Malware Analysis Report

2024-10-19 11:56

Sample ID 231106-1w181aff6s
Target 7142344ff1efa338898a69da6c5081007223717b01b3f4d6207cecb9f646aab0.bin
SHA256 7142344ff1efa338898a69da6c5081007223717b01b3f4d6207cecb9f646aab0
Tags
alienbot cerberus banker evasion infostealer rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7142344ff1efa338898a69da6c5081007223717b01b3f4d6207cecb9f646aab0

Threat Level: Known bad

The file 7142344ff1efa338898a69da6c5081007223717b01b3f4d6207cecb9f646aab0.bin was found to be: Known bad.

Malicious Activity Summary

alienbot cerberus banker evasion infostealer rat stealth trojan

Cerberus payload

Alienbot

Cerberus

Removes its main activity from the application launcher

Makes use of the framework's Accessibility service.

Loads dropped Dex/Jar

Requests dangerous framework permissions

Requests disabling of battery optimizations (often used to enable hiding in the background).

Removes a system notification.

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-06 22:00

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-06 22:00

Reported

2023-11-06 22:07

Platform

android-x86-arm-20231023-en

Max time kernel

2796348s

Max time network

135s

Command Line

chef.isolate.task

Signatures

Alienbot

banker trojan infostealer alienbot

Cerberus

banker trojan infostealer evasion rat cerberus

Cerberus payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Removes its main activity from the application launcher

stealth trojan
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/chef.isolate.task/app_DynamicOptDex/fTnEmT.json N/A N/A
N/A /data/user/0/chef.isolate.task/app_DynamicOptDex/fTnEmT.json N/A N/A
N/A /data/user/0/chef.isolate.task/app_DynamicOptDex/fTnEmT.json N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Processes

chef.isolate.task

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/chef.isolate.task/app_DynamicOptDex/fTnEmT.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/chef.isolate.task/app_DynamicOptDex/oat/x86/fTnEmT.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 216.58.214.10:443 infinitedata-pa.googleapis.com tcp
NL 142.251.36.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.36.14:443 android.apis.google.com tcp
US 1.1.1.1:53 buuncanlidersvarmi11.com udp
NL 142.251.36.10:443 infinitedata-pa.googleapis.com tcp

Files

/data/data/chef.isolate.task/app_DynamicOptDex/fTnEmT.json

MD5 941798c87bc19acf81e9a30c5c9d342d
SHA1 9c729d4edf25fdebabe911858ac4d51551946284
SHA256 89418d37f636411e97486c68de47965757b31da3a0b481979865c8efb5804fec
SHA512 d803a09f708f2834f683a22d3077b41d6b7cc512ba41f777ecde4670d2bc63b4a357ff06699e530bf4c3fdbf0b6fd10a6c33e6c8e4b8015955724bfb3fb19cc0

/data/data/chef.isolate.task/app_DynamicOptDex/fTnEmT.json

MD5 9848f326eb31b8eb6a6aff56e08eaa6f
SHA1 475866a598c6c9d049f5ed2ffb3410d98edc7159
SHA256 f49be7fe820c785aef3578b113a3240e8450c797609578b6d05316cbb3495779
SHA512 cff258de266dd100a77768560bd0e013c25d73ea46630f37dde7c8f3731d95128c99cdbe424379bed655aee20fe9187f37699f1966b5157aee2047d6127003a3

/data/user/0/chef.isolate.task/app_DynamicOptDex/fTnEmT.json

MD5 9848f326eb31b8eb6a6aff56e08eaa6f
SHA1 475866a598c6c9d049f5ed2ffb3410d98edc7159
SHA256 f49be7fe820c785aef3578b113a3240e8450c797609578b6d05316cbb3495779
SHA512 cff258de266dd100a77768560bd0e013c25d73ea46630f37dde7c8f3731d95128c99cdbe424379bed655aee20fe9187f37699f1966b5157aee2047d6127003a3

/data/user/0/chef.isolate.task/app_DynamicOptDex/fTnEmT.json

MD5 9848f326eb31b8eb6a6aff56e08eaa6f
SHA1 475866a598c6c9d049f5ed2ffb3410d98edc7159
SHA256 f49be7fe820c785aef3578b113a3240e8450c797609578b6d05316cbb3495779
SHA512 cff258de266dd100a77768560bd0e013c25d73ea46630f37dde7c8f3731d95128c99cdbe424379bed655aee20fe9187f37699f1966b5157aee2047d6127003a3

/data/user/0/chef.isolate.task/app_DynamicOptDex/fTnEmT.json

MD5 80325e6176a8229b4277a4f9fd3167ef
SHA1 8a8603a983739865f6eee2d1e354b20a3d830aee
SHA256 cece4981711ef42769076bb78c8f08b0f8e23555bfae65b7c6af42b174163e41
SHA512 cce27a566dea2b768010540898a2dfaaedf475f49fcd26f5a752b69afddcdb71994701891ee03f7f95ddc1b6ed72aac01e9c7eecde223d4332a842b02895390a

/data/data/chef.isolate.task/app_DynamicOptDex/oat/fTnEmT.json.cur.prof

MD5 dfd93517ab4c755b6bc910f4ceca3d1f
SHA1 8b8c34ddbdd176af7573a19bd9042abe017add70
SHA256 ed7637431e8a52051f4fa839460a852dd04a7c945168242bdd839cd653bf955d
SHA512 d981de26a4f0531f73b4bbecac71c002a99b3c24439438ff4ec5dde9a2b78e8a98e3ce81a44dec34f893f26153bf5449f350e07542e17c733383b441d26dcc23

Analysis: behavioral7

Detonation Overview

Submitted

2023-11-06 22:00

Reported

2023-11-06 22:04

Platform

win10v2004-20231020-en

Max time kernel

142s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\calendar1.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4001520100" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4020581778" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50fd57f8fc10da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c79fe21d651d6c4bb8d4cd4060a2fb9100000000020000000000106600000001000020000000b14171981b58314fc54238e366889926dfdc8628d9edea6e544df5a8d89f43de000000000e80000000020000200000004069494d1f8b89c02b582eb159851424b730ba83261337675398e9e00bd0e86d200000008f14f2eabc422243b9f776d8bf3639e1f814455a322cfbadd6b110a6b9cc3a9340000000751968558a0b319444a9c5cbd06c6ca852d783211bcefb9a4609e5302e8338c91a44cedaa74bac3f45209e1f6fb90960eb93397ac8e440fe9f7b253ac99b082d C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c79fe21d651d6c4bb8d4cd4060a2fb9100000000020000000000106600000001000020000000bd24adc3712892e02491fd4dc553f1a5a3d47e4868866a30004f209f1b777257000000000e8000000002000020000000c88fde96a220029be9a9a1a8397847fd8c9f4a807d67a73c1b0dc3e02cb8036620000000140ea7e2e39a03f81040f7dadd915d5024b82a1173f4c923b39f8302e28e6dee400000000511375b5fc64394fb206e2fec87173b1e170dbc9df417bb7f2df6b378c35cd067949b3d7cd3514eb23995c223a2b64f1e2c91629f28753a11f2765bd0558a77 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1A1EC692-7CF0-11EE-88E4-D6630BA3544A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406073093" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31068412" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31068412" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4001520100" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31068412" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20106bf8fc10da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\calendar1.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 appsrentables.net udp
US 52.38.238.10:80 appsrentables.net tcp
US 52.38.238.10:80 appsrentables.net tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 52.38.238.10:80 appsrentables.net tcp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 254.23.238.8.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 90.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\80UBY5GD\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral9

Detonation Overview

Submitted

2023-11-06 22:00

Reported

2023-11-06 22:04

Platform

win10v2004-20231025-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\circle1.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c673c30fa5e1df4483894e0a711271f900000000020000000000106600000001000020000000d66f2b7cfbd9578ab10857fb37ca5ba079f6ee149daa119de13a6a1309636c5b000000000e800000000200002000000009621640a266199487a72341c4e74e1955bf2916cd45b8d6c6d62e83fd0b56ca200000004e1a6eb6e8cce52f7e07417232a3f98be0f578f62ec818de5cca872e2bb6f9d640000000e4cf0098714a25c3f8526c7bb9efc98b98ff5c83ec211469e966527c56b641dcc6b758dd39e7a83fb46a87f90113a2706a813f1223a90474ca06c5d3e5b74f59 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31068413" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "23160965" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{2C498D75-7CF0-11EE-8286-CEFD533AA927} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\appsrentables.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1004cff1fc10da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31068413" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\DOMStorage\appsrentables.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "10816735" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "10816735" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31068413" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\appsrentables.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406073122" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-177160434-2093019976-369403398-1000\{CAC91F9E-2D45-480A-BA89-12C89A12D0C6} C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-177160434-2093019976-369403398-1000\{47C82297-17DD-404F-8818-809D8080E4C7} C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\circle1.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4268 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 161.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 appsrentables.com udp
FR 94.23.213.57:80 appsrentables.com tcp
FR 94.23.213.57:80 appsrentables.com tcp
FR 94.23.213.57:80 appsrentables.com tcp
FR 94.23.213.57:80 appsrentables.com tcp
FR 94.23.213.57:80 appsrentables.com tcp
FR 94.23.213.57:80 appsrentables.com tcp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 57.213.23.94.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
FR 94.23.213.57:80 appsrentables.com tcp
FR 94.23.213.57:80 appsrentables.com tcp
FR 94.23.213.57:80 appsrentables.com tcp
FR 94.23.213.57:80 appsrentables.com tcp
FR 94.23.213.57:80 appsrentables.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
US 8.8.8.8:53 9.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 147.174.42.23.in-addr.arpa udp
FR 94.23.213.57:80 appsrentables.com tcp
FR 94.23.213.57:80 appsrentables.com tcp
FR 94.23.213.57:80 appsrentables.com tcp
FR 94.23.213.57:80 appsrentables.com tcp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 192.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 224.162.46.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NF6NB1\w-logo-blue-white-bg[1].png

MD5 000bf649cc8f6bf27cfb04d1bcdcd3c7
SHA1 d73d2f6d74ec6cdcbae07955592962e77d8ae814
SHA256 6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0
SHA512 73d2ea5ffc572c1ae73f37f8f0ff25e945afee8e077b6ee42ce969e575cdc2d8444f90848ea1cb4d1c9ee4bd725aee2b4576afc25f17d7295a90e1cbfe6edfd5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\39d26rl\imagestore.dat

MD5 a08d2281456680ceee95f61510ac076a
SHA1 f878268931ee0be724d57a70ed928216cc025c5b
SHA256 47d25bc8b83b7e567338a99aa9c3bbfa7698509c61591beedb4ffe28e4e9425a
SHA512 85c8a38d8aa1e9827e6f934f5d89d981d29b0c1a184bffabc59c97d4d087da9631e8373c26d3797f37990a9933e148c97abae4499fe54c157b79f7fdfdf1c87a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BRUT4RU0\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral13

Detonation Overview

Submitted

2023-11-06 22:00

Reported

2023-11-06 22:05

Platform

win10v2004-20231023-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_iframe_endcard_tmpl.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d07cd80efd10da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "222044689" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008a0c380f3628804cb3442a54a74494fd000000000200000000001066000000010000200000004def024019c4bee5b6bd24b406b1ce26d5fa6c3697c4d970812e1d034f752596000000000e80000000020000200000006c12f08999b1a7fb5884f4bcd94d95f87a6700051cfe0bde0a1bc9cefd9a672620000000036e4938f1347d1180b4b06512da0cd6392ddfa478ccbefbcbd32e9bb29e50ae40000000b6d3eaad37b0853a443cc49e2661c964fd2effe27529c3b5fe6ee72e1cc631f21a2cb8f351004cdda9b04895e97d8dc3b777cf2d48c5e41cf63592a73d3232ff C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10c38d0ffd10da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31068413" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "163763477" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "163763477" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31068413" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{356C59C4-7CF0-11EE-B196-E2134A816827} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31068413" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008a0c380f3628804cb3442a54a74494fd00000000020000000000106600000001000020000000543c0dc9e1921bb6b829626b2a0ff418fbb381c81dee683dd822b10e53d57fe6000000000e8000000002000020000000398ef6a5320e83dcba5a73612f9deee2e0a9deb761e3bd0db53a1d0f03a1d3ef200000007883dc12a2abe871a8ea169bd43ccf6e465072b42c1e6a260ee1b07ce6edffe540000000bf87caf5ed104be132e9f16eeb5427b30d45fb0c7a3cf2c57a3eab9cba0709e806b7b1f4d98e07df5f5a59ca646c7b40f9b1cdd749ae0c5a3177fec4582db673 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406073142" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_iframe_endcard_tmpl.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:17410 /prefetch:2

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

Network

Country Destination Domain Proto
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 135.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 192.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 170.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 161.252.72.23.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 48.192.11.51.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FNC8FKXQ\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

memory/1152-20-0x00000136C0940000-0x00000136C0950000-memory.dmp

memory/1152-36-0x00000136C0A40000-0x00000136C0A50000-memory.dmp

memory/1152-52-0x00000136C8DB0000-0x00000136C8DB1000-memory.dmp

memory/1152-54-0x00000136C8DE0000-0x00000136C8DE1000-memory.dmp

memory/1152-55-0x00000136C8DE0000-0x00000136C8DE1000-memory.dmp

memory/1152-56-0x00000136C8EF0000-0x00000136C8EF1000-memory.dmp

Analysis: behavioral8

Detonation Overview

Submitted

2023-11-06 22:00

Reported

2023-11-06 22:04

Platform

win7-20231023-en

Max time kernel

135s

Max time network

137s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\circle1.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\DOMStorage\appsrentables.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008d5ea254cbc3cc499365b391a5fd669200000000020000000000106600000001000020000000aad01ec9e4c0899c87c80dd2f48ed93fa8aa6fbfac941d45296ced3d62a32ff1000000000e800000000200002000000000cd36c304098abb7cc8e304e1d93d713a7f6fe896ecd8f7594c396c21bf7d35900000005a3e78090cd9d30efb5d4baa584d3ca29d50ff4d15fa0521b90d57be569eba3bd808a9594b66433126d27ab769fd16f221e160c3c7c673b064adba6e97f63b734bdde7819a8dacd545ec920ffec3540e3d775032a13c08727aa47761440e175c67add580838877160b72f0c918ed9a2499d93265f7dc54999547371863b75e23ef07bfae839243287034b65cc6ccd93a40000000cd58c504f9060da5d4ee136a802df1e0df34f44e45b2522e60e4d89d7063c5bcbad126e7315d51748e0db6e46730613a3a4e09342b3e45f9e16723e0d5a8042c C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008d5ea254cbc3cc499365b391a5fd6692000000000200000000001066000000010000200000000c38b2a00be17c90388716919d44c5eee2dec3d89caf4bb776a31d654c496b11000000000e80000000020000200000008359e49c2a306fe573ccf4ef84bfc3920adb634e45e2d78dc69dfc335b6a58f5200000002bea7dd0ae10eb70bdecbd723b103a0e59de940a8ef87f7f57722fe6aa5e322d40000000228adc27eb4f5216bc948f82d3677f298d58fc204d68ca77ff6a1ef56ebdf93849ce4277f19d1021fb634c076c6b32e4ebd615b5ab22930e66c0a623823e5146 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0DE0BEA1-7CF0-11EE-945E-4EB5D1862232} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "405469964" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1020bad1fc10da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\DOMStorage\appsrentables.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\circle1.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2920 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 appsrentables.com udp
FR 94.23.213.57:80 appsrentables.com tcp
FR 94.23.213.57:80 appsrentables.com tcp
FR 94.23.213.57:80 appsrentables.com tcp
FR 94.23.213.57:80 appsrentables.com tcp
FR 94.23.213.57:80 appsrentables.com tcp
FR 94.23.213.57:80 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:80 appsrentables.com tcp
FR 94.23.213.57:80 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
FR 94.23.213.57:443 appsrentables.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab8088.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar80D9.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98cd094664578686d82e78028222a8ec
SHA1 fb5ca75bed5ddd71cda265944315bde36be38df3
SHA256 a4ef86d0e876f4e5c87f8b71105a5a77c32f0ec5e47ecf870f8f6cfdf097364a
SHA512 2413619d2f2baa2b1af3f981aeb6014957d0f81b2aabdc76dba5dcd4327c2eb75f9be7296188ba396a26d802c927865ef80eb87cdd32de7a3af61bca6e260e84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79e3bbdeb03f7209beb9c0aa561961fa
SHA1 3af969b7591a4f5b5215a00f7eaff5f5c5397cc0
SHA256 7a745312a1452cf2fee0a905a842e3c0b8507bbb65cce6e2a9d254a93ff2b3ff
SHA512 d9b7f99291ef596088e053c413364ac92d1fbda0692b597f989afa16076da5fd3d97890b2d1509f612fb48b68d5342765ae20b13f6bff3a17e1bf23d3d79a39c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4d0b68cc4552332d28fab4124c4fb62
SHA1 567af5eff703adc0f2e19e62e22fc39633105565
SHA256 512b177ba14441c949e962afd03e013285b716652dd1db8f209a8f57cf4dc377
SHA512 eb55514a9626c694ebde2fb4df6d444441fee1727c2be420db3af096b66227245c3ce9ce60c4aa8f336a95f49ff5fe7f1a97f08c1b86533b0ef1756a0c78b361

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d2f565e1c9521477130db74cc3f781f
SHA1 66d8027286db8b071479bdbd5f5d4dbb5bd08ff7
SHA256 d23e94505796bb4b99d6f7672a4272aeb4fa9d32f8b70f2c412b6ae4701effdc
SHA512 285349fb76b40b5a9073210812d99ab20fc5de221b2732e3f665ab35fd9a4fc579ae6cef2148d38965f79c90c574401b5949cc590cdbfe6e2814717c419619ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b9741878ef81b2bfea4b142f584c058
SHA1 9021bf1597f116f38112165ce85d9d75a7937ee6
SHA256 82b0af5e2f3d6ebae654eafffc1304bdae93e48e79c03ea57275bc746a3de3a0
SHA512 5a23748355dd31819a25b6af99abd867ad27540f1d82c0e5e0094754f524486ae24f52f50ea54a046e3c05226e05fb769d92d736564339101daa4c34bded624f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18139f41c6f7a35903e64f976a42a1a5
SHA1 8f3ed07f21fc239324699e3f3e0592c527ba1185
SHA256 6c7744bcdcb556d19c67be70576af8e7db824e28ed1e501bb27eabfa06999e49
SHA512 9d1e151541913e6f115f0771a2708cfc0a9b970ec8ca87aecf48afaf06c46731d24574d522df4d2d87cae6a821260b9d38902dd6371f6b66b6767285ef76e5f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73ac80fa8a947de2f90bd04500ba724e
SHA1 085102a5daf2dd7f88e5bb9736a12ad57dc41085
SHA256 2fca8f61de6de7fc0208db62d3dc08ce876544153681e6d266610aca5122d362
SHA512 6dccdad2d3530a99b1f242638eae1ab1969d97cb4d458f78c77feb1fe2a40b9e409fdce00e663e9828ef6391d5937399cf4f55d7965767cce96b1c23ec4167ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98ef4ff677d702e8c067014fd26f93ae
SHA1 04fb3cc82b549932b87a0b543362fbdf57c4c856
SHA256 e0297b90f2a67ed24d7544158e601f97128fd0fce7d313df22f7447556b95545
SHA512 14b1d725023da6a9692aacbc5ab81d904b3eff162afc73fd4863189d9bfcd84340e10efbc1988be11c3ddc24e4482f2ca636701e02c2d79e2f39b5f00c5559e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7cf610aaded16c6199962f0af1fcab41
SHA1 a8101d993222af52551ad79f0a8144a86726ca4b
SHA256 5c92a6b204bc75e1e4b2461b37761c88db8b69592615a8c15f2333c5cbbe96bd
SHA512 a554cba3d5e9c43258f8400c6791a2cc2438ab5ff81b47f8cf00be0714cb08e0b2911af560a544ee6ac686ad00803043b0c9abf299b4bb5085f0e0c4e51fade1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee56727ce530a27948e4230123a8897b
SHA1 a7110ce08682c0f69c934db00245cfdd954099d7
SHA256 801b04dc95decf215a265aff1a4930ba20887f01609ce96538c882f2a5e94b2c
SHA512 bfc416d74a3fd3cefc2a7de1678cace2d7935397bb32ac4710c80ffb0b3cd96668a32583b40756106faada343e007d8b1b6acd2cd49fdfa8747fdf70db916420

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd1096ca8ae613389153f512c2eba26d
SHA1 46ddfffe69eaa90c04406ddf4a4b8476eabe9ec2
SHA256 4f74ee86a7ab148033081fd7311b7b764f60d0b641bc419e74591bd55dc0b2da
SHA512 e1a5f0a223a7c2041af0200705b6714b6f004e04a89efaf9a780a430966dbdc1a38501ee8929bf43449702aeb05565ac80b1ea4742367c5886cc8ec5867c2d7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4032c5fc1c7d9cb4a6d90879dbab4d7a
SHA1 0dfea1945f2385d37dfd4fc3fe409d70f1b69912
SHA256 ce8f3578b461dcf29bc571c8f7d1dc162b2b57226bc88071541ee13543f21b48
SHA512 dfd27989edec32d1155ed337592190765e59fd1d160253c3c8139cb832e8534d3ee4bdc5c141bd306de3ba7261e0302a1655117483e02d783e68a0aac626a93d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 995401907f8d91938c8aca4b136947f6
SHA1 c1fb9d90f7b7f3ed446bd795ecdd8d8efa93970b
SHA256 cc48a71d89bde215556d85ab63b05a7a4b1ef06a9ab7426671ba97dc304fa4d0
SHA512 f0aa3b08f968c628d7498312017fdd4ff1ae8d19d9a4add65e04c0faaf1222488164f7585622ce9d5f34679066664a37f5cf71c2d5ea59035712fda5c8817ba8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ddcc7cab74201bf2c7f0b7f09d36e309
SHA1 38219d1039f93709548dfdfa7d1f10d1109e3f3a
SHA256 85dae7af21988099c5add2403f74703b775da158cbeb73b186f1768f4968e57d
SHA512 f87d87d232cf2f16e98fc9a92fb9b8e475fa3c3ff3139b3ba94c3def4d58e636257ebf6a7f95ea0fa7d6c35242abfe0fdd357cd5933c6f5addfacb25e5fd6138

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff5cef51f6a11094dc2094f47c406702
SHA1 3f80487fe8f8d84347917e90cf4445a55fd19030
SHA256 5cf768aee10ea2adcb7a96c182d69f3322f9a24acbdd8b89b2352bee4e84b432
SHA512 42e62760248a3573c4e232eb3a48a2c0574d9583dffd00feecdc3064256048d8f64cefbea8b794965c2672db22f2bf8915400b795b2187e5754635978514a6ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b8c4c69d9b674be70ec9315390fc84c
SHA1 b5c9060d9ed12cf96f086b3c095fbb4621fdff9a
SHA256 eae6e1b039d22eebea1ac7ba3f5037a4be68dd7c3866f704026f876fdfe94c66
SHA512 432426bbb728421ed288beddd55397025edbb5422acf865a14fadcfea5537931eac88005f56f05ae380014ad7a546d2250a44c5bd0dbc83dfdf1c5735bc12493

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d215e02ca73e3119edb3f3bd0d7b1a7
SHA1 a6476442bfbace111e363e7f94515a079f64a338
SHA256 2d5159134c42d51df0ee7996e052dbff30e21fc126d13ed952b9576434f0bce5
SHA512 eb9129786e334cb722d18a5b2fb0462986238db06f1a6e4d08a4a639cb0999a4fa0c80e0255bc2b30181a5777dd8be36bb014586d32abb930adbee10973ed034

Analysis: behavioral14

Detonation Overview

Submitted

2023-11-06 22:00

Reported

2023-11-06 22:04

Platform

win7-20231020-en

Max time kernel

135s

Max time network

131s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_static_endcard_tmpl.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70dd2fdffc10da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "405469958" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009159649b912a9140bf53d83809c5b2ac00000000020000000000106600000001000020000000fa29ceb7a4c64b781490bec6c8ab596351bd633fdfc926220f6df0b5eee87158000000000e8000000002000020000000a39937a4ee447b83631b30575b375599cfeeb3e0d74d51fe1ac3a169d32c4f109000000030e852eb0d84c99d05c929e7a3a5d784e4d68ce9c87723e48e48820d348803e9f788e6aa061d21ed5d2307502530024e27f0d58590b2c1f5797807b5309aaae79450b20f8ea0488f9ac60c2aa35472b563771b0da52e41bab8a4d2095c2ab20250604273dc2e92c21eb85efa38d29e8adb07eda96e62eba0f601c0f1ec9ab0874bb95fae7a1bd6abd07825052f31e7674000000072390a78db84e2353b4a1d35515e15724ad396ce62f90a23ed208492fb2eb230a2188a41fea6abd7d5711b2de2bae0791ce7dfd90387a640b5c97017d9828f04 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0A60CF41-7CF0-11EE-A7A1-C63A139B68A6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009159649b912a9140bf53d83809c5b2ac00000000020000000000106600000001000020000000a70b17a027d0debe2f8100b71d2d06fe192ca659fff911b88d5e87c4b4f9ec35000000000e800000000200002000000074107ada380da13225033d45bdb4197b1fa551f8f0aac64829350b16bb42b28120000000ad00be6abc051ce5b41b19610289c2c76140556477c5ec3fd76d48fbf03afbdc40000000eecb69087bb3c4730424be65be3e764f001a1b12d8597b24d5ee97945f341ec905ea355dd4ebc2f213e3698354ec8ab2dd831ffce9dc01ec0bf72ba5512a1a6a C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_static_endcard_tmpl.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2316 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabC302.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarC401.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bb7358810111428726573fa66a8caa8
SHA1 113c28ddf68fe9ea29b4110d28af4072b3ec73a8
SHA256 ecb12543ea09fd407a26fda9829b904825262b23477f4206539cedb1379dfb40
SHA512 239d2bf0d0a890fb6b2d98dee139b55a77a5d811719cf5e8d6461983847f56bec00e56106dd0497bcd4d6102d53cd10966a64be6e1c22744362679444013cef6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a64629c9b71b510953ef3dc10273a205
SHA1 6348b121e5206f313fc5969714a61c27b159073d
SHA256 c2b321c66d5df105dd0b58d7c557a4a7bd319394ce1460e6ee2993cb5ee6904f
SHA512 a43125a09280fe518f7dc85fb8d99c54a8f0654ed1953c2e103db68d0ec00d860d896ac0f0e90a2626b562f3bfbe0e01c9aca5c1ebbf8a7a1f91eab24e358dd0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74c95f63885cc07143f6fc007d5335b3
SHA1 bfb7e671ef9894cd8844e87ff23bf793712c7766
SHA256 e4966b20047c20e44efe9e7e79d282a0916e0be60bef04610271b0a3b11e66fc
SHA512 30f8ce600366d22fb1e10e00691912604abbad3ec48204d85c0b20830d4fc9c160a538ebbc90a8bbfaa1800047abdc774fbbf7fac6602c7f978841658182672c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d756f0665e6e1a4c64ee957a37c7abae
SHA1 71d71f042ae8be28659d80f3d41bdb0e401a6aa5
SHA256 4dd3d46303332a6764df5978c5d665e8d68a3e76d5ae7a1464023c62bb1a8d90
SHA512 d2cacc7ddc5f8dce6895763195181a10a904bf040b5e84e455bded621c488430e68740f626a32dd6640c95e0043e74a0ec80b74da5f8702b38669fbcf2f40353

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72ef25b525313bdf4d8bb5762a5ffe29
SHA1 f89e8a1f2660d1dd90ad88a80e3efc6cfbe9b9a4
SHA256 b974a8b02190fe27fbbcf00fe30c4eb620a7f191e97eb58bd0ff8dffb8f89725
SHA512 73f9e40fecb0fac3995ae152d8eaa7d94cbe69069314f206523261bee34f16cd2183aafe9d81a5370a59e1509ab6771d70f577abec939baed12a8a4fb4884e7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c33832da9969134f26db23948da6483
SHA1 53ede5b8e268b1476d53c316fa2b1b5a27745c17
SHA256 325e4a8faaa01c4e70c4011b6048135c3802910ca4b6a54c9c010b0f7ed14c94
SHA512 e3b93c59990434a58d7a0438420bb88e89ad08d8bb2f41c9169e0e89bf017cf22ef37caee9c76c23328f1d8bfdc34f97179fed7b18cf8ed2e781a1d63dc3669f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef50ed44e84c7b2aa53fa7bb798e5eea
SHA1 ca9e094012adaee9e1e747a9000d891fbfe8bc6c
SHA256 a00f2e5f430f5d56b519d626e4fd2764e5802a4b0af9fae2260dfe4a545ed1ac
SHA512 aaece616368eaa4116e7f0cffab78c6ec25b042d9a15f5c6c825cf5ac7f9e8032a1f785410eac917080678bec4bed6074da0a55f3c3c6603d196b0c42f725b4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73f810b00e9dc49db242f13032783aab
SHA1 438551a2962b78676c3b6715984208e830471a27
SHA256 30ebbc0e2ef7711d9e9b3e8e66c189a6aaa8c130be127e1c750805fc364d313e
SHA512 6ac8e1daead88383edbc65e9496629edb638f548a9c9b09809bf9185a11dee7ffa83542c5ab1aa9bc3afc3db51056b4a6ff5796bcf8bb3a8eb5baea3fadbbca3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6a01259ea08b39c9fd634117f18c3dc
SHA1 0fe89d77f13db13a207a5651cd3eecbf7e925185
SHA256 ac962187772b6daf5b19930ba091ef5c5e2c12668cfc722d76e38180491e8148
SHA512 0b93e9c1211292181e7bc09b3d580eda8aadfcab3cc75f4ab4b4d1389a67dd96fc391383d6520128bc5e6340ab59006b3bcb880e5d8d57f996071e0ddb4c8d1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a785227309dd67a9637e8ce8b71d1797
SHA1 544b049e7262c6efb595887a4ca44fba4750cfa3
SHA256 10be3d5e45f66a3d84660a017fd12bad998b4aca0af183a10252543f3df64a19
SHA512 fbe0fb17137864d3487bd7ad93f08036ce8ad2618ea12168a98726d0ef9e81acffefa6de1f7ec9639bd32568b280d7c4e3fb28282828ea2669dc516aa3432069

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 528db2cab3c8b47ba76aa612c1d697c5
SHA1 8106f3ccc994c1d9597ebb997111c51bd2bba475
SHA256 c007d6626b2b46a4c59bcb06ac337b3beefeff14816ce6bb56ccf8983b2fc436
SHA512 5d80db7911ed75a9588f3c0dd833d3c59568bdf7060a486c4c5171d7ddf22efba1bef522619d2a7dc620bcdc9891fb1d75bce7d59f289690628f0ae6f0e240eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 175a747ea145367a3afaf25fd4af7040
SHA1 ffd37d9022439f23cbe9f8f96aa3617265af0116
SHA256 524c25d679bdecb96e41ffdc6d342f731a5e8708ca88ab49eb59062a313cfb1f
SHA512 eb1cdfc3f18b1a337deb0d019dd3b5a4aad238b97a1f045c32e53e09ce502d6fdb404c40c37e7c64934514e61a456475615c7a80d6a19e7295dca80e7c850e9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff8f90c05c9694e242c5ffd48bb0f315
SHA1 3cf95c4ae91e286b8ea997c5ede8b178336c1966
SHA256 726036b8835c60e149d1aae4005b46d1e4d2d3521fdd441a180d3f29456660d1
SHA512 495c07ffe9c7e289720ffbb33639ff80850117c6ed206fae7ff8c806e4d0a116edad9a6e594a05797ba08aedd34d8e2c41e8c886f9c1e785a5629f917a02e5f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df2cea87431a12350716ad8ba09f34e2
SHA1 6c0207b0d7900f26a9e6a838544452c11343f330
SHA256 2486ddd04586d6c31e11adcc60cca5cab2de1e965cec1abd8b2bf4253028da40
SHA512 278dd7a0bb30010b51cc4357c3e67f7d77f32ee9ad322614de9549eeb102deef463d3b3a817174d82d4b3f7b34386da9903987e100b13df9b2dcb2f2f06d4d06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c70423255e8dff2a277e8308f3697ef
SHA1 0757c5e1c82643bd0ebd79052a32ae918018e4b7
SHA256 a86c03ea638da3b509e05269941aef4bf2918019fd1500251450dc363c965783
SHA512 7127569172d7e0efed91a88c3ed288f3940c2460e0f3ede50ffb1b9169bf9f1966e2fa713135b2361c8740fab6f2a0755de63004ddd5616c72547444f8f1153b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1639ab8436365cf07f32651921396b95
SHA1 9f3672db6304ee0816ce6b17856a235930ec4bd3
SHA256 7fd26d1b41a3c461f5741c6590cd45918f1da68f07399377cfa8706b1188ee44
SHA512 1a9b80720c89b83da3675df3ea431c67e579d36d9da40ad6936eb8cda60b813e0d73edd4f9aefb5011a5170887b95e747081c74e17f12a49d6e78a81aa628936

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65b9bcaf4443a1e50752d1cc9108a40c
SHA1 c4039fd93cb2cf8c44aaf964604120ad021dcfbd
SHA256 9044265fbf77b52e46e7ae376078356e72cb4afb81fd391e1172e6145a82deb2
SHA512 6f85214cfe7f20b993ed8cf767a9843e040bc6aba6b0098612bf9027f5690c57eb678eacb42ea34176d9c01c78697807018711ba12b22c1a79441607bed9f7be

Analysis: behavioral16

Detonation Overview

Submitted

2023-11-06 22:00

Reported

2023-11-06 22:01

Platform

ubuntu1804-amd64-20231026-en

Max time kernel

6s

Max time network

10s

Command Line

[/tmp/libc763d2.so]

Signatures

N/A

Processes

/tmp/libc763d2.so

[/tmp/libc763d2.so]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.194.49:443 tcp
US 151.101.193.91:443 tcp
US 1.1.1.1:53 cdn.fwupd.org udp
US 1.1.1.1:53 cdn.fwupd.org udp
US 151.101.194.49:443 cdn.fwupd.org tcp
NL 143.244.42.32:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
NL 143.244.42.33:443 1527653184.rsc.cdn77.org tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-11-06 22:00

Reported

2023-11-06 22:07

Platform

android-x64-20231023.1-en

Max time kernel

2796287s

Max time network

165s

Command Line

chef.isolate.task

Signatures

Alienbot

banker trojan infostealer alienbot

Cerberus

banker trojan infostealer evasion rat cerberus

Cerberus payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Removes its main activity from the application launcher

stealth trojan
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/chef.isolate.task/app_DynamicOptDex/fTnEmT.json N/A N/A
N/A /data/user/0/chef.isolate.task/app_DynamicOptDex/fTnEmT.json N/A N/A

Processes

chef.isolate.task

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.251.39.110:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.250.179.168:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 buuncanlidersvarmi11.com udp
NL 142.250.102.188:5228 tcp
US 1.1.1.1:53 g.tenor.com udp
US 1.1.1.1:53 buuncanlidersvarmi11.com udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 g.tenor.com udp
NL 142.250.179.138:443 g.tenor.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.206:443 android.apis.google.com tcp
NL 142.250.179.206:443 android.apis.google.com tcp

Files

/data/data/chef.isolate.task/app_DynamicOptDex/fTnEmT.json

MD5 941798c87bc19acf81e9a30c5c9d342d
SHA1 9c729d4edf25fdebabe911858ac4d51551946284
SHA256 89418d37f636411e97486c68de47965757b31da3a0b481979865c8efb5804fec
SHA512 d803a09f708f2834f683a22d3077b41d6b7cc512ba41f777ecde4670d2bc63b4a357ff06699e530bf4c3fdbf0b6fd10a6c33e6c8e4b8015955724bfb3fb19cc0

/data/data/chef.isolate.task/app_DynamicOptDex/fTnEmT.json

MD5 9848f326eb31b8eb6a6aff56e08eaa6f
SHA1 475866a598c6c9d049f5ed2ffb3410d98edc7159
SHA256 f49be7fe820c785aef3578b113a3240e8450c797609578b6d05316cbb3495779
SHA512 cff258de266dd100a77768560bd0e013c25d73ea46630f37dde7c8f3731d95128c99cdbe424379bed655aee20fe9187f37699f1966b5157aee2047d6127003a3

/data/user/0/chef.isolate.task/app_DynamicOptDex/fTnEmT.json

MD5 9848f326eb31b8eb6a6aff56e08eaa6f
SHA1 475866a598c6c9d049f5ed2ffb3410d98edc7159
SHA256 f49be7fe820c785aef3578b113a3240e8450c797609578b6d05316cbb3495779
SHA512 cff258de266dd100a77768560bd0e013c25d73ea46630f37dde7c8f3731d95128c99cdbe424379bed655aee20fe9187f37699f1966b5157aee2047d6127003a3

/data/user/0/chef.isolate.task/app_DynamicOptDex/fTnEmT.json

MD5 9848f326eb31b8eb6a6aff56e08eaa6f
SHA1 475866a598c6c9d049f5ed2ffb3410d98edc7159
SHA256 f49be7fe820c785aef3578b113a3240e8450c797609578b6d05316cbb3495779
SHA512 cff258de266dd100a77768560bd0e013c25d73ea46630f37dde7c8f3731d95128c99cdbe424379bed655aee20fe9187f37699f1966b5157aee2047d6127003a3

/data/data/chef.isolate.task/app_DynamicOptDex/oat/fTnEmT.json.cur.prof

MD5 8de620c78836dccee1eb1ada7efb42c0
SHA1 02ce40766bd8f0f9b15033e7f9da16f2ddf5624a
SHA256 84d23c496050ca17c1336074f21e9f4d48d86c9fe6266246585dce23359b3ab2
SHA512 f6c8903f901f846c903107a52d9278802663317160d44bb9f42af7eebde5d1205cc421da33a8066d538726bebf00afb44cfb14249ad1be4f28ab094f52a557f8

Analysis: behavioral3

Detonation Overview

Submitted

2023-11-06 22:00

Reported

2023-11-06 22:07

Platform

android-x64-arm64-20231023-en

Max time kernel

2796365s

Max time network

144s

Command Line

chef.isolate.task

Signatures

Alienbot

banker trojan infostealer alienbot

Cerberus

banker trojan infostealer evasion rat cerberus

Cerberus payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Removes its main activity from the application launcher

stealth trojan
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/chef.isolate.task/app_DynamicOptDex/fTnEmT.json N/A N/A
N/A /data/user/0/chef.isolate.task/app_DynamicOptDex/fTnEmT.json N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Processes

chef.isolate.task

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.250.179.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 216.58.214.10:443 tcp
NL 216.58.214.10:443 tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
DE 172.217.23.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.174:443 android.apis.google.com tcp
US 1.1.1.1:53 buuncanlidersvarmi11.com udp
NL 142.250.179.174:443 android.apis.google.com tcp
US 1.1.1.1:53 buuncanlidersvarmi11.com udp
US 1.1.1.1:53 buuncanlidersvarmi11.com udp

Files

/data/user/0/chef.isolate.task/app_DynamicOptDex/fTnEmT.json

MD5 941798c87bc19acf81e9a30c5c9d342d
SHA1 9c729d4edf25fdebabe911858ac4d51551946284
SHA256 89418d37f636411e97486c68de47965757b31da3a0b481979865c8efb5804fec
SHA512 d803a09f708f2834f683a22d3077b41d6b7cc512ba41f777ecde4670d2bc63b4a357ff06699e530bf4c3fdbf0b6fd10a6c33e6c8e4b8015955724bfb3fb19cc0

/data/user/0/chef.isolate.task/app_DynamicOptDex/fTnEmT.json

MD5 9848f326eb31b8eb6a6aff56e08eaa6f
SHA1 475866a598c6c9d049f5ed2ffb3410d98edc7159
SHA256 f49be7fe820c785aef3578b113a3240e8450c797609578b6d05316cbb3495779
SHA512 cff258de266dd100a77768560bd0e013c25d73ea46630f37dde7c8f3731d95128c99cdbe424379bed655aee20fe9187f37699f1966b5157aee2047d6127003a3

/data/user/0/chef.isolate.task/app_DynamicOptDex/fTnEmT.json

MD5 9848f326eb31b8eb6a6aff56e08eaa6f
SHA1 475866a598c6c9d049f5ed2ffb3410d98edc7159
SHA256 f49be7fe820c785aef3578b113a3240e8450c797609578b6d05316cbb3495779
SHA512 cff258de266dd100a77768560bd0e013c25d73ea46630f37dde7c8f3731d95128c99cdbe424379bed655aee20fe9187f37699f1966b5157aee2047d6127003a3

/data/user/0/chef.isolate.task/app_DynamicOptDex/fTnEmT.json

MD5 9848f326eb31b8eb6a6aff56e08eaa6f
SHA1 475866a598c6c9d049f5ed2ffb3410d98edc7159
SHA256 f49be7fe820c785aef3578b113a3240e8450c797609578b6d05316cbb3495779
SHA512 cff258de266dd100a77768560bd0e013c25d73ea46630f37dde7c8f3731d95128c99cdbe424379bed655aee20fe9187f37699f1966b5157aee2047d6127003a3

/data/user/0/chef.isolate.task/app_DynamicOptDex/oat/fTnEmT.json.cur.prof

MD5 d9aafcff073bd42f1a04014aa624515f
SHA1 5f42616ec3d9b98a547a8fc6bfdc0de0d3d4236f
SHA256 71312128869b22147616bc93eab3c65b532adcd77474f7b66f99759f6f832dbb
SHA512 5479f2ec53ed8ce28d05ad458836a64353b081afb514e6023db6ce51410c281a1e5f61fea0ed5888908ea6d211be4524dd20a591489c2eb73a195ad14e8e36be

Analysis: behavioral4

Detonation Overview

Submitted

2023-11-06 22:00

Reported

2023-11-06 22:04

Platform

win7-20231025-en

Max time kernel

121s

Max time network

125s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\aps-mraid.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\aps-mraid.js

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2023-11-06 22:00

Reported

2023-11-06 22:05

Platform

win10v2004-20231023-en

Max time kernel

142s

Max time network

151s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\aps-mraid.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\aps-mraid.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 254.210.247.8.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 192.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2023-11-06 22:00

Reported

2023-11-06 22:02

Platform

debian9-mipsbe-20231026-en

Max time kernel

2s

Command Line

[/tmp/libc763d2.so]

Signatures

N/A

Processes

/tmp/libc763d2.so

[/tmp/libc763d2.so]

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2023-11-06 22:00

Reported

2023-11-06 22:00

Platform

debian9-mipsel-20231026-en

Max time kernel

3s

Command Line

[/tmp/libc763d2.so]

Signatures

N/A

Processes

/tmp/libc763d2.so

[/tmp/libc763d2.so]

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2023-11-06 22:00

Reported

2023-11-06 22:04

Platform

win7-20231020-en

Max time kernel

135s

Max time network

155s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\calendar1.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "405469982" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0C35B651-7CF0-11EE-91A4-F6B55313AF05} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000efee191c820df7499e31472656722fd5000000000200000000001066000000010000200000002ef622f8fdc201e554fb06482b8efac45ce9db43a8687c320df3eb07bc96af87000000000e8000000002000020000000da8a51b94aef736d87f05640703e1460f31bc42b564f1194691b78fe79458190900000002b8659f18c81aba64ba613ba468cb3facad673bf5223ea0fefeecc6886508382e5dc90d058048f78a28e453fe18e45b29efa4e6420998318b8bb4cb42de977e23946cc75293e1e55166d5fd8f36b7348cc57e2681eccc4dcd40d5a46202d7cabc0b93f515df680a34d0b6ae36cb116dab642572476b78f791ebd992d4b4178cb6b1942fbc809a4750e490e882a4612f9400000000203a8e91593dae4d6c74d9c2a607ac4c1ed735ebefae7aafdfe9de31097907b3613d4af688534f14a3ec81af9b5c6040c0cd0e34f8a961a3eee5dcd98a9ac38 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f076e7f9fc10da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000efee191c820df7499e31472656722fd5000000000200000000001066000000010000200000004ad777f5380c022d1e2611aca6a739e4d0e8dfaabaed5af3a8442fb9a739b47b000000000e800000000200002000000071e77dfb35bb59cdd1c0c83697f31922176b81bbafb972f237e5d10ab7f3ed95200000005b8b3c856f884b208296c2a52026a0915ae66d4d5031c25a75cfb87097da93eb40000000177638a839f401127e3588877c93a468f0149bb5262015c2c3da0d251ff9b283f4994d88b17b1e86b662f8046e69994822c22c785488f8d16788a63e118b7b3b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\calendar1.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 appsrentables.net udp
US 52.38.238.10:80 appsrentables.net tcp
US 52.38.238.10:80 appsrentables.net tcp
US 52.38.238.10:80 appsrentables.net tcp
US 52.38.238.10:80 appsrentables.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabF7E7.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarF8D6.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb144b94fbe97ba306ab4ed051f0001b
SHA1 f6e6e90a6c017dfe7066fd0f564927c3c5930a16
SHA256 8c871cc69ba526f5b90ad595a4ea8fcec6369268e517a8ebf00238d62244bd47
SHA512 b14dc76271ce08d09b2674ca508d4ec275eaaa4c02b8a7e63b2608a2aca0a25b4d65b606d25ccfb3c5fa84a6601de643b603542065680fc90ad076246957d240

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6add199d01947d11379503361c58b45
SHA1 4a6472bfa9a0503a19c91ddcd6b3a0d11fe5fee0
SHA256 2eb72945d34d84d6bbd443128c76aa96e5d631d6708e0e7a71ac75df2e4fd16c
SHA512 29cc85bcca5a942805837dd667797d81001bbc11488323de0a5e215dc06b775165774cb2eca6cb5f6eb62e75cb228a7331195a534013f6a26a0ae99c72dddc27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2df88809a6009f66606ff5e9ac0ab11a
SHA1 4d389a3ae8bcb6438aa3d9fe17dfd60476a8e2c0
SHA256 73ef14ea2b03c59da3fee9164500221eb899e7ca9d1cf9b76346d7f0e61fe2db
SHA512 ecd16327ec6405d13ce6611b0a438e009193fa119dae1e6893be0e286c315d829adf60a733cf894658be2d3a049001808746018311904048aae6d0c2bac74a6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3cd108e36760cc4b25f22dc84acbc8bd
SHA1 e3effa7b976b1e728c39f6a15586320613a62960
SHA256 cb63db3c52c66cde0055c9e8e7ff2589fd313aa7624f9a0a558d44d1d644c592
SHA512 ad3a0ddca6a75aaf6fa53195721a3762072132f3af57cc8294451f9628e7b9cfe3d1a5ade35d551880da45532106e2b1cdd70ef6b39ca7153520f791d021afbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b55cbbe6304e9114cb01a238d00ef798
SHA1 148bca63acd46d901475d94d20398f2a98bd4d41
SHA256 457fa86f966185564d3fe106f662599abb7a8fb5b04543c9558d25617d0923da
SHA512 5a1d96f98dcb1afd53f0d48000a717511b0b32737674b7642adf228d66f11d9165bfc3edfef6ac4065495a5318b94bc1c9a0cff792d569eb830423237961cd84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 453c94825b9509b39a1a9012e42cd1a1
SHA1 4b2bd2b0b79dbe4613ebe3d0184181b915d24c9e
SHA256 4680fd7d4876a4070979d7e7d594789845560a940a7eea830999e6e4960ed783
SHA512 1027c74f03b844b68fbb98d727bc3dff56333416960b87982667c6419aa31da16f92dc2e544a69294260e5bbc88b70f8657780f52c3eed7f358ea979a648fa5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc3c3bd58f82121de52410e87076d843
SHA1 e3f1a7efe4e73a332548ca419321dbf58dac12da
SHA256 14c86fde2fff552bbc3f7336434db1911f211a4e8aca619217da4856d6e87096
SHA512 e0d6fda11ee493524dcd08a69f22c4a9c1d09797e44868286461e2c97588649c68accfb7b9bfec2289f11bf18cb566c3e2e83c0d74f785157b333310619c643f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ed44fdfd737af0786e42a25230d4526
SHA1 e55c6fd35e4d5caa3ea2d4544a9d82164c5260c7
SHA256 6271bb348161d2044e27772fbac055ca33b25b3f0b6bdd12e1d9089ab879fb10
SHA512 dac3380389220c00df495dd0b8dadd71d60ce99aa094de88e4eec864b220fecfaed960b961c0052237c016036e98c628557da0a6d9d0adb00f261dbcd79dbfa4

Analysis: behavioral10

Detonation Overview

Submitted

2023-11-06 22:00

Reported

2023-11-06 22:05

Platform

win7-20231020-en

Max time kernel

121s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\dtb-m.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\dtb-m.js

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2023-11-06 22:00

Reported

2023-11-06 22:05

Platform

win10v2004-20231023-en

Max time kernel

150s

Max time network

149s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\dtb-m.js

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\dtb-m.js

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

Network

Country Destination Domain Proto
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 135.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 126.22.238.8.in-addr.arpa udp
US 8.8.8.8:53 170.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 224.162.46.104.in-addr.arpa udp

Files

memory/3992-0-0x000002959BA40000-0x000002959BA50000-memory.dmp

memory/3992-16-0x000002959BB40000-0x000002959BB50000-memory.dmp

memory/3992-32-0x00000295A3FF0000-0x00000295A3FF1000-memory.dmp

memory/3992-33-0x00000295A5110000-0x00000295A5111000-memory.dmp

memory/3992-34-0x00000295A5110000-0x00000295A5111000-memory.dmp

memory/3992-35-0x00000295A5110000-0x00000295A5111000-memory.dmp

memory/3992-36-0x00000295A5110000-0x00000295A5111000-memory.dmp

memory/3992-37-0x00000295A5110000-0x00000295A5111000-memory.dmp

memory/3992-38-0x00000295A5110000-0x00000295A5111000-memory.dmp

memory/3992-39-0x00000295A5110000-0x00000295A5111000-memory.dmp

memory/3992-40-0x00000295A5110000-0x00000295A5111000-memory.dmp

memory/3992-41-0x00000295A5110000-0x00000295A5111000-memory.dmp

memory/3992-42-0x00000295A5110000-0x00000295A5111000-memory.dmp

memory/3992-43-0x00000295A3D40000-0x00000295A3D41000-memory.dmp

memory/3992-44-0x00000295A3D30000-0x00000295A3D31000-memory.dmp

memory/3992-46-0x00000295A3D40000-0x00000295A3D41000-memory.dmp

memory/3992-49-0x00000295A3D30000-0x00000295A3D31000-memory.dmp

memory/3992-52-0x00000295A3C70000-0x00000295A3C71000-memory.dmp

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

MD5 e5c2b7071d78f47092d6e57270828644
SHA1 2449ec02cd2ecda73ed885145bf7d91d633f6748
SHA256 8d61d78c1b0267546bd26581bd237dea91441ba83a3f67e2725b211393d4c28c
SHA512 159a656b16285f5a328acd5add466ab2b98f3f53f409ab00c06c58639accf9416beb2e4d1b32e5a471c78e716e7f94f13c4aff5990521cf83ca9a87bdf2086f4

memory/3992-64-0x00000295A3E70000-0x00000295A3E71000-memory.dmp

memory/3992-66-0x00000295A3E80000-0x00000295A3E81000-memory.dmp

memory/3992-67-0x00000295A3E80000-0x00000295A3E81000-memory.dmp

memory/3992-68-0x00000295A3F90000-0x00000295A3F91000-memory.dmp

Analysis: behavioral12

Detonation Overview

Submitted

2023-11-06 22:00

Reported

2023-11-06 22:03

Platform

win7-20231023-en

Max time kernel

135s

Max time network

134s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_iframe_endcard_tmpl.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10ccdfcdfc10da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000099b8a3c6ff97044781f9dc0475faca4100000000020000000000106600000001000020000000a9bfa3c3e52329e422a2197a807323de2f919f3ec595a6bcff714f0711bb2ff9000000000e8000000002000020000000ae5a40ff0dc70719df2c0bad7bdf25fff8a5ef3e62048423220ac888823344e89000000002afaaccac75215fbd88bc49cf9c5cddaaef5fa5403261b3774d072588f8930d9515ea1ff7a32b8504c3cc9105d41a42cb497b19938ef8808f091fc80f289b64bded22c8c2d78559a12408dbe37eb3ef2114a7d324636cc805a57f795ac3173174183f6d1a5bac3db1f7ceb051fb24805018268d49d8b9bbc44b0e292ed05e95cae0600326ee0f39e265dc8b3107f93d400000005504c54dd31a9e990933047013b8ed31ef22e7d79c9829be2b7f6277514083c5b1dfb79cadd62ffcef5fce4e1d4ac19ced0de9ec5072f75d1a1e7967df779de1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "405469929" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000099b8a3c6ff97044781f9dc0475faca41000000000200000000001066000000010000200000006995466322f50b65ea32f67ae12758d55df64c085a993e7018eb590ce53169ae000000000e80000000020000200000005c8503f601a48e85fd1edff18860fbe2e47e661c4c1ec4843a2ce664a11e286420000000f9caf514949c1c0434d50339696dc6fc4c9f4a6ceaef6388fb6764d9194d3d6a40000000444157a93103cd1dbb94a8f492b37e1c800c0f5b0a211faec65663e37291fbf74c691048cad4c8e1cbe95e3412291c81b9f154a85fc95e72e494c029e2abb094 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F904AFF1-7CEF-11EE-9B4E-4EB5D1862232} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_iframe_endcard_tmpl.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1264 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabA989.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarA9DC.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7baf9c9d435d0cf9cb1546a6e8480ef6
SHA1 785b5db0049415d81640c0eff64c4fc835dcdc6b
SHA256 a88a711e3f6c1309b483e44422bfefedf940a821b1571b3e53b4dfb1f6abf903
SHA512 87e776df50a1800f5ae46504ca7dd5fe4d96eda95af89afb048cfbd86be9f91b64dc7550ca8870827b87985a5f3bcb09223261bb8ca88fb2a81932639b38b47f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79f8e4279fbf7bd5030e3d6ac5876bb0
SHA1 99d7027aebef1ec3425be9a02783b2245a8611e3
SHA256 88943fc73b8780500d43fa1d2136b58c37458c89fb59b09bcb9deb085e221f7c
SHA512 18302bec93267965b987cb43d4420eccec37c7270b45909a6baf936d08b3992902c52f7fc3ef2e47a81bc9d77118806a0a279f189238ae132cb2ee39768e505d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79f8e4279fbf7bd5030e3d6ac5876bb0
SHA1 99d7027aebef1ec3425be9a02783b2245a8611e3
SHA256 88943fc73b8780500d43fa1d2136b58c37458c89fb59b09bcb9deb085e221f7c
SHA512 18302bec93267965b987cb43d4420eccec37c7270b45909a6baf936d08b3992902c52f7fc3ef2e47a81bc9d77118806a0a279f189238ae132cb2ee39768e505d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d3782c251a1403afa0c3dccd597b112
SHA1 24d32b479e2e37adb2650522bbea4fa891382a8b
SHA256 739b5d9db8dc0406c0a67c7d0157932f07b05d05928c25bd3e8e2973b4837971
SHA512 294a5c1b76db33e3f11abf6a686621c6988c743ad8672e0b1a1b63f4819a907baade2f5211580518da1e8710ac74226827e4a028677b4405869145d5789ea905

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e44dc1af53006141f836f1166660cc1e
SHA1 21def68bdd8a48572cf4dd2d6292457251150fd0
SHA256 d7f72fdfbbc60fc87b4fd1ae9f44d62d95b2fc87901cf910ca34b0f21f54b6ca
SHA512 2837584ad5cb6471460eba9f6d11556d415b6dcdfba4f45a843e9004f7f39854f48d3a556dabaa1fa00f9bcbfefe8f28e0ef679039b98e273e1284e684a62e78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7814cc835885039b7c12d8969c4f282
SHA1 4b064845d0aed8c3ffab5c930a741320c166d1a3
SHA256 7317b9c634e4270cb2be8b469c0180178aaa6a76a446ce9be5eb44ed8155d1f2
SHA512 094600d5a1a86f330c8498b76ccb43dd9583c636b7ef6236495aa8da449cf26e10c8db69d09a7cb32552ddfd872089ce4238a9afef633d8e0d122ce488afaaa9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 323d478deb7c406f24f0540817d90211
SHA1 9137020e271631b9835e00cb82321ae4d1a6cf07
SHA256 184061f04b95e6062902a5ea4d55adc262a0002457930d070ec90408ea6181fc
SHA512 a8ab431b1a797bf76bb0afa008490756c125f99072cf40c02bf9e6ba498de6928a4591410084bb06b25010359bf215ca637844cb24fccc02b64ca088d6afa60a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f6d4034f9416b2791c55a916db63efe
SHA1 4747f1a7c5ee5cd37761e862a12cf56b0320e005
SHA256 fe4c59aca80a5cd4ef9eb179584fbc3116cb20df3189494277b4c615bf00ea7b
SHA512 4b02d9cde1b40bf31f163289a1c7243c6bb6fe7bff5af4c870305cd3f2833326a05698fbc248f918a8fb33d7b11c9bec22859e2bbd2ced640ac5bdc527ce7ef0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8292f0121ee8ec05011e136717b3c219
SHA1 f6f8c3dfb3846168f7608efc21e3b0a1a5628b04
SHA256 ac7124dd5462f70514addf71d59e6a360e8e096a91af7cefc3e5e85df2204ad9
SHA512 2a18ee7af96cd9e1b85a5eabda1ad60be789055915d59360219fd88f0a66896a67c915f7b8f964bcb285d370ca98d30365dd1c7405876a75df15a6ec7fdd4b53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77c56ae3981e7c14e54855c3310dac5e
SHA1 6b9bb8e2cef28148a42e4e6bbe4212487a7bead6
SHA256 a82e715c028bc114c80a05d10fd80ddd5db412d97b5cd443e556dae14ca815d2
SHA512 2f4a73da5c3c2aaa6f39af43cd21112192338601c54906211297e780f10a1ebf10d0740aab9ab7c47c21e273dc6b6ba4bc94bd9b11678778f7fba038b45e7d9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17a8bedc74dfca33781dbb1217e9fe65
SHA1 c178fc853bf9dadc3dd1daacb4895943dfcd6936
SHA256 add2979711dfa035e19241acf8abfbbbcb658608d2321b773a62148e6b9118e8
SHA512 a684051dca8b9f0d681cc6d3a7cbb04431d987123da7b304b5a203a992cacc3d583943d8b0b8eae6acbaee190f69590063d45827cf69a34f6196bf6210d49f4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4079bb159fbfaaac3e1db6f47d67373c
SHA1 7f83c337323892a8faff89290a24dc79559dd14c
SHA256 5c50f20c98b78f6ee6272965058e0c8493ab60bc72bf274a2e2dd479deebb6d4
SHA512 1de4d05b3b8b445aad91b456b7dd39a1bdd63e1aabf61a793a00ea0f7d818b5ba06f33dfa564f4d769011a9c2a81554b4a3bd311063888f83bab533668e718e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4452bc37ebba8a2776a6fbef4deb9625
SHA1 982ee4f16daf1002d722c5ffd6db284df09cc8cf
SHA256 a7e5662af6997360f78781c5a484857a058e7f3b391afff2f1fe239548907162
SHA512 88507ad4c669cb160e6e579b3d95d50267575d811884e2251d2e0ef10200cbbe128a94fc09bd3516b4734061e7e35fb39a9d52d3a6813d88e7676dcfa85fd811

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af0695cc91677bbd24ecbbd139a0e8ef
SHA1 c53bcac1e6b2154a581f40759e6cf2427758309a
SHA256 4bcc771c07b6e2a0798e51d8fb378a06057b137f1f1122aeca374b391436897a
SHA512 eea2b4c6fe94a78136ef9e4339fc10e98c6cd57efa6617f40176e40da4513206e2ff588e39c10eaf005a6af1b9e13aa02bdacee048eb5b8e71b9b06a89a1d22b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eada2680208d58c7e7704a471d009944
SHA1 3b09ebed2a17bb972f2ef699917c5cc2c5ba7e54
SHA256 b86e418161ccf78a0a6883e4ee886809077ef2caa3076866ff86193fe4347e4f
SHA512 8fb53d31c27f217f7513361abe7a9ffb08e132d7cae7fd07ffb2028fcebb97a7dafb6210ea5d48a9ecbcdb42c28810c5f7a988980d2817cbb8557b68f7d3764e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f5cb4be557d0084eeb3ac78f84e5689
SHA1 b54b58036401481798f0481dfd7e3d2813ba672c
SHA256 2ca5f4815b64a29c04273e32fe15e424fc0130c5fb255b1677982e97095bf33e
SHA512 fe5b003a77fd9eaef37ab018bdab1035ff0f5569a43047828e05c7bdacb9cfdc9408ce4cef811a9b881694ce6606f1fc5c641b9f110a0f30528c1e2b3d99beb1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2620ab9f66b3461c7cd108d8b5fb88c1
SHA1 6f49b4f3dd3193189893a7229d414d6dfa45c8da
SHA256 3e6cc66b8e5f2520f22b7f31fc722d7b313dc7893cd04d8b7d65312ee25f2567
SHA512 55554e82a662b608c35076d1a62230d30076781a7e591d2a15d2c3be954cf0937dccfd28a912f0f2f1554e008feb5942e00e4c944df02d15c3989590236019f8

Analysis: behavioral15

Detonation Overview

Submitted

2023-11-06 22:00

Reported

2023-11-06 22:04

Platform

win10v2004-20231023-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_static_endcard_tmpl.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4275002321" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abe4f06573e2f04c9485dceedf57e48200000000020000000000106600000001000020000000811603cba70425404e56ce0924cda447bf3a10609103b0ba4b717ecfd1ef43ee000000000e8000000002000020000000f25f5568f5112f533945fdd045c569030d159dcb9b7685c29df359fa6dd52928200000009ed8ea64a4fa8973446353e3a39c330ef0d490bcf13b40b6ec4ea145a8e0df4e40000000c5fc1f17ba2f87e316500ca3f64f1885707cd42bf56c8d3e343d73ce5809ffb52e4bad10d9e0ab533d2e34a5087c1a3f7b7827dde6b3ea9d64c447425c5c1b8e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abe4f06573e2f04c9485dceedf57e48200000000020000000000106600000001000020000000238ff3ff9c6538fa5ce010e99dd65a83a05a40a4a1ef38daf84fbb1d4adbffa9000000000e8000000002000020000000403141108bd6b141f0366c09d61d6f2bf0639b13d79adf166cd998ff990ee87d200000002b1d78e95ab4b0aacfec524f1959c2f183e33f66ac68f2cb4d9f4ed7f3069432400000008d892f377c9532ab2edc528e9fe90e109d39e047804c2ea2bf7d7c7d884de4234f7706dd6b0a9b56d9969c8d708044cc61499c1bb08474ebd57048b328d839a1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31068412" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0502b00fd10da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{2A4B28D4-7CF0-11EE-BEE0-F6F16E2EEE59} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90bb4c00fd10da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31068412" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4285315170" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4274846278" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406073119" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31068412" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_static_endcard_tmpl.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4496 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 192.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X8T7NIZL\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral17

Detonation Overview

Submitted

2023-11-06 22:00

Reported

2023-11-06 22:03

Platform

debian9-armhf-20231026-en

Max time kernel

3s

Command Line

[/tmp/libc763d2.so]

Signatures

N/A

Processes

/tmp/libc763d2.so

[/tmp/libc763d2.so]

Network

N/A

Files

N/A