27748cd16f9d1690fb64cff3b4500593f5858512fe78897a0b440140f7d976cb192ba770656705f23262b7731b862379d15f2517e31d2bd1dac87368be8121d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc575799b30d754c2914db6fcce73971
SHA1 177fa3dd555752f4dd76bcd49799f1601a5c207f
SHA256 2440f860d34765510fbb7fd6df3bcbb3112b66c90bcb09db72c8c04a229bdf12
SHA512 0c9c10143b91b22950a11c819c57e187c752ad5ac3a437bd90efe4e7089c8df47d208c1a7d37242dbbf73c895083d0a47f753e57cf9cabf1abd886e203b6bb01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21f332a45ac50aa98129bb3056080cfc
SHA1 a1eec997b11d95ab102b032f7af69224c2cc8c90
SHA256 666205d80fb52eb8019d28ee4a623f91e801a455ded244267f6426d3306103f0
SHA512 5a12aa13a556b9c132a6e399d5eefe5cde3b0fbe0164344f8f3223f2d1e655a711c1b3dfbb42285f4d5d9d700d4b9a84ad395313f65665bc736ecd4c74c4513b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ecaf0b25b07fd28488f171911b1faa07
SHA1 c04e10db2492b8f9176abdf0de339fbf9c3bbc4a
SHA256 82580a99444338f8d3f3de80b0dd1332297eb22e2fe34e1f072435da2b8438f3
SHA512 0f35bd9b2917c0f3bd8b54cf2b052ef5a85f82c3f2333a8dcd149507e0fb1fcd61191419487fe797de0b09d66b5f18f5edb84729f2c0622f74d1e9fbb5420879

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e58f3aacd9175954da1a9e35b2b8b6c
SHA1 eecebcb0197c300bca968ae848bd4be3dd11aaa3
SHA256 0b692bce11ce64a1a2b4d6eb33e43e3857cccd91d3c151b97fda281d17f5990d
SHA512 e9b69903d9b3726375787ef41965ed5a16b3d5aa7e34d50913cd58088037573a1c530bc621f535d18d366971da268749437e0b8cf102c199f4e2c0c447971667

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7184bff4dc9d65162c2a9d5023a3c3d9
SHA1 92c99c75ec0ffbd700b94efdd21d97f31cfe9fa7
SHA256 f152cc3d6474123cd3c5829a800604d0eb748cee750d620f49f5cbb9bcda08c3
SHA512 9e32a2e2959f2a24702ded8e9cadcf51c7b53c6872d1fc1d428321dc4e3e5e1b29f43f8d92c1b82d88f55edba36ceab7d2f377b7c0a4e8e9b8c0e486721f373c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9dd6d7cd8ce294ca9a74329cdacabbb3
SHA1 459a7a5d8bc1c5ed02f4ae9a880b2d8372004c4b
SHA256 c8fc8fbb3bf2256ad7d9d186e7d9e5d4b0c11374c1ea50d152c94dba1a98d7e9
SHA512 cb99e80df9eaae0797a00744aa798541f81ee63eb90d62497ce6198aa09238cbaeec14d885513956ed69d875d38030324663adbf3648b3e7f28db86951c33df9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d46d98206b78d3802ecfbe7d27e5ea0e
SHA1 8ded720fbf97721cf5085c7e2b76ac907d205b6f
SHA256 4648187696cb3f18525115183d3d2c8af1273a47139f068d614d994783152ae2
SHA512 bcbe668b14624bcaac8666fc3ae5140716507c15c31dff1bc88c46dc0094979746c09979c3981ecad607b10aaed8b2a84103d8f3b81a319e9a00a2bbefd5a97d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ddab36678294e755e30a0cb25617901
SHA1 78aef6f6fced94be6ff248f60657517eb7fc9a51
SHA256 a302b588194bd9479f3deead7f376e1ac2fba42233442beb265b4f50c8f7df66
SHA512 08fe9bc9ee90652b55a4687905b92953875fa5679088958d699bf6a23029a3bff7ccbc949cb0b81fd2e2fcb36f75a7db7f3919571a6b0482da36dc8caa34edb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c656860ba96bc4a4d2552c3bf2da88ef
SHA1 c8ac464bb4120db3c6fd6dc4bf20c72772b083d8
SHA256 46694b5517ed0bfabe18286bce714f0995dd6dea4b389ab5abe72e8cb1c0cde2
SHA512 e5d8a419142ff133f8f102fc30989d1fb31584e465576a135294c2a46765dad4c51cb8790a99ca8f716a3d4fdd31090b08fe6286cca13e5dbdb4b2d6fbeb65a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6f575ea779c17aab94dfe150590ca30
SHA1 461b486d8cdb18bc605a28f56cd05b2bfe8d5ac5
SHA256 8e9300b89d9e8190dabd1b2e9913d11753a906bad136d620733909c673b2d428
SHA512 bb70c8c5f3a0fc992b8ac175f6ef72f46dcac599fc8a1c0bc8af39943e39782f20e30d78e1d5d335e4d5f38558368da7893919362224e4bbfacea26dde08c5f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67b6bcb4d61241a48fb98117997e57da
SHA1 2eee05982d2192e20e65e48470a6640c15499547
SHA256 362879e889664639407bee13183cf6abb9e5035370ec233c380101b477e1e5a1
SHA512 56a48ee3316af0972b2596ecbbc4dbbd1848bcc076e24e0bca780364b2428883520aa7be44540880d764f12e7f9811e5ade94e800428449aa7b6ef6c1e84c101

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a125895b7689d32d817e004fa1199dd
SHA1 27def9479396a3c918d13b6aae744e2375088bb6
SHA256 0f1dbd42257ad0aea5ff63ce332fa5c9ac64bf9249dda183c575a5933d2e3b65
SHA512 fb6342c21cbaaeecc0e2a0923ff817b19fde1bba30fdd59179a356a66b2a8df52aef548e6160f502d31cfe329be8b4668e984a342118650532eeec19ee83ca7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76e027bae46a9ce3b383994ec0b0eacb
SHA1 91ace6c1f016fb8340465c00d5b48788603f10ef
SHA256 bc0d4cd86882638d4cdd79512aa360da848f0880602637b5df837a93bd2f15cb
SHA512 baddbf7e6147366935643a094f54d8c5f8fcaca3fd94bf00eafab96a21aa879bfa7bac3e5d615e2f49c2debca963810c10ebc5b118da9375c1b225e6a1b250e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf494ed0d95206197441b33f7489605f
SHA1 99ccf4dc2a5a4e79d31f78592cf9d184e482ecea
SHA256 95a5505ca0dc0d80454167718f4bc950ea6b9d720a954fce16771ed582f2bd40
SHA512 5182b546f0518efaaa0d58daa085e2367dd3ec48f2fad746d766edf39d917a5b9364baaaffee3714788b1397e15b6bc17469ba3d1ba9ff299e1b049a5a3b8cca