Malware Analysis Report

2024-12-01 03:24

Sample ID 231013-14qggaee57
Target Chinhphu0805182515.apk
SHA256 e78bb0e4ff1131855c0c1bb5e94c961e4b9b10a15e6f4598c9d5322813456269
Tags
gigabud infostealer rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e78bb0e4ff1131855c0c1bb5e94c961e4b9b10a15e6f4598c9d5322813456269

Threat Level: Known bad

The file Chinhphu0805182515.apk was found to be: Known bad.

Malicious Activity Summary

gigabud infostealer rat trojan

Gigabud

Requests dangerous framework permissions

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-10-13 22:12

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-13 22:12

Reported

2023-10-14 09:27

Platform

win7-20230831-en

Max time kernel

134s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403437384" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{96227D11-6A73-11EE-A96A-6AEC76ABF58F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b000896b80fed901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b00000000020000000000106600000001000020000000954c0c3f356b735670e0fca9535563df798d87e24d6de64e1e030c51a5008b3c000000000e80000000020000200000001a6935ca5752edbf6483180bc20bacbc6a437c1382282ece949903aee9a4da0d200000009a36f0cacf6c0d6bdb47b71c7831cb0b8c378cfa37f5a256eefd329379f6c8f7400000009457bc99a399ec0bdd182842b4a3ef3eaf705efb7fd028473ebd65247b57e2edf4a5f565781bc49f9ebaf4fe0e6cd8ce98422bb47eb03d64dcfc4ba98d251ed5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b000000000200000000001066000000010000200000007be8855e6ca3738edb45db648649df3cbc952c5d2787b88b8e70cfa67fcdd64e000000000e80000000020000200000009505d5acf978c115b80d3b75c0261d2f50c4090432ca8e92391b2930f55c986f900000009234b380dded5ee4f72f381b0d3da2f39b835c49262444a8be566aa244973858424cf28cd333cacbcf3cedad2b0d80334e1a544f41e078371c3facbd15a43831534b229d63c20556fbe4c2dbfabfb358d258789bcc2a61225cb90dff15c5aeab4b8eb221984de9df5c52fbf8018115a05fcbfe4f1ea2c7ee6b0b43ef04ea10e2dc962f9bce31f63b7145972ed3af3d6f40000000cff1dad52a742966a50d3f540b7283ba04ec1131df4f2b5d8f4565b28d73ddaaddfe69799cdba1d34790354dd5848d16ce5d6453e19d88e54527232219530b96 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabAEC7.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarAF99.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3d30c60b51412955ab1657577655c18
SHA1 ddc24e363cfdd05be561845b39cd4746174eb31d
SHA256 9413d72139a644458bfeefbba17be0010df915a233e78090a692e54932646116
SHA512 0bd7d8877e0a218d7f43b0f007ceadfecb0ba27bc47c67327084bdf33f74c6b60c769be4d1f9471e31e97f325a50bc4286f56f4a299c90f5c121ed4bc1db9645

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2083046892fbd70a12b0350b1dc1699f
SHA1 8bebe0f9b54eba0a820d01a545eacf5a37eb28f7
SHA256 5c911ec5c02b2961a4f273b40dedbee8072f95fe14442a5e30968b7d1c361c69
SHA512 8d70e39956e67cdabd26c74cb3d9110f2379c0a328069becd7fc0383dd37f23a3a0d5983997f1e2b5a328a8aa67c6777619ac1ee504c4febbbe9988a01848713

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2cc6c870c0247ff16736e4bd85bc1ac3
SHA1 1ca1bdbb484263ca2ac3dc9f70b82f8637147bc4
SHA256 338f4df81f004d706fd45d76150c8577135f8d7d5cbb8e5fd5a8c628a4084306
SHA512 dc01ac469dcd7a773f86ccc891604d59ac40a95c536ab7bdf93a3c15ff953aa50d1579e966e2b0f16d1b6b0ad380d41344d1b761fd599e0c4dfd0e02af9c9dba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7038b8ca46981d93185aca2e1dd45d7
SHA1 649cf26780de7d58e21ec48fdd9a92a7550c058a
SHA256 7a0deab677900ffcf2f83a8408fe30525015ef1ae7be4f0c78af3e38428036a4
SHA512 bc975cab3eac56d03a196d37810ea490218eb558bcac9518bba034b461853fe190910528eda084c1d4d9c23dcf58efd4bccad11a195b8a271562499552cb7962

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b140a6641f2444e1b416cc5ca6147eb
SHA1 0408affd13de68c7c1941d30066a70c7552594c8
SHA256 873b328f90ca8c0d559b2f8da6f38e75780a15c8d9627f35414eb5ef6d4d115e
SHA512 2185ed49f90d57019645b25654a062a2705c23b1d2de1e193c57d6960ac82f3da9825cfdf6feb738b3a1c160e25b0dbac52a22ffc1a450975199b28e59e224ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3cb93257afc579d0aaf1aaea10b66bc
SHA1 2483db68c329bce4795b90dd3d4ccbc569870c22
SHA256 7da07eb966b14661fcb93bb498f0d30d457d9bd86694deaa59093eb9a8622fb9
SHA512 b8fd289758e968879aedae13b36dbfc4d33d9d5e367bf5d9e746fe56afe611f2174c219f49b2f3fbacef27a99713a8cc54ecbd3941fda091226bf38599b8151a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ff80cce0243931dfd1b5498cd8af9f9
SHA1 6d2e7907c0e782070d7be0c609758c8ad693dd5f
SHA256 bc2e834b172e187dace5690e331759bc6f775c81f8d2c30493f09160e50355ba
SHA512 18c7a3f4ef5eb20a20876ba6243b0ace8003da0cb4f438d4dd46ad799152464bd64b5d7946baf8ad87af3e65ebe0dd13b073341f156ae746b6e13594fe5bb279

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8274177280fe668bd750c8d2723ba4e3
SHA1 a0780f2a4b32c7484f69c80fd8b3a54c3a31d42e
SHA256 7febb79289fe729b7c2ee8cfb80d7533722baf8da8d1da303f7240a7f793df4f
SHA512 47f9fc9c4b823fa18d6efba78e2ea83334641cdfccdc10d7fd7bb29f210496bf05eca6c3b1dea74cceafd80d35cf7c4fa984876a8743dc5f2d79adec1c048c3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07269439035b6694248447fdf90ea6dc
SHA1 32e85437ec6b21a6256098a66c23535b4b1f86fd
SHA256 c3f839c97dadb601f38e27916f91d6798830cd777d375c52ed89f81393b0b673
SHA512 410e5b38cf2d1063676fb7161139720898302e197fa17ab67c95c1e63191503ea52bd9a76deff7bd4c45e18d176e172b1c917e8e465c9de6d86d14d6ddb97212

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 201136444c959a3519372e3d5628f977
SHA1 629d40afc6cd18c998271fc05ce6444de5f1bdf3
SHA256 7f9aecd2f113aeb26e138c9c35fa4cf315e974d2b6e16eae6ffbf8304bec4ce4
SHA512 c65191838ed95d445331e71508d8e34963ead4b9eb3f81e3472e33a99e2a5bf744792129372fbd80103fdca458429e9110cbcd3055b67282e6ad918bd29063e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d32997e3b914a3c68bbd82284f49333
SHA1 3e423c5d95da2883083a92bae25f0484000ac088
SHA256 a1c75c20afaf8dc69eb261841854e792d5be994034a8efd7e54d02e489e3bfaf
SHA512 d1b91e4dd330331f18d5a920423a761f44e0a797d0b7c4835d7e31d100437b69c24b178481634bbf90eff0e2fe7f89b43da7792725dcf635caa35a2062b1ecff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2469176fb61138e3020bf0ab0e3ad0ff
SHA1 2f525660b2af7d139fdd9ae101b4fe3152790b94
SHA256 751d32110bffb15d94b116a9dc23e7ae62de531ea1b023914aa7cbcec89837bf
SHA512 ddcc30be8ddd8c2a6ad60c6dd7a205aedcc79b869b0114c0523c121d23fa5135d0f7941204c33a5d45dceb2a7e7392733fe11ad0e22fd08ed45649bae2a843f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 890e7b58571a74bbeebfc3dd49a38687
SHA1 bca493ea31d44a74187f8057b11512e7ca208282
SHA256 c55cd5490ac555e7e29eb1c817a28f546e6a196a172f68a6f299db550a6858e4
SHA512 ec0aa66467d123627e0548b1c5dacdda5759027738c92e54bdeb3d814ce1c06968d9aca6dc49910c22eac8e2e73d4b7bdb92e5e1b560ace9e305844e9e26dbbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a93cf3cbcf37ea1a51b5e870e7565365
SHA1 be2258cf1d5e8b7f3c715c335b8ad5629b24a652
SHA256 767cc61de1b5b99a6fb51fd46548bb9b6017855171a5a35f3b69e112cfc30133
SHA512 76714eb070719e2a3e40542a110ce3c769a2ef842730f4b02478219774addb89cad628cb95c7337f9a71eb2fc4d2499d6d55aa5259c9124f7bfa3f1c2491e76a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d1b1d731cd7db7bf5510adccc967b71
SHA1 ab3cb14c9783ea9e50819c1fe5a5dbd8cd8f4c40
SHA256 c1a6169bfb8dfd54fa40747af12fa1caa372a0582c0900c54ad4e21c5db6876b
SHA512 95e43d15dfc5fee654fdaeaf4ee82ffa5d0cd1e6200e7e9a3fe4533dcbd42ebe520d1530a1a6a07bb532f8a9c46311dfd9a5c0d3205d3fc7a7f4972efac7b25c

Analysis: behavioral4

Detonation Overview

Submitted

2023-10-13 22:12

Reported

2023-10-14 09:25

Platform

debian9-armhf-20230831-en

Max time kernel

4s

Max time network

158s

Command Line

[/tmp/l4ed5947e_a32.so]

Signatures

N/A

Processes

/tmp/l4ed5947e_a32.so

[/tmp/l4ed5947e_a32.so]

Network

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2023-10-13 22:12

Reported

2023-10-14 09:21

Platform

debian9-mipsel-20230831-en

Max time kernel

2s

Command Line

[/tmp/l4ed5947e_a64.so]

Signatures

N/A

Processes

/tmp/l4ed5947e_a64.so

[/tmp/l4ed5947e_a64.so]

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2023-10-13 22:12

Reported

2023-10-14 09:24

Platform

ubuntu1804-amd64-20230831-en

Max time kernel

3s

Max time network

145s

Command Line

[/tmp/l4ed5947e_x86.so]

Signatures

N/A

Processes

/tmp/l4ed5947e_x86.so

[/tmp/l4ed5947e_x86.so]

Network

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-13 22:12

Reported

2023-10-14 09:24

Platform

android-x86-arm-20230831-en

Max time kernel

763212s

Max time network

131s

Command Line

com.trinsmalw.bdyeurqed

Signatures

Gigabud

rat trojan infostealer gigabud

Processes

com.trinsmalw.bdyeurqed

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.250.179.202:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.251.39.106:443 infinitedata-pa.googleapis.com tcp
NL 142.251.36.10:443 infinitedata-pa.googleapis.com tcp
NL 142.250.179.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.174:443 android.apis.google.com tcp

Files

/data/data/com.trinsmalw.bdyeurqed/files/.ss/l4ed5947e.so

MD5 2641b6e41b80bcb4b1b086b161f4e200
SHA1 f160fec29dc4e7f91d2134290f534c2f1d664e3a
SHA256 56eadaebdb57c44524ea25155bda707ef9a490d9c1fbfea46e4ee611e31a85d8
SHA512 73ce93f4cae711dcc6411235baf8851a1f0a88871b66f9b2c377997f9e2ea63a7bf15e811e9c86c2b67765aee3f6e29762340d7def8159d121c06500de7c9231

Analysis: behavioral3

Detonation Overview

Submitted

2023-10-13 22:12

Reported

2023-10-14 09:27

Platform

win10v2004-20230915-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d72dbb839895304dbc3a7dbf8a262ef500000000020000000000106600000001000020000000cf9dc05fb42c70ef9715f357c42f9c6b985c355812eb8842e4d4435083504f52000000000e8000000002000020000000993d1c098545807a97ab9cee470286519ab0cea2aba23e5a0f7f6d8bb0bbbd4e20000000d8a0b1e3a08cc34d87f512708c01fbfa1daefb1f9ff8f03ae93965415927c85c40000000fc06dbd8344745de5304ae71e51f5dd583cdc1f105c5d1bd61b1e12cc3bc816553ce08cbf1875fa85902dcbe5076efb2da50ca89cc633ba1930363fd69dc11bf C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401525839" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0010a8ba1e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2981588917" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d72dbb839895304dbc3a7dbf8a262ef500000000020000000000106600000001000020000000033a30dce463f3984a4c63cbdb8efbdb0ea5fc7201f17c5eea0b1fdc7c8956c6000000000e8000000002000020000000e557aa271d05969097021ce6af89a4c68fe8f7f7b3ceea78d9fe27c7d60cb4c02000000036da446bd67d599032729050ec582258bc11b0caf9b9efdc4eca0418e8d290a0400000009e992c44048c60a3c4291d2feb4e5054fab754b3588b3d4a5f22a6e4b481c6df3d456a34244368bdac9ff8baf65d0f1b0cacacf850fb83d2fa40a56801aebd00 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0785d8ba1e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31063680" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063680" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31063680" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063680" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2981588917" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2980494702" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2980494702" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{97330FD0-6A73-11EE-9784-424EF1D7CB82} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4408 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 126.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 29.81.57.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 52.111.227.13:443 tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 38.148.119.40.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MBSMWSRL\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 51236522bb436a4d03bb4321828fadc1
SHA1 db0d53f01bfdfaa72e7642382c12814949017cbc
SHA256 98e9a511c8e11fcbb0f380f74bfd1cdc6b0bcbd3b07773f50f88d1eaf9323956
SHA512 f6bd024b414206d776c59f1e6f410de92fa1d446a6b33bf5378d28cf5c10395d07d517bfb0faf9403bfbbf2dde2412fdcb0f6f5c61055ccefd1b1273cbaf7cfa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verEAA4.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Analysis: behavioral5

Detonation Overview

Submitted

2023-10-13 22:12

Reported

2023-10-14 09:22

Platform

ubuntu1804-amd64-20230831-en

Max time kernel

7s

Command Line

[/tmp/l4ed5947e_a64.so]

Signatures

N/A

Processes

/tmp/l4ed5947e_a64.so

[/tmp/l4ed5947e_a64.so]

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2023-10-13 22:12

Reported

2023-10-14 09:23

Platform

debian9-armhf-en-20211208

Max time kernel

4s

Command Line

[/tmp/l4ed5947e_a64.so]

Signatures

N/A

Processes

/tmp/l4ed5947e_a64.so

[/tmp/l4ed5947e_a64.so]

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2023-10-13 22:12

Reported

2023-10-14 09:21

Platform

debian9-mipsbe-20230831-en

Max time kernel

3s

Command Line

[/tmp/l4ed5947e_a64.so]

Signatures

N/A

Processes

/tmp/l4ed5947e_a64.so

[/tmp/l4ed5947e_a64.so]

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2023-10-13 22:12

Reported

2023-10-14 09:26

Platform

ubuntu1804-amd64-20230831-en

Max time kernel

3s

Max time network

144s

Command Line

[/tmp/l4ed5947e_x64.so]

Signatures

N/A

Processes

/tmp/l4ed5947e_x64.so

[/tmp/l4ed5947e_x64.so]

Network

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2023-10-13 22:12

Reported

2023-10-14 09:28

Platform

win7-20230831-en

Max time kernel

134s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\mask1.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 905c4d9380fed901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b000000000200000000001066000000010000200000008468a3958ac20a9ae12e12042a8d0cfa5002fe0d984c630a567ed358a6a7cd5f000000000e8000000002000020000000842fe4d318d5bb195f0b14584f58e51a71377a1ec196d55208c4333e2d7cabcb2000000024ce1f48e4f0f58d1c9dfd5092a9fdc58be04f530159f6689f3396b219556a4740000000ab3258d2cfdebbfcb4a2b5c6fbe6a907bb73126da84a0391855960cc52e66175cc5942209e52a27826e4e06deb5f7f00256d1b28d4719d37fdc21712f18009e8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b0000000002000000000010660000000100002000000017cf2e731d4d6ca3a7e800c0a02f95f3b9c1fabd828ff70cbb5f976ffed71509000000000e80000000020000200000005066bf56f1246d8f9ddcd9738071a7f2c43501162c0b082da64aad1a4846443b90000000805baeacd6e310eaebd4239ed4dbbacb1e53400b72ede51bed53a913851decbdf7a6f6861df4a805cd1d50723be6850d4f9e1dbb98804192c5db694042cb9f47d3ec71a0aad5710fc192234f8faeb645ca81c450ec5001522bd7abe37510fcbfb40b47629037b8baae1685d0dc93c6f657f8e92ca7c6a58283b9a91e3f6c79d0921ff3cf0096b1da63c187fda019aad140000000a7f5d2b3e3530335caee0e582375a750e127dd0620b04c94ec7dfc2f78875d9e7313bf55bd516f8882741eb7b94b332d93e6a6afcdf6e2a7e53170121822f190 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BE789971-6A73-11EE-851C-5AE3C8A3AD14} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403437453" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\mask1.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab8AF3.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar8BD1.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3cc1fbee2fd2c463b3156e5078ac869b
SHA1 9a6295ec09acf639c600e59d7433f5352dd86f49
SHA256 275b67caf1045ab7b19504c02c53b9ec5e7f17d9bac4481c8024610c3a05fe83
SHA512 c88839cd2190f6f0f06d036cca7aa96be6f30c0f2e0086bda7c525541ef2dd579fb86a2fb976c0617df2c7034f07331142885d4edff3ca425bf530a1393ef435

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7a2a69f9de49dc34853f57fad8a6163
SHA1 0b77484b80ec4841102430d816e0c084b03344ba
SHA256 67d0d5b8bec92e9966dd0aacfe109f1b0e25e0d4a2ae32746361be49534e5ab3
SHA512 e5b1835acfb0610faaa10e3a0c999cd1b1fffa5a129eacd390613fed6608951d96425a1569969621d9956b29c987b1c8f34219ec13b1dbf1af16a0b62332c3d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29919f1a1132b569d27675cb43d5dd0e
SHA1 0f89debe07f66fbdbbf21bd244fd90d12ec52ca6
SHA256 48a6c66971cb21e568290a6f863ea5ccb471d8d655bf8f8e0c95e5e2b222a854
SHA512 d32365c714f5d2c48f21a5159ec21a3d0b65f7af27e3202d0e1bf901ab70a787ec6d0db6c62f378f46309893473a34507381e006aa0d371e0e12c527cb9b8a60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58e7945e2065439bf9793e1820c422b7
SHA1 91c2250fc4fae934cd422b8bbd1ed31309ea8d83
SHA256 0cf38f64de85f9890dd2e7d68bac405af759631da89fb122d5de3fe3940c7828
SHA512 7d6109735b523fc4a19098611f1e897a563aeb27144cf2b081a6d951a8a86245ad2315ea64024631619812082a722684971ac4ca68d5ba58e77f43088d0831f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66ea756e6ba94e48f4d40c9925d3663d
SHA1 83e35fce2b61e3c696dbf928dedeadb79ff569b9
SHA256 211852d86a2d9c14bebcca2da0263e9fc9a702aedf68d6edc0ef912e5e3e7e0e
SHA512 33b72eb053dfed8d9f94f4b5abd30cd545f6871ce819ea20ce6c1015ac584ec02458be31bc2579bc3ca219e58a528add1c5af4a8903f357b661e52faac22c074

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 600b62e7d32eb0ff45c8553aa1574e60
SHA1 afe370bda52e2199be049db7e043978d9c4d0134
SHA256 2f6f46b9e91420ece06ab82cecab6a047f517e5da10dab5e5caf323bf4ec4e10
SHA512 93a721eb5f8e54a5e2a26fbb71d831dfcc891d6aedd0d5d63e6eb06b60bf4cb23f12137cff12c312c76ed13a6fffd9796c6f3d1ac57cc928c22e7a59adfa415b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce32bd6a3c431839d6d7014af9aedb8d
SHA1 222426755d377f2f3243289dab48dcae1d4b9ca1
SHA256 76dffa9db0da859a32f43e070007cac1096115edd5ded0bd6722924ff5799b07
SHA512 9b22f7f7f493bdcb8d4d1336e895dfb38de007337f22b5e2a60faa519d62ce8a9b9cf118d66a962db725376e0d07317ea7d21364b0a5e0e6399f3fe17ab94db4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 285572e0c38585b4f37f167e03686513
SHA1 079aedab505a8c39e167699cd34703ae94b36b8b
SHA256 2e9d1a484b32695672dc6d51a6f881673964cdb438af29816693dc4f5d3b6a75
SHA512 bd0aef701da3ee9a21c5ec0758902fe93bc8de34fc2b56257ee3f725c1fb9a0a03e27f6ce0fd2c8f2f946df6c85c9fdfa35e1f53624bd7c1c303526e286cd700

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f2f78f1ae21339b7868ccab21648316
SHA1 c4d5f33d87220fecd695ebf5215c1b2e7466a22a
SHA256 5a757f1fbb93741afaa11e529e26ebbae96f8e4df23f0decfd352dddab407175
SHA512 bed499b7bfb6be9e0e853f3ba13e5319a8f4a6df6b494807c87f64f52cfcaa25cf36a131e1c1804c97528f5732d9bf2108c4e3b942913acba7435f9ae18d42c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 270478fcbf9dae7a19cdb9decc25462d
SHA1 f24c880876acb14074212c701c3f315f701329a8
SHA256 3fd35d779a70859405fae5033cac890a3e8f1b13abe59d925309a8c62af4e3c0
SHA512 e30125ca7aca464705fe9219f8769c886296319ea2fc4eb4b83fda9355fc656e5c441e5f4d8f581c107a86aaa797cf50072d514211074948227d0c01d6c848d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 540250d6815b7b32e43b04356faa7cbc
SHA1 d01873fc98bb071de7024c60ff5729388c739f42
SHA256 e2d02da8bfe39f8285e218a5487d4bfc8bc6bb1e4390280f1e0ddfbce92cc426
SHA512 9c14da14de9f4a3f300d39c55ff9171ff91ebd12640a479efc2af1b69237748140a8c5ec98b102919843c0a3fb2dc6797018537155bc55e17aaa0e6155d3b245

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08e892533cb0bf57b7f53d22c3095e2a
SHA1 1e76e3b9c2e9591e43fd76e668b2f0c9fd2dafb5
SHA256 42109838c083df0b7faecab871c9181e520cbd8fa8bc2fa0fd761e216c0bfd92
SHA512 fc5b6a37dcadda43925e9817f4d8e56936858f82c60a3c1769c89ef77809c7c8823c97b7f15445abefbb68fbb762c08e0f483040270d12925d3c8047e9b7251c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bcc5ac1fcd7602ad64bdb55e8eb87234
SHA1 fbae792d14bd8d511f90120a42c91a8d6af03edc
SHA256 ea807f622e5645e7765f3c2d4f01c5a3d0ca2d0f43822144b6bb0f35952dbd78
SHA512 439a144b774a3621e576469bae8a045e5f6606c22a452552382cc04fdf4f63a5bcedd40de00d78dd272b6a36831e1605ec6bc306dd2e08713ef1f5e72e677c4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc11a9689093a185b94759c6678ff3ee
SHA1 009850fd69e87c7a757acda602a015e9f1d4ba93
SHA256 28a9e9912068b17d73be9b0bdc6d94a87b7789381267fd59b3511b6c9c3a7f93
SHA512 7befa185b7b1272cd21ac11ce54902fd9cf3f129483036e49eee350758066f6db817e645228d9c1094099208b40c897754cc4181f2e1a7416ce63c193e068199

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be4a0b09f17e6e47218493f7f608bbb6
SHA1 686f1407d3f639d9fd2d18d61597f2bedd43b54f
SHA256 8b0cae5db665e6fea9e00dda7c111dc48defc4c339d711aace8289a8cab9df82
SHA512 e7efaf4a4b772312477df8c08efe1241a1dca721d8c2d9e8052a2b19770c55cdf2f2fcd217308b150b2c035b33842c5faf34231635e402d880e56c951db2ab2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66b600f2540d5309fcc3f8283bb6c2d3
SHA1 01c72aaed2df5db70bc2171754f25abbf41752c6
SHA256 93439ae347ace33b60cc57a977cd2b5b743cfd152c23413549f8cd319eb7347e
SHA512 1c8daec8a986dd28c1443f8decaafb294abc592f8d0c6e3debb5c1befc74a7910564f7f6f752b6aa5d3ee64d41c5657efb5ad01f4d4b76834c8d1faf14965ed8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9fa935abbf0c2d044fc725150f95175
SHA1 d376f89addcb13704a255ca9ae49fa3811ddcebf
SHA256 421d0f05a6465a716ee552714a24088c857cab331a577bf665ef1ce45e2d77de
SHA512 81bef7f23e309d16114658dcc2ec181132dedc430d19948472a16e1cef396bf10233a56c41312aa909c01366ec592091f117beab8bdd3031b7cc29d767cfae08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bee54d93d9c50870d3752ac0bfca5d63
SHA1 687953dfecda1f489555531c83e976ec1f0366e1
SHA256 fe0e7b6fa38948b4478beaaef6c0d38d4ddd83cff2a90ae8dac692259b0a39fd
SHA512 7bc6b44ca4d814200c49cae7c46be470519505a51a8f2d13dabae23a7523d362ec76d75d12cc955571d7bf7c2be8f042da144775ce292a523a5504bc9433add8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a1ef090210967e921dab6dceced709e
SHA1 480c6797a15aef16a59d633ddb1cacb3684382cb
SHA256 1c6c104aa6b4f20714d33aee2dbaa48b852887f1ff68f3e8b5a35de94e170780
SHA512 927b6695362d1df95a4a069bd9fa1f764e23d6e7101449d59f4b6ca38f08affff7e7b5ad569bac586a519438e365a0fce97bde4f07989680f74ff6444125a6a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98f2de3dca8cbfab677b3d12c694b3e9
SHA1 d90fd3bbfa9d9f511bd9b373b65279964d76095c
SHA256 360f26ca3697cf695c299d47713d8a1ef049c2b90e84af36dcfb835572895643
SHA512 61fd88b3458fd7b0a9fc3f72a46bbdcbb82004cf89992a6a7de882ab3b6fa7795a9038d811802c82c8bbb13b85c36cad8627ef5e25673bdde50ac486c8682852

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c81305d1f6e5c0c73f1320993958999b
SHA1 0798459585774206e16f14b7f0df02c41135839f
SHA256 ea510fbad3b1d2b8951f89276627b338277916832e98e67c8e3efd391353546f
SHA512 4ea0827a8e1e22c5af2370a62f08b69b656dd8eb0e66d75aa37ddeb617c10398566c2608286c72aed2418c3ff9a0f8d42033126efdacde881b09bcfb00c666a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 147c55fe358fe6e8733b1e74c1de2f44
SHA1 3f4461e0d3918cf486349ead30345392c25d3901
SHA256 8cd796855b0233a07ec7b9f9e5be1994f71d0f56e4472901fffcdea1dc67625d
SHA512 7ebaf8364ab0ea25a6a91b0fcf3e0ba3ce74f5ef0356dc9d1499c51fabfa7479d9170b3416cb9e46494ad8c13ba55517536527b52d047b11d2cabb74310b9934

Analysis: behavioral12

Detonation Overview

Submitted

2023-10-13 22:12

Reported

2023-10-14 09:26

Platform

win10v2004-20230915-en

Max time kernel

221s

Max time network

255s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\mask1.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31063680" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1453029246" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90d33f5780fed901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063680" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f0000000002000000000010660000000100002000000087424d2c657a857cb7607cc5a84aaecad8a56ce189cc70f50b6100f181c0cc9a000000000e8000000002000020000000d3cacd540c8860bb02a34d5864a7584214c138f5260f9924de81816e9c78f8c5200000007ccbe53902f35dfb9590d38235ee6c277c79258e9ebfd9a8283aca28755670f0400000004caa21fef31c02dca12350e1dcad4cd2f4828ca63e5559f3035d96ee3fc74ce345e0d263341fc6df246cec434e78a0c13c4c059571c9dd7a55b2db015ee87aff C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{7A6FDD9D-6A73-11EE-83FE-EED69A4A1DC8} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1453029246" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "404040479" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\mask1.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1776 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 29.81.57.23.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 59.82.57.23.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EGWOM5I1\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee