Malware Analysis Report

2024-12-01 22:20

Sample ID 231018-jvrjqsdg92
Target 202310181558.apk
SHA256 e04b0fc37860cbcc0298f4037345544daef0f20610c55fec7866a4819b3fcf6f
Tags
gigabud infostealer rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e04b0fc37860cbcc0298f4037345544daef0f20610c55fec7866a4819b3fcf6f

Threat Level: Known bad

The file 202310181558.apk was found to be: Known bad.

Malicious Activity Summary

gigabud infostealer rat trojan

Gigabud

Requests dangerous framework permissions

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-10-18 07:59

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A

Analysis: behavioral12

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:03

Platform

win10v2004-20230915-en

Max time kernel

127s

Max time network

136s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\jq.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\jq.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:04

Platform

win10v2004-20230915-en

Max time kernel

138s

Max time network

159s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\list.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064473" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b0300000000020000000000106600000001000020000000c734c53496f7a2c43292980b02d324dc3be5c2a02518e5547d30137f01237012000000000e80000000020000200000005dac877b102a88655f375c486e6036638b32dea2bcde545da5de9d990e3b55052000000025f62944a017f5e3d062ec95cf3b4cab7566eb67d08bc354abb122da8488696d40000000fcb2f1f86c1695280f9b91506fd4d8c5c6c9eb72dc232ee4bd48dfc9210de23695a5fb445bbe2270f6b9e3c27f5e583a76042f7f5f3a330fe6d1f040fc8739fa C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1938877549" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1918253466" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 508034759901da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1918253466" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "404381096" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90411a759901da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064473" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b030000000002000000000010660000000100002000000072da7c8d03f701f3a8b9ce1928483331edb0341dff97e84a788278e39b6158a1000000000e8000000002000020000000d3c738c4b017caae362caa989633462c1afb8106183081d26d5161baea80dbd2200000005fb3155d1ca4cfdea7ce31befdc6df1b06e298b95e2f19aad6637f1a2b284a2f400000006726ba55dc875654c7ee185df819f3ea383f8d57056f95a563c97735dae214a48f512e8eae1db288f4600f1725745cada6387e04837b2393eeaadee375032a53 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9DC8E738-6D8C-11EE-B0C5-FAA769BFC8E5} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31064473" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\list.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 2ce4c36a9a2d7c420acdd1691c785511
SHA1 1fe204f8fa4fea3422fe634534b9d85333469ccf
SHA256 e9c130a18c7a4768df37470b9bc5d82a605e683b01770c1e5ce5a9d1eaa3e277
SHA512 bde297fe43830016b41ab9fb2bdf343002355ddf2ccbb0715e703d3d0d5ecc6ac2b83eba016aba416fee5445bc1c2915ae9a392bdd43238cc3c8d6e47c5c95d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 34b09778f6408de2052807e5108ad8b6
SHA1 6cd96a43b04f497691b8aedfd72a5c8df097ba08
SHA256 109dd35dba28ed452d9eff243faadc16b1b9a32880c5fb523f3f2db5958f9f5c
SHA512 44b0c13041c85b56b9d6fc3cbc1a5e4d7cf4bfc48783d9fb516500387fea4c2c17778111f5924d9b4dffecb3108a3ca4b4e65bd75962a90b33ef41bdf50a7215

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XE9C1B9R\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral24

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:04

Platform

win7-20230831-en

Max time kernel

118s

Max time network

137s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\mui.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\mui.js

Network

N/A

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:05

Platform

win10v2004-20230915-en

Max time kernel

102s

Max time network

169s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\swiper.min.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\swiper.min.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 120.208.253.8.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 126.24.238.8.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 3.17.178.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:05

Platform

win10v2004-20230915-en

Max time kernel

226s

Max time network

271s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fw.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000562b5f977fb577f863a4b3e03b123813e9eb636fae31c976e5a204df8ba4d419000000000e800000000200002000000043c78f097ad2d89a5645aeebaf647c43b934c4d84b1d28942bcabc85289880e31000000042d264bc0363b7b6167c856d538eda5c400000007da9ba3f972ed6c82c655abbb82aacbbda2a8a18763f500744699818b1a0e07d3a72f6524d66744369278f18384367b07d02afa52aed838a371b3c17604018c1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31064473" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 606e6db69901da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2958595242" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version = "5" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064473" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\User Preferences C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IENTSS" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "404381204" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f000000000200000000001066000000010000200000005adaa4c6e16d3dc53ee30fa0f2649783253f1e393da26af19b6d1a0f531d0130000000000e800000000200002000000058d82b68fc932d05071be1530f2cd88a0fca3e5e65054313ab663b0d423ab29f500000002dd25f64f88a0201a58cecb6d00d322b818b9982784fc98329258ca18c58febc8dbd0345c73065bc34e5d2d3aef6f48565797e9a4be80cb467774664e6a8fa6d9bbbe527d563a15f653f0774d75fed294000000035303e9033ea0b76937fd886cd091cbfa395aca8527f0938688e964866c62a308f4caa6939f5a4edfa0d2be032126a6ae5eb08c64d3e26fe91cf8e9e6129b95d C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000ea6f7466bf5f308de7acc0a139b5b314b740258c92830341541e8bfb8f12d637000000000e80000000020000200000003f5b8642345c8fb5c4aced46681cd5033bb07c7a917591ab90be926bfb0c885620000000f043f7a4cad058d08232dbfcaeec59aa1d864afc9a3f3dc0f0a662dcf704bb8a400000009e08ac005f65c3ae73a4d0ebe958147265a998f1bde15875cb52ad6fb72a617f78b0dee103f7d383ec9e5f013b58a2e8fe6cb7081c4ad25ef65c5cb8b9f997ab C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3269064748" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = 042d5e82d5e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000ba863a0c1ab9e8feb2654feba0c605883e28bc0887d2aceb04755cc2899b93cf000000000e8000000002000020000000671e034aade20297b526006447fb60df2e89d8bc329577927c0d4f504fdc8372200000006357ca36be6f02b6633a7600f5a5bb58e239ed37e6b479ba7a222d0f83307a2740000000b12551ce24815b762956478b9be4c65c199a1f54362c3e16d95631f07a5c8171ebe2de1ac8718f84ab4c05b3e31bea75a8aed284a559251180b31821b4ba9eec C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3269064748" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31064473" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D0EF5060-6D8C-11EE-83FE-EED69A4A1DC8} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60ef43af9901da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064473" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = "http://www.bing.com/favicon.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2958595242" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fw.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 88.221.24.130:443 www.bing.com tcp
NL 88.221.24.130:443 www.bing.com tcp
US 8.8.8.8:53 98.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 130.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\Kno75FC.tmp

MD5 002d5646771d31d1e7c57990cc020150
SHA1 a28ec731f9106c252f313cca349a68ef94ee3de9
SHA256 1e2e25bf730ff20c89d57aa38f7f34be7690820e8279b20127d0014dd27b743f
SHA512 689e90e7d83eef054a168b98ba2b8d05ab6ff8564e199d4089215ad3fe33440908e687aa9ad7d94468f9f57a4cc19842d53a9cd2f17758bdadf0503df63629c6

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 2ce4c36a9a2d7c420acdd1691c785511
SHA1 1fe204f8fa4fea3422fe634534b9d85333469ccf
SHA256 e9c130a18c7a4768df37470b9bc5d82a605e683b01770c1e5ce5a9d1eaa3e277
SHA512 bde297fe43830016b41ab9fb2bdf343002355ddf2ccbb0715e703d3d0d5ecc6ac2b83eba016aba416fee5445bc1c2915ae9a392bdd43238cc3c8d6e47c5c95d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 c4ccb65be50d85b12d009cd7a241b392
SHA1 7abcd0121911c54ddcce3c831ee9f79ae6f12b27
SHA256 6ba9091e74748be9b8e3e5c6ff8ffb968fa29185fb1a96489b2af8765f662d33
SHA512 d1ca03d190694aee34fb91028562c51f5909df346e3656a80b59f87fe496651373092ee2521c69c46cfd706c47274e1942b3fb5d6fb639f428d7fb4636c9c190

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver5253.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1QD0OQIU\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral10

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:06

Platform

win10v2004-20230915-en

Max time kernel

252s

Max time network

327s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3155216891" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E14ADC6C-6D8C-11EE-83FE-7A9C7BE51529} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31064473" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IENTSS" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3155216891" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064473" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31064473" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064473" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f000000000200000000001066000000010000200000007ad486c8d4cc14f19895fdcbcf46958e232c67baad0c79effacbd4f4e5f56810000000000e80000000020000200000008e80c114d2db1afa32d25748c3368a4fb295e37b4daec50d9fbfe6978233005a2000000045e7bde7f2d580ebf97b0fc30b1fd55992f91093baae62d711a5cec5759e851a40000000377c9557625ad4b0bba45ab3fdbc800fba4005772703f0fe84ef86fcf1ca8c22ee204683da15a5702ef339c65a280228b274ae52c80a3bc84be9cac422cd8dc1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000752af152f8097dc32ca432b2e4de71e9c018009c1ef03bf38767f43ed3c4adec000000000e800000000200002000000004524269704487a5a3c5db9be82c3eff2567d5eb5b34e6c1d700ee6637f9de51100000001d2b53dcb575d196e200d9cd1626ad5c40000000d2a408d76cf07a7d31ad4b97d3d5df5d56c463b29d36ea0aec979cc42a5e4cc0742b4697537d6f27f159fa5a895a080c5f12de80547851b34b4d46d9094fd55a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20e450cf9901da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version = "5" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\User Preferences C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3156466596" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000fd2bcbf832a3fa14d2f961ae264d48bd9c23eea4564d86e03f40c882dc9d5a7d000000000e80000000020000200000003c17f7c3f82e8d03b36dce094d3d825a1945d49165949e9dff582f1c5568bd0620000000485a5401ee548bdc0e37edd81a19a2cb6a5aaf2118f299b53003405311beb4bf40000000e4f4d5d5f81921b35b447d24c0aeee11ff2797e57f36c2fd17f11df744825bdc4ae21b41734832677901a14ac11fcf692b5872982e4621417d3221f4ba33b029 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "404381219" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1056edd09901da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = "http://www.bing.com/favicon.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = 042d5e82d5e7d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f6bb296bed3f4ab6e1d050ca02d81f00000000020000000000106600000001000020000000083591874fc925007af11a8158024cd8050fc83330ea65de47495bac9fc496d3000000000e8000000002000020000000d53214060b7a559ce0341da29aa80246d4fe989263a8ed051ec72f00415bee8350000000d0449a3b22fd33c50c09b71d11f1f77fcfda0dd800f8897a16b1978fc6496f4069cd42351031a49220daaa161962803d2f9ccc3b33b2f4d035172218d644f0996944e3b129101f0226c174cad436ccb0400000007b868ced769e85e60acb0d4c6ba2f9a6a6152ac1fc688e042e94ffd847133778d6216634f6531d5063b4ac5b0dd08908543d15955f2033ccc80c62c26382b433 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3156466596" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 63.141.182.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 98.142.81.104.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 88.221.24.80:443 www.bing.com tcp
NL 88.221.24.80:443 www.bing.com tcp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 80.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\Kno33E2.tmp

MD5 002d5646771d31d1e7c57990cc020150
SHA1 a28ec731f9106c252f313cca349a68ef94ee3de9
SHA256 1e2e25bf730ff20c89d57aa38f7f34be7690820e8279b20127d0014dd27b743f
SHA512 689e90e7d83eef054a168b98ba2b8d05ab6ff8564e199d4089215ad3fe33440908e687aa9ad7d94468f9f57a4cc19842d53a9cd2f17758bdadf0503df63629c6

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 c6cc2ffb933bd0a1685878b281002967
SHA1 ab9e0530da2091425e14bb7dc98ac61baa8680c2
SHA256 6b33651a35c0f4a5252af46f4cb7abb1bd5dac4d9bbe4221ae9fa3369a362d12
SHA512 c0c6099ce9bc68a5334a3092dd138232e52c6652300db7e229fd58cf0fb2f2cc1f9bd085901188d0ad4bee7fb770c5d4a41b4de304a4b8d8a71c1ba21a295fb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 2ce4c36a9a2d7c420acdd1691c785511
SHA1 1fe204f8fa4fea3422fe634534b9d85333469ccf
SHA256 e9c130a18c7a4768df37470b9bc5d82a605e683b01770c1e5ce5a9d1eaa3e277
SHA512 bde297fe43830016b41ab9fb2bdf343002355ddf2ccbb0715e703d3d0d5ecc6ac2b83eba016aba416fee5445bc1c2915ae9a392bdd43238cc3c8d6e47c5c95d6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver9EA3.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1QD0OQIU\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral13

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:04

Platform

win7-20230831-en

Max time kernel

118s

Max time network

128s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\jquery.min.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\jquery.min.js

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:04

Platform

win10v2004-20230915-en

Max time kernel

133s

Max time network

161s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dcloud_error.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0ed78739901da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b03000000000200000000001066000000010000200000003e9c09ee62c38911f7a295a9398bde05b713b04dfc5754c4b256e7bcea0c8159000000000e80000000020000200000008e1fb10e7fbf4be2939728492bf7cf9d7bce75010bbfa092e4f8a60c0b7fbd19200000003c8914d54e849cf366a83b7114183f671bdeb5eaf1ed2cd5aab5a6417336295740000000461214eff0d1b29b605cfea4838ea41989974b65839e985885ae0da1b99e66d28db28787a592cbfe9cfe7531cc4de93a7d3a4e6a042861eea8fc12e15087b05a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9A4F7ED3-6D8C-11EE-B0C5-7E90C1422BDE} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1910745376" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064473" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31064473" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1881838874" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "404381095" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1881838874" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064473" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000017e431d9a2c98c4f9f85fcb7a9559b03000000000200000000001066000000010000200000008e593e7e7681a1d0d8c86a0ea83e76297f1fcff1121ae0303171e5809c762aa2000000000e80000000020000200000002a23f3c51ba0f719115a7d9c8698f85872608acf84ab23549a375db47e8a421720000000eb7c7173c49508bc93d8c6239bccc2928d9dd946ad04ede24bcdc1293d1eeea240000000e94011530b799e9bbf9a75f364ba0a3678cb3c965f458511ab06d05d9cf482c190cd3ec657ff97dda76b3b4d80c19d68960bcb4e983e36c4c2cb1454bed83d53 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60bb90739901da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dcloud_error.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4052 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 2ce4c36a9a2d7c420acdd1691c785511
SHA1 1fe204f8fa4fea3422fe634534b9d85333469ccf
SHA256 e9c130a18c7a4768df37470b9bc5d82a605e683b01770c1e5ce5a9d1eaa3e277
SHA512 bde297fe43830016b41ab9fb2bdf343002355ddf2ccbb0715e703d3d0d5ecc6ac2b83eba016aba416fee5445bc1c2915ae9a392bdd43238cc3c8d6e47c5c95d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 0d74f9803b1392e6e5748b4906db62e5
SHA1 9ff25008316e8b8f3587b4a56aa317c33e16b6a5
SHA256 d0a8f20611f7d9403e32be4edf89d7ca047a482937ba128dd1e972a26aa2ecdb
SHA512 89f790c637b8d930050e431f7ca474be18a959d6035efa28c281d2c3c077247b690051b3dd4dde9673ae994b7f4dbecfc92d225fb4070dac5e54f9c8e853a859

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XE9C1B9R\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:04

Platform

android-x64-arm64-20230831-en

Max time kernel

1104008s

Max time network

161s

Command Line

edieib.hachfc.edjiad

Signatures

Gigabud

rat trojan infostealer gigabud

Processes

edieib.hachfc.edjiad

Network

Country Destination Domain Proto
DE 172.217.23.202:80 play.googleapis.com tcp
N/A 224.0.0.251:5353 udp
NL 142.251.36.42:80 play.googleapis.com tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.250.179.138:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 216.58.214.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.36.8:443 ssl.google-analytics.com tcp
NL 142.251.39.98:443 tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
NL 172.217.168.205:443 accounts.google.com tcp
US 1.1.1.1:53 izgztokoyk udp
US 1.1.1.1:53 kmnwstgmm udp
US 1.1.1.1:53 jfbjgaajhx udp
US 1.1.1.1:53 kmnwstgmm udp
US 1.1.1.1:53 jfbjgaajhx udp

Files

/data/user/0/edieib.hachfc.edjiad/files/.ss/l69dde550.so

MD5 a777bff3d943e3642306404404193ff2
SHA1 1dc2e0c2058551aa7c20f98d93b5bb7ce8ba716d
SHA256 f5fac90d5d6c5dd517a9882979b48b53c4d1c74df6ab4b37097dab26caf3ef56
SHA512 ade66980c5a8a3bff7628c9ba7a70d7e24ad6cb3d418fac91b09320ddfa0e2991b7839420c793780a425a76fc327d628d627845afe5c26bd5b4f62a249d30662

Analysis: behavioral3

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:04

Platform

win7-20230831-en

Max time kernel

137s

Max time network

139s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dcloud_error.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c30000000002000000000010660000000100002000000007b766a29301859f9a11a06de953ab17d90637511d0ab718864ac0ae0877159e000000000e80000000020000200000000176d4505831ba85a357498495bd0e2307d96d9b4fe1e7a88f96e8e38c2537f920000000483ef2818b428fa82a11c0995a74fe3f00373f932f6eaf23a3349c6ee10de00b4000000029bff22bf7883f743e55dd27c50686635c5e78cc4e7f657ed4fd6f8707e77ffe21ce0ef9ced9d0f42a073837afab360f95fbad758fde0b0034a6a065867132dd C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 504564809901da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{996F3FF1-6D8C-11EE-8AA1-FAEDD45E79E3} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403777982" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c300000000020000000000106600000001000020000000f0c2ffc7c5ba216b13046e15efd9c57d56822ac20578835c6d4905dca5824cc1000000000e8000000002000020000000b3eef85ea85959445a389aa7b5e80d947214d644656603af7e2ba44b4c56b6ea90000000663f33214accbe4cf8b6a57e68a697faed6933f478d853910cc446975b2119ba1d5e47de024d3296eb43b577d21d733e00990ee3ecc95d9b90d358d2f63cffa9ebed9dfd50fee076f5d0833a10d114af7e366d03f93099a5eac8c6996f6147defe153fb6fba559432ffcc211be7f008d07ac213226b11c3dcb20b6ca59dfdc1d02aa605e87d7150fecab50634da7608b4000000024f00ac8d66228422b2c036fb8daa01da8c122a0763d0a7277e21b37a34868f9f6b4452ab22449c11a461ed858123a1727e9f5cb17c6e5c5558e27eaac685e92 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dcloud_error.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2840 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1539.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar157A.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16d5496fbc62be453a0202fc1f0b1c35
SHA1 d3c67033f61f5854d958a3fe52f66f5c82759637
SHA256 ef6b0b6fb7698a66dcbc7e9107edf29ebaf62ee5e1fa70ec5b55e5929b5fae16
SHA512 815774cee8d0a19763b920d51c89b5f786300e6494284db582bd5c3828f0c50be598fe4268038d54267853309d03b97a2598d98d03c48e041084ddfdf05caa4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3abb6d4df34ca0bc48f4ed8bc152e38
SHA1 543ba50f7643f6d6d4f5406b6b00895869db9fd3
SHA256 2d5609ddeac0983d901941f08bf75be1a23b35bb30e3316dbbb42682f4d72601
SHA512 494357b11688eda3d9dbb7fb3f8ec2d11bd92a56a79c4078c91e0554b62f1e36a07f599a3bd3524e9d05ffe10b9aad4c4975c08bc2674b94be135c5b37cf7c32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1459f159397005abf0a57306f4beeb73
SHA1 48f5eda596862a9a2a2f7025b458a198c6f47219
SHA256 afb108e4b749d54713e86ab2c9c81b5e2ca4944e9a6b6e62957842585553a50f
SHA512 53af91e592b764367376e63aaa3ed6f19de85930cf4bb1b8fa3c12d5b3debcb59135aaab3483cc76089146802cc071ee6dc1cd4c7294ab095e56ec5358e5f531

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a3efa707832163c0dffc3ed47594879
SHA1 d5e7ef2fd6afe4772eae0d3a6a14aaf179167868
SHA256 98941b05cbd1ffaa82f6bb9f66982b3454e325a5fb20332b8e57b3eada11abc4
SHA512 cedb7615fd71cde289e69623868153c75af1f8a4304d8daeda8b95dc6e190df2cb4f13f0fe57bd85f4cd7b15644c6d11521c4c7ba3e10963f0c4f10eb207fee8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52e8b0ffae842fb3e587243fd7faaf44
SHA1 318c7b1984ff672a9ddf119ef17f1471594796ca
SHA256 722a4247415a1cacca63de4b271f832d253aa5007927428de0057ac82d034953
SHA512 63c7510e72d2c23e104e7cbaff2268d572e72a78add6d5344f50dbbb2359de6947e87118d45a047a5f3fa65e25f370967c85f3a92374f6e5ab2236f254a0184e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abd89f935f3df4b55f782ee204a2ed15
SHA1 364e54be646a812ec22667e246b9c36c5b560573
SHA256 757ed2a4cf81e41e11422d5a2b0d7301563f8d55096221e4e0e7da28d88cf1c1
SHA512 9a90f3052e911efaf10b285c21ab34b2c53e3fcaa9c9f18798fbdc4fb83699d38734652b6e93a8b9482c84d83f6c054f0f0f7cdd360be00400153cbebf165b40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b87b07ecde75161365d0aa1b13393ee2
SHA1 2f0f29c42fb422498c62bd07d6c7f6c4fb60dd81
SHA256 251f8bd63dfefcfd2c40b158ecc0b8efde0870a63eb1b8deaa5a98a87b71e245
SHA512 9ff40efe09cd5a3650fcc8f4a8e176183557988505d8b96fb0f5dfb3451a6adaffe48c9665ba2a7b0eac44c6be80f3b83cd6c3fac81758c455f4a499045eca22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6bcbff856c9e0d1caabc0261bfb5b80
SHA1 21f584a53f483bc754795887fa5498f5b9dbbefc
SHA256 edab90ea2b3dae3d1c846bfd9bf4792a779bc5f9cc7d00d4bbb9cf2b92860997
SHA512 2895b484becc8d5a9ed0d8a2717ef9f4dfa47e7c13c28784a39d4e42e16d5f5fd02dbe4734474d70afe562ed808ff5d55da222af5c985edd925c38ddf9a913a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b8b2e328bb4df85a29227fca913df00
SHA1 a44fd1303fb041df283aec41f7804c0e5daa90a2
SHA256 32bc97e3cebc2cf2fd2d36b68f2b1358454f7e0af033d674364843731c4cad78
SHA512 bd8a5f56c6ff3d9ee255bad84ce52567a1bd688da5558faa686a86eb5018163538218092ee84ebfddf2a4ed823f4ecb6e389d1093fe32ae8a84a4e8f9f21128a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c12b65f5d21fb2793a77c93fe9595af
SHA1 14eadb38e70f40b6e4fd98b7b111ab0dca3c5bec
SHA256 e6625e4de21302bd105655cda4e5741cb3e84a7cc0f16c658527c29172753ef3
SHA512 8355acb08714d32db4f59ed8520aceba578832f8da6df60adbbf28fbaef1e5d54c5ec2effd8f29d81e3b1d0f520d76d2e10725ac35ae9a5d412696f41e9d4ab9

Analysis: behavioral14

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:03

Platform

win10v2004-20230915-en

Max time kernel

137s

Max time network

159s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\jquery.min.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\jquery.min.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 112.208.253.8.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 63.141.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:02

Platform

debian9-mipsbe-20230831-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:04

Platform

win10v2004-20230915-en

Max time kernel

138s

Max time network

159s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\mui.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\mui.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 209.80.50.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:05

Platform

win7-20230831-en

Max time kernel

122s

Max time network

152s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\mui.min.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\mui.min.js

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:04

Platform

android-x86-arm-20230831-en

Max time kernel

1104020s

Max time network

131s

Command Line

edieib.hachfc.edjiad

Signatures

Gigabud

rat trojan infostealer gigabud

Processes

edieib.hachfc.edjiad

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.250.179.138:443 infinitedata-pa.googleapis.com tcp
NL 142.251.39.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.206:443 android.apis.google.com tcp
NL 142.251.39.106:443 infinitedata-pa.googleapis.com tcp

Files

/data/data/edieib.hachfc.edjiad/files/.ss/l69dde550.so

MD5 a777bff3d943e3642306404404193ff2
SHA1 1dc2e0c2058551aa7c20f98d93b5bb7ce8ba716d
SHA256 f5fac90d5d6c5dd517a9882979b48b53c4d1c74df6ab4b37097dab26caf3ef56
SHA512 ade66980c5a8a3bff7628c9ba7a70d7e24ad6cb3d418fac91b09320ddfa0e2991b7839420c793780a425a76fc327d628d627845afe5c26bd5b4f62a249d30662

Analysis: behavioral15

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:04

Platform

debian9-armhf-20230831-en

Max time kernel

8s

Max time network

158s

Command Line

[/tmp/l69dde550_a32.so]

Signatures

N/A

Processes

/tmp/l69dde550_a32.so

[/tmp/l69dde550_a32.so]

Network

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:05

Platform

win7-20230831-en

Max time kernel

88s

Max time network

177s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\list.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B67B48F1-6D8C-11EE-A287-4E9D0FD57FD1} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f00000000020000000000106600000001000020000000001597a211ccdde38d2f2473ff05ba378c2238167dec9e6c344d558d219aeaec000000000e800000000200002000000092263458f8bbb967abf30f01dcee2fab94ddc716d87a31ca60dd3826421ab9ff900000009af9be94b03e32f8c7d817fd0f82d24b35349336c8c895a895e49f532e6f28d16a20eaef40338c85e32809e411e711cf0e8cafc3ee767a25f4799efe21133e5a3f9645ca238e1e0d01e72655660cf13a7df1ea0531730974a4becd4b6ead59630a7e90b2c62b0a557b631d3db14f401979926b7b92a5e041fe73d1fe348a49007dfef284d540340f4f6ef0df676fe4eb4000000091ff64d069a6ccd8db229a241fd8b0a0949a8a9bdb74c7022f4d510b23e75510f3be23de522f154058766b3d378730d55e91397469b021bf0ac787af0321bfd3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403778030" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f00000000020000000000106600000001000020000000d79796a3c364d2878a0d81eb38ddda36c7e94ed747c1eeb78473b8da3628d4b3000000000e8000000002000020000000ef1badf563548123d0dc6eb72c34a7a59ff12f9db044926f02b9f0f2e37042ba20000000c28fb96026c9bc3bd9dceee8ba8955896467df45ede5a31f040a128ca9ed6d584000000018fb8ddefc10eafa78cfe9a6c194afe325ef57a95d3bd0a9a209003d27d92af83f69ef4cb81adc9f0f4a8869dae5c56107b2d44f2c414ddb64df35376eb7c2d0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 108fb48f9901da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\list.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2332 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Tar6933.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\Local\Temp\Cab73CE.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a6e8ae9994e0162bb1e1941dba3aeeb
SHA1 2e8f9309058571f265eb31cc926a6cca6d923175
SHA256 83cc234f0f9c7257b00cb8f3a22ee21fe6550acd9070e4bde13be097a6e57d90
SHA512 faa05d623c1403e5589e23ef71d027c5e7714e5a787ecdfc9babb969b445ef52e44e4a943876d576a21eabb6034af93b626178680e307531a89b53b7d91c6c8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13d9b4336dccbdf68beb63a015d45e91
SHA1 9531ccdd623112f30e9000c54e337322f0bbe18f
SHA256 735686099607c68e93982f780a374569e36d4f6e679cdad72abe8636f5277c08
SHA512 d725e068d972a8887c3030b9ec15949a451e8b83aaf1bca416e6a9f924ba9aa38f5cde5897ece2bad5179497e4a9dc86b2a7740891550166ffe53f734e7bedcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cacb7b8b5285a7dbe3fe9a567f16afe
SHA1 de623777c9380f0be78e36b94b9ec55706ed44f9
SHA256 2311b33110c140159dad5a606f8a026787d2f19954b0b7befb608952cca74d52
SHA512 2cc5e877bb997d997076be50a094fd71019b1a65844a2602694324a5d37fbae65626cca0c1005ad842af07da67f0d9dfd833ea3d151dd5df302f4bc800e011a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3c7d6278738fda0e85eebfd77171538
SHA1 386ad4d0b7e15d2a2ea49ae26e96e32a3d440d2b
SHA256 a17d0d7f4a4c6a865e649b272f690756a63388ea3c8fbbebc31b0f0ccdf0dfde
SHA512 8a2e24371242d0aa1ec569970b84e4fb63f41ef075b48fdd08ad4e1c3adb2b7076767d3ebd399124d28b3600b616e05d32993c84563c49659b44590308f80624

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad0fcb7293984ad1d2de13b821abd772
SHA1 e202f55a7b39b7b738de0aeeeac7f1e4d0aa7366
SHA256 e1a2264f198736c1f92186167072151ff8506d1b918f3823173d7910d2be4d0a
SHA512 a158f47a3adfb5c3cecd999ef1c96bbb22709ff950ef7440f942923f9d31b93f2a8853718d719ff3f0a90b522098616d9cb90d36e1b3364861d7228fd5323138

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 520d5582659a1e515e4846a2812233bf
SHA1 d21072371c8c5f2a5cb5e62ed3cc2939eb954864
SHA256 ba04dcc75180645a182945bf3cd82a8be3a2c693a74b63dc539133bb02733d36
SHA512 e14097a9f24665a7680666c162b7dc4a4df179f83d76c6025e548ecc1df8013b39858382c9bcb7c4a2281534d32975427c668aaa862971d1b89d0b9b2d7cebad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 767fd769761cef3332a12f5fadb63b56
SHA1 07c531826b814c874063dbfe06d0ac4f86e24ffa
SHA256 543476f5036dc0bee0bf475da6b1e9d33380d1eea5f5b9eb6ea0c143e55218ab
SHA512 45c8ad4172fd13bc24faa71caf15496bd40215bb5bb888b03663d411949af416dfd70ed6cf354b57fe49f7168be2e9b001b8f8402d03d76b027bec0da2af1f61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c7735986190d4558fdd5b02c858079f
SHA1 79a1600462b21e998367aa507f64a602d398cc7d
SHA256 817bf3dab3850910860f16f187e6e4527e475b9a1a4ff467a8bc89c8d4f1489a
SHA512 d234c6cbfc0032c0ca6ce98b2c49fc0b00405b86d1b9ea0cfc3aca8285458f4f3bc7cc78a3e6322b2510a4e47beb74374ef1cab633a9922cf6879cd4fcbeed82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7dd4406ac0ad1175761a25e589be6bf2
SHA1 07a7ba3240ae16c4311bcaa1e49e54f6d101c419
SHA256 a5edfe1e5833c5871d309544dcc015e7d2c5e9c957aa2eb81ed2c6f3f830f4a3
SHA512 18be930fce669afbd3d6df99476c9190f59b18d4855fc086fcf41925938f003422f3f5300678bb54aeac32ad60105b96f23c59ef2104567da0b17a628f09ed6a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6d7df289b51972105303d1ebde8c98c
SHA1 b526e1a8c600a615203c8f02d70b877e74b2ff35
SHA256 c1e2cd9822e0bc2ea2eff7419cc17f0bd2f6f9b929e5a24978c6e2567a270da2
SHA512 166a0b9dc2ab7f9f2f7c0a93f433b295a5912990406e64bf91ce0a1e160304e210ef540ce2302486fe4e9ddee9a8e9ed2dc2b8d69ddc98ee1d2e2ce8f08d5363

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08dc494e286eba8d293be3dadf53b44b
SHA1 60b8acd1cbd0c8d06f9e542dd994c0fd77d6988a
SHA256 dce02ed7aa9404df1facb1449ff9f29efaf2486f669e25eb11a2716c87c8ee7a
SHA512 4e0161bde1c1b4b3cb0bd3eecc93d49b0866ae2229dbf3671b78e309a9a469c71ab8d696ccbf2b7f05db63df74e723227889d00f0a89cdf95653a16f357d9ba8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2e539b25b20ded3c6946a88120bd71e
SHA1 68ee4bfb01afa776d16206f7ee180dbd35ba8754
SHA256 4c97870ae21f13a05af5db3e0212e1529b9180eccdc65368ae01286d848f0ebf
SHA512 1e68afc6f3be71dcea5ca52aa7a6e13c6549e4826a7ad9429c53be031d6fd647b9d8a75d3ea43eb36afb7d7c0b13cc448989866669ce6a6c20c294f31c84298d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb0277395f375334949eba757f67402a
SHA1 5d9882d369dc7021512141499702e464d15bd470
SHA256 0f4b470f95aac511615d8ba2f28eb6468c7b05d4f4dcac3fa08b8123f7000980
SHA512 8bf4545171b8fd0707da9860d4b1b0ecd1b1fd365d323ebee482d1b5dae04a4865f7ed85f3a415cc54e3342acf8fbfcee0f8d621763e3fe9c2f708fd7f0681ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03c56a31b6f0239718aba58053b420a8
SHA1 28a5b17f6d894a054cc51a1d478b957bf953cb13
SHA256 66fdefedb6c215491a41ef8c0b762ec57c286ce6ce1137501aaa78c18f320fba
SHA512 081587a2718ef1414cbb0fb5c9e72b9b12a2ef8c2522adc87e92fb2fedf377c6217eb0f4363caab343a98ea007b86cdfde8a637645c0e984b8f2e99e7f7c2ea8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1786ec87332d23dd3ce98596679b045
SHA1 98fdd07e9cac1a594ac2e0eebe9c04c57e1ac2bf
SHA256 45cb104a2ccf6076945cde36419f9632198a1d7a5394277edead98bbf88f98b7
SHA512 199bf3f34e248677e4d4964c753e571939bca8891fa97f04f2ea0550fc70a8d16e4a1aa3af3368ab4ec4f98d2d7265b2fd28d60477418b1fadfe08bde85478c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 948dce7af0a8309fc768306329d7b3c5
SHA1 c516ab9732abe5bc017c93773fb12f77172f1aa0
SHA256 2a027a9aca5b0c40ba917ea84cbbc41adc1f0d299e882586ba3175e7aff4a3f8
SHA512 35d972ec661ebc35903545f99a81ab3b2c07b489c3a467a9f51638165ae4654320b139849fc197f8fb21bf18e3f06962443688a08173a8896740ad15ee3943e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ac0522659df009ae20a048bf6795468
SHA1 7d631ad3e60a7c571c086b9dd07dca39af628127
SHA256 dec6a49e2c0cfb151084fc253161498478e8af615c69afc39ae48ef76b27d4e0
SHA512 4acdcee141e2ece8492976d6708253152ce3358e30d127701d43b67addcff6b6cd7f8122fe634094adb37cb213d50f5a5db6a73f317dfb3743f208330334b22f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f9316c4d616503f89fbeac9bd8d4e69
SHA1 4cf2d2549589d52e239be1f7275680cbccb91207
SHA256 3de9e827895f098f020b2d177b476a5bfa1aee151b86331cbc95ab98742a6277
SHA512 8707b32856ed5fbf6d30e3cbc157c0fa830c157b6ced7a71e6204bf79a3da23b6694ee0f9f91b84646ce050016bec307a392ea4cf91b5f27a18ffa8496e45069

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd795b5f30ec2f2b74e1d0d99723c979
SHA1 76d130880ad576e16225226ca10d67529754df2e
SHA256 35e24dc27efd21eb68763ef7069ec9ab9070f1e0a11d3b4456a7c9a828e8e656
SHA512 9fa6745ce46bcf57a5cfe8288b48b398a7e75e4d7816155046373535e21c6bc77c640700986e5d19159725d43bd00e72542c1858c8af459634e45236e0f8d772

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c232a8cb36c5a9a0516fd8829ef4281
SHA1 d767c64cfb80511ef0d4eecb9a65be6a966aa0b9
SHA256 7d6e3e888462cc6bdd7efe6f881cf0ef5d90906b4c2c5eee1cad99b6ffca5c99
SHA512 dc1f8c2aa242d21e38a122239d457029417abf79c7454883d988105f656b43a3323b41766c28c0eb813415926c09a49229e4c189a4d9b36054f27352f18bb026

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0c7e46ecb03a9168da0545c11f36d9e
SHA1 d006c3fb75396887eaf2464e74bca67f7b1b6229
SHA256 391569b2d16562e6cbace8b63bb29dc0e1308feaafeb1d5d4a8657dc789383ce
SHA512 40a3452d5e85b4fb35a78030b37899b561515c6ab156c9fe187bd61d39dab93426cccfbcae88612692829d8adbaeb8015040ee8c25161eea2dcb70a325497320

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c10e37ea517b59bf1451de7b8f68e617
SHA1 60a29fc252cda9a877db8fdaabcc1f711c048130
SHA256 d9a3792ce79bb7b44623ca0a37b161f4ed834ebca33f1ce097dbad53cbf88d24
SHA512 b40e87287f58a6e4f1cc5f81be411e259cc26417c4c04133c586ab3c2e5eb3a26a7aa488f1372edbfcc5ba94621ab4553f152cee8a8793b73b52f5cbfe526902

Analysis: behavioral30

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:03

Platform

win7-20230831-en

Max time kernel

120s

Max time network

125s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\swiper.min.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\swiper.min.js

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:04

Platform

win7-20230831-en

Max time kernel

120s

Max time network

145s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\jq.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\jq.js

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:03

Platform

win7-20230831-en

Max time kernel

135s

Max time network

134s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b000000000200000000001066000000010000200000008248abfcb87fdb7d4f9c40989a7b4f06ba9eaefd4de5f78917d1085c25a36eea000000000e80000000020000200000005895e7e2e89250a28245004dd752d2b5f14f472f367897d91eefa762a888514d200000008bac414d4354758a0206183fcd7c57c605b7275d2c47d996b1b94b25a7ce1fb2400000009ab249fe380c1801664c36eacfa88bdb423f9e1e316b9fcdfbb91d6f7d89eebcd6942323b9991a3b6bc261b372bc71dc7ba4f64b8dc45dd8d260997c5ae51536 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7D713421-6D8C-11EE-972A-7AF708EF84A9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60be17539901da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403777934" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b000000000200000000001066000000010000200000009df2b788c45d23c415ce3d8af3805d6914a8b1d77104243f01220c1ada4a017a000000000e8000000002000020000000f257e74279b250c6a926c44eb202c723d0f7be5f14b984d47445dabde5f1348d90000000fe64c1b14480833d8ae0ad58c555bade66023c2bc555e9644c2d261ac20f440e788cc991c1b16b968d7ec7512bebdd0ee3754366d12f0baa5dc1f5a2344da1aca2b54ee4984ac69ee97e278e16266a97cee3c6f063c0eddeb7102b448a12cf873a6a6eeaf665f9739e08bbc77976e474a777635c7b2fca41f047b7e6b1c62e000b70d3ffa39ee783949c021faa2e1af040000000318ad8659454d7b92722c29bbdd0b0a359681b6e4b7aca6ece2299e5348e60eae5e0fe4a78e1b81d46e6caa33f544ffc7751213cf8924ffe04dc21906f46022f C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab93C8.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar942B.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86e143c20637dfc5e10c64aa1c4bb1f3
SHA1 04eb839f6143b73b67c3b2d8e3cce89b7b0f20f2
SHA256 92bfeb51a87fed6716b4ae956d60c906a9fae65515ab3b7d195d269675957761
SHA512 e2dc0dbdcf37aff3704585c3e0ca20cf1d517a37f5a38c06ff9c5335c65f836c2070b0920728b6841e8ace0f85d54d218f189ea17cc2c134305cbcdba54930ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88f8572acbc14e68adbe684f66f41636
SHA1 bef985c5b0e124371448c5cf1de41e330bb92f96
SHA256 e0aea04ff13c360a38654849fa3b198ffb92a6a0591b600a5bd01e152731a7cf
SHA512 915eb9e9b3bd1107eaed986c23042ed25615bded300737dda01cfeb264126557da42897c760bacabf763e0ecf5f81da3695b22e4d8264a85df3624e6f081c6b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4fff783cd7dd6d6415ad3fe75918cabe
SHA1 782672be4faf0ae87018633462c938cbc3607131
SHA256 d5753a467c39446b29ef33f4a7b15201c0a73d6fb13a930c8e738253a916ac16
SHA512 d6c2f9026c48f6eddf519823401ec4946744a15d1222cc5327570232237cdf0410c73cd62a7eb8bdf078eaf22fc79dd1637017750dfd6a243c1125cec176f7b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2d0164cafa0923edbaa368fe26b24fa
SHA1 3ebfb9d1d712ab0880886e31b2f583137cb80c05
SHA256 3a2a614a55107c019082985c09e516fffab963b7ff01c8e1a0b65d375b20d864
SHA512 8421d1871360a0cc0f1d6655451513da95dc75e49c862fbd20bb53588ffe14aeada3e548963b1926fd9fdff6e4aa70fd0a5e505466ed986e48d08916a8cedfc6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7cbd82ed9c33235875c371da0a600295
SHA1 54bb232261381f241fd1514de4c1e218295aca0a
SHA256 db225df89387683152c60aebab73fcbf462649a90bd9aca9a43ebca85c07d33a
SHA512 ee5b656043fe6c9b39b995e483ec163ab2ae217ada7cddffd1aea50715190d8834efff9713573c9ba59b971ae7b27bd6b13d93b2435d2fb4dc6f374024a3d53f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d1a0601db3a7851290e81aa312903af
SHA1 526466a4569e1b2a057a6cc668c7777d2ff8551b
SHA256 f979505a40b84cdb9dbbacdd48e50e464e86ec8c837126b0e1d3992f832b6f95
SHA512 d5c4b359057ca8c1d2d34c925fa594ea0e790bfab3630f4b7812d2a148ead0b23ce853397ab6f020c6948c0fae654c78bf95760bd3b3b82ed528b0eead32ac0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4b87a5ae8dc832ab2640e2c60c7b2b6
SHA1 00ef027e07b06e16f694d4f7674d126953bfc02c
SHA256 83295623b5c8de8a4b2d2d934381c63f7d896f6ffe653e99074bc7cbbc5afe42
SHA512 c14e8a1c79ddf47f8411f6bbbce65fa8e4a82fc288a4244411e8833ae3d403e622fde485ba2e5eaea09d09ec3941f1cca70f1fdbf789a066facd5936dd80dc14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14d1dd0693409da1323500dd43aa391d
SHA1 8cde34d23ca58100bcc94acd6832940af75bed82
SHA256 2e2ff39554a44f37e7ff81ecd053f6efc491d0a591324feba60de0742d4cd002
SHA512 75dc6c97736eefdb7b7bf01ad456e69dbfbbd4de591d34c496ba96079e0f80f86f3c84ff89d9ce0df88561ce060313bf6e2a46f2e21b1a805ff058520e4aa3f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25e0121b9a1175964e1e133eb3b3c117
SHA1 78c998f49ce05ae28935673971a975375e195665
SHA256 0ee569f4d520e1b90a7e4dedfb074fc7eeb6b4716d9edf321305fc22a57ea29b
SHA512 886caa3ae0ecf17feee67d69f8ab500cfc90a86bf5a9ebf81cc9744b3b7965ebfd319f96b57cac0d3baa1e46fda92de1b6ccd335d006344049a18052a824e8a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cf9440599a6733508ab843f5f071bbe
SHA1 5d60c8bcf61b68c57622cd3fb6ad91210487bcee
SHA256 0059a14a6a8c69cdfc6298cd0bb60a1d8fa0d1cb253591775194ad1cb61c9546
SHA512 b5c0dad375b43356757c45d974e535bd5e896ebf92ca4b7574cfcc2a2122b68dea05bed33dca115c8b88d4129cbcb185992e4403e53f63126741e2a008f812d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a0cc48b59c09c3c368f6307b2cb149e
SHA1 8b80d98189248c7b3af39e8348e38513a8534bde
SHA256 0d2b85d0d709727b2bc435fc28051fdb069675f697a175a56b1181d364ae0183
SHA512 2dc1ca30141ceada59103c15f49d606a80cf6fb103b9a4edecfd7ffb9c3f91da650c9cbdd0ff33e737a8f5bde21b610f13d96123524b0882ef4aae786a65b6db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d74ec0d8b16b6bd9ec37371efe68fb1
SHA1 cc9d7c01f9e972d60a71bf2e198fbe08ad60fb7a
SHA256 2cbb92ad7b7f6624c8a6c9a90fd86202fd96287a77047ae9b5b0a0d45619e443
SHA512 752ad3c9118490b936f48cde71dbcbcc0b12b0d841ef748d8df6ab2c7ef1fe310727ace7910f4908e87ebd9aa04e7c01dabc2e6af06d77e046f8c11400a60c14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8f26941d39057a1ca4026f5117a0594
SHA1 f0a3799cb8885ba2935d173946ca855cd3172069
SHA256 186cc1b7bc11de0ec115923ba4e234813c681bad44064353fed1fb3563a3c2c4
SHA512 19d6eee2857df463228b79dc25547e941492a79795e51c8bb6e55ee5628a8aeaeb4eb67e3edea9660a33577a90754a0f0c1610df02628fe433d7d6bbcb3f0a8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e570b26d13493b4e5376e5e743da89e9
SHA1 683936e2273c9645b20457faf8e150268b69e9a2
SHA256 ddca5a89cc776c3c273b0a0a262c3c628e84d618b4ea449914448f9d425d2a3a
SHA512 b4dfa165902de591744e0641da6bf0c46e7893887e4f9e365147e4e196cdac141f13c566cf242e80b3fb5ecf8f724e07f94d4fb39eee5c93053d33a5db2b90d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4dd850c4cadbea40aecedd4ec15caad5
SHA1 f3d7fe913d3cf88bcdadcc61a6e2a6eeed582bbd
SHA256 e3dc21b3fde206fea264a4d9b23d27091e3a17cf25623e209949dff90bde6b4c
SHA512 4c8f30667ea0b3de87799ab9e063c8a251c35bbc8a4ad5a1fea6691520f158027f5498e4b72fdebee11196cbc286a195fe403dc9339b074e7552f189a220ce9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32025c6746005c4affbf8bcd7fa0cf17
SHA1 3da38c52226527a56cc2c8988857e112ef727f96
SHA256 c9217865fe01deb656515c6676aadeb82d8a229c33655b9d6176b4bb21ec1baf
SHA512 88234e03e378ecb6496c46f6b15ee188cd0ebdcdc88f9f19e99c5b7a50fa5ee60eb570cc54224ce8db97f340dbb54719fa5921defbe65e1c0075a8115f0827dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e4369996e061eba8c79557a53be62cf
SHA1 c6514d7aa622f5331014e770ec32b922b8640c04
SHA256 35074337faf7b1e594923eb109324d97d4e9b61ffd9cf3bcfce0a4e7bb74cf23
SHA512 65557e0a4c327ee1e7f3a09899c23a5d255dc4db678de2e82fe3823fc7f1e730bd189a4749035a6b7a985f080c5c961a2a0b90fb04b4e104b9c539eb2b151e51

Analysis: behavioral17

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:01

Platform

debian9-armhf-en-20211208

Max time kernel

1s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:04

Platform

win10v2004-20230915-en

Max time kernel

137s

Max time network

148s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\mui.min.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\mui.min.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:03

Platform

win10v2004-20230915-en

Max time kernel

127s

Max time network

157s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\flexible.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\flexible.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:01

Platform

debian9-mipsel-20230831-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:03

Platform

ubuntu1804-amd64-en-20211208

Max time kernel

5s

Max time network

102s

Command Line

[/tmp/l69dde550_x64.so]

Signatures

N/A

Processes

/tmp/l69dde550_x64.so

[/tmp/l69dde550_x64.so]

Network

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:04

Platform

win7-20230831-en

Max time kernel

138s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\new_file.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b00000000020000000000106600000001000020000000383457a92503350b5f266211eac0e2e737cd8e5edd71fc65183c21ecf70a57b3000000000e8000000002000020000000036b8b6de7db761d69a153ab68cd0251b38210f62871dcc7894705721438a37c90000000a534ef3cc6a6586fe3fa7f1658cd631aa1e4c1c2f40b339f648597928a877e22c2cf3c092d6c5e44db898444f1cfbd2ba7f697e61bbbf7f47a021d90372c0dda58f7055e4fc58849aa00fac3354b784917b2fc2f9e8b33742bbb0aee8a841f63825942d590c5fbcb24544f994bce1c68bf3b9d3420fe48f2d08c82cfd7d33c76ccbc313e77d9a467c176bb61977821a040000000c09525ab6006d3fb1cd7d2dbdbb54a6457a5063e5ec524617bbb28c2f5a160d06ed91c7695dbdfbd936c4845f5a4a3e13e4cc8f54cd180da117802894cb37267 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403777957" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b000000000200000000001066000000010000200000009783cd2753bc7181ba9176e63a27f2d6cf44d59e2b5e580361460f50ad89c8aa000000000e800000000200002000000069d603e613f1c9fda2b06a37ef43c55db6cdbb725cdc6b849c9f0447d59f930520000000dc132ed02595213b0ac73c156e5c05ad182e1a2fb7c01bb6c8a5eb3079d08957400000004a359be113067335fe18eff733d6e58468b6e3f618aa0a4a035bc80e468a461f1948f4498fe783e3f5636d70a57ab4f2a4b0f5c75ac4e1ed519f5bfd520d66a9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8A325EF1-6D8C-11EE-AB6D-661AB9D85156} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0cbc1639901da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\new_file.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3004 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab8A19.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar8B55.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02490b05f4edff55dcaa3717fd5a6d7c
SHA1 0078523651b87e15abe0633259b733219a0c81cd
SHA256 36432b6d70e690a3ef329352839c4d4c74abe992bdf1716a1ce9500866fe0dfe
SHA512 6d7a6136e877777607a87f8e2d11944bad384a20cad76264c64f2a3e7e670dae51f1d6ff82e25b5faa30d10ab469fe2ddeee58b1b8c5898afb51b43f19809241

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c4c9d1fa3f0b2766471db0d97a5b6d6
SHA1 bb00834d319dbc19e1439248816307ae9a6e605b
SHA256 7d9c316b9715c5c64185a9c6e9c7d7998d6413a95d0444889354e5be0b777923
SHA512 cc0121c2283f3ec6863cf281148604d351efe5eef6509adf458d9904ceecdb4dff3db9c9b4abf6a2af1346918ac4b358f8c1256db7d7ced37044dd15bcdc44c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48e9951d4f54e1ffbc8995a9c9286228
SHA1 60b3e693284c9bf26035d6bf9018c418d6c16fba
SHA256 d26c0c8d75e8ab27e14d4d3c3deb20d9bee19b6e708aa78a3163047031d0ed71
SHA512 653fd9d506d50dd80d0f82b640b00dd5ea26e63cb47a652ba19068aa78be6204464a0ac4f239c118a39daf6c342bcacc6adec69452cf26d0da4838d49ee8bb7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16c60a6d6eab044ce37893983d012bf3
SHA1 0f691ffef7b2059ad4ff3dbefb630d2a73e9d521
SHA256 0e385c593d2660760ac4612195a677d08b066998ec9fa4184d1003b93e907f3a
SHA512 b4354f68e5e6e6880f86838a964de850053d13a81350d33af2d0e47c78f242b16ad7ca0fdc57462f58394c29fc6ff76ce5b9a692eca7c5340384bdb1e384f2b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7225270b0a9a971e895967daa3b6197
SHA1 ad009fdecd44d519df7a3578dcaa57c368ca39c1
SHA256 574c86b5e75b460f242965d445e47934e2f97ba82cc7212f8596ec514083e9ed
SHA512 ad0484ecee77b74954fa269dcdba500a85a27913b230c16345cd0bfdd7469415f042ef3dcf9588ac0214cce71fee1d94467cf1e44168f3da37191a9547fec732

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f297ae9fac7e51ad0c34589a6fb9414
SHA1 9fc4f0814ed033be0cc2e5f9629fa7d1807a0e76
SHA256 f8e00c22ea27695f2de255053e16aa9b988c54af554a062add2f0a4a4900b860
SHA512 acf1a7a573f0833d31f303184214f48c9adab8895673cf2ab11c739debd34b2695b2c9bb4aadbff603677055698d4d6cb9455076c05e7aeb79ccc69b8b8c0009

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab197970512a660ba76c34bab0711d04
SHA1 d19900485b1873b60ea6b37645f1967d011bca4a
SHA256 361533b92e8e51612b0152d761809dc1e8af9677b2edbbcfbc2b0618861a9de6
SHA512 398a963d8b51e919bce7a167b8692ffd052eb66364c26d6a3f5d42cf2157ea8578e002efcb3a3e397929f91ebce57e73895fc8a43b55ed6abada10aa43a30eb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f1961d5ba90d400bb93ea39f77b8afd
SHA1 1134e19836ed73a231d61b4d42ca14070e40816c
SHA256 2ea507753617d0470e7d5294e06d8ce375d3052dd7f401442fdb383dca30e5b6
SHA512 998a74b4f17603078ac307d8b3855c2fec9d4020d70459e8e7300631d86bbe19eab7be5059345e5144a0ca5d2a0aaba42cbe5b9a2143f4144b1739a5e89d129c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f08077d238729425fba7f16457ee756
SHA1 c4c529c70012e7efbd0f268b87cb5d942de21c20
SHA256 98a95a21b481ddb1a4d78b6ecac92ddd250728ac19a998cc88c84c5e73f19f22
SHA512 92ef6658f2e0fdc24da69baa67ae5e65b38e7be1ecf2fd8d863d9becd49a656e4e620ef437011e0631c09fdeebd1001ac8ea7e292e94096a31cfd60bf456caaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1669911026be329983597e6fcf543c2
SHA1 0147c72c1c86fa9e763cc0c00f5d665c99b4a14d
SHA256 4552fb68e96e0bb85c5b7a9a522952a568fb8d7c35a0b97cc0c510c4e93fc9a0
SHA512 946400818babb6c63f908ab299298df4cf32abaadc7a582bde45c4726e9d63dfa45a27a9e4f73eba7a8ae4f8eb144bf994b10f2a8bff88a7ecc98713d89ab619

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d0b77d84f90b4d1c03b96c475de1b87
SHA1 c6f865ded839ada6a54f880158e50fe729a03b1b
SHA256 f11b5f0207a8cc47468412ea17b29ce864ebd98f07fb6ba04b3a2d8282054faa
SHA512 7f81310326733f52ffc39ebc472fc730720de0fc7ea9d067d81ac84f55446e30982ca4634ec0acde12770e5eadd53bec6e80b28c9035e29512dca9b3d6b46946

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94f703377bec3299b45d5cad863972ba
SHA1 fddc7cf1d268c12a1ba160cccf611586b4b3f0f4
SHA256 70fd0710778ca065311ddc422f7f3a281fca4bc2a6014e9f42f0f51fa5059a4e
SHA512 ddcad8ad32b4c7ef34eace0f7843b480568d8db177e8bb010cfeec14adff70e51420d90346e53a07eb0c62afc9d6333462096591cddae123588717e6005a8960

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7618c0a105f6631600ccb5d1589f8068
SHA1 20905ab6d10339070631690e3381b4a319ac6a48
SHA256 f27dba06c213056ea8891bf32d59323a730e755768220fc6f97ba9c9efb5c4fd
SHA512 fd5476e66892588d2e18b8b605c361077a46004e1755da260d53331f2d59db044f92314144a3e02263a224fa4b1a2f865bc69484ed64371f563ae79c2137f505

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76ccf3235decb58398328723bf293a69
SHA1 4264e467c0f2dbbd032488f89b89d5f7d8d13969
SHA256 2e2bac4f1e954315f347d078bd1e2051d6af4c1c45c764de4f8427ea284aba8f
SHA512 7ab88a29ea04da4399dc2b6e0066aac32c1309c9592726365797d4cc426880aeca072520d3ef6fa6b1fb7b9b5f359068960be8de609612936d6cb737237f87be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0e698f2293d67fe751872f190535b20
SHA1 235b3c839a600e567ae7d1734be6407147a2ea48
SHA256 a88a5f091f1bfc7d576ce700b2091e452497ffc60dada3325b4c38ec8b1a28f3
SHA512 79ece7900fd9db08eb665b5dd1e265f0f24a61b69cdfff23c0436fd849c9ca918d4a77f500caaf7208e650373a3fc5f9e4d5b35d353e0cc3422b304156d46dbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4315e852a7b3333a4185e370472ce6ee
SHA1 a78f7695b41a1536dffa555f09041123d3a9fe54
SHA256 ad9b1197de06861460c1c4cbcf8a64185a1beeee2530df785bd239bb3fcae3d3
SHA512 4be7a8295b9eedb5c56acc5583dcf81ecf4e7298a75673e5f0d16a5607f54e28a4d8bd57d3d92c6429990e98787ba8b5b2a2ccced788b14a40fdefc582d3571b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbd6f11075d52da0b63037d8857052da
SHA1 f29c6cdcaf0e81640e3832461dea0b54ab707d8f
SHA256 22ea73ea33c393161bcdeb247fe6d70a41329003a112e61fa85cfe330679faf5
SHA512 9a0ac32aad2a7489ba204fa73b41117d1269511e49ccad4872ead3676988c2953ff6dff8e6addc9adbe51767574c10f7d1e65e55bef438574d67dbfa3678e73f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5d843a23a5d2c611dad471086682275
SHA1 2b7f444e2619a7ea6e6a4bca67c68abee1c6af5f
SHA256 51f697b8dcd08f5b6aa6e924b60b7b5cec840c9872f5b831879dca91ea406c45
SHA512 9749698b1565da97c5e678587309bcfa55a05de8c3317fadfe1346813bbc93cb00c6ec55ca711f94e3228930562f590e369bd0038fa56f125264178ed040306d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2951201d22232eb54e41b01068d1fd2
SHA1 f895029001b7db0e2d1f4e5d539f90b4554dd17e
SHA256 9c1213aa167ff546563ee32b81c6a5a1f08e32974a1df58513b09b93164bca86
SHA512 d133d78eb73c48abc970526304832c4708f197efac3c12c469c5f49b5c94eec1bf217d1a5268d2053b249fda42901459d48626a9c091f6414ac8e6ebc0435937

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5bcafe8b4c1e6d655c8277a70c06fd5f
SHA1 d4c0cd4c7f73f2c3f0e0fde9fc1688d04cb93a84
SHA256 26bf0702f89bebf4b731b2fe9e3ec7d365cfdbf2524e11990e7e4f4d3ee2af17
SHA512 407997284ed2136b2e292d8677a4553f188c691b3bc2d7d3613b055b6dcb5d010670b1536cb0d5be63bce9f8491f7c326ba938f089002cdea3b47110c562705d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1db15ccf645236e08af6bf0274a4236
SHA1 def1050b69920980000329c1e195f523b0a139c4
SHA256 c8d31275598f2a90642b644f9c1588e1ff1983106c33cde05a7b44aa01f05cac
SHA512 13d98264790908761b36f072dd6178efe7525856ec6749c3ab8c9cc9a4074e6a699af3f3d2de02749feb0b517cfde6b2b2deb40e1a3e7d98a8c2bbda9bd186b8

Analysis: behavioral32

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:03

Platform

win7-20230831-en

Max time kernel

134s

Max time network

138s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ys.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0b65c539901da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac200000000020000000000106600000001000020000000a26c3f3e8027e68d1337084102f9ffc9be7efe5dff7f8133e2ba88871eaa2ff4000000000e8000000002000020000000e73efb83b615ea990a377fc3ae6d3b08efb3877b759ae6233409b8533b7acfb520000000445b974d1c99f3e69d88aed56834d9be7b982681c4d28c260aff3a6b282b45664000000044461c0d6f88f47f1d4d2fc4968b3fca42843db3fa984c0afafcf4d08a4e50385efa294fd645193ddfa7346e9b4b73949c5401848706b1638a883d7250bf8ec3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7DF9E451-6D8C-11EE-9EC8-DE7401637261} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403777940" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac200000000020000000000106600000001000020000000ba46d516167bf9cd7934fb691470d4ef01347eb3e81234538f8e6ac5a082cefd000000000e80000000020000200000008838ad4719ab699479818ce19d2d36f8c2d9ed51ff61af89e052b1beb6f2e4ff90000000945906a200f96a6ace9274dfac30a9833ccfbf007f329f274261c92fe06778ce7121b748f52c53dcad0ae302baa174d2bb2d48f9717d86d767f0de5514805c91e0b419081646200e612382bc406688d9e1f2b2dc0bfa9ccb2f4c5371220fa74e7257229850cb87f001bbe75bed8f801975aaaa220b848dd1d58d1123d4b9dd62c5e86a657aa1e3c7dff64fc6fab3d0a740000000d07b29b21a7ac7545b7e453d0ae74d7f665bbe9b3b7eff4dcb9b1372d050f05aa5839654a1a2632c433e4cfb0fd5fde0068a8bc5daa09d16265f73288f999334 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ys.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2452 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab5988.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar5A37.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88f7898b7563298f01927f74ec9907ca
SHA1 c1d5ad7437d469bcbd27f265e5388c43bef4d622
SHA256 a37354661877bf6565115be600cdec2b7940726004e28ef42be046f003e57a50
SHA512 38344a6de80f5479d91fb175ed657c8777b1f4cd77d3df7cb80f2f512bd00c144ce875f06d38a3f532a5e7a211aadb6f8f8feddbf20f79069f0ddb3f193fc1ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f1e3dbb2dcf6dc95437071fd1d878c5
SHA1 f6f7d3a1998a63b4f5440f9e7a8eb74e17b93554
SHA256 4039601aed04058c4cb47cea1517abfea2932979cb9dd9e1540716c5599a1b90
SHA512 4f532c5b31d811d13ec6aa545c79d75aeb6e7ad03f5604e0074e149ddb1633d51361773f059102203570d7ef86b06dff9868b284477c61cfaae8bd5b0de16814

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95c12339a23e6d213fee8aed3d1f31ba
SHA1 fcb0cebc77574dcfe99a56414f647685a5c34860
SHA256 8dea9f8f82f316e69bde7c9b8488d93ea6d3f48b606ea7203e8a5ea2dba35b7d
SHA512 e767371eb532a4cb95fa411eed707b34dc2e1738811b15e672037c45adabcefd2a0e5978ebc6d89184b7e865e1437ed62b2d5a998863bc6f405ecc5c6b64efdb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad838b1d7276aeacefd351aba7f5a204
SHA1 982b8ceb2798a900071edaa6fbb827d4f0955aeb
SHA256 6375d9971a837ff91f860a450e29c7aa9006c52c8e5b24d6e45fa89b4b4783d5
SHA512 180db38547faa7072f4d88559c5e0fbd8eb31b04169f8bfe1f62f6aceffdd975deefdf30ca6062522297483d4d439d3fb91089c7fbc2192d5a362ccad29a3997

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c64d3d331e981639ba56fd89872214b
SHA1 089e3f0b81a384ffa9ccc6e91ff8deaaea241af4
SHA256 37acf3a0c11fca6e035011da3647e4c00026d34aa8f43f5c1a81282033724e94
SHA512 20fee3112f8d85d0ed7b75ef0105c46958c0fe5a8f7313f61f39005318e0e270aece5e0db626e3a45630dc81d294955c3f89315e14928f5736a4a5c98ae95666

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 194bce704990a18b3c5bf846be081e25
SHA1 f813c6b24845d2795676aeb5e2e7f07012ce3964
SHA256 7feb48761e834fc24364923c634d21043711ec0b4637c72275d416d435aeda60
SHA512 cbe9a0147f24681b7675ea18c37c5f5038dcbbb8042169f549f485227f1d346576a67c86f51377184d7a5f28216604ea26c75e508f064332318c4bf28654679b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ce6209feb470311bd1ba19f2acecd18
SHA1 4c261442e7e680f154216d568b6dade3b9436030
SHA256 d1aa4cf51b9d4ac62a3d32bb15ffa9653fd2221d1b966b4ebedc3c85535fae58
SHA512 0b57bc5e82f1e32919fd4637fb85dd00777b1422ba076e01740162cfa79a40d3cdf0bd3f910031ce60c2316461e2a349c151ef28e86dec6bee74831b686d3fef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20850f890cecdaee0b41f45e4a449794
SHA1 2225df08c88b15647a569d4f506c9a49e213edbb
SHA256 463c33a8e014e538d64b5bf73745fc8724df74dd01191a4ae9883b49822e604e
SHA512 0598fedfb14736c984f6ca708b2fbf03b604caa576e0cd06ee683a98d0b9fed031936a3f9a041d76f18052b6f697e753a65ddc24380ec628f4c91003d9f643b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 123441ce5596e701108aea953b08fba5
SHA1 0e31ecaec3e655859d4ff841f4508e3bc5d45632
SHA256 3b555a4ce6ff6a2c16f08a54d94405d4c53bbaa52d98e461c0657190bfad24da
SHA512 8132c85d901a0f2346680cff93f895c9872b5b2abdd50fd46ca89b944f82771e8f53d66915dd32f11736df4fa38a17a88bc753d1c561776157fc04ca394801d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fbe6704e350faf7de50dc341b419b87c
SHA1 828dba4e489fc68dca5183eb6e9ad9c6af9db2d5
SHA256 c1bb72ee26228bb2d7ebbacf94890642c0f2b7ba67aeb98eab59055b2423515b
SHA512 c648775aa781e630b5dac30aeec03d3ffb10ab4cf361dcae4520cf31afd5adc7a29cb6f82ee1f6d5587f0949db89a992d4df705ad1c8e8383b6301453c58e87d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0b5855376a4e81dee302256d84021a5
SHA1 61d22998857a58e1f744aa73d2f89a868b661aa7
SHA256 838ada16d89931e71bd6c740bcab2e039a5d92f2c719568dd88fc69edb8393a5
SHA512 cbd57c07111a395a793319057a108e38a71b5a024b8e6c0bf3883590576213a90c8333ca27ea9e59040212db5a1d45b16faf39da6e7aea0c0c9b4afb5fee379f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7b3a056d897fcbb253eb62933a0de0f
SHA1 ff394c155735f948fc3e3f723f748558d174833d
SHA256 b636b52a4e80cf98576dd830f318416c98a94c8dd346477664e10a866e846017
SHA512 82dd058dccb5db002314d253e2418ef8bd084c83834b6247b909df5663ee67c86ef31ab15ac63b0ac298c59345d53f5a3c04cd07fa3bece1a9acc0b21cb4ec24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccfc429206657f23f482158dfe4decb6
SHA1 8d532ffebf93320ee518c7840c27d4a5c2403c62
SHA256 59a36f105f6eb0bf25f0217ef32741cd6f32e5a2da95c5b150f70bec9b8b75f2
SHA512 7bfa3a5ad9ccffe497e00ec6fba3cd461da094cad3fcfb88b903fc9d9e192ed7ecd524743f50c6f377ffb6ead4512073e665582f0713e008795906ccfee47de0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 332495da2b1709125c1e55e341a460c4
SHA1 c4ff7b491b80822a396713a2b368a2add61a3bc1
SHA256 eafb821bd8d2d34a5191e7f716bb9374cecd300ca5fdf5712c7dc4243da92c8d
SHA512 734202df1f0d75fe0f12ded827750057be24b4aff548ced8465440ccd54b995327bf9394dee9bf545290b3ad3e88eaa791749b09c814fbef00f9842806cb6f49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74a4b28e4c253c6c9954a6ab0cbcb791
SHA1 c0bfa57d0adf27d472eb54351f2e76a338e9d843
SHA256 e88b70d9a2aea02dc58f8cd91b963bfc9a003e2fd30f72d5b798890f25d24da7
SHA512 51e480115584af5b8ac5d39b7d09a7b5b44980af467e3c3de64b1b7154e400961c11d7fe0b671f8e2c6af6c73ee9f3246c317d87570352c4ed2bcaacb3fd5f40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19b82caf909996353aac67749ad0d84e
SHA1 5e9d6b4b1c030016fa0c7cb33ecf132fc08ea133
SHA256 117cc002cf98041d3b382bf94a38590dfa6ce0f0b3c0f26cf7b57700d481b748
SHA512 1e733ef2e677d1024a1d426d59e2f62d80a63564dfc128a9708f9b7ece27fc6d5d786e704f1a40226c7f523dd6c6373bb4c48d7460ae10bc2d1e629354dc90aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93c8e73d6a96cf55ef1163baf7c0cd1f
SHA1 c8a0fdd5f42b7a71d81fc54afb780a7fdcc761af
SHA256 e3585629f3b7100d312bf54710abffaf6dd323e53592c3761ad51b70b743ec4c
SHA512 db33740d8401ce2ed25c012c8e0a1035588fb96b173868bbdb68fdc6469e73d65142f96feea7ffabfbe48bb44c7f974f90f2705eaf899b63b858e42a6f5bfa16

Analysis: behavioral29

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:04

Platform

win10v2004-20230915-en

Max time kernel

137s

Max time network

161s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\new_file.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1702396004" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1942551316" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9060E973-6D8C-11EE-9359-7EE370C9B5A4} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000023945248a016ff4caf831eebccac29d8000000000200000000001066000000010000200000008d401ee9590d79794abd16456e87f345f44215ba4f9cf9b488720aa9b0de3aba000000000e80000000020000200000001782dca1be4dd895bf1c375ed7b5a9d130a6c8722918223b533a6f3b8b55281d20000000bae2403a388772f17ab356794302f36e3a2d967617255c761e4380f0be2c79bf40000000102f6da6982799946d3c16054070c7ded646e98a964c713461892ce733ebdcf0f804dded787c6b7d301e90c99a52e2fd92af354213eee9ed96ddc5da51b40c45 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 005dd1879901da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a06e2a879901da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000023945248a016ff4caf831eebccac29d800000000020000000000106600000001000020000000257ee61feafb7328d5ddd281a0447f73f42221dfbe7d9b05ab48f40e21761aca000000000e800000000200002000000014ac4307184e1386412b0a710844bfd806e0eae5a667a9d9b5da8b6568e747d6200000009ab481499178908f8478d9004b8c1cb792ea0c314ac3836a90fc5f2b4f6e75b240000000084f14137c39ad4272c199eee4bb389c5074a03d07e08084b951464c6a2dbf64ac821e4a9329215175e1fe327831392749e8cde8a96a65927fa881cd89c17527 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064473" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "404381094" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31064473" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1702396004" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064473" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\new_file.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 f8be9ffb412b03d15b3a5ba174484158
SHA1 ae60e4e58d7f16ea023c5c60e45ebdb573880b71
SHA256 6f797dcf6c559b30f18a7393c6b59d626772705ddb8243973f61b762fd9210fa
SHA512 a2351add7641336c2a799c8f4d9af0a43afadafbb92a718980f78989e140b14a32fa26045be3d38aa996306a4d4474974acee356007358a8ac9fe262451ff63b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 2ce4c36a9a2d7c420acdd1691c785511
SHA1 1fe204f8fa4fea3422fe634534b9d85333469ccf
SHA256 e9c130a18c7a4768df37470b9bc5d82a605e683b01770c1e5ce5a9d1eaa3e277
SHA512 bde297fe43830016b41ab9fb2bdf343002355ddf2ccbb0715e703d3d0d5ecc6ac2b83eba016aba416fee5445bc1c2915ae9a392bdd43238cc3c8d6e47c5c95d6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OSZCC7QI\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral7

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:04

Platform

win7-20230831-en

Max time kernel

136s

Max time network

137s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fw.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c300000000020000000000106600000001000020000000fd504a589f61bb9354d557f29748e186228de2a1668bc983a0c28874606f5dba000000000e80000000020000200000007751af814f8d853aa30f28becef329d9a5c23a5a8f727a167c0e9b1cd9820b53900000002f15bc3758f198af690285275c15b2a1fe61ee421dcb43bedc2724b1c1cb210286f73b83a4ac2cee812994023b8031b20294e9195c37dc3064c79e738af1df2342428db8abc71bb42fa18d5fb511052f6fe304f360d103170acf27a4038aaa0332ef8ba1bed7504b923c6c1ba66f39a817441cbce9d68fa982cbf6da0dd3c9ea5032a9742fb4b230ed5a559f893bff9b400000003683b9a39e82262782edd268b238f3d1567e0cdff8f3d4584003d3ed985bf93e86d98de4357de322afd884638cdd7ccfcdcb229701453dd575d3cccc9bd2bd41 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0208a729901da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c300000000020000000000106600000001000020000000e6a0936ed9717828d7d9c605e8e63a5b0d91108f210658fa981a23a10e8fca46000000000e8000000002000020000000eca99d13be0e02358f501f4ab9d6e080ed452102e3c152585237a0b9cb40664320000000a4e0edf2d19d04b9cfbd86a821de3bd83d831ff909a0e1d0712cc817462b395c4000000049a2fce28d9a3b4720c6bf9f0d00b331dfee7e22823ed6f5cfd086ec6e91b2bfe1a84044cd093694440186891dbce8c9bfefed4f4edde844d3bb194fac5e6b0f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9A06AD91-6D8C-11EE-9604-462CFFDA645F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403777982" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fw.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab9C03.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarA8B4.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2646a874282b9b6649ba4f57164a1492
SHA1 934e00cd1ac2515f40497f8814170fc4244cbe1f
SHA256 c73c8c177de617ed663649d2f186ab4d54cc3a52f1689ac16c392f96a4a8cf82
SHA512 5e84a1035720e9700b4de3b801a1e79789319da2b78dd9a6fe6a06504eaeea7a437ef5915cda3f8d55b5c98c4feb8dc8cee9b3f151aa651e7de169d33bc987e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c50a7e1c5d9f62af8607e2c1d7fbb5b
SHA1 6b6fdb87b5b4c53fac48a7c89f100254c65d9738
SHA256 4e6b816026503f5ada81624279bf67ad36c68b059efd09a7fbc65a58dabbbeec
SHA512 8a381e19898a1988a641f0662e658a9acad48ce550f187204c966d67a17c889f1b13f85cff2e96e93045640a6107e7fb40fa0293edceb89b36f05cc5b94610a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d59408a275d7007420f5c37ef90967f6
SHA1 0902c3fe6376bc0b62256352fb99ed41995169e0
SHA256 d9bdd3021417596ae6be3c300f1739f1663432b8017a5e1f9e17d480068cd96e
SHA512 c20e64b2741fd8088663080f0129a13486efffcbf42197ae3b85e01c89739460798eb3d853b2c4aff3b6c0211d5eb74ca364b797d2cdcdfb5327bf27ba39d257

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b314de63771cb3d484091f0bfa55b4b
SHA1 216be48190a53e28788456400268da8b4f0eaeee
SHA256 4c3ca3b6966b4b00f3a9ebe5217403239e13d45f086efd44d529d50515ead52e
SHA512 e6f6722346a8b9bb473ff707aea2a289f4cfbda7f5ed2541983530c05be93b3c4f24575cb2f53ff0202d79c5c16e73fa9f689db71f509285264961ca33edd933

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89a3494928c090c3f3d41aacee613cbd
SHA1 fd457c9dd2b8a7b117881065e33a82f8783fcc9e
SHA256 25a5585339cd86506f3f14dcd0595cde95cf9659c69e5fbc79788256fad0da39
SHA512 b8386bbedae372be481e30478e56512b7a72f4057b7e9bbe98cccee83b09e72c9522fa442b4d76edd09887880da0af833e2bac8e4a7566ec1169cd8cdd1e5fd4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6262600085b1d940803c4ca30f4a1b7
SHA1 7dacabe2c769a0b9d79fdfb13b892f39bde43767
SHA256 9f20c0812201745e91d377fca693b19116b594b798266ad6bf1a866b858cc064
SHA512 d535a48be0164a5d604f55df9e1248ea669ffa3dc63adfe9feffa2983bbc366c5047bd453b3af4dc3bafeac66c3c498ca1577b3388fd9d23492b4451a23fde0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b72034f943db927e609c145e8ec8025
SHA1 30a64eaa4fce2ba0a07e72fe831079d1f0a49504
SHA256 06efbe8ef4b7f7b3f57b6e4e6f9c3169a523d2fe4eb319a8dbfef333c2bd01a0
SHA512 b1b4177ac33d9c23a38c3a58d8769bf9bfc073e865e92b67e09e0f39883c6a8f5990c2f2cc4634ede2b5d0afea87da9f646d9b04f0e40a78924ab79f36b45541

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dab678455b9dc4c7d3455a3750081d26
SHA1 971f24b083eb61ec9fdb580dd86425ffba8ba796
SHA256 96d6b3994b3301343e0c0f13b067ec0fc4a09dc96113d318b2f8c7f3ef6baf54
SHA512 c24b1009eebaa17589f0ec2a966e2f990e3b3413bd6056cdc625615bb09b29270e972eb858a8ab05daf4190903ef33e7c824167566c1a46e5d9ce950386ae0b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c345cc7523be511718c40990cffd5e5a
SHA1 e0040043b56a40ef2de6ce29405612cc7ad0dd76
SHA256 07079b8bf1a1d832389f6ac233b81251ff5e71b2cc249101d20d4c76d6fd5f08
SHA512 96db461171b2cc8fbc4710cfc0205ecdcc312875d9c38d82e6ef06a36244ddefc6d280a2190108c82fcfa0f9ae7404b4fe53f41a011153eb19be9cbcb5f25fd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7a51aec73f59e8ba41731346a2030fb
SHA1 59590ead0d0722d553624014ea4df8a6cce53f3a
SHA256 0b51b0aef858143ba4a6c4a33e4bd9314702e4bcd9f6fbe7bdc7efcb69a6de11
SHA512 916c353114c5c2c5edaa0da3737262d82e4d1026c20afd121579e4f2bf6168e7518e1831c9c796e4f8a77667333b4484d431ee36ffd70d6ee58f2eb584780e3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6817c35a72e43d0c95321092bee3c5e3
SHA1 dffca5eae6f17fb3ebc249648d7987985bdc1283
SHA256 18ecdd6117ed1b59323c18323b854be0102396c521d9d1838622d5623c017adc
SHA512 a2825ad67cd81eafa714d84236cb4ad643b4379938bee017673af2d515766a9c584c71c39df85312969f455179da74419094c938eff85e9076d3bc740fc9a1a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32428828393c8446a864cf0568fa6313
SHA1 56863d4d7d87df43d40ee1e0539db7a02466309d
SHA256 ea11e0e8bdb99e55f0c7c727939d887be8453470b0d0d6e5180264ef5fcd8bea
SHA512 f47a990bda5d40e725d881618a3e0186dcb159a647371afa2acba161bc4aa31f9af6c67d898bf9e2a2285fb8880bcc938e63b628021d2fad005e9df3c6093a92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f9c5c2cb3f8e82c6f6ce82e783dad1c
SHA1 cc629da60e41427c90cb208f5a53accf952e4f9a
SHA256 e54184240eeb52ba1549ac27c0c9e809af1225c503658db1edcf561904b3d342
SHA512 83b98f87e12351a9674a5f8b303b770717e66590ca139f74b6dee2d6e53dd0736e91ee6b4a704073fadf270afd0cddef2162c79f9885910b6fe9bc406a22b541

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6022cc5db1aea07a8217c8dcb19c610a
SHA1 5ae1bd2bd19a0faf22ff85a1e581104d8ab4b0e5
SHA256 8e4c32c7ae83a838fe07b99a3a23ee9da6634bd2d76c44d36c6f261d55c51554
SHA512 0ac8cd80f4e952b27df163d8584e456006d3c44e15afc5297840950fa791f4e408b15815d399177047503668bd4f6f5ba6dad14df9266af92af7d68bc86c02ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cdb61b86ba5241f57f0508374887d90a
SHA1 710973bb095451769bf2bd4d55877924097b51ee
SHA256 93ec88135a4da7953e8a73df577d88041ad94800f9f856194b6d4b01a2a710aa
SHA512 eaadd843884327b4254f2d70029cbc125f41e72f659347fb7ec764263faba76178e20cf77f9339e15d77e675131306e0df12018b0fd0eb57356f7bb930ba2f42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7824f839328ab483acbab1790986eff
SHA1 5292a1c80edee3ccdc2f4ccf320145c4ab3944f3
SHA256 56f264329010dbec65de96ecba08d1e6ce2175aff6c6c8ff79f631855d6331a6
SHA512 58d8a8f7c0c47cc8cfc3effc1d729fab156a5ab8e9e932159cc17ea19ece1791845d6612c8fcfd3d651c1958d006c8dd8b4de88875e64b1f87239ec0c7b6d9bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76e93690962b1a6427798b2c4c6a183f
SHA1 7820a750d3fe10bca250cf252a00bdc60b86570a
SHA256 6b5aed9ada2c0809b5619b8a1cd5839d6f75505c87bac68a8412ffcdac63e801
SHA512 ec3dec5480df0f0ac71759ce945112b68e9023db8187d5cf32546fe608bbf4845758cd7fb4f8aa64c7b1f536b60fb151f64eece70dd5910479854b7c206bb32f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d40ef5a29ed94cf3bfa85a1b94a47b4e
SHA1 ba8907829fb39ceaa33bf04accd88c5fe02761c1
SHA256 023c3b7d953a7d6162f875d820ffbeb2bd2b875866c153e6902ecb86e5454e26
SHA512 7b52f0430e66771b124e916d1a736601dcab782a14285ecf5e5f75f3a7490dce44513bee89f45c391f39107cf8f2f46e90827a7d2ca3f389536c6a60df9d1e28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f3ed305d13eb4d257e45bebdaa1ea5c
SHA1 5bc8ecb2af3c7119179d630c83637975baa6aa22
SHA256 90e4895610e5faaf7a8a0989290e812388b67e8cd48b79bb3eefe35017c6b633
SHA512 63dc9f8b95b482712859459bf0d518c7b7d7c55f80279160f1b4af88db96902143a7b160a5080c49a82db18662cfb3f260e37cab9e6691d1f2e87af69c567a63

Analysis: behavioral16

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:01

Platform

ubuntu1804-amd64-20230831-en

Max time kernel

3s

Command Line

[/tmp/l69dde550_a64.so]

Signatures

N/A

Processes

/tmp/l69dde550_a64.so

[/tmp/l69dde550_a64.so]

Network

N/A

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:05

Platform

ubuntu1804-amd64-20230831-en

Max time kernel

3s

Max time network

146s

Command Line

[/tmp/l69dde550_x86.so]

Signatures

N/A

Processes

/tmp/l69dde550_x86.so

[/tmp/l69dde550_x86.so]

Network

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2023-10-18 07:59

Reported

2023-10-18 08:05

Platform

win7-20230831-en

Max time kernel

117s

Max time network

146s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\flexible.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\flexible.js

Network

N/A

Files

N/A