Analysis Overview
SHA256
e04b0fc37860cbcc0298f4037345544daef0f20610c55fec7866a4819b3fcf6f
Threat Level: Known bad
The file 202310181558.apk was found to be: Known bad.
Malicious Activity Summary
Gigabud
Requests dangerous framework permissions
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-10-18 07:59
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read image files from external storage. | android.permission.READ_MEDIA_IMAGES | N/A | N/A |
| Allows an application to read video files from external storage. | android.permission.READ_MEDIA_VIDEO | N/A | N/A |
Analysis: behavioral12
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:03
Platform
win10v2004-20230915-en
Max time kernel
127s
Max time network
136s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\jq.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:04
Platform
win10v2004-20230915-en
Max time kernel
138s
Max time network
159s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064473" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b0300000000020000000000106600000001000020000000c734c53496f7a2c43292980b02d324dc3be5c2a02518e5547d30137f01237012000000000e80000000020000200000005dac877b102a88655f375c486e6036638b32dea2bcde545da5de9d990e3b55052000000025f62944a017f5e3d062ec95cf3b4cab7566eb67d08bc354abb122da8488696d40000000fcb2f1f86c1695280f9b91506fd4d8c5c6c9eb72dc232ee4bd48dfc9210de23695a5fb445bbe2270f6b9e3c27f5e583a76042f7f5f3a330fe6d1f040fc8739fa | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1938877549" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1918253466" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 508034759901da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1918253466" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "404381096" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90411a759901da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064473" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b030000000002000000000010660000000100002000000072da7c8d03f701f3a8b9ce1928483331edb0341dff97e84a788278e39b6158a1000000000e8000000002000020000000d3c738c4b017caae362caa989633462c1afb8106183081d26d5161baea80dbd2200000005fb3155d1ca4cfdea7ce31befdc6df1b06e298b95e2f19aad6637f1a2b284a2f400000006726ba55dc875654c7ee185df819f3ea383f8d57056f95a563c97735dae214a48f512e8eae1db288f4600f1725745cada6387e04837b2393eeaadee375032a53 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9DC8E738-6D8C-11EE-B0C5-FAA769BFC8E5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31064473" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2740 wrote to memory of 1660 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2740 wrote to memory of 1660 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2740 wrote to memory of 1660 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\list.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 2ce4c36a9a2d7c420acdd1691c785511 |
| SHA1 | 1fe204f8fa4fea3422fe634534b9d85333469ccf |
| SHA256 | e9c130a18c7a4768df37470b9bc5d82a605e683b01770c1e5ce5a9d1eaa3e277 |
| SHA512 | bde297fe43830016b41ab9fb2bdf343002355ddf2ccbb0715e703d3d0d5ecc6ac2b83eba016aba416fee5445bc1c2915ae9a392bdd43238cc3c8d6e47c5c95d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 34b09778f6408de2052807e5108ad8b6 |
| SHA1 | 6cd96a43b04f497691b8aedfd72a5c8df097ba08 |
| SHA256 | 109dd35dba28ed452d9eff243faadc16b1b9a32880c5fb523f3f2db5958f9f5c |
| SHA512 | 44b0c13041c85b56b9d6fc3cbc1a5e4d7cf4bfc48783d9fb516500387fea4c2c17778111f5924d9b4dffecb3108a3ca4b4e65bd75962a90b33ef41bdf50a7215 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XE9C1B9R\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral24
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:04
Platform
win7-20230831-en
Max time kernel
118s
Max time network
137s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\mui.js
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:05
Platform
win10v2004-20230915-en
Max time kernel
102s
Max time network
169s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\swiper.min.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.208.253.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.24.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.17.178.52.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:05
Platform
win10v2004-20230915-en
Max time kernel
226s
Max time network
271s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000562b5f977fb577f863a4b3e03b123813e9eb636fae31c976e5a204df8ba4d419000000000e800000000200002000000043c78f097ad2d89a5645aeebaf647c43b934c4d84b1d28942bcabc85289880e31000000042d264bc0363b7b6167c856d538eda5c400000007da9ba3f972ed6c82c655abbb82aacbbda2a8a18763f500744699818b1a0e07d3a72f6524d66744369278f18384367b07d02afa52aed838a371b3c17604018c1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31064473" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 606e6db69901da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2958595242" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version = "5" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064473" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\User Preferences | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IENTSS" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "404381204" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f000000000200000000001066000000010000200000005adaa4c6e16d3dc53ee30fa0f2649783253f1e393da26af19b6d1a0f531d0130000000000e800000000200002000000058d82b68fc932d05071be1530f2cd88a0fca3e5e65054313ab663b0d423ab29f500000002dd25f64f88a0201a58cecb6d00d322b818b9982784fc98329258ca18c58febc8dbd0345c73065bc34e5d2d3aef6f48565797e9a4be80cb467774664e6a8fa6d9bbbe527d563a15f653f0774d75fed294000000035303e9033ea0b76937fd886cd091cbfa395aca8527f0938688e964866c62a308f4caa6939f5a4edfa0d2be032126a6ae5eb08c64d3e26fe91cf8e9e6129b95d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000ea6f7466bf5f308de7acc0a139b5b314b740258c92830341541e8bfb8f12d637000000000e80000000020000200000003f5b8642345c8fb5c4aced46681cd5033bb07c7a917591ab90be926bfb0c885620000000f043f7a4cad058d08232dbfcaeec59aa1d864afc9a3f3dc0f0a662dcf704bb8a400000009e08ac005f65c3ae73a4d0ebe958147265a998f1bde15875cb52ad6fb72a617f78b0dee103f7d383ec9e5f013b58a2e8fe6cb7081c4ad25ef65c5cb8b9f997ab | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3269064748" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = 042d5e82d5e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000ba863a0c1ab9e8feb2654feba0c605883e28bc0887d2aceb04755cc2899b93cf000000000e8000000002000020000000671e034aade20297b526006447fb60df2e89d8bc329577927c0d4f504fdc8372200000006357ca36be6f02b6633a7600f5a5bb58e239ed37e6b479ba7a222d0f83307a2740000000b12551ce24815b762956478b9be4c65c199a1f54362c3e16d95631f07a5c8171ebe2de1ac8718f84ab4c05b3e31bea75a8aed284a559251180b31821b4ba9eec | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3269064748" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31064473" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D0EF5060-6D8C-11EE-83FE-EED69A4A1DC8} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60ef43af9901da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064473" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = "http://www.bing.com/favicon.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2958595242" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2468 wrote to memory of 4684 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2468 wrote to memory of 4684 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2468 wrote to memory of 4684 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fw.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 88.221.24.130:443 | www.bing.com | tcp |
| NL | 88.221.24.130:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 98.142.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Kno75FC.tmp
| MD5 | 002d5646771d31d1e7c57990cc020150 |
| SHA1 | a28ec731f9106c252f313cca349a68ef94ee3de9 |
| SHA256 | 1e2e25bf730ff20c89d57aa38f7f34be7690820e8279b20127d0014dd27b743f |
| SHA512 | 689e90e7d83eef054a168b98ba2b8d05ab6ff8564e199d4089215ad3fe33440908e687aa9ad7d94468f9f57a4cc19842d53a9cd2f17758bdadf0503df63629c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 2ce4c36a9a2d7c420acdd1691c785511 |
| SHA1 | 1fe204f8fa4fea3422fe634534b9d85333469ccf |
| SHA256 | e9c130a18c7a4768df37470b9bc5d82a605e683b01770c1e5ce5a9d1eaa3e277 |
| SHA512 | bde297fe43830016b41ab9fb2bdf343002355ddf2ccbb0715e703d3d0d5ecc6ac2b83eba016aba416fee5445bc1c2915ae9a392bdd43238cc3c8d6e47c5c95d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | c4ccb65be50d85b12d009cd7a241b392 |
| SHA1 | 7abcd0121911c54ddcce3c831ee9f79ae6f12b27 |
| SHA256 | 6ba9091e74748be9b8e3e5c6ff8ffb968fa29185fb1a96489b2af8765f662d33 |
| SHA512 | d1ca03d190694aee34fb91028562c51f5909df346e3656a80b59f87fe496651373092ee2521c69c46cfd706c47274e1942b3fb5d6fb639f428d7fb4636c9c190 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver5253.tmp
| MD5 | 1a545d0052b581fbb2ab4c52133846bc |
| SHA1 | 62f3266a9b9925cd6d98658b92adec673cbe3dd3 |
| SHA256 | 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1 |
| SHA512 | bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1QD0OQIU\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral10
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:06
Platform
win10v2004-20230915-en
Max time kernel
252s
Max time network
327s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3155216891" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E14ADC6C-6D8C-11EE-83FE-7A9C7BE51529} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31064473" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IENTSS" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3155216891" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064473" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31064473" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064473" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f000000000200000000001066000000010000200000007ad486c8d4cc14f19895fdcbcf46958e232c67baad0c79effacbd4f4e5f56810000000000e80000000020000200000008e80c114d2db1afa32d25748c3368a4fb295e37b4daec50d9fbfe6978233005a2000000045e7bde7f2d580ebf97b0fc30b1fd55992f91093baae62d711a5cec5759e851a40000000377c9557625ad4b0bba45ab3fdbc800fba4005772703f0fe84ef86fcf1ca8c22ee204683da15a5702ef339c65a280228b274ae52c80a3bc84be9cac422cd8dc1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000752af152f8097dc32ca432b2e4de71e9c018009c1ef03bf38767f43ed3c4adec000000000e800000000200002000000004524269704487a5a3c5db9be82c3eff2567d5eb5b34e6c1d700ee6637f9de51100000001d2b53dcb575d196e200d9cd1626ad5c40000000d2a408d76cf07a7d31ad4b97d3d5df5d56c463b29d36ea0aec979cc42a5e4cc0742b4697537d6f27f159fa5a895a080c5f12de80547851b34b4d46d9094fd55a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20e450cf9901da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version = "5" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\User Preferences | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3156466596" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000fd2bcbf832a3fa14d2f961ae264d48bd9c23eea4564d86e03f40c882dc9d5a7d000000000e80000000020000200000003c17f7c3f82e8d03b36dce094d3d825a1945d49165949e9dff582f1c5568bd0620000000485a5401ee548bdc0e37edd81a19a2cb6a5aaf2118f299b53003405311beb4bf40000000e4f4d5d5f81921b35b447d24c0aeee11ff2797e57f36c2fd17f11df744825bdc4ae21b41734832677901a14ac11fcf692b5872982e4621417d3221f4ba33b029 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "404381219" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1056edd09901da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = "http://www.bing.com/favicon.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = 042d5e82d5e7d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000083591874fc925007af11a8158024cd8050fc83330ea65de47495bac9fc496d3000000000e8000000002000020000000d53214060b7a559ce0341da29aa80246d4fe989263a8ed051ec72f00415bee8350000000d0449a3b22fd33c50c09b71d11f1f77fcfda0dd800f8897a16b1978fc6496f4069cd42351031a49220daaa161962803d2f9ccc3b33b2f4d035172218d644f0996944e3b129101f0226c174cad436ccb0400000007b868ced769e85e60acb0d4c6ba2f9a6a6152ac1fc688e042e94ffd847133778d6216634f6531d5063b4ac5b0dd08908543d15955f2033ccc80c62c26382b433 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3156466596" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2156 wrote to memory of 488 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2156 wrote to memory of 488 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2156 wrote to memory of 488 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.141.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.142.81.104.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 88.221.24.80:443 | www.bing.com | tcp |
| NL | 88.221.24.80:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Kno33E2.tmp
| MD5 | 002d5646771d31d1e7c57990cc020150 |
| SHA1 | a28ec731f9106c252f313cca349a68ef94ee3de9 |
| SHA256 | 1e2e25bf730ff20c89d57aa38f7f34be7690820e8279b20127d0014dd27b743f |
| SHA512 | 689e90e7d83eef054a168b98ba2b8d05ab6ff8564e199d4089215ad3fe33440908e687aa9ad7d94468f9f57a4cc19842d53a9cd2f17758bdadf0503df63629c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | c6cc2ffb933bd0a1685878b281002967 |
| SHA1 | ab9e0530da2091425e14bb7dc98ac61baa8680c2 |
| SHA256 | 6b33651a35c0f4a5252af46f4cb7abb1bd5dac4d9bbe4221ae9fa3369a362d12 |
| SHA512 | c0c6099ce9bc68a5334a3092dd138232e52c6652300db7e229fd58cf0fb2f2cc1f9bd085901188d0ad4bee7fb770c5d4a41b4de304a4b8d8a71c1ba21a295fb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 2ce4c36a9a2d7c420acdd1691c785511 |
| SHA1 | 1fe204f8fa4fea3422fe634534b9d85333469ccf |
| SHA256 | e9c130a18c7a4768df37470b9bc5d82a605e683b01770c1e5ce5a9d1eaa3e277 |
| SHA512 | bde297fe43830016b41ab9fb2bdf343002355ddf2ccbb0715e703d3d0d5ecc6ac2b83eba016aba416fee5445bc1c2915ae9a392bdd43238cc3c8d6e47c5c95d6 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver9EA3.tmp
| MD5 | 1a545d0052b581fbb2ab4c52133846bc |
| SHA1 | 62f3266a9b9925cd6d98658b92adec673cbe3dd3 |
| SHA256 | 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1 |
| SHA512 | bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1QD0OQIU\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral13
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:04
Platform
win7-20230831-en
Max time kernel
118s
Max time network
128s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\jquery.min.js
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:04
Platform
win10v2004-20230915-en
Max time kernel
133s
Max time network
161s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0ed78739901da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b03000000000200000000001066000000010000200000003e9c09ee62c38911f7a295a9398bde05b713b04dfc5754c4b256e7bcea0c8159000000000e80000000020000200000008e1fb10e7fbf4be2939728492bf7cf9d7bce75010bbfa092e4f8a60c0b7fbd19200000003c8914d54e849cf366a83b7114183f671bdeb5eaf1ed2cd5aab5a6417336295740000000461214eff0d1b29b605cfea4838ea41989974b65839e985885ae0da1b99e66d28db28787a592cbfe9cfe7531cc4de93a7d3a4e6a042861eea8fc12e15087b05a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9A4F7ED3-6D8C-11EE-B0C5-7E90C1422BDE} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1910745376" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064473" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31064473" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1881838874" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "404381095" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1881838874" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064473" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b03000000000200000000001066000000010000200000008e593e7e7681a1d0d8c86a0ea83e76297f1fcff1121ae0303171e5809c762aa2000000000e80000000020000200000002a23f3c51ba0f719115a7d9c8698f85872608acf84ab23549a375db47e8a421720000000eb7c7173c49508bc93d8c6239bccc2928d9dd946ad04ede24bcdc1293d1eeea240000000e94011530b799e9bbf9a75f364ba0a3678cb3c965f458511ab06d05d9cf482c190cd3ec657ff97dda76b3b4d80c19d68960bcb4e983e36c4c2cb1454bed83d53 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60bb90739901da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4052 wrote to memory of 4848 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4052 wrote to memory of 4848 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4052 wrote to memory of 4848 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dcloud_error.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4052 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 2ce4c36a9a2d7c420acdd1691c785511 |
| SHA1 | 1fe204f8fa4fea3422fe634534b9d85333469ccf |
| SHA256 | e9c130a18c7a4768df37470b9bc5d82a605e683b01770c1e5ce5a9d1eaa3e277 |
| SHA512 | bde297fe43830016b41ab9fb2bdf343002355ddf2ccbb0715e703d3d0d5ecc6ac2b83eba016aba416fee5445bc1c2915ae9a392bdd43238cc3c8d6e47c5c95d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 0d74f9803b1392e6e5748b4906db62e5 |
| SHA1 | 9ff25008316e8b8f3587b4a56aa317c33e16b6a5 |
| SHA256 | d0a8f20611f7d9403e32be4edf89d7ca047a482937ba128dd1e972a26aa2ecdb |
| SHA512 | 89f790c637b8d930050e431f7ca474be18a959d6035efa28c281d2c3c077247b690051b3dd4dde9673ae994b7f4dbecfc92d225fb4070dac5e54f9c8e853a859 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XE9C1B9R\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral2
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:04
Platform
android-x64-arm64-20230831-en
Max time kernel
1104008s
Max time network
161s
Command Line
Signatures
Gigabud
Processes
edieib.hachfc.edjiad
Network
| Country | Destination | Domain | Proto |
| DE | 172.217.23.202:80 | play.googleapis.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.251.36.42:80 | play.googleapis.com | tcp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| NL | 142.250.179.138:443 | infinitedata-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 216.58.214.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 142.251.36.8:443 | ssl.google-analytics.com | tcp |
| NL | 142.251.39.98:443 | tcp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| NL | 172.217.168.205:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | izgztokoyk | udp |
| US | 1.1.1.1:53 | kmnwstgmm | udp |
| US | 1.1.1.1:53 | jfbjgaajhx | udp |
| US | 1.1.1.1:53 | kmnwstgmm | udp |
| US | 1.1.1.1:53 | jfbjgaajhx | udp |
Files
/data/user/0/edieib.hachfc.edjiad/files/.ss/l69dde550.so
| MD5 | a777bff3d943e3642306404404193ff2 |
| SHA1 | 1dc2e0c2058551aa7c20f98d93b5bb7ce8ba716d |
| SHA256 | f5fac90d5d6c5dd517a9882979b48b53c4d1c74df6ab4b37097dab26caf3ef56 |
| SHA512 | ade66980c5a8a3bff7628c9ba7a70d7e24ad6cb3d418fac91b09320ddfa0e2991b7839420c793780a425a76fc327d628d627845afe5c26bd5b4f62a249d30662 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:04
Platform
win7-20230831-en
Max time kernel
137s
Max time network
139s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c30000000002000000000010660000000100002000000007b766a29301859f9a11a06de953ab17d90637511d0ab718864ac0ae0877159e000000000e80000000020000200000000176d4505831ba85a357498495bd0e2307d96d9b4fe1e7a88f96e8e38c2537f920000000483ef2818b428fa82a11c0995a74fe3f00373f932f6eaf23a3349c6ee10de00b4000000029bff22bf7883f743e55dd27c50686635c5e78cc4e7f657ed4fd6f8707e77ffe21ce0ef9ced9d0f42a073837afab360f95fbad758fde0b0034a6a065867132dd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 504564809901da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{996F3FF1-6D8C-11EE-8AA1-FAEDD45E79E3} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403777982" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c300000000020000000000106600000001000020000000f0c2ffc7c5ba216b13046e15efd9c57d56822ac20578835c6d4905dca5824cc1000000000e8000000002000020000000b3eef85ea85959445a389aa7b5e80d947214d644656603af7e2ba44b4c56b6ea90000000663f33214accbe4cf8b6a57e68a697faed6933f478d853910cc446975b2119ba1d5e47de024d3296eb43b577d21d733e00990ee3ecc95d9b90d358d2f63cffa9ebed9dfd50fee076f5d0833a10d114af7e366d03f93099a5eac8c6996f6147defe153fb6fba559432ffcc211be7f008d07ac213226b11c3dcb20b6ca59dfdc1d02aa605e87d7150fecab50634da7608b4000000024f00ac8d66228422b2c036fb8daa01da8c122a0763d0a7277e21b37a34868f9f6b4452ab22449c11a461ed858123a1727e9f5cb17c6e5c5558e27eaac685e92 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2840 wrote to memory of 312 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2840 wrote to memory of 312 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2840 wrote to memory of 312 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2840 wrote to memory of 312 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dcloud_error.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2840 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1539.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar157A.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16d5496fbc62be453a0202fc1f0b1c35 |
| SHA1 | d3c67033f61f5854d958a3fe52f66f5c82759637 |
| SHA256 | ef6b0b6fb7698a66dcbc7e9107edf29ebaf62ee5e1fa70ec5b55e5929b5fae16 |
| SHA512 | 815774cee8d0a19763b920d51c89b5f786300e6494284db582bd5c3828f0c50be598fe4268038d54267853309d03b97a2598d98d03c48e041084ddfdf05caa4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3abb6d4df34ca0bc48f4ed8bc152e38 |
| SHA1 | 543ba50f7643f6d6d4f5406b6b00895869db9fd3 |
| SHA256 | 2d5609ddeac0983d901941f08bf75be1a23b35bb30e3316dbbb42682f4d72601 |
| SHA512 | 494357b11688eda3d9dbb7fb3f8ec2d11bd92a56a79c4078c91e0554b62f1e36a07f599a3bd3524e9d05ffe10b9aad4c4975c08bc2674b94be135c5b37cf7c32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1459f159397005abf0a57306f4beeb73 |
| SHA1 | 48f5eda596862a9a2a2f7025b458a198c6f47219 |
| SHA256 | afb108e4b749d54713e86ab2c9c81b5e2ca4944e9a6b6e62957842585553a50f |
| SHA512 | 53af91e592b764367376e63aaa3ed6f19de85930cf4bb1b8fa3c12d5b3debcb59135aaab3483cc76089146802cc071ee6dc1cd4c7294ab095e56ec5358e5f531 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a3efa707832163c0dffc3ed47594879 |
| SHA1 | d5e7ef2fd6afe4772eae0d3a6a14aaf179167868 |
| SHA256 | 98941b05cbd1ffaa82f6bb9f66982b3454e325a5fb20332b8e57b3eada11abc4 |
| SHA512 | cedb7615fd71cde289e69623868153c75af1f8a4304d8daeda8b95dc6e190df2cb4f13f0fe57bd85f4cd7b15644c6d11521c4c7ba3e10963f0c4f10eb207fee8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52e8b0ffae842fb3e587243fd7faaf44 |
| SHA1 | 318c7b1984ff672a9ddf119ef17f1471594796ca |
| SHA256 | 722a4247415a1cacca63de4b271f832d253aa5007927428de0057ac82d034953 |
| SHA512 | 63c7510e72d2c23e104e7cbaff2268d572e72a78add6d5344f50dbbb2359de6947e87118d45a047a5f3fa65e25f370967c85f3a92374f6e5ab2236f254a0184e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abd89f935f3df4b55f782ee204a2ed15 |
| SHA1 | 364e54be646a812ec22667e246b9c36c5b560573 |
| SHA256 | 757ed2a4cf81e41e11422d5a2b0d7301563f8d55096221e4e0e7da28d88cf1c1 |
| SHA512 | 9a90f3052e911efaf10b285c21ab34b2c53e3fcaa9c9f18798fbdc4fb83699d38734652b6e93a8b9482c84d83f6c054f0f0f7cdd360be00400153cbebf165b40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b87b07ecde75161365d0aa1b13393ee2 |
| SHA1 | 2f0f29c42fb422498c62bd07d6c7f6c4fb60dd81 |
| SHA256 | 251f8bd63dfefcfd2c40b158ecc0b8efde0870a63eb1b8deaa5a98a87b71e245 |
| SHA512 | 9ff40efe09cd5a3650fcc8f4a8e176183557988505d8b96fb0f5dfb3451a6adaffe48c9665ba2a7b0eac44c6be80f3b83cd6c3fac81758c455f4a499045eca22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6bcbff856c9e0d1caabc0261bfb5b80 |
| SHA1 | 21f584a53f483bc754795887fa5498f5b9dbbefc |
| SHA256 | edab90ea2b3dae3d1c846bfd9bf4792a779bc5f9cc7d00d4bbb9cf2b92860997 |
| SHA512 | 2895b484becc8d5a9ed0d8a2717ef9f4dfa47e7c13c28784a39d4e42e16d5f5fd02dbe4734474d70afe562ed808ff5d55da222af5c985edd925c38ddf9a913a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b8b2e328bb4df85a29227fca913df00 |
| SHA1 | a44fd1303fb041df283aec41f7804c0e5daa90a2 |
| SHA256 | 32bc97e3cebc2cf2fd2d36b68f2b1358454f7e0af033d674364843731c4cad78 |
| SHA512 | bd8a5f56c6ff3d9ee255bad84ce52567a1bd688da5558faa686a86eb5018163538218092ee84ebfddf2a4ed823f4ecb6e389d1093fe32ae8a84a4e8f9f21128a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c12b65f5d21fb2793a77c93fe9595af |
| SHA1 | 14eadb38e70f40b6e4fd98b7b111ab0dca3c5bec |
| SHA256 | e6625e4de21302bd105655cda4e5741cb3e84a7cc0f16c658527c29172753ef3 |
| SHA512 | 8355acb08714d32db4f59ed8520aceba578832f8da6df60adbbf28fbaef1e5d54c5ec2effd8f29d81e3b1d0f520d76d2e10725ac35ae9a5d412696f41e9d4ab9 |
Analysis: behavioral14
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:03
Platform
win10v2004-20230915-en
Max time kernel
137s
Max time network
159s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\jquery.min.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.208.253.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.141.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:02
Platform
debian9-mipsbe-20230831-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:04
Platform
win10v2004-20230915-en
Max time kernel
138s
Max time network
159s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\mui.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.80.50.20.in-addr.arpa | udp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:05
Platform
win7-20230831-en
Max time kernel
122s
Max time network
152s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\mui.min.js
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:04
Platform
android-x86-arm-20230831-en
Max time kernel
1104020s
Max time network
131s
Command Line
Signatures
Gigabud
Processes
edieib.hachfc.edjiad
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| NL | 142.250.179.138:443 | infinitedata-pa.googleapis.com | tcp |
| NL | 142.251.39.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.206:443 | android.apis.google.com | tcp |
| NL | 142.251.39.106:443 | infinitedata-pa.googleapis.com | tcp |
Files
/data/data/edieib.hachfc.edjiad/files/.ss/l69dde550.so
| MD5 | a777bff3d943e3642306404404193ff2 |
| SHA1 | 1dc2e0c2058551aa7c20f98d93b5bb7ce8ba716d |
| SHA256 | f5fac90d5d6c5dd517a9882979b48b53c4d1c74df6ab4b37097dab26caf3ef56 |
| SHA512 | ade66980c5a8a3bff7628c9ba7a70d7e24ad6cb3d418fac91b09320ddfa0e2991b7839420c793780a425a76fc327d628d627845afe5c26bd5b4f62a249d30662 |
Analysis: behavioral15
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:04
Platform
debian9-armhf-20230831-en
Max time kernel
8s
Max time network
158s
Command Line
Signatures
Processes
/tmp/l69dde550_a32.so
[/tmp/l69dde550_a32.so]
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:05
Platform
win7-20230831-en
Max time kernel
88s
Max time network
177s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B67B48F1-6D8C-11EE-A287-4E9D0FD57FD1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f00000000020000000000106600000001000020000000001597a211ccdde38d2f2473ff05ba378c2238167dec9e6c344d558d219aeaec000000000e800000000200002000000092263458f8bbb967abf30f01dcee2fab94ddc716d87a31ca60dd3826421ab9ff900000009af9be94b03e32f8c7d817fd0f82d24b35349336c8c895a895e49f532e6f28d16a20eaef40338c85e32809e411e711cf0e8cafc3ee767a25f4799efe21133e5a3f9645ca238e1e0d01e72655660cf13a7df1ea0531730974a4becd4b6ead59630a7e90b2c62b0a557b631d3db14f401979926b7b92a5e041fe73d1fe348a49007dfef284d540340f4f6ef0df676fe4eb4000000091ff64d069a6ccd8db229a241fd8b0a0949a8a9bdb74c7022f4d510b23e75510f3be23de522f154058766b3d378730d55e91397469b021bf0ac787af0321bfd3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403778030" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f00000000020000000000106600000001000020000000d79796a3c364d2878a0d81eb38ddda36c7e94ed747c1eeb78473b8da3628d4b3000000000e8000000002000020000000ef1badf563548123d0dc6eb72c34a7a59ff12f9db044926f02b9f0f2e37042ba20000000c28fb96026c9bc3bd9dceee8ba8955896467df45ede5a31f040a128ca9ed6d584000000018fb8ddefc10eafa78cfe9a6c194afe325ef57a95d3bd0a9a209003d27d92af83f69ef4cb81adc9f0f4a8869dae5c56107b2d44f2c414ddb64df35376eb7c2d0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 108fb48f9901da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2332 wrote to memory of 2780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2332 wrote to memory of 2780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2332 wrote to memory of 2780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2332 wrote to memory of 2780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\list.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2332 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar6933.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\Local\Temp\Cab73CE.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a6e8ae9994e0162bb1e1941dba3aeeb |
| SHA1 | 2e8f9309058571f265eb31cc926a6cca6d923175 |
| SHA256 | 83cc234f0f9c7257b00cb8f3a22ee21fe6550acd9070e4bde13be097a6e57d90 |
| SHA512 | faa05d623c1403e5589e23ef71d027c5e7714e5a787ecdfc9babb969b445ef52e44e4a943876d576a21eabb6034af93b626178680e307531a89b53b7d91c6c8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13d9b4336dccbdf68beb63a015d45e91 |
| SHA1 | 9531ccdd623112f30e9000c54e337322f0bbe18f |
| SHA256 | 735686099607c68e93982f780a374569e36d4f6e679cdad72abe8636f5277c08 |
| SHA512 | d725e068d972a8887c3030b9ec15949a451e8b83aaf1bca416e6a9f924ba9aa38f5cde5897ece2bad5179497e4a9dc86b2a7740891550166ffe53f734e7bedcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cacb7b8b5285a7dbe3fe9a567f16afe |
| SHA1 | de623777c9380f0be78e36b94b9ec55706ed44f9 |
| SHA256 | 2311b33110c140159dad5a606f8a026787d2f19954b0b7befb608952cca74d52 |
| SHA512 | 2cc5e877bb997d997076be50a094fd71019b1a65844a2602694324a5d37fbae65626cca0c1005ad842af07da67f0d9dfd833ea3d151dd5df302f4bc800e011a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3c7d6278738fda0e85eebfd77171538 |
| SHA1 | 386ad4d0b7e15d2a2ea49ae26e96e32a3d440d2b |
| SHA256 | a17d0d7f4a4c6a865e649b272f690756a63388ea3c8fbbebc31b0f0ccdf0dfde |
| SHA512 | 8a2e24371242d0aa1ec569970b84e4fb63f41ef075b48fdd08ad4e1c3adb2b7076767d3ebd399124d28b3600b616e05d32993c84563c49659b44590308f80624 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad0fcb7293984ad1d2de13b821abd772 |
| SHA1 | e202f55a7b39b7b738de0aeeeac7f1e4d0aa7366 |
| SHA256 | e1a2264f198736c1f92186167072151ff8506d1b918f3823173d7910d2be4d0a |
| SHA512 | a158f47a3adfb5c3cecd999ef1c96bbb22709ff950ef7440f942923f9d31b93f2a8853718d719ff3f0a90b522098616d9cb90d36e1b3364861d7228fd5323138 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 520d5582659a1e515e4846a2812233bf |
| SHA1 | d21072371c8c5f2a5cb5e62ed3cc2939eb954864 |
| SHA256 | ba04dcc75180645a182945bf3cd82a8be3a2c693a74b63dc539133bb02733d36 |
| SHA512 | e14097a9f24665a7680666c162b7dc4a4df179f83d76c6025e548ecc1df8013b39858382c9bcb7c4a2281534d32975427c668aaa862971d1b89d0b9b2d7cebad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 767fd769761cef3332a12f5fadb63b56 |
| SHA1 | 07c531826b814c874063dbfe06d0ac4f86e24ffa |
| SHA256 | 543476f5036dc0bee0bf475da6b1e9d33380d1eea5f5b9eb6ea0c143e55218ab |
| SHA512 | 45c8ad4172fd13bc24faa71caf15496bd40215bb5bb888b03663d411949af416dfd70ed6cf354b57fe49f7168be2e9b001b8f8402d03d76b027bec0da2af1f61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c7735986190d4558fdd5b02c858079f |
| SHA1 | 79a1600462b21e998367aa507f64a602d398cc7d |
| SHA256 | 817bf3dab3850910860f16f187e6e4527e475b9a1a4ff467a8bc89c8d4f1489a |
| SHA512 | d234c6cbfc0032c0ca6ce98b2c49fc0b00405b86d1b9ea0cfc3aca8285458f4f3bc7cc78a3e6322b2510a4e47beb74374ef1cab633a9922cf6879cd4fcbeed82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7dd4406ac0ad1175761a25e589be6bf2 |
| SHA1 | 07a7ba3240ae16c4311bcaa1e49e54f6d101c419 |
| SHA256 | a5edfe1e5833c5871d309544dcc015e7d2c5e9c957aa2eb81ed2c6f3f830f4a3 |
| SHA512 | 18be930fce669afbd3d6df99476c9190f59b18d4855fc086fcf41925938f003422f3f5300678bb54aeac32ad60105b96f23c59ef2104567da0b17a628f09ed6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6d7df289b51972105303d1ebde8c98c |
| SHA1 | b526e1a8c600a615203c8f02d70b877e74b2ff35 |
| SHA256 | c1e2cd9822e0bc2ea2eff7419cc17f0bd2f6f9b929e5a24978c6e2567a270da2 |
| SHA512 | 166a0b9dc2ab7f9f2f7c0a93f433b295a5912990406e64bf91ce0a1e160304e210ef540ce2302486fe4e9ddee9a8e9ed2dc2b8d69ddc98ee1d2e2ce8f08d5363 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08dc494e286eba8d293be3dadf53b44b |
| SHA1 | 60b8acd1cbd0c8d06f9e542dd994c0fd77d6988a |
| SHA256 | dce02ed7aa9404df1facb1449ff9f29efaf2486f669e25eb11a2716c87c8ee7a |
| SHA512 | 4e0161bde1c1b4b3cb0bd3eecc93d49b0866ae2229dbf3671b78e309a9a469c71ab8d696ccbf2b7f05db63df74e723227889d00f0a89cdf95653a16f357d9ba8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2e539b25b20ded3c6946a88120bd71e |
| SHA1 | 68ee4bfb01afa776d16206f7ee180dbd35ba8754 |
| SHA256 | 4c97870ae21f13a05af5db3e0212e1529b9180eccdc65368ae01286d848f0ebf |
| SHA512 | 1e68afc6f3be71dcea5ca52aa7a6e13c6549e4826a7ad9429c53be031d6fd647b9d8a75d3ea43eb36afb7d7c0b13cc448989866669ce6a6c20c294f31c84298d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb0277395f375334949eba757f67402a |
| SHA1 | 5d9882d369dc7021512141499702e464d15bd470 |
| SHA256 | 0f4b470f95aac511615d8ba2f28eb6468c7b05d4f4dcac3fa08b8123f7000980 |
| SHA512 | 8bf4545171b8fd0707da9860d4b1b0ecd1b1fd365d323ebee482d1b5dae04a4865f7ed85f3a415cc54e3342acf8fbfcee0f8d621763e3fe9c2f708fd7f0681ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03c56a31b6f0239718aba58053b420a8 |
| SHA1 | 28a5b17f6d894a054cc51a1d478b957bf953cb13 |
| SHA256 | 66fdefedb6c215491a41ef8c0b762ec57c286ce6ce1137501aaa78c18f320fba |
| SHA512 | 081587a2718ef1414cbb0fb5c9e72b9b12a2ef8c2522adc87e92fb2fedf377c6217eb0f4363caab343a98ea007b86cdfde8a637645c0e984b8f2e99e7f7c2ea8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1786ec87332d23dd3ce98596679b045 |
| SHA1 | 98fdd07e9cac1a594ac2e0eebe9c04c57e1ac2bf |
| SHA256 | 45cb104a2ccf6076945cde36419f9632198a1d7a5394277edead98bbf88f98b7 |
| SHA512 | 199bf3f34e248677e4d4964c753e571939bca8891fa97f04f2ea0550fc70a8d16e4a1aa3af3368ab4ec4f98d2d7265b2fd28d60477418b1fadfe08bde85478c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 948dce7af0a8309fc768306329d7b3c5 |
| SHA1 | c516ab9732abe5bc017c93773fb12f77172f1aa0 |
| SHA256 | 2a027a9aca5b0c40ba917ea84cbbc41adc1f0d299e882586ba3175e7aff4a3f8 |
| SHA512 | 35d972ec661ebc35903545f99a81ab3b2c07b489c3a467a9f51638165ae4654320b139849fc197f8fb21bf18e3f06962443688a08173a8896740ad15ee3943e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ac0522659df009ae20a048bf6795468 |
| SHA1 | 7d631ad3e60a7c571c086b9dd07dca39af628127 |
| SHA256 | dec6a49e2c0cfb151084fc253161498478e8af615c69afc39ae48ef76b27d4e0 |
| SHA512 | 4acdcee141e2ece8492976d6708253152ce3358e30d127701d43b67addcff6b6cd7f8122fe634094adb37cb213d50f5a5db6a73f317dfb3743f208330334b22f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f9316c4d616503f89fbeac9bd8d4e69 |
| SHA1 | 4cf2d2549589d52e239be1f7275680cbccb91207 |
| SHA256 | 3de9e827895f098f020b2d177b476a5bfa1aee151b86331cbc95ab98742a6277 |
| SHA512 | 8707b32856ed5fbf6d30e3cbc157c0fa830c157b6ced7a71e6204bf79a3da23b6694ee0f9f91b84646ce050016bec307a392ea4cf91b5f27a18ffa8496e45069 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd795b5f30ec2f2b74e1d0d99723c979 |
| SHA1 | 76d130880ad576e16225226ca10d67529754df2e |
| SHA256 | 35e24dc27efd21eb68763ef7069ec9ab9070f1e0a11d3b4456a7c9a828e8e656 |
| SHA512 | 9fa6745ce46bcf57a5cfe8288b48b398a7e75e4d7816155046373535e21c6bc77c640700986e5d19159725d43bd00e72542c1858c8af459634e45236e0f8d772 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c232a8cb36c5a9a0516fd8829ef4281 |
| SHA1 | d767c64cfb80511ef0d4eecb9a65be6a966aa0b9 |
| SHA256 | 7d6e3e888462cc6bdd7efe6f881cf0ef5d90906b4c2c5eee1cad99b6ffca5c99 |
| SHA512 | dc1f8c2aa242d21e38a122239d457029417abf79c7454883d988105f656b43a3323b41766c28c0eb813415926c09a49229e4c189a4d9b36054f27352f18bb026 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0c7e46ecb03a9168da0545c11f36d9e |
| SHA1 | d006c3fb75396887eaf2464e74bca67f7b1b6229 |
| SHA256 | 391569b2d16562e6cbace8b63bb29dc0e1308feaafeb1d5d4a8657dc789383ce |
| SHA512 | 40a3452d5e85b4fb35a78030b37899b561515c6ab156c9fe187bd61d39dab93426cccfbcae88612692829d8adbaeb8015040ee8c25161eea2dcb70a325497320 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c10e37ea517b59bf1451de7b8f68e617 |
| SHA1 | 60a29fc252cda9a877db8fdaabcc1f711c048130 |
| SHA256 | d9a3792ce79bb7b44623ca0a37b161f4ed834ebca33f1ce097dbad53cbf88d24 |
| SHA512 | b40e87287f58a6e4f1cc5f81be411e259cc26417c4c04133c586ab3c2e5eb3a26a7aa488f1372edbfcc5ba94621ab4553f152cee8a8793b73b52f5cbfe526902 |
Analysis: behavioral30
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:03
Platform
win7-20230831-en
Max time kernel
120s
Max time network
125s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\swiper.min.js
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:04
Platform
win7-20230831-en
Max time kernel
120s
Max time network
145s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\jq.js
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:03
Platform
win7-20230831-en
Max time kernel
135s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b000000000200000000001066000000010000200000008248abfcb87fdb7d4f9c40989a7b4f06ba9eaefd4de5f78917d1085c25a36eea000000000e80000000020000200000005895e7e2e89250a28245004dd752d2b5f14f472f367897d91eefa762a888514d200000008bac414d4354758a0206183fcd7c57c605b7275d2c47d996b1b94b25a7ce1fb2400000009ab249fe380c1801664c36eacfa88bdb423f9e1e316b9fcdfbb91d6f7d89eebcd6942323b9991a3b6bc261b372bc71dc7ba4f64b8dc45dd8d260997c5ae51536 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7D713421-6D8C-11EE-972A-7AF708EF84A9} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60be17539901da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403777934" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b000000000200000000001066000000010000200000009df2b788c45d23c415ce3d8af3805d6914a8b1d77104243f01220c1ada4a017a000000000e8000000002000020000000f257e74279b250c6a926c44eb202c723d0f7be5f14b984d47445dabde5f1348d90000000fe64c1b14480833d8ae0ad58c555bade66023c2bc555e9644c2d261ac20f440e788cc991c1b16b968d7ec7512bebdd0ee3754366d12f0baa5dc1f5a2344da1aca2b54ee4984ac69ee97e278e16266a97cee3c6f063c0eddeb7102b448a12cf873a6a6eeaf665f9739e08bbc77976e474a777635c7b2fca41f047b7e6b1c62e000b70d3ffa39ee783949c021faa2e1af040000000318ad8659454d7b92722c29bbdd0b0a359681b6e4b7aca6ece2299e5348e60eae5e0fe4a78e1b81d46e6caa33f544ffc7751213cf8924ffe04dc21906f46022f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2184 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab93C8.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar942B.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86e143c20637dfc5e10c64aa1c4bb1f3 |
| SHA1 | 04eb839f6143b73b67c3b2d8e3cce89b7b0f20f2 |
| SHA256 | 92bfeb51a87fed6716b4ae956d60c906a9fae65515ab3b7d195d269675957761 |
| SHA512 | e2dc0dbdcf37aff3704585c3e0ca20cf1d517a37f5a38c06ff9c5335c65f836c2070b0920728b6841e8ace0f85d54d218f189ea17cc2c134305cbcdba54930ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88f8572acbc14e68adbe684f66f41636 |
| SHA1 | bef985c5b0e124371448c5cf1de41e330bb92f96 |
| SHA256 | e0aea04ff13c360a38654849fa3b198ffb92a6a0591b600a5bd01e152731a7cf |
| SHA512 | 915eb9e9b3bd1107eaed986c23042ed25615bded300737dda01cfeb264126557da42897c760bacabf763e0ecf5f81da3695b22e4d8264a85df3624e6f081c6b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fff783cd7dd6d6415ad3fe75918cabe |
| SHA1 | 782672be4faf0ae87018633462c938cbc3607131 |
| SHA256 | d5753a467c39446b29ef33f4a7b15201c0a73d6fb13a930c8e738253a916ac16 |
| SHA512 | d6c2f9026c48f6eddf519823401ec4946744a15d1222cc5327570232237cdf0410c73cd62a7eb8bdf078eaf22fc79dd1637017750dfd6a243c1125cec176f7b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2d0164cafa0923edbaa368fe26b24fa |
| SHA1 | 3ebfb9d1d712ab0880886e31b2f583137cb80c05 |
| SHA256 | 3a2a614a55107c019082985c09e516fffab963b7ff01c8e1a0b65d375b20d864 |
| SHA512 | 8421d1871360a0cc0f1d6655451513da95dc75e49c862fbd20bb53588ffe14aeada3e548963b1926fd9fdff6e4aa70fd0a5e505466ed986e48d08916a8cedfc6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7cbd82ed9c33235875c371da0a600295 |
| SHA1 | 54bb232261381f241fd1514de4c1e218295aca0a |
| SHA256 | db225df89387683152c60aebab73fcbf462649a90bd9aca9a43ebca85c07d33a |
| SHA512 | ee5b656043fe6c9b39b995e483ec163ab2ae217ada7cddffd1aea50715190d8834efff9713573c9ba59b971ae7b27bd6b13d93b2435d2fb4dc6f374024a3d53f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d1a0601db3a7851290e81aa312903af |
| SHA1 | 526466a4569e1b2a057a6cc668c7777d2ff8551b |
| SHA256 | f979505a40b84cdb9dbbacdd48e50e464e86ec8c837126b0e1d3992f832b6f95 |
| SHA512 | d5c4b359057ca8c1d2d34c925fa594ea0e790bfab3630f4b7812d2a148ead0b23ce853397ab6f020c6948c0fae654c78bf95760bd3b3b82ed528b0eead32ac0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4b87a5ae8dc832ab2640e2c60c7b2b6 |
| SHA1 | 00ef027e07b06e16f694d4f7674d126953bfc02c |
| SHA256 | 83295623b5c8de8a4b2d2d934381c63f7d896f6ffe653e99074bc7cbbc5afe42 |
| SHA512 | c14e8a1c79ddf47f8411f6bbbce65fa8e4a82fc288a4244411e8833ae3d403e622fde485ba2e5eaea09d09ec3941f1cca70f1fdbf789a066facd5936dd80dc14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14d1dd0693409da1323500dd43aa391d |
| SHA1 | 8cde34d23ca58100bcc94acd6832940af75bed82 |
| SHA256 | 2e2ff39554a44f37e7ff81ecd053f6efc491d0a591324feba60de0742d4cd002 |
| SHA512 | 75dc6c97736eefdb7b7bf01ad456e69dbfbbd4de591d34c496ba96079e0f80f86f3c84ff89d9ce0df88561ce060313bf6e2a46f2e21b1a805ff058520e4aa3f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25e0121b9a1175964e1e133eb3b3c117 |
| SHA1 | 78c998f49ce05ae28935673971a975375e195665 |
| SHA256 | 0ee569f4d520e1b90a7e4dedfb074fc7eeb6b4716d9edf321305fc22a57ea29b |
| SHA512 | 886caa3ae0ecf17feee67d69f8ab500cfc90a86bf5a9ebf81cc9744b3b7965ebfd319f96b57cac0d3baa1e46fda92de1b6ccd335d006344049a18052a824e8a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cf9440599a6733508ab843f5f071bbe |
| SHA1 | 5d60c8bcf61b68c57622cd3fb6ad91210487bcee |
| SHA256 | 0059a14a6a8c69cdfc6298cd0bb60a1d8fa0d1cb253591775194ad1cb61c9546 |
| SHA512 | b5c0dad375b43356757c45d974e535bd5e896ebf92ca4b7574cfcc2a2122b68dea05bed33dca115c8b88d4129cbcb185992e4403e53f63126741e2a008f812d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a0cc48b59c09c3c368f6307b2cb149e |
| SHA1 | 8b80d98189248c7b3af39e8348e38513a8534bde |
| SHA256 | 0d2b85d0d709727b2bc435fc28051fdb069675f697a175a56b1181d364ae0183 |
| SHA512 | 2dc1ca30141ceada59103c15f49d606a80cf6fb103b9a4edecfd7ffb9c3f91da650c9cbdd0ff33e737a8f5bde21b610f13d96123524b0882ef4aae786a65b6db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d74ec0d8b16b6bd9ec37371efe68fb1 |
| SHA1 | cc9d7c01f9e972d60a71bf2e198fbe08ad60fb7a |
| SHA256 | 2cbb92ad7b7f6624c8a6c9a90fd86202fd96287a77047ae9b5b0a0d45619e443 |
| SHA512 | 752ad3c9118490b936f48cde71dbcbcc0b12b0d841ef748d8df6ab2c7ef1fe310727ace7910f4908e87ebd9aa04e7c01dabc2e6af06d77e046f8c11400a60c14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8f26941d39057a1ca4026f5117a0594 |
| SHA1 | f0a3799cb8885ba2935d173946ca855cd3172069 |
| SHA256 | 186cc1b7bc11de0ec115923ba4e234813c681bad44064353fed1fb3563a3c2c4 |
| SHA512 | 19d6eee2857df463228b79dc25547e941492a79795e51c8bb6e55ee5628a8aeaeb4eb67e3edea9660a33577a90754a0f0c1610df02628fe433d7d6bbcb3f0a8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e570b26d13493b4e5376e5e743da89e9 |
| SHA1 | 683936e2273c9645b20457faf8e150268b69e9a2 |
| SHA256 | ddca5a89cc776c3c273b0a0a262c3c628e84d618b4ea449914448f9d425d2a3a |
| SHA512 | b4dfa165902de591744e0641da6bf0c46e7893887e4f9e365147e4e196cdac141f13c566cf242e80b3fb5ecf8f724e07f94d4fb39eee5c93053d33a5db2b90d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4dd850c4cadbea40aecedd4ec15caad5 |
| SHA1 | f3d7fe913d3cf88bcdadcc61a6e2a6eeed582bbd |
| SHA256 | e3dc21b3fde206fea264a4d9b23d27091e3a17cf25623e209949dff90bde6b4c |
| SHA512 | 4c8f30667ea0b3de87799ab9e063c8a251c35bbc8a4ad5a1fea6691520f158027f5498e4b72fdebee11196cbc286a195fe403dc9339b074e7552f189a220ce9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32025c6746005c4affbf8bcd7fa0cf17 |
| SHA1 | 3da38c52226527a56cc2c8988857e112ef727f96 |
| SHA256 | c9217865fe01deb656515c6676aadeb82d8a229c33655b9d6176b4bb21ec1baf |
| SHA512 | 88234e03e378ecb6496c46f6b15ee188cd0ebdcdc88f9f19e99c5b7a50fa5ee60eb570cc54224ce8db97f340dbb54719fa5921defbe65e1c0075a8115f0827dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e4369996e061eba8c79557a53be62cf |
| SHA1 | c6514d7aa622f5331014e770ec32b922b8640c04 |
| SHA256 | 35074337faf7b1e594923eb109324d97d4e9b61ffd9cf3bcfce0a4e7bb74cf23 |
| SHA512 | 65557e0a4c327ee1e7f3a09899c23a5d255dc4db678de2e82fe3823fc7f1e730bd189a4749035a6b7a985f080c5c961a2a0b90fb04b4e104b9c539eb2b151e51 |
Analysis: behavioral17
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:01
Platform
debian9-armhf-en-20211208
Max time kernel
1s
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:04
Platform
win10v2004-20230915-en
Max time kernel
137s
Max time network
148s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\mui.min.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:03
Platform
win10v2004-20230915-en
Max time kernel
127s
Max time network
157s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\flexible.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.72.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:01
Platform
debian9-mipsel-20230831-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:03
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
5s
Max time network
102s
Command Line
Signatures
Processes
/tmp/l69dde550_x64.so
[/tmp/l69dde550_x64.so]
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:04
Platform
win7-20230831-en
Max time kernel
138s
Max time network
151s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b00000000020000000000106600000001000020000000383457a92503350b5f266211eac0e2e737cd8e5edd71fc65183c21ecf70a57b3000000000e8000000002000020000000036b8b6de7db761d69a153ab68cd0251b38210f62871dcc7894705721438a37c90000000a534ef3cc6a6586fe3fa7f1658cd631aa1e4c1c2f40b339f648597928a877e22c2cf3c092d6c5e44db898444f1cfbd2ba7f697e61bbbf7f47a021d90372c0dda58f7055e4fc58849aa00fac3354b784917b2fc2f9e8b33742bbb0aee8a841f63825942d590c5fbcb24544f994bce1c68bf3b9d3420fe48f2d08c82cfd7d33c76ccbc313e77d9a467c176bb61977821a040000000c09525ab6006d3fb1cd7d2dbdbb54a6457a5063e5ec524617bbb28c2f5a160d06ed91c7695dbdfbd936c4845f5a4a3e13e4cc8f54cd180da117802894cb37267 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403777957" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b000000000200000000001066000000010000200000009783cd2753bc7181ba9176e63a27f2d6cf44d59e2b5e580361460f50ad89c8aa000000000e800000000200002000000069d603e613f1c9fda2b06a37ef43c55db6cdbb725cdc6b849c9f0447d59f930520000000dc132ed02595213b0ac73c156e5c05ad182e1a2fb7c01bb6c8a5eb3079d08957400000004a359be113067335fe18eff733d6e58468b6e3f618aa0a4a035bc80e468a461f1948f4498fe783e3f5636d70a57ab4f2a4b0f5c75ac4e1ed519f5bfd520d66a9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8A325EF1-6D8C-11EE-AB6D-661AB9D85156} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0cbc1639901da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3004 wrote to memory of 2724 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3004 wrote to memory of 2724 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3004 wrote to memory of 2724 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3004 wrote to memory of 2724 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\new_file.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3004 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab8A19.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar8B55.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02490b05f4edff55dcaa3717fd5a6d7c |
| SHA1 | 0078523651b87e15abe0633259b733219a0c81cd |
| SHA256 | 36432b6d70e690a3ef329352839c4d4c74abe992bdf1716a1ce9500866fe0dfe |
| SHA512 | 6d7a6136e877777607a87f8e2d11944bad384a20cad76264c64f2a3e7e670dae51f1d6ff82e25b5faa30d10ab469fe2ddeee58b1b8c5898afb51b43f19809241 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c4c9d1fa3f0b2766471db0d97a5b6d6 |
| SHA1 | bb00834d319dbc19e1439248816307ae9a6e605b |
| SHA256 | 7d9c316b9715c5c64185a9c6e9c7d7998d6413a95d0444889354e5be0b777923 |
| SHA512 | cc0121c2283f3ec6863cf281148604d351efe5eef6509adf458d9904ceecdb4dff3db9c9b4abf6a2af1346918ac4b358f8c1256db7d7ced37044dd15bcdc44c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48e9951d4f54e1ffbc8995a9c9286228 |
| SHA1 | 60b3e693284c9bf26035d6bf9018c418d6c16fba |
| SHA256 | d26c0c8d75e8ab27e14d4d3c3deb20d9bee19b6e708aa78a3163047031d0ed71 |
| SHA512 | 653fd9d506d50dd80d0f82b640b00dd5ea26e63cb47a652ba19068aa78be6204464a0ac4f239c118a39daf6c342bcacc6adec69452cf26d0da4838d49ee8bb7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16c60a6d6eab044ce37893983d012bf3 |
| SHA1 | 0f691ffef7b2059ad4ff3dbefb630d2a73e9d521 |
| SHA256 | 0e385c593d2660760ac4612195a677d08b066998ec9fa4184d1003b93e907f3a |
| SHA512 | b4354f68e5e6e6880f86838a964de850053d13a81350d33af2d0e47c78f242b16ad7ca0fdc57462f58394c29fc6ff76ce5b9a692eca7c5340384bdb1e384f2b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7225270b0a9a971e895967daa3b6197 |
| SHA1 | ad009fdecd44d519df7a3578dcaa57c368ca39c1 |
| SHA256 | 574c86b5e75b460f242965d445e47934e2f97ba82cc7212f8596ec514083e9ed |
| SHA512 | ad0484ecee77b74954fa269dcdba500a85a27913b230c16345cd0bfdd7469415f042ef3dcf9588ac0214cce71fee1d94467cf1e44168f3da37191a9547fec732 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f297ae9fac7e51ad0c34589a6fb9414 |
| SHA1 | 9fc4f0814ed033be0cc2e5f9629fa7d1807a0e76 |
| SHA256 | f8e00c22ea27695f2de255053e16aa9b988c54af554a062add2f0a4a4900b860 |
| SHA512 | acf1a7a573f0833d31f303184214f48c9adab8895673cf2ab11c739debd34b2695b2c9bb4aadbff603677055698d4d6cb9455076c05e7aeb79ccc69b8b8c0009 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab197970512a660ba76c34bab0711d04 |
| SHA1 | d19900485b1873b60ea6b37645f1967d011bca4a |
| SHA256 | 361533b92e8e51612b0152d761809dc1e8af9677b2edbbcfbc2b0618861a9de6 |
| SHA512 | 398a963d8b51e919bce7a167b8692ffd052eb66364c26d6a3f5d42cf2157ea8578e002efcb3a3e397929f91ebce57e73895fc8a43b55ed6abada10aa43a30eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f1961d5ba90d400bb93ea39f77b8afd |
| SHA1 | 1134e19836ed73a231d61b4d42ca14070e40816c |
| SHA256 | 2ea507753617d0470e7d5294e06d8ce375d3052dd7f401442fdb383dca30e5b6 |
| SHA512 | 998a74b4f17603078ac307d8b3855c2fec9d4020d70459e8e7300631d86bbe19eab7be5059345e5144a0ca5d2a0aaba42cbe5b9a2143f4144b1739a5e89d129c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f08077d238729425fba7f16457ee756 |
| SHA1 | c4c529c70012e7efbd0f268b87cb5d942de21c20 |
| SHA256 | 98a95a21b481ddb1a4d78b6ecac92ddd250728ac19a998cc88c84c5e73f19f22 |
| SHA512 | 92ef6658f2e0fdc24da69baa67ae5e65b38e7be1ecf2fd8d863d9becd49a656e4e620ef437011e0631c09fdeebd1001ac8ea7e292e94096a31cfd60bf456caaa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1669911026be329983597e6fcf543c2 |
| SHA1 | 0147c72c1c86fa9e763cc0c00f5d665c99b4a14d |
| SHA256 | 4552fb68e96e0bb85c5b7a9a522952a568fb8d7c35a0b97cc0c510c4e93fc9a0 |
| SHA512 | 946400818babb6c63f908ab299298df4cf32abaadc7a582bde45c4726e9d63dfa45a27a9e4f73eba7a8ae4f8eb144bf994b10f2a8bff88a7ecc98713d89ab619 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d0b77d84f90b4d1c03b96c475de1b87 |
| SHA1 | c6f865ded839ada6a54f880158e50fe729a03b1b |
| SHA256 | f11b5f0207a8cc47468412ea17b29ce864ebd98f07fb6ba04b3a2d8282054faa |
| SHA512 | 7f81310326733f52ffc39ebc472fc730720de0fc7ea9d067d81ac84f55446e30982ca4634ec0acde12770e5eadd53bec6e80b28c9035e29512dca9b3d6b46946 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94f703377bec3299b45d5cad863972ba |
| SHA1 | fddc7cf1d268c12a1ba160cccf611586b4b3f0f4 |
| SHA256 | 70fd0710778ca065311ddc422f7f3a281fca4bc2a6014e9f42f0f51fa5059a4e |
| SHA512 | ddcad8ad32b4c7ef34eace0f7843b480568d8db177e8bb010cfeec14adff70e51420d90346e53a07eb0c62afc9d6333462096591cddae123588717e6005a8960 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7618c0a105f6631600ccb5d1589f8068 |
| SHA1 | 20905ab6d10339070631690e3381b4a319ac6a48 |
| SHA256 | f27dba06c213056ea8891bf32d59323a730e755768220fc6f97ba9c9efb5c4fd |
| SHA512 | fd5476e66892588d2e18b8b605c361077a46004e1755da260d53331f2d59db044f92314144a3e02263a224fa4b1a2f865bc69484ed64371f563ae79c2137f505 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76ccf3235decb58398328723bf293a69 |
| SHA1 | 4264e467c0f2dbbd032488f89b89d5f7d8d13969 |
| SHA256 | 2e2bac4f1e954315f347d078bd1e2051d6af4c1c45c764de4f8427ea284aba8f |
| SHA512 | 7ab88a29ea04da4399dc2b6e0066aac32c1309c9592726365797d4cc426880aeca072520d3ef6fa6b1fb7b9b5f359068960be8de609612936d6cb737237f87be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0e698f2293d67fe751872f190535b20 |
| SHA1 | 235b3c839a600e567ae7d1734be6407147a2ea48 |
| SHA256 | a88a5f091f1bfc7d576ce700b2091e452497ffc60dada3325b4c38ec8b1a28f3 |
| SHA512 | 79ece7900fd9db08eb665b5dd1e265f0f24a61b69cdfff23c0436fd849c9ca918d4a77f500caaf7208e650373a3fc5f9e4d5b35d353e0cc3422b304156d46dbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4315e852a7b3333a4185e370472ce6ee |
| SHA1 | a78f7695b41a1536dffa555f09041123d3a9fe54 |
| SHA256 | ad9b1197de06861460c1c4cbcf8a64185a1beeee2530df785bd239bb3fcae3d3 |
| SHA512 | 4be7a8295b9eedb5c56acc5583dcf81ecf4e7298a75673e5f0d16a5607f54e28a4d8bd57d3d92c6429990e98787ba8b5b2a2ccced788b14a40fdefc582d3571b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbd6f11075d52da0b63037d8857052da |
| SHA1 | f29c6cdcaf0e81640e3832461dea0b54ab707d8f |
| SHA256 | 22ea73ea33c393161bcdeb247fe6d70a41329003a112e61fa85cfe330679faf5 |
| SHA512 | 9a0ac32aad2a7489ba204fa73b41117d1269511e49ccad4872ead3676988c2953ff6dff8e6addc9adbe51767574c10f7d1e65e55bef438574d67dbfa3678e73f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5d843a23a5d2c611dad471086682275 |
| SHA1 | 2b7f444e2619a7ea6e6a4bca67c68abee1c6af5f |
| SHA256 | 51f697b8dcd08f5b6aa6e924b60b7b5cec840c9872f5b831879dca91ea406c45 |
| SHA512 | 9749698b1565da97c5e678587309bcfa55a05de8c3317fadfe1346813bbc93cb00c6ec55ca711f94e3228930562f590e369bd0038fa56f125264178ed040306d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2951201d22232eb54e41b01068d1fd2 |
| SHA1 | f895029001b7db0e2d1f4e5d539f90b4554dd17e |
| SHA256 | 9c1213aa167ff546563ee32b81c6a5a1f08e32974a1df58513b09b93164bca86 |
| SHA512 | d133d78eb73c48abc970526304832c4708f197efac3c12c469c5f49b5c94eec1bf217d1a5268d2053b249fda42901459d48626a9c091f6414ac8e6ebc0435937 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5bcafe8b4c1e6d655c8277a70c06fd5f |
| SHA1 | d4c0cd4c7f73f2c3f0e0fde9fc1688d04cb93a84 |
| SHA256 | 26bf0702f89bebf4b731b2fe9e3ec7d365cfdbf2524e11990e7e4f4d3ee2af17 |
| SHA512 | 407997284ed2136b2e292d8677a4553f188c691b3bc2d7d3613b055b6dcb5d010670b1536cb0d5be63bce9f8491f7c326ba938f089002cdea3b47110c562705d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1db15ccf645236e08af6bf0274a4236 |
| SHA1 | def1050b69920980000329c1e195f523b0a139c4 |
| SHA256 | c8d31275598f2a90642b644f9c1588e1ff1983106c33cde05a7b44aa01f05cac |
| SHA512 | 13d98264790908761b36f072dd6178efe7525856ec6749c3ab8c9cc9a4074e6a699af3f3d2de02749feb0b517cfde6b2b2deb40e1a3e7d98a8c2bbda9bd186b8 |
Analysis: behavioral32
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:03
Platform
win7-20230831-en
Max time kernel
134s
Max time network
138s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0b65c539901da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac200000000020000000000106600000001000020000000a26c3f3e8027e68d1337084102f9ffc9be7efe5dff7f8133e2ba88871eaa2ff4000000000e8000000002000020000000e73efb83b615ea990a377fc3ae6d3b08efb3877b759ae6233409b8533b7acfb520000000445b974d1c99f3e69d88aed56834d9be7b982681c4d28c260aff3a6b282b45664000000044461c0d6f88f47f1d4d2fc4968b3fca42843db3fa984c0afafcf4d08a4e50385efa294fd645193ddfa7346e9b4b73949c5401848706b1638a883d7250bf8ec3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7DF9E451-6D8C-11EE-9EC8-DE7401637261} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403777940" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac200000000020000000000106600000001000020000000ba46d516167bf9cd7934fb691470d4ef01347eb3e81234538f8e6ac5a082cefd000000000e80000000020000200000008838ad4719ab699479818ce19d2d36f8c2d9ed51ff61af89e052b1beb6f2e4ff90000000945906a200f96a6ace9274dfac30a9833ccfbf007f329f274261c92fe06778ce7121b748f52c53dcad0ae302baa174d2bb2d48f9717d86d767f0de5514805c91e0b419081646200e612382bc406688d9e1f2b2dc0bfa9ccb2f4c5371220fa74e7257229850cb87f001bbe75bed8f801975aaaa220b848dd1d58d1123d4b9dd62c5e86a657aa1e3c7dff64fc6fab3d0a740000000d07b29b21a7ac7545b7e453d0ae74d7f665bbe9b3b7eff4dcb9b1372d050f05aa5839654a1a2632c433e4cfb0fd5fde0068a8bc5daa09d16265f73288f999334 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2452 wrote to memory of 2448 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2452 wrote to memory of 2448 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2452 wrote to memory of 2448 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2452 wrote to memory of 2448 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ys.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2452 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5988.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar5A37.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88f7898b7563298f01927f74ec9907ca |
| SHA1 | c1d5ad7437d469bcbd27f265e5388c43bef4d622 |
| SHA256 | a37354661877bf6565115be600cdec2b7940726004e28ef42be046f003e57a50 |
| SHA512 | 38344a6de80f5479d91fb175ed657c8777b1f4cd77d3df7cb80f2f512bd00c144ce875f06d38a3f532a5e7a211aadb6f8f8feddbf20f79069f0ddb3f193fc1ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f1e3dbb2dcf6dc95437071fd1d878c5 |
| SHA1 | f6f7d3a1998a63b4f5440f9e7a8eb74e17b93554 |
| SHA256 | 4039601aed04058c4cb47cea1517abfea2932979cb9dd9e1540716c5599a1b90 |
| SHA512 | 4f532c5b31d811d13ec6aa545c79d75aeb6e7ad03f5604e0074e149ddb1633d51361773f059102203570d7ef86b06dff9868b284477c61cfaae8bd5b0de16814 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95c12339a23e6d213fee8aed3d1f31ba |
| SHA1 | fcb0cebc77574dcfe99a56414f647685a5c34860 |
| SHA256 | 8dea9f8f82f316e69bde7c9b8488d93ea6d3f48b606ea7203e8a5ea2dba35b7d |
| SHA512 | e767371eb532a4cb95fa411eed707b34dc2e1738811b15e672037c45adabcefd2a0e5978ebc6d89184b7e865e1437ed62b2d5a998863bc6f405ecc5c6b64efdb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad838b1d7276aeacefd351aba7f5a204 |
| SHA1 | 982b8ceb2798a900071edaa6fbb827d4f0955aeb |
| SHA256 | 6375d9971a837ff91f860a450e29c7aa9006c52c8e5b24d6e45fa89b4b4783d5 |
| SHA512 | 180db38547faa7072f4d88559c5e0fbd8eb31b04169f8bfe1f62f6aceffdd975deefdf30ca6062522297483d4d439d3fb91089c7fbc2192d5a362ccad29a3997 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c64d3d331e981639ba56fd89872214b |
| SHA1 | 089e3f0b81a384ffa9ccc6e91ff8deaaea241af4 |
| SHA256 | 37acf3a0c11fca6e035011da3647e4c00026d34aa8f43f5c1a81282033724e94 |
| SHA512 | 20fee3112f8d85d0ed7b75ef0105c46958c0fe5a8f7313f61f39005318e0e270aece5e0db626e3a45630dc81d294955c3f89315e14928f5736a4a5c98ae95666 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 194bce704990a18b3c5bf846be081e25 |
| SHA1 | f813c6b24845d2795676aeb5e2e7f07012ce3964 |
| SHA256 | 7feb48761e834fc24364923c634d21043711ec0b4637c72275d416d435aeda60 |
| SHA512 | cbe9a0147f24681b7675ea18c37c5f5038dcbbb8042169f549f485227f1d346576a67c86f51377184d7a5f28216604ea26c75e508f064332318c4bf28654679b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ce6209feb470311bd1ba19f2acecd18 |
| SHA1 | 4c261442e7e680f154216d568b6dade3b9436030 |
| SHA256 | d1aa4cf51b9d4ac62a3d32bb15ffa9653fd2221d1b966b4ebedc3c85535fae58 |
| SHA512 | 0b57bc5e82f1e32919fd4637fb85dd00777b1422ba076e01740162cfa79a40d3cdf0bd3f910031ce60c2316461e2a349c151ef28e86dec6bee74831b686d3fef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20850f890cecdaee0b41f45e4a449794 |
| SHA1 | 2225df08c88b15647a569d4f506c9a49e213edbb |
| SHA256 | 463c33a8e014e538d64b5bf73745fc8724df74dd01191a4ae9883b49822e604e |
| SHA512 | 0598fedfb14736c984f6ca708b2fbf03b604caa576e0cd06ee683a98d0b9fed031936a3f9a041d76f18052b6f697e753a65ddc24380ec628f4c91003d9f643b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 123441ce5596e701108aea953b08fba5 |
| SHA1 | 0e31ecaec3e655859d4ff841f4508e3bc5d45632 |
| SHA256 | 3b555a4ce6ff6a2c16f08a54d94405d4c53bbaa52d98e461c0657190bfad24da |
| SHA512 | 8132c85d901a0f2346680cff93f895c9872b5b2abdd50fd46ca89b944f82771e8f53d66915dd32f11736df4fa38a17a88bc753d1c561776157fc04ca394801d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbe6704e350faf7de50dc341b419b87c |
| SHA1 | 828dba4e489fc68dca5183eb6e9ad9c6af9db2d5 |
| SHA256 | c1bb72ee26228bb2d7ebbacf94890642c0f2b7ba67aeb98eab59055b2423515b |
| SHA512 | c648775aa781e630b5dac30aeec03d3ffb10ab4cf361dcae4520cf31afd5adc7a29cb6f82ee1f6d5587f0949db89a992d4df705ad1c8e8383b6301453c58e87d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0b5855376a4e81dee302256d84021a5 |
| SHA1 | 61d22998857a58e1f744aa73d2f89a868b661aa7 |
| SHA256 | 838ada16d89931e71bd6c740bcab2e039a5d92f2c719568dd88fc69edb8393a5 |
| SHA512 | cbd57c07111a395a793319057a108e38a71b5a024b8e6c0bf3883590576213a90c8333ca27ea9e59040212db5a1d45b16faf39da6e7aea0c0c9b4afb5fee379f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7b3a056d897fcbb253eb62933a0de0f |
| SHA1 | ff394c155735f948fc3e3f723f748558d174833d |
| SHA256 | b636b52a4e80cf98576dd830f318416c98a94c8dd346477664e10a866e846017 |
| SHA512 | 82dd058dccb5db002314d253e2418ef8bd084c83834b6247b909df5663ee67c86ef31ab15ac63b0ac298c59345d53f5a3c04cd07fa3bece1a9acc0b21cb4ec24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccfc429206657f23f482158dfe4decb6 |
| SHA1 | 8d532ffebf93320ee518c7840c27d4a5c2403c62 |
| SHA256 | 59a36f105f6eb0bf25f0217ef32741cd6f32e5a2da95c5b150f70bec9b8b75f2 |
| SHA512 | 7bfa3a5ad9ccffe497e00ec6fba3cd461da094cad3fcfb88b903fc9d9e192ed7ecd524743f50c6f377ffb6ead4512073e665582f0713e008795906ccfee47de0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 332495da2b1709125c1e55e341a460c4 |
| SHA1 | c4ff7b491b80822a396713a2b368a2add61a3bc1 |
| SHA256 | eafb821bd8d2d34a5191e7f716bb9374cecd300ca5fdf5712c7dc4243da92c8d |
| SHA512 | 734202df1f0d75fe0f12ded827750057be24b4aff548ced8465440ccd54b995327bf9394dee9bf545290b3ad3e88eaa791749b09c814fbef00f9842806cb6f49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74a4b28e4c253c6c9954a6ab0cbcb791 |
| SHA1 | c0bfa57d0adf27d472eb54351f2e76a338e9d843 |
| SHA256 | e88b70d9a2aea02dc58f8cd91b963bfc9a003e2fd30f72d5b798890f25d24da7 |
| SHA512 | 51e480115584af5b8ac5d39b7d09a7b5b44980af467e3c3de64b1b7154e400961c11d7fe0b671f8e2c6af6c73ee9f3246c317d87570352c4ed2bcaacb3fd5f40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19b82caf909996353aac67749ad0d84e |
| SHA1 | 5e9d6b4b1c030016fa0c7cb33ecf132fc08ea133 |
| SHA256 | 117cc002cf98041d3b382bf94a38590dfa6ce0f0b3c0f26cf7b57700d481b748 |
| SHA512 | 1e733ef2e677d1024a1d426d59e2f62d80a63564dfc128a9708f9b7ece27fc6d5d786e704f1a40226c7f523dd6c6373bb4c48d7460ae10bc2d1e629354dc90aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93c8e73d6a96cf55ef1163baf7c0cd1f |
| SHA1 | c8a0fdd5f42b7a71d81fc54afb780a7fdcc761af |
| SHA256 | e3585629f3b7100d312bf54710abffaf6dd323e53592c3761ad51b70b743ec4c |
| SHA512 | db33740d8401ce2ed25c012c8e0a1035588fb96b173868bbdb68fdc6469e73d65142f96feea7ffabfbe48bb44c7f974f90f2705eaf899b63b858e42a6f5bfa16 |
Analysis: behavioral29
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:04
Platform
win10v2004-20230915-en
Max time kernel
137s
Max time network
161s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1702396004" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1942551316" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9060E973-6D8C-11EE-9359-7EE370C9B5A4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000023945248a016ff4caf831eebccac29d8000000000200000000001066000000010000200000008d401ee9590d79794abd16456e87f345f44215ba4f9cf9b488720aa9b0de3aba000000000e80000000020000200000001782dca1be4dd895bf1c375ed7b5a9d130a6c8722918223b533a6f3b8b55281d20000000bae2403a388772f17ab356794302f36e3a2d967617255c761e4380f0be2c79bf40000000102f6da6982799946d3c16054070c7ded646e98a964c713461892ce733ebdcf0f804dded787c6b7d301e90c99a52e2fd92af354213eee9ed96ddc5da51b40c45 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 005dd1879901da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a06e2a879901da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000023945248a016ff4caf831eebccac29d800000000020000000000106600000001000020000000257ee61feafb7328d5ddd281a0447f73f42221dfbe7d9b05ab48f40e21761aca000000000e800000000200002000000014ac4307184e1386412b0a710844bfd806e0eae5a667a9d9b5da8b6568e747d6200000009ab481499178908f8478d9004b8c1cb792ea0c314ac3836a90fc5f2b4f6e75b240000000084f14137c39ad4272c199eee4bb389c5074a03d07e08084b951464c6a2dbf64ac821e4a9329215175e1fe327831392749e8cde8a96a65927fa881cd89c17527 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064473" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "404381094" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31064473" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1702396004" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064473" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2428 wrote to memory of 4252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2428 wrote to memory of 4252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2428 wrote to memory of 4252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\new_file.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | f8be9ffb412b03d15b3a5ba174484158 |
| SHA1 | ae60e4e58d7f16ea023c5c60e45ebdb573880b71 |
| SHA256 | 6f797dcf6c559b30f18a7393c6b59d626772705ddb8243973f61b762fd9210fa |
| SHA512 | a2351add7641336c2a799c8f4d9af0a43afadafbb92a718980f78989e140b14a32fa26045be3d38aa996306a4d4474974acee356007358a8ac9fe262451ff63b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 2ce4c36a9a2d7c420acdd1691c785511 |
| SHA1 | 1fe204f8fa4fea3422fe634534b9d85333469ccf |
| SHA256 | e9c130a18c7a4768df37470b9bc5d82a605e683b01770c1e5ce5a9d1eaa3e277 |
| SHA512 | bde297fe43830016b41ab9fb2bdf343002355ddf2ccbb0715e703d3d0d5ecc6ac2b83eba016aba416fee5445bc1c2915ae9a392bdd43238cc3c8d6e47c5c95d6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OSZCC7QI\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral7
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:04
Platform
win7-20230831-en
Max time kernel
136s
Max time network
137s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c300000000020000000000106600000001000020000000fd504a589f61bb9354d557f29748e186228de2a1668bc983a0c28874606f5dba000000000e80000000020000200000007751af814f8d853aa30f28becef329d9a5c23a5a8f727a167c0e9b1cd9820b53900000002f15bc3758f198af690285275c15b2a1fe61ee421dcb43bedc2724b1c1cb210286f73b83a4ac2cee812994023b8031b20294e9195c37dc3064c79e738af1df2342428db8abc71bb42fa18d5fb511052f6fe304f360d103170acf27a4038aaa0332ef8ba1bed7504b923c6c1ba66f39a817441cbce9d68fa982cbf6da0dd3c9ea5032a9742fb4b230ed5a559f893bff9b400000003683b9a39e82262782edd268b238f3d1567e0cdff8f3d4584003d3ed985bf93e86d98de4357de322afd884638cdd7ccfcdcb229701453dd575d3cccc9bd2bd41 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0208a729901da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c300000000020000000000106600000001000020000000e6a0936ed9717828d7d9c605e8e63a5b0d91108f210658fa981a23a10e8fca46000000000e8000000002000020000000eca99d13be0e02358f501f4ab9d6e080ed452102e3c152585237a0b9cb40664320000000a4e0edf2d19d04b9cfbd86a821de3bd83d831ff909a0e1d0712cc817462b395c4000000049a2fce28d9a3b4720c6bf9f0d00b331dfee7e22823ed6f5cfd086ec6e91b2bfe1a84044cd093694440186891dbce8c9bfefed4f4edde844d3bb194fac5e6b0f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9A06AD91-6D8C-11EE-9604-462CFFDA645F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403777982" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3028 wrote to memory of 1580 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3028 wrote to memory of 1580 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3028 wrote to memory of 1580 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3028 wrote to memory of 1580 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fw.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab9C03.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\TarA8B4.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2646a874282b9b6649ba4f57164a1492 |
| SHA1 | 934e00cd1ac2515f40497f8814170fc4244cbe1f |
| SHA256 | c73c8c177de617ed663649d2f186ab4d54cc3a52f1689ac16c392f96a4a8cf82 |
| SHA512 | 5e84a1035720e9700b4de3b801a1e79789319da2b78dd9a6fe6a06504eaeea7a437ef5915cda3f8d55b5c98c4feb8dc8cee9b3f151aa651e7de169d33bc987e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c50a7e1c5d9f62af8607e2c1d7fbb5b |
| SHA1 | 6b6fdb87b5b4c53fac48a7c89f100254c65d9738 |
| SHA256 | 4e6b816026503f5ada81624279bf67ad36c68b059efd09a7fbc65a58dabbbeec |
| SHA512 | 8a381e19898a1988a641f0662e658a9acad48ce550f187204c966d67a17c889f1b13f85cff2e96e93045640a6107e7fb40fa0293edceb89b36f05cc5b94610a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d59408a275d7007420f5c37ef90967f6 |
| SHA1 | 0902c3fe6376bc0b62256352fb99ed41995169e0 |
| SHA256 | d9bdd3021417596ae6be3c300f1739f1663432b8017a5e1f9e17d480068cd96e |
| SHA512 | c20e64b2741fd8088663080f0129a13486efffcbf42197ae3b85e01c89739460798eb3d853b2c4aff3b6c0211d5eb74ca364b797d2cdcdfb5327bf27ba39d257 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b314de63771cb3d484091f0bfa55b4b |
| SHA1 | 216be48190a53e28788456400268da8b4f0eaeee |
| SHA256 | 4c3ca3b6966b4b00f3a9ebe5217403239e13d45f086efd44d529d50515ead52e |
| SHA512 | e6f6722346a8b9bb473ff707aea2a289f4cfbda7f5ed2541983530c05be93b3c4f24575cb2f53ff0202d79c5c16e73fa9f689db71f509285264961ca33edd933 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89a3494928c090c3f3d41aacee613cbd |
| SHA1 | fd457c9dd2b8a7b117881065e33a82f8783fcc9e |
| SHA256 | 25a5585339cd86506f3f14dcd0595cde95cf9659c69e5fbc79788256fad0da39 |
| SHA512 | b8386bbedae372be481e30478e56512b7a72f4057b7e9bbe98cccee83b09e72c9522fa442b4d76edd09887880da0af833e2bac8e4a7566ec1169cd8cdd1e5fd4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6262600085b1d940803c4ca30f4a1b7 |
| SHA1 | 7dacabe2c769a0b9d79fdfb13b892f39bde43767 |
| SHA256 | 9f20c0812201745e91d377fca693b19116b594b798266ad6bf1a866b858cc064 |
| SHA512 | d535a48be0164a5d604f55df9e1248ea669ffa3dc63adfe9feffa2983bbc366c5047bd453b3af4dc3bafeac66c3c498ca1577b3388fd9d23492b4451a23fde0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b72034f943db927e609c145e8ec8025 |
| SHA1 | 30a64eaa4fce2ba0a07e72fe831079d1f0a49504 |
| SHA256 | 06efbe8ef4b7f7b3f57b6e4e6f9c3169a523d2fe4eb319a8dbfef333c2bd01a0 |
| SHA512 | b1b4177ac33d9c23a38c3a58d8769bf9bfc073e865e92b67e09e0f39883c6a8f5990c2f2cc4634ede2b5d0afea87da9f646d9b04f0e40a78924ab79f36b45541 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dab678455b9dc4c7d3455a3750081d26 |
| SHA1 | 971f24b083eb61ec9fdb580dd86425ffba8ba796 |
| SHA256 | 96d6b3994b3301343e0c0f13b067ec0fc4a09dc96113d318b2f8c7f3ef6baf54 |
| SHA512 | c24b1009eebaa17589f0ec2a966e2f990e3b3413bd6056cdc625615bb09b29270e972eb858a8ab05daf4190903ef33e7c824167566c1a46e5d9ce950386ae0b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c345cc7523be511718c40990cffd5e5a |
| SHA1 | e0040043b56a40ef2de6ce29405612cc7ad0dd76 |
| SHA256 | 07079b8bf1a1d832389f6ac233b81251ff5e71b2cc249101d20d4c76d6fd5f08 |
| SHA512 | 96db461171b2cc8fbc4710cfc0205ecdcc312875d9c38d82e6ef06a36244ddefc6d280a2190108c82fcfa0f9ae7404b4fe53f41a011153eb19be9cbcb5f25fd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7a51aec73f59e8ba41731346a2030fb |
| SHA1 | 59590ead0d0722d553624014ea4df8a6cce53f3a |
| SHA256 | 0b51b0aef858143ba4a6c4a33e4bd9314702e4bcd9f6fbe7bdc7efcb69a6de11 |
| SHA512 | 916c353114c5c2c5edaa0da3737262d82e4d1026c20afd121579e4f2bf6168e7518e1831c9c796e4f8a77667333b4484d431ee36ffd70d6ee58f2eb584780e3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6817c35a72e43d0c95321092bee3c5e3 |
| SHA1 | dffca5eae6f17fb3ebc249648d7987985bdc1283 |
| SHA256 | 18ecdd6117ed1b59323c18323b854be0102396c521d9d1838622d5623c017adc |
| SHA512 | a2825ad67cd81eafa714d84236cb4ad643b4379938bee017673af2d515766a9c584c71c39df85312969f455179da74419094c938eff85e9076d3bc740fc9a1a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32428828393c8446a864cf0568fa6313 |
| SHA1 | 56863d4d7d87df43d40ee1e0539db7a02466309d |
| SHA256 | ea11e0e8bdb99e55f0c7c727939d887be8453470b0d0d6e5180264ef5fcd8bea |
| SHA512 | f47a990bda5d40e725d881618a3e0186dcb159a647371afa2acba161bc4aa31f9af6c67d898bf9e2a2285fb8880bcc938e63b628021d2fad005e9df3c6093a92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f9c5c2cb3f8e82c6f6ce82e783dad1c |
| SHA1 | cc629da60e41427c90cb208f5a53accf952e4f9a |
| SHA256 | e54184240eeb52ba1549ac27c0c9e809af1225c503658db1edcf561904b3d342 |
| SHA512 | 83b98f87e12351a9674a5f8b303b770717e66590ca139f74b6dee2d6e53dd0736e91ee6b4a704073fadf270afd0cddef2162c79f9885910b6fe9bc406a22b541 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6022cc5db1aea07a8217c8dcb19c610a |
| SHA1 | 5ae1bd2bd19a0faf22ff85a1e581104d8ab4b0e5 |
| SHA256 | 8e4c32c7ae83a838fe07b99a3a23ee9da6634bd2d76c44d36c6f261d55c51554 |
| SHA512 | 0ac8cd80f4e952b27df163d8584e456006d3c44e15afc5297840950fa791f4e408b15815d399177047503668bd4f6f5ba6dad14df9266af92af7d68bc86c02ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdb61b86ba5241f57f0508374887d90a |
| SHA1 | 710973bb095451769bf2bd4d55877924097b51ee |
| SHA256 | 93ec88135a4da7953e8a73df577d88041ad94800f9f856194b6d4b01a2a710aa |
| SHA512 | eaadd843884327b4254f2d70029cbc125f41e72f659347fb7ec764263faba76178e20cf77f9339e15d77e675131306e0df12018b0fd0eb57356f7bb930ba2f42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7824f839328ab483acbab1790986eff |
| SHA1 | 5292a1c80edee3ccdc2f4ccf320145c4ab3944f3 |
| SHA256 | 56f264329010dbec65de96ecba08d1e6ce2175aff6c6c8ff79f631855d6331a6 |
| SHA512 | 58d8a8f7c0c47cc8cfc3effc1d729fab156a5ab8e9e932159cc17ea19ece1791845d6612c8fcfd3d651c1958d006c8dd8b4de88875e64b1f87239ec0c7b6d9bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76e93690962b1a6427798b2c4c6a183f |
| SHA1 | 7820a750d3fe10bca250cf252a00bdc60b86570a |
| SHA256 | 6b5aed9ada2c0809b5619b8a1cd5839d6f75505c87bac68a8412ffcdac63e801 |
| SHA512 | ec3dec5480df0f0ac71759ce945112b68e9023db8187d5cf32546fe608bbf4845758cd7fb4f8aa64c7b1f536b60fb151f64eece70dd5910479854b7c206bb32f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d40ef5a29ed94cf3bfa85a1b94a47b4e |
| SHA1 | ba8907829fb39ceaa33bf04accd88c5fe02761c1 |
| SHA256 | 023c3b7d953a7d6162f875d820ffbeb2bd2b875866c153e6902ecb86e5454e26 |
| SHA512 | 7b52f0430e66771b124e916d1a736601dcab782a14285ecf5e5f75f3a7490dce44513bee89f45c391f39107cf8f2f46e90827a7d2ca3f389536c6a60df9d1e28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f3ed305d13eb4d257e45bebdaa1ea5c |
| SHA1 | 5bc8ecb2af3c7119179d630c83637975baa6aa22 |
| SHA256 | 90e4895610e5faaf7a8a0989290e812388b67e8cd48b79bb3eefe35017c6b633 |
| SHA512 | 63dc9f8b95b482712859459bf0d518c7b7d7c55f80279160f1b4af88db96902143a7b160a5080c49a82db18662cfb3f260e37cab9e6691d1f2e87af69c567a63 |
Analysis: behavioral16
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:01
Platform
ubuntu1804-amd64-20230831-en
Max time kernel
3s
Command Line
Signatures
Processes
/tmp/l69dde550_a64.so
[/tmp/l69dde550_a64.so]
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:05
Platform
ubuntu1804-amd64-20230831-en
Max time kernel
3s
Max time network
146s
Command Line
Signatures
Processes
/tmp/l69dde550_x86.so
[/tmp/l69dde550_x86.so]
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2023-10-18 07:59
Reported
2023-10-18 08:05
Platform
win7-20230831-en
Max time kernel
117s
Max time network
146s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\flexible.js