Malware Analysis Report

2024-10-19 11:57

Sample ID 231113-1wpj7sfg38
Target 09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad.bin
SHA256 09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad
Tags
alienbot cerberus banker evasion infostealer rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad

Threat Level: Known bad

The file 09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad.bin was found to be: Known bad.

Malicious Activity Summary

alienbot cerberus banker evasion infostealer rat stealth trojan

Cerberus

Alienbot

Cerberus payload

Makes use of the framework's Accessibility service.

Removes its main activity from the application launcher

Loads dropped Dex/Jar

Requests dangerous framework permissions

Acquires the wake lock.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Removes a system notification.

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-13 22:00

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win7-20231023-en

Max time kernel

134s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\about1d.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406074685" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{07B97231-8270-11EE-A8EC-5E0D397D2A60} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4006b9dc7c16da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000099b8a3c6ff97044781f9dc0475faca4100000000020000000000106600000001000020000000d1bb1519ed181651f6d3484eb1644bfc81fd1c84470e7cd1ae4cf98ee911d8ec000000000e8000000002000020000000c5c19d438760963c09f8981b91978c95273910661e795d105405bbdcb3e511332000000072da2badd0c0fc2fe0c5c89340cb464d62804ee2a0c5c15a076d4d90ea17fc2f400000004dcc2e191f780bfc4d0adcdb05ecae6c7f0ae759fd155d3b67f5ae7b910ab871cffed163809ebb5b1beba6f6b9e1f0dfaa2acbf7f8a8b2868932c5dd398d1df9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000099b8a3c6ff97044781f9dc0475faca4100000000020000000000106600000001000020000000a301f40166f5236c5f5c39f0e36f78a0138fbf5716e478f38e15b9f21362ae2d000000000e80000000020000200000008632e09300bb10fee3db731e8615ca44ce9c7df94156f6aced656ef9fb40d27e9000000099a591f3881ac8d54512c0abdcb603a59aeece886af8eacda4d3aa6483dce146a7d3d96ac39506c0cd3398befd3607631e199df24db1b58e7a6ef30ac26f61bd53a0e3d65873a799fc6ad0eb21c7232979aed5e6b0ddc3623fd9286ab98819b421fa006a80c064c06e1a13c2dcbc03c22aa9a6ed7b59328b76c82b7f993a6f93a841f6da6d4b4e1d998f02e97506a6c54000000010b03c9a0eb148e0dc1dacf1d3ec8dc2b6124b9d91e176d877b7712c77baa4a2426bec3fde681f04cc921bb4a61a5a5d46b33c45f2e458d8f76ad4e542f9316a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\about1d.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabC5E0.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarC651.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42eff77cc8bc1ba21120a953099a4b5c
SHA1 4849016fd263690754ab0524a4e32a84fa65f105
SHA256 a1d4776ab9ebca136ed07f0ed2a5294e31c9fac85c70df3e2342f37766f8fc23
SHA512 ca3b50ff12c5d95189c78bee2e98c5321cf6ab291f1482a1e1dff35c85202ea5c6ce0310c832aefa7817f187b81fe1ebcb34b5b2a4520cbc23539b825b88db80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93ff5db71ab7b3db91a70f86f07928a6
SHA1 7f4d6685a7ed3ab0e8c022e2ee845d94ae82ef9b
SHA256 82c874c1d9fe6efeedf7d6a9363bfed062dc2278cde9d0e31dfd5fb2b6632171
SHA512 c04b2d45f0d539306f3f369baae222d48ec30d128330f80ca1f55ffeab922698b15e892bfd8ff0f954ec876b82eda91f4b72d8823ca8731e9e1401679428b8e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50a9757c537cd919d43c21f4392e99b2
SHA1 6d44ad9a4a43bc400773a619ad6767e7162a986a
SHA256 7ad7d6dc53e935ff47cf88e2240020e5d04ed30230cf6332bbcae5fa71c90b02
SHA512 e3c1195fdb57a694ac4173d44cf8ed7c3374160c405c88fa648ce75763f60e1a2318921b9d2ed845f5d6df5573f9c77c53cd5f510d3fd4bbcae772a08fe1561e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 691fbec9a9adf191f17fd096b9a0c348
SHA1 9e3e941f4d457fe30ad3aa9c721453e462f95adc
SHA256 c54ac08369fc4e94ce353ff500d8362bd715d00733278c1b9358548184765cfd
SHA512 a9445aa96bcd96d5e2e2b28dded299572bb5c521415a3076b0cfb093c43340787da6833a0e0448aecfa85254ea4f1323b45119afcf61b04936a3bb517bf85b31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57277b4c7369f238fdc6b55e4925cb8b
SHA1 7d44fc8ad8eeefc36372f195244eee7875ff843c
SHA256 d255aa15253b1119fe4f426c87f51460baa526377a8fb2b96dbd13916e30baf4
SHA512 48e7ee08cc6070cf5ff90ea2c87fb77839b4b114c3ede7c58ac0f609d2413645b0ddb7c6f81b844c63537b4bbb912e7fc040367d7a5e0d01efa69979c1531521

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0c7f4d483dede11886e16d01f48963a
SHA1 5519a03afe81f7836a98fc6e877fb8fccb93d100
SHA256 5facf0da177c73a52c63a9e163d50a63cd62b186929e71b8978702daeac2bce0
SHA512 5647a85e46bb43f8dabfbbc07c48999da3dfaf6a950164295914d1da91b2ac7cb4a03d28b54808e3b6a192bbf1611536bb83a87a374908dabff18f1b8f56123c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89ef09ee6a0570d345f0a8691fe45033
SHA1 038d6ee5c7110e115a6b79393a0816405cd93b66
SHA256 8a4900ac9bd7d63047dff792a32a2fafd2271659e67959feb4f1da1dfd58e3cb
SHA512 25c6984ffd1e6564e61ed6e026187b1a7322181b380347c8504daae2d800907d97358e622645090cf438b83e0a54bd31e513ae7b15267146dc133b4edf3f0f41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94b7ffcbfbc90fc1da89daa4755a21fb
SHA1 2aaed05208f1457c6af5a3ea85ef11dac7680512
SHA256 ebf8b55a533bfa761fad6287c080ed7dae882a352ed3faf3e62f2b8033737a50
SHA512 8e80f6309caad1bd7d402cfba437e9a5a000a9110f31d5a13eb128c488a69a41f7fc1c3227bf99e3fc467e7df37f819d99093bfd564c406c85c3fab8edaa6fbb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd6c4e20ff0473b785a992b6331c54ef
SHA1 fc098ecb04ce069a6cab282af0608c5fd954de3b
SHA256 f4265cbdb42df0a369e147b9b8499b51f524d424b8bc1558bec536729b1c51dc
SHA512 0916194d371bbc97e3f65c4e23a24088d0fb086392b4f8738201a1de5871ad3073440c7ab0c7c5b311b05a550167098c572ee3a0aa59a40992b4f7795dfe464b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe313ddb049a20b9e9309891f868c09e
SHA1 54fbc1743f46fdb43cf490e5f8570834722ecc55
SHA256 0f58f2b552bdc04d0edd64c971bfe2c214b056b03400e94f1132bea1c85c6a70
SHA512 eb4f91e14cd84c107fc88435c8be096b515653d1d03384bb76caba0e075882a0c106d32c5e8e9d6ac085ccc2240d89ddaf03610772040e2acd99b93cc3d40fe6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95594d434ef821da19fc29f1be57e7ae
SHA1 f16b6e7934a1e69e9aedce647d29a5b0d689b101
SHA256 9bfa4e52f4349a24fb51ffca6b68d0f7b8e56ae13855689d55dfaf008bbf039e
SHA512 dc571c3879ac8571bb95cfa809fe43bfa714903d108c2b9aeaad241b0fbccb90e1ab299564dd65f83a1753f7bd8a732e045216bbe8c7d0e713311f30b9c378f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7ce845e257e59627c3748996d6cb5a6
SHA1 496ff59af489aefd28269f0761b0db348de4059e
SHA256 272d2774405cdbecf29e89a2775deee486e9abdc93d105f8c76bbfbbe2e08998
SHA512 9e48808b216c46389203a8e797bca4a6da4c06fb197262f27bfd248270a519fbab28331f2ef13311c15c21b369b411a384e7ee9a75772338d0dc47277eb05740

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5ce26a1714d37998a205e01714aa946
SHA1 3f969799ead2b0d4ec1ece4ade8e309d6bf2cb32
SHA256 785e3762ac52b5f1dc3627be149b3b160cb9447e938bcf520431015877a729d0
SHA512 78761f79cfbf57b2fd3963d0edf8687781be926d8e5b7caa6eb023019a9004fd93e1f14a5324bfd5f982f969e8f0e170b1fea124cbbcddcbedec7ae5f32b9b76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c785b9392f5ff97192fc0567b92d5a9e
SHA1 36d6eae8dc85dfe9a4ffa2a28e0ca49122c3267f
SHA256 9f16bce715b90db626babac78af32d3efbfc2ec5319e7fe2126f6dad0dae5cd9
SHA512 48e4b158bf0158a0a1108e7ea985598db1a80d4e4d94b9ba352a11697723e6ada185ef8490dbb390005693d9696a56a005d4eb528859658669032eee6a5d931a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35d16758d659c9efcc57fac7e9ab22ea
SHA1 8b9a9ea64bc65617eba9b326f33d6be30c405d5a
SHA256 6be6e1e412be84393fe0aa6c2c7da2144745dac501333c61d16b8a69629598e3
SHA512 4652ac4386dd68b19d457f04facdebed1bb6012215285095aa2fe64cb05f1ce763362c71bd52b30521937dca57709382731d85398467ad9149e3213437b6d500

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 316ec26002f62aa7e2ff1101c03063d2
SHA1 0b35f43506e78683b8444e4d763e5096727dbb6f
SHA256 d5d0e0a60bc9f336f3ff506a1246d6234e8b60fbc8b109e7d0027ad8fc1bd6de
SHA512 85128a1ccc50f9c33e6f7ddc15cb4a8e154bfbe9e2c3da60f6fdbb9e48c07924e53d1751b57cf4e80bae9d4c9766b8f9484e4c2798266a4eedab6bd982ba3d77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97ccdec87988bfdc68b7b53865ac053f
SHA1 0f0064c42bb4903bb2b576b47135290437d8e849
SHA256 6ac945fad916d77bfd1be42d816efc9f4273709583ba5d8f81f45fb283772e38
SHA512 8c2f7c2218b719bed4d1ddf3a0376bf30906aa4758a4f327a07dbbc1a5694a9296f707d96eb762b603cf3dbde85f3d7d12341da91b6ff310504310b312c282be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d58372042fff88735a74ce3dd4bc223
SHA1 3f7f4ed2fcff8283e2771f14a811ce8712593ec4
SHA256 38e3cbc29bd40eb17f6cb9b40eb444fcacbdd9e8204253f10e586e8bc03421a8
SHA512 21e18fac1211aafcd46232132bc467b314f19a7b252e4bdc743031e58e08fbfc6bb71762c4ec1b15258a507266229a588dcaa8bff949ccfb89e151e022b19c17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76da1f36fc94691c01dccf849b540e9f
SHA1 c2e751fd3e0e6de5d1966deb233f205e6efd2fbc
SHA256 9a94b0acebb23f4599d5a39a2e3ef9330422a6fd8cbd3217c2b05c848ea82944
SHA512 54d949f589580125493b22f341553a2ffde6622e91a79961cd09d681e4c8b744de502e709740fc1fc833de87a8cf21faa769bb73362a04f21f6837fd89d2b127

Analysis: behavioral7

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win10v2004-20231020-en

Max time kernel

127s

Max time network

139s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\about2d.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c79fe21d651d6c4bb8d4cd4060a2fb91000000000200000000001066000000010000200000007aa3fc6e936c54a8d70f6ee2458766f42ee865b9d1b97cfa76854898293ed132000000000e80000000020000200000005749cb0c0dbd89732756ab1a748539706f76baadad5bf54d4e8529818e324c7e20000000b57bbfe62fcdc9226ea2f1c771bcb5a20b0b74b5d91689b36ffbcc36e8f1aa7940000000e4b339258cb7fee63d32308036c15b5ae3fc0530d6f5a341c580eb8afe4586c2ba5e0632a9a5eae3a4aa38a99276cf9ddae6b219e99843c60b612e609b6dcc3c C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{08978971-8270-11EE-88E4-42F2BBAB6F4B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0075b9df7c16da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3708319661" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31069820" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069820" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406677794" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c79fe21d651d6c4bb8d4cd4060a2fb91000000000200000000001066000000010000200000002da98dfa05415f26038ebbbb74e66193a51ee7551f204c8efbe530038aa9ac05000000000e8000000002000020000000e34433d88e1e83d51af616124de1316395efcd3ed8beeb7f1733f28c773017a6200000000cde3ca7cc607ea30741ba8c5027630722a919d537bc22745920003866156bc940000000405eb5efe67def260481fcdde90e87bdef6d7c0ffdfcb7e3dc2cd1ca6e262d55abe8a9e0707d5bfb8a43e2b57bce785b772f821f091b60b51f2b95c4060658b3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30d3a8df7c16da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3708319661" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3722540035" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069820" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\about2d.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1292 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 0.242.79.178.in-addr.arpa udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 192.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TG5I02RO\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral8

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win7-20231023-en

Max time kernel

118s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\app.2d89045a.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\app.2d89045a.js

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win7-20231020-en

Max time kernel

140s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bakchat_privacy.htm

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406074687" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009159649b912a9140bf53d83809c5b2ac00000000020000000000106600000001000020000000ea624e07f793ecd9df70ff15bd70229bae69cc09cad485b6283b911e27bae404000000000e8000000002000020000000898a16dbd77e969f4796e65befdddfa2421d6fe17f30e775ade6d1321a73d92d20000000a6a2362a72783f46e05040758ccc9fe72992a5eb160566ca2e4c24858931c78b40000000d11d1055c3c52a095cf8d50a8f6ec499c5f21b32a38b558cc6885436e51dea3c38ccf6e4eff715d91c69e9d235df433bc19072901f2afa38c30b4b0eddfce08f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0b832df7c16da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009159649b912a9140bf53d83809c5b2ac000000000200000000001066000000010000200000004ce438da8b230b1a76c383c18c40cc50182bb12408a97f9ec46419f252014896000000000e8000000002000020000000b8d8269485acd951771d433755fc2547c62388096295ef4c2f71ae217b6885039000000066518e17c808d74ac4b5974fdf58e68306bb37b79e0c61cfff547cd072395c9a002803e8e2e269784669a0ae61e7c01bb4e58edce772719abceeb47577460ac5bd03705d15010ce6e193b17585ee3f1d6fe1a746b60d4ff459333eb0ee11e41e98804165428445c89ba7c5f0fc8f994d65b53de36c57bb4d8274d1b6d92ab2a94477b6814195ae8271a49366a0d64ada4000000078baa7a4700068057d6648177a09be6cfc1373f6a4d1f53aee079547ba6d05b72a7797b7aef2a8477827cf291186d8f7ddb1eb49ed6e2e12eff4333cc9a23249 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{087ADDD1-8270-11EE-997B-EA36CF52C02B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bakchat_privacy.htm

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 weixin.qq.com udp
HK 43.129.254.124:80 weixin.qq.com tcp
HK 43.129.254.124:80 weixin.qq.com tcp
HK 43.129.254.124:443 weixin.qq.com tcp
US 8.8.8.8:53 ocsp.digicert.cn udp
NL 47.246.48.205:80 ocsp.digicert.cn tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5459a44a3c9ed23ca6bd3e44db29faa0
SHA1 4539ab048987b48c82889d76455a7ddcb9bc6a07
SHA256 695764fd95c6be55ce3e6415ee4dda14d9a57a2671f40ba9b8f0f985d4cc1658
SHA512 0448b4662f8261fa7464a4c1dd97e8b05072c69b53ee6b5eeb0d854a76ce0ecc141d205d83ac5584e28fb65034d23ea192d8385bb904cb2e198d583d712bb3a9

C:\Users\Admin\AppData\Local\Temp\Tar7082.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\Local\Temp\Cab7080.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7befd17f66b9a6cb0edee7fa9722825d
SHA1 596b4c279815562e5bba6e7ca5e8955af49a795e
SHA256 c421c9a70be8228f7e502adc4f749547016f63dcea68212399fad117abdff9de
SHA512 895abd4b8b8acb4f79147d1a86d5834e94825ea238c1aeba410e762e69f3b0225ddc38e2b739a1b89020a54156e343800e81103a987db1916737e530eb1a58dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5166ca270c1e026bc2738dc408ebcbf9
SHA1 e1f43eac377d4fed520df1edad8b08a9ff394960
SHA256 a67b89aa1e3aa33d1737d9f382a60a9f6eaa4b1aafa617a778da644da68a503f
SHA512 4c814a9e4bc8727918c80a641d31c89f7ddc78d21c1d3a94d651e69f4a522711404c85323957371e2fb8afc5fd1efe8ffa5c15df2014441954d9104a20c506a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c62de97b9f6b28eb6d05c0673e77fe5
SHA1 239740aca2e716c4ab62981d3bb4d7190d978bd8
SHA256 9fb4390933e51eeed039f0b45f9ed6fc43061b93dea3f1b9f44fcf50a7dc52d2
SHA512 de99829039f4240a90e9b13e4897ac60108acf229e1a5408df3d76784e666340edc25ff7cb44c419b379e801afc15a85a4bfbea9303b5fb1f7fcafa65115c162

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca5e00def4e59b27f7eb5629783a7210
SHA1 264568fb1e93e97b5a9f22afca0693a2c6f4591f
SHA256 708221034c993490aeefcdada56fd38cb5e452c28b247a7ef57db1d428533b8e
SHA512 66046fd32f637cfd6c8fdc2fbacadfc7330c263d5564018f10e22cacb840ff918be78bb6417126dc8b5909e011f6ec938ae354eb47cb8393b5fb40e6632312b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d36a2bd4ac73730fb8c51367db5578fe
SHA1 5c57b969cc749f648ad611eba9cc1efa4fa6de7c
SHA256 17e0a2ee408d996565775a598580c9d0285f721a7167e95b6ff83f74655f447b
SHA512 d277b62ddc34b37afa036fa76985ed97371d6e5d9ea89ef76354b182cf720735fd0bd3a601e091d5babd84c060557363accd8f41ee702bf58d61e9d668e12dbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c02a443ffc44c516c763623be783d8b
SHA1 ba932d35a050f01ad715f7e35f5fa1d920ea98b2
SHA256 6d97311f0f8c5950118c812a23f75613e2f320253d4a4440a4e7ed28122bddbc
SHA512 961b1dafdb23bba0d3b4760b5a0c4283cb6b88f361c41e1ed10e82c84a57ebba698dc1d3db2ee1a9c65c220b54813c761b9173b63390029a7bced659e850f406

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3948daeac9c28e43fcad869a02a5a66
SHA1 5b9837d3ef6618f92f32d846d23d1deb24c29339
SHA256 f3eb3b14515f7997811b4b0576e1321e03454cd7bd3e5900b80b82d72029c564
SHA512 25b4b3c18ba8e04974cfa8f4fe057515f6bf14d24635a76dd639286de6e1f4fc82bcc1da1478e9f26154b0c263349d7666b9ca896afe211c0a23592b9bcf8df5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 897570982f7a69ce6281c0751931dc3a
SHA1 1549c44891015a6b2572e3f69fd6c39eea4548e9
SHA256 1e59283c1e5699c22249558923b31e65ac02976b6331c084ec9bd040d03516d4
SHA512 f6cfdfbe1f0f4c95b7a4c408225f4b65f61a2b8bc1c331b80edbf4a36398014a2e073a20c7ce2a0c75f7587af76fdf6a0635933e0f7d5252a484df38f874be99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ddf467555419a660bc9f164d821a79c
SHA1 d64c566461676df5ba68f858399cc771ea45b154
SHA256 c62809b3b38b95cd2ede753a78a84e79fd639c79f0e6199ba231b3757cfcd45f
SHA512 b7227601d51b40daf599d1344d70fe1585eb31ce083f67115f36a695213b12bcb8a776986813341e1ff4cbd9013167d8b073bc397c51e8e55665d6eea3e23dc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc369d66d931968294d9a44871da7b79
SHA1 3b65c65220f5a41e55f03b62009f9e8405ad7670
SHA256 5977a110ce9dc9a1a383e06d73b8abb42156479cff464bb70fa0a733e427bad2
SHA512 98a19df1c97448501984ceda64db743e795f2e667e52d9fd72fb07493061a55b3cf94e0288df5a0bd40b7febadb0c3960723d92ecde85679aa7e27809d95f912

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bcc1a0e911c53f84d60eb089da6ed5f0
SHA1 1a23a34ca15ea2881acc71fb20a9b445f0c2dd9f
SHA256 e76efc563f2017d914aac931fdbfed183cf6a46e54b20b7cd25496f1533a4d0b
SHA512 9ba605ad8f0e05fb4b61514592e2dcd34dfad3b4499704dff9f97961dc66bb7f011278f94e0b5a0663724d8dd1047f070ac3f56a3e90fe1380ef6950cbc82d63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ab29f978417421c78a744e6f325ece3
SHA1 8eb592f95e858294fda648fd1ed427428cfcf87e
SHA256 c67dedc554d25e38c38985bd62ef771a0ad1048e9900e7c15364b2b50c11121f
SHA512 00160d7fb7bf606d93bee6f8432dff86aa890bbb2fe1584e2a064383362f380df658b30d60b3cfe79e7aa769790a05dcd06b58808403475346a5c522f1ded8d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d8b5b6c9d54d2c173aa97020cf0150b
SHA1 10eff31194d555895751194aa48f9b97ae32203e
SHA256 2cfa1faa6f158bcdc5c717c0e688038cd0b803a9acf11ce3923bf4fa6c058de8
SHA512 aba44cd2e7dce96d20145b648d3b1d9e4cbcb43d62e511025a6854cfdc86101f56038676ea3995ab341f594faf08ea617fb7be8b5746ae43fa436c8943f74eda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f47ac3cb9aaca24249134d9cc3b26cc
SHA1 b4fb3423f6e89fe5ad229900f897547518ff5ecc
SHA256 67cd50ab24d034fb379213e9cc83a3965dad4ee16a51e7b06fa80e68af74624a
SHA512 72a37c3728b89dea4edbb1e000aca29db125dd67fcc7f63fe7cd7e52a5a088ec847fe89a2264c17d37afa5ddb8df58d34b782b0ea99a3cd2d7171a062c58ac17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25942279c1330fded53e93c9f6168f70
SHA1 eecfc7db4c12cb1db6b9bab607ae708ea89286a4
SHA256 9f1babd393f9d4efb10f1d48b1f58fb2c5ed4e126b4a043eac74825c7e82f964
SHA512 2866eb24090767dc671d775fc9af279d7b92f69534aa3fe20e09486a60551a0dd17e79cdbfbab000328bee66d2151596e8554aa5a76ef61574fe6032cd3710b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 102d35063bb82e63e7383c0c8dc93f32
SHA1 30ba8a576aacdc2bf16a750153c9a217b95c4e0e
SHA256 1215902878671152098188d2c37392f2b3c90b11ca353056375c8f783279504a
SHA512 c84fc8b98a022e4267b82076fa45ab0752a5a62ec04377fd96d54728adddd212bd860aae3d570b10c04152ef74b3994e5cacefd447d53722e14a2f714f2b5b19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b40b2fe8e2ae49fe931670c9af01266
SHA1 3c10ad44f77832f310bd32f6b95c9ab6ddd4eed4
SHA256 a0e3cd9a28da5963fc2f40755f143da4bd25e9c2137ad974b423aa2d97fc299a
SHA512 14de17cdf808af2e562f7275107335389e1c32feb9c5dc62537eeaf3fec6e292211beff9f942b6c8b32903e1249d38d9155444f0da71162156b0b561938d8ec5

Analysis: behavioral18

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win7-20231023-en

Max time kernel

117s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\base.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\base.js

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win10v2004-20231023-en

Max time kernel

120s

Max time network

129s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\base.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\base.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 254.109.26.67.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 254.43.238.8.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 126.211.247.8.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win7-20231020-en

Max time kernel

135s

Max time network

132s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\home.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c05ff9db7c16da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005718aef034e0654ab00265bd8f8b2f54000000000200000000001066000000010000200000002a298f87db9ad2df4ef1255ebc252f89d05fb76b91fb6614f535d924be9a98be000000000e8000000002000020000000f5db572a6fb9ebad797c63a53b5b00e7d9df04c6c2fc17ddf88c1e9e65a186da9000000053d8227e400c6be9cd1146ffce0cfaf1da0c30155d26c42501576fc17f2fb6b067289da794ecf7f0b178f14f707d340f8addbcfe10d8a94c33640dc07546940f1c43398cbd28d36fe27e77822c8652f20a1e182fd2d3aefb68852d9238ce2e4398c92e1caa48979cceacf1ab672d8dcf6201988583da93dbef4d496441b6be07d5ddb462368777e4fe48cf3749b696de400000004470dfc4922827c10d264f500bde9de240835dfada0e7c4f46d0e5e7f925a698d40a0a6067e303214348957a80af5e7115c4f563cdb2f9c6dbae99444d4525e0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406074685" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005718aef034e0654ab00265bd8f8b2f5400000000020000000000106600000001000020000000288b704ed97371358ba64f91b77abd6c24238598b000b1ecbe9d16516ea9c551000000000e8000000002000020000000998cb5eebe8e3753ab4a1699ccb65599c9b54d46cac69c309aff68faa485598d2000000030e4501317dfb4f156a7265b11c3dd23dd2ef4d637b19a8651cfb1c7cf9d287e4000000060f5af87d56cde83155d8ba652dc3f4d651474288f7366f885cbdfe6fc90e20225fbcc489509b511487cb5183cd60afa16685dffd2b46cf76281c13486a9eae1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{072928B1-8270-11EE-87BF-FA6155A1A6C1} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\home.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1816 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab5BAA.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar5C59.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0ebe99746483593d70521d9db8cd5d9
SHA1 336a35509acbaa445d1fe9af80f5f06f51bb5fc4
SHA256 ceaa65284f75f75f25a3d2624d65d89f0a9a206a00c8f9f55dc08b17bf9cc2cc
SHA512 746b3e8eeb2d287250242c15f261ede319b2fdbcd43fed164b7e8c807bf17782e91351879c609663637b36ba262d1e4a7f6ebfb578fd7ac22c1f12525167bd41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bdc8a072ac28aa0153b938d59a136edf
SHA1 dbcfa1427b7a22c913aed4bfd59a6fa2110aa492
SHA256 846668acb4930dbafdbf79bc28ba586d3e004030edb90bf9b1948f3ca002d8d1
SHA512 4fc9fdafe5d00a764f6670e690d5a64098279224406bef2479ecdfad46522d75ec281445e0c56a265ff8869b1fec385ee316d546ace65a4e8ef9178060174a3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c5ac3e30bdcdfe81425b8b77e8dd613
SHA1 2edffcf91508adce4705274251e7f1f35dd9ad7f
SHA256 53f41b60dea3e507a71902585dc7cf8c88498f22887362cbdc3792079624e842
SHA512 bf1e7c61d331854ccf6ee1816ec7e3debf5533280419bf10ff3ce5d3a41a3d00658a1247c769b454f7b935ddb03ff2750e6f311e6a895eb6ddcc75adb905faf7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 712e4a8bf90ad7602b891954c3030ea0
SHA1 8a08da22ccadc6133faf45e0fff027c6b2170084
SHA256 491e5b86f43031bb0b6ca81557515a32446fe0e9688d5347cae25b274180da87
SHA512 eca1330a2f0b2fae0b3ea92cd753cb5d3c9f046035dac3db3e1cc82d5b1fe645a534aec44bef523570b93bbf388a612f71c695effed8fb659edf574d4278ea1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0365bcf9ac10e37cb01d1d8c0c7f348f
SHA1 46a68822f46863364f31b5b258737cdac9d39ef9
SHA256 05ee8832b831b7880c4ddbbc0fffdb187e6b3ff07971f26ad2d993f5ec23ec5a
SHA512 e2ade1d23f498917ffbaf8cd969070570a733ca945c74f6f4e8d4d0e3717f3685ce58a1d614de59296db575a8d0f8f69b165846f23c5905a863bcdd77df0ac66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07b9159ac6352443090921b7e12fd862
SHA1 d63de38591a1caa47be9c906827bdfde61d24aff
SHA256 7205afdfbe9627a58c08ae9f5264b2f77ff21272caa484fbe4ca8bd499b18c98
SHA512 84f515e17c7b3332e56f4bc66994bd4b3c6d123246e8a39d9bfb586f17da3bfe447cf7b6a91c0df1b9008bd3d8e8f332a6fe40295e897f2c267a15e5831ba626

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff49e4fa521367fa64984f39136132b4
SHA1 eb5a103bec2c37da8bf1fd769f65dcd6cf079e96
SHA256 ff3d799e16f1e9128699b856233bb79b32dbbc2b7be666ea13866aa1fae86d62
SHA512 f5ed0ca0e2851a29e46a81a596d8d27d8f708256baf036091e5067f395c9e6ec5e9f94e0b6583f75639d2730b224175fd16bb11c8790e872b28addaa4ac2ddaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 259d5e1a89f0ef37a3d02caf66a40cf7
SHA1 c19d2013d37a660806b228d53c9440ea67f9a9d9
SHA256 63191e231de36f5ea0ac3c5c4f1d2c847cf5ac930f8ac710b19ce54a27cd54d1
SHA512 af7c477e3d82039edd4ee4c53320f5f2095f5c65ac5804d1f6258170c9e2980e60d1c9e8eefb096c385a7841ac509623f0e372f0cd8ef556f0b9606dbf21df72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f620368b382e0c35b45d4dba1093ce9
SHA1 9699e86de2e87c68581b40e6d7940605c11a71c0
SHA256 16916ad6f81388e498142283f1ee69075f46341c61a52419e4b5d0f1ee8ad8db
SHA512 fce743f0dfa0494ace81099661d4c3240608fa89195690269a3f9667ea5ca6d9a89aa18eb13674e389dfcf030be1fd1c67311bd1b1ad153446d3bd08627bd37e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70d5f102398f2bd9fd4c9247a345a5ec
SHA1 9c3cd492cbb5030297f4582c5c051aca217b91ad
SHA256 e7aab391054fe51b8bb0324cfd84eb274d94b2c7deccdaccd12b6a5255ec85e6
SHA512 2bc7ad3a0419613142c27f297db24b6b83f4e8d97c862085d9c61d43401f34fcf2fa1657560ab6bf82f0f9d142cd72ecdc1cc5e4b462337d878519e6bb02d1e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68d7e281722cc1c61030a97bd6c2919d
SHA1 600172ca3c0cbc1f70205544c7f926a0c813a7f1
SHA256 c913b94ecff204eec47f23d4858e97dea517e5214778d8764e37afe35e4feb4b
SHA512 71ffbf77bd7f7bbeee256a631621fc08f35b773dbce002a0a9e35d6899cc9dc33f14c8c21c4c82cd38b961d29e27da3dc27837b5bdf518d57724337b91625387

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 070b8dec329b7e4c0f2b477b825fc54f
SHA1 a680fd29308f3e2c09669e8edb08606725bcf592
SHA256 1fe31b08552b4c9762271e89a7762b75fc48ffe35e3944fd2d467f4c94d2cb77
SHA512 6aaf7c41279876a096b0b9aaa57b1c1e28ad09b3cd226c47ddd4d8ebaa0430ff6b0bb8874005901f513dd85c00111b315ed45da24efc4cc5f89608601ab22a2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5238e9ee77ef87954382e8b0173ee727
SHA1 181e579e493995044e28007d0da0844d4f1defe3
SHA256 899047a88cfe09c45d04593a046b2d1045bffce49377442ccb7ee4e7c58f8dba
SHA512 c3b9f79704aa75f289b29edb56e43a13ca51361cf05612abdf45b082bf5e30b7160ae6a75d0228061b5c9804ac410cb638bace097c72d7a64939aa3b341ae91f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c70663eaa402d11515a31423e716829a
SHA1 ed0e90568aba6673a755d227e0403a1610571765
SHA256 6227ed1bfc831605e4be8478aea79a41a952e6647915082509169429ebd399c4
SHA512 1142859134b3aa19382fb301f56e4954232038af48d15262e18cfaf19f3af4f8e482cc0e363eb016294f7025d45291c595b89f0731ac877837647d2d6516f9c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f76edd8101300d125a09cafe907df7b
SHA1 f14155118e822fed8695bede4894a980a3220b10
SHA256 326ea078da8d5985265295f48badce92071abe0d748a796b37d382bb66f77137
SHA512 400feecc57e955c3c4a963462b8d4b989fd622d928a4bf847af33dc1d4d0bc8d93784e55d7326037925b7fcb4bc7bb8caa3f8b85387cc64c8db90911a628304a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 339c09f48e0e7cb434b0f0de89a8677e
SHA1 eb2aa15a6eeebb14f90b2f275ff81af173e3ff72
SHA256 0575587f5e1118d5197f146e91e923c61b0c9ecbb72861fa19a54c7d268870dd
SHA512 1951ba6d3de46be5ca9a59be478ace0ced99ec44400817e616c6916a31df388685beba868b0fa2f5bd26d62c3666a2a53e8f812b872441a4ea8beeee3ab69f11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb6e5cd2d99edbc0ed0685ff6d21f335
SHA1 4620b9089bb3d641a3f9a77531223ab8819cc887
SHA256 be12c229f6acfbcd0d97e33c6e49aa01e364aacf662e4da9ee361ce923b1c038
SHA512 f105a5c560e4807b20656a4f133cfcb0f87c325a7bebad6e6c56d45b846cb2fdafe7241e762a395a35e5d4c5b859673e27f9e13994130c04ab24c80267776c10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6163593bca3fcd862715f584ba0f7b1
SHA1 0f3a5f78cea83d11788a9f9d92bc64c25d78bc40
SHA256 7946d294f2a3ddaa2b44bea235b47db1d866407f1dd2bd0d3a3ba6ac315adc73
SHA512 458c5bd84d8ff70339108fe39ac3efee69174cc714135d5f81e8e86740308bb9636c472a450ccf18194ba06de854efa5c2c949358a821f22928aa0543223cf39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8745d3d25cce150b9dad77437f99711e
SHA1 f1b7eedc7aa2361046212d963c3347d8aba99dda
SHA256 6eceaf149a50c6ba28d09b4495e669ca1590539f19c04a8f33b92e66ca6215b4
SHA512 d4a732e40602714f068ccdfe6d856073f17a451b6685f56f97dc5cd119a1790bff5ed32d8bba60e3e3f02f82bc30da3aacdf7b5c81285e1e428fddf763e84dda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9a82b2fb70da4c2475826681d550fd0
SHA1 732ee892f06d968ac74d174b5c5565e48af6dc83
SHA256 1e24aa798e6c5c9673809900b6d858bac7a50bc09c0aa1ba762ea037f97e778d
SHA512 db190edf3abc1c16ef34979d8c6ade1f248f4a1fbac205f292e48949ef640537f6aa0a311e443ceb802edc0cee6e5d2bd6096ee04713ce5717cd4f9e07feebc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ac0a7a10df185ceff2af13c37338863
SHA1 fa2f57e5c85adb643cb1b065632e7ffa29387a4b
SHA256 73f1756e03389e45e22115d5c44abd0ecf8887c208d1f4fb0cfadfdebd149833
SHA512 147858ff2b3bde3ac7e6e4298840f1fceec56a4bf41ebcebd3d935235dea6b304331cde4cc6a7d09c2b99c47f4441a618bbe0530ba362d5b5de3f3bc98f52f98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40f67c2c318ac2e46cda37d96b2cb607
SHA1 f1377f2426b34b629f163ca2b34a18bd557d9672
SHA256 cea78fcd3f809cbc5beb3c7d7c76695c3f964dc7fdd74fdc3a8cf4e4a5cb671d
SHA512 e4347bb40beb02cc48626f3a3a952e60b0c5a58b6428d5538040a3763923e3dd7b02130f243a15fa05a76d283fafc2381ca483a6618c3c629c787b322aa7c3a3

Analysis: behavioral30

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win7-20231020-en

Max time kernel

121s

Max time network

125s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\jsbridge.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\jsbridge.js

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win10v2004-20231020-en

Max time kernel

147s

Max time network

152s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\app.2d89045a.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\app.2d89045a.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 16.144.221.88.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 218.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win10v2004-20231025-en

Max time kernel

145s

Max time network

150s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\aps-mraid.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\aps-mraid.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 218.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win7-20231023-en

Max time kernel

120s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\error.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\error.js

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win10v2004-20231023-en

Max time kernel

138s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069820" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3744397950" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3724397870" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406677796" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a786c536d7cd7e4ab8c0af0cd6cbb43000000000020000000000106600000001000020000000f2b061ac3a7daa4cfdbcce0cb2951aa59370b9e49942a37f946d5afbb59ca901000000000e8000000002000020000000f68aa0cac4167e200cdcd8bae01c14faf5a2b29c9ab8a5374a9169818826ae1420000000fc9c6027f8144db65fd9260b8869849c8408be89b52c7cbedde03b50ccfd3b5a40000000e56559d57e50d3e8107e5cdc949a5f4bc4d330908a025e2cce4bc06b8f843ac8c376dde6aaa89a1cf346dce74bcf19893b0b1db118d96803de73b42f3ff771b3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10e4a1e17c16da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069820" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0d8b9e17c16da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{099D9DBD-8270-11EE-AEA7-DEB0972EFB2B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3724397870" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a786c536d7cd7e4ab8c0af0cd6cbb430000000000200000000001066000000010000200000007f2918f25cc29c4684620346250e7f8369358f47c4463e92967678929e233c62000000000e8000000002000020000000e2f00d278e71249035bfea165744bb5c7fa93b167d249bc9dc2673829ad40adf20000000262ce983b3fe94bb02ec95d0cac33ba2701c1255547121e7c9aa8cb10a1d91a5400000009898c1bf6395803f7bb79100969bd3c1f06942128b137723a3a0401075e08dd097c6ab46bd5554bcf799a103208bf89b6be81484147aac302996a7ac3785d198 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31069820" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 0.242.79.178.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 218.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 254.109.26.67.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 f59a457c6a757d896155506680f2a4b3
SHA1 729ff9a74596409d0df20a5117c50bbfee1d53d6
SHA256 8fe76d55560f116cbdc82d512589ec5a122688e1d4d38a1ea6af65596156b988
SHA512 c0faf1a2e216ecd8ed1b7dcbefeee6101f7b443da8a944bdd311fead18e6522458aaabf1ff1ea9354d9d78e68a48132022e45cd21ae4094b17a29b746ec5f93c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 a6ce6c5ae09532447d88e87963d24405
SHA1 f61b637baaaef4f429f998e78885f7a6c695467e
SHA256 5a6aa58db22aa87c9d95bdeff5c94a4d09389d0220094fed112b5ac97881948b
SHA512 f197c9862653a8c22e17b9abb95aa624267670f095d9370036ce39ddf06b4ea6b8003393bbe847074a991470d9a7644ffa59b3dce8ba3eb02655005a4010ef56

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5T0U3BIO\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral27

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win10v2004-20231025-en

Max time kernel

145s

Max time network

150s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\jquery-history.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\jquery-history.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 8.144.221.88.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 254.43.238.8.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 16.144.221.88.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 66.112.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win10v2004-20231020-en

Max time kernel

144s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bakchat_privacy.htm

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31069820" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 106cb5e17c16da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3710049586" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0efcae17c16da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069820" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069820" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3720517887" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{08BB00DD-8270-11EE-88E4-4602E96D7BC8} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3710049586" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c79fe21d651d6c4bb8d4cd4060a2fb9100000000020000000000106600000001000020000000b76fb6c0ef0276aac1f2d85e244aaa48f96cccd0b8ebc863fd7f0b99e3c9015f000000000e80000000020000200000000c891e3a023543199734ef13dbdfe1e6734691cb0317293ec0a00928a1b4257520000000253f0ee90057ac35340bf6036ab9cf6415a0823cb848adb5fd21b39c35cb2e6e40000000902d581874d82eead264c1eb7224d93318bb6b4db5477e8013a347365fac35d924635445435fbf00e8584a532b1425a37917c04bcedbcf1e63bc0689f0a72b6d C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c79fe21d651d6c4bb8d4cd4060a2fb9100000000020000000000106600000001000020000000197f16f8c041415fee25fa49931bc1172f30b4b0a435bb532c66f0c986c48e11000000000e8000000002000020000000075dacad0c6a6cee2d66c122a036b806ed1e9281514a12f0e2509b5c81e1adf320000000ec6c10a50ce64960c541bc2f621d46639554340cecb528b0c0c7f7ce3c122d2f400000002fb9bebaba0c5358dd440e51b90abb929494009417f2bcb93391fe4b74004c6c36cd4781571b56c5a0b589dfaee8ad77b0643ebad23620d47537e40f2403bc38 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406677794" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bakchat_privacy.htm

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 16.144.221.88.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 weixin.qq.com udp
HK 43.154.254.90:80 weixin.qq.com tcp
HK 43.154.254.90:80 weixin.qq.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
HK 43.154.254.90:443 weixin.qq.com tcp
US 8.8.8.8:53 ocsp.digicert.cn udp
US 8.8.8.8:53 90.254.154.43.in-addr.arpa udp
NL 47.246.48.205:80 ocsp.digicert.cn tcp
US 8.8.8.8:53 205.48.246.47.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 218.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P1XM92J4\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral11

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win10v2004-20231023-en

Max time kernel

139s

Max time network

159s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\app.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a786c536d7cd7e4ab8c0af0cd6cbb43000000000020000000000106600000001000020000000fb802c8b03d4727d06c82e1c5f43cdecda855443fbd96a6bd0724f1c06d795c9000000000e8000000002000020000000ffc6929aabe819b1f83ad6fe9cf1119cbc57e214222c1f1c29052087afd8789320000000f083caaa26042dd9a5d50e94c5405900dab0a988612dc254e46761ce400ab50340000000daf507c5e2c8a299b2810646e1b26470ed7d35c56edb91c8105f64e0e8d16846f3621317e11a31d91783803e6f3b299252ef1dec4d203c3ba4da2924bf85cd53 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0f461e17c16da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069820" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{0A260A20-8270-11EE-AEA7-6A5F8F24FA42} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3734421949" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a786c536d7cd7e4ab8c0af0cd6cbb430000000000200000000001066000000010000200000005a23996ef9bd0d55a501ac98d4427f6f66da9e45bab7534ad25bd17fbd856519000000000e8000000002000020000000cee067db9ab7823d211302abd96faca1533a36d461f6f9f7ef378c2466232f922000000012b2e837a36b96f3ae6dfcb7a56aecf5924e22e4f88b2c172b715822e2bf640540000000231ffab13993376cc45a4497ff0bb69070528926f79ac344b1059968621da3505a7f110e1c429c92f2c840923fbc2824dce34be27341921a1218cc383d04d496 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 105351e17c16da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3734421949" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069820" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3747704657" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406677797" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31069820" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\app.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1060 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 218.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 16.144.221.88.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 f59a457c6a757d896155506680f2a4b3
SHA1 729ff9a74596409d0df20a5117c50bbfee1d53d6
SHA256 8fe76d55560f116cbdc82d512589ec5a122688e1d4d38a1ea6af65596156b988
SHA512 c0faf1a2e216ecd8ed1b7dcbefeee6101f7b443da8a944bdd311fead18e6522458aaabf1ff1ea9354d9d78e68a48132022e45cd21ae4094b17a29b746ec5f93c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 a3484bed6e5fd59d863380552412d8d0
SHA1 7a64d897f8f32cc6ea881fd849af007375e7e687
SHA256 6dcdf5c0f0f852dc09badb60c8609f72ac150731658f4c349b7c62f54cf8ffd6
SHA512 0a3d37f03c5b627088e8ddf3f54fe4994b05e34fcce9ffe089bd1913884c9607441c34d15ad22686a6b1aaa76c1ea9cf8575c760633700a0f0e9c7e4b5dbce20

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5T0U3BIO\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral24

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win7-20231020-en

Max time kernel

148s

Max time network

152s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406074714" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000efee191c820df7499e31472656722fd500000000020000000000106600000001000020000000062aaae55265f1b53bb5fe156ca5fc6bba3abb1fa45995a2b93ececcaa92c705000000000e8000000002000020000000bfd52c0588cd663b38181999290074e54cffc275af2ae5d9d6f6c239835ba3bc200000005c37340dbd3576ce2eca0759c071a368b9dcf42cbdc0f382055d4b56810f2c6240000000cb90ce36d9d6731bea0b4d34ffb562cafa64b22f2f2ad21909915746d8b21984a92c14607b28c06a1689bfb80a5c46a984bb4838817b799a6a0a956a13e5d221 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000efee191c820df7499e31472656722fd5000000000200000000001066000000010000200000004dfdec9b7c17ab4e4e77c7d22c1fe1f814003f49cf700591c0421fd98ca4ab75000000000e8000000002000020000000d4b36e3ffa29e86c5649f63169c9f13af403860a2280fe57c34892fbc0d4ed9090000000fae8732e78dbf0a6e77af8cee29b3048013c9ad8fd124fead47db0fed59a186e8adc5a77e63d5580f51fdeecdeb49334bd58b85aae9de8e87982c37e47da310364f6fa966248eaef52aa183f982b779f3b36f98c4d417dee71a7214e537cb58bfc4e257004e1050ce87dfef78cdc6432d532f4ecdb6a1a3ba5ab6f5deaf839439eb67762c5272d529d70af7c41c4baf4400000005ac1df5b5aa2bd4aa83b818615dd8c6ed326457f356ff8dd9f5f103e0692e3ef2f325bf7ea7f90068f66acf47b1571cf67d0c49189d7ffa0655f8706b4846ebc C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b08f88e17c16da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0C4FCB01-8270-11EE-95DB-C2FF944EDF5F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1668 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab54F4.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar55C4.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b54e0fe4985f44a0604991e875baa78
SHA1 3e71e1708ae11fbc4fa033a02d2b4b45acf7bc26
SHA256 aa69280db60895e6e1dd63c6be6c15b97499060c353616b2dc361d5996b01d73
SHA512 073955d4ccf83962a58a446f53a2280db80bc5a27f28bab0a85f7a8b3ea1f4d32053f953c7584bd50999aeae739250d312c0a015978170cb472d50d1abd2b295

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b11115fab99ce765fb0c1d9f52500ab
SHA1 3964b365763c7ec7585f259a60b8583001b019a1
SHA256 7c1b588e597e8e2c94bb8a27ae9badebb4b85af52838c4d1bba6175b64e611bf
SHA512 323604a9fd26173278844cb88adadf31cdb74f1642431c436837d61850a2f294ac35eb5cfa06509061a2c44999aae18259ba87df82c42b757e7cf422a7784140

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07e61ca1cc914b828ffc040e2f03ecdb
SHA1 c09bf8a6ed65b9add1c7a1c5dc5f9d10b3eef0c9
SHA256 2602a675c1de67bbc24cab39cde5ea13d5fc744c3b301d0c5bff7b6777e9f363
SHA512 9c680875beca9d271711be68e2eada8a0c206dadd9d0b84ebf720b4d1d5b8ba479dabe8b38b82cf936c0160d737114b7f165a71090ff9711b94d5797741dab14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f703ffd502fc795c0b6ceec588b51447
SHA1 6adc56414f499dd0d5c9297fa43d8b91f8357006
SHA256 d314994b02ec43c60fe257e89952c9b0ddc344cd529bfc6dd2d8c47eaa789b65
SHA512 fd36f935df0b21e2baccc479506cae5ff93d02acf88906672594b0cc0af8692187efd3722b5c41ce2288cef747d1dd6c05cd167c8058e9713d4302fe7d210ad6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48fc9476cf9a684d71acff8f1da1ebcb
SHA1 db708b2cd79e07d99b7c6c0508cbd60e7a64472d
SHA256 273a57855023fe526bb6463cbbdca0dad83bad24dc7d7f6664f6b835e59d4a74
SHA512 42c1049d5577f10dea0ba5eb7a7c5afd21a19a287a08f51a127f5391c002e599510a1c0afd6780d132ed925fb72e908608c7e1a6d56eeb106a1bbfcd0387be75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94d6a642cb9af3280276077f77132de2
SHA1 3b247c85c38e9c6746effe87a924d2c1fa78a7c7
SHA256 5d60062cee3cf317ae7937f76e5e88674f8b2d6b0c80c871ceda8e6457f381e5
SHA512 091ac0309f126e052dd0ec9ee13e1a0ba0d68ef8136a6e19b3f08fbf91ebae2262128f66b78806596d42d1b7e6ecdb76ef98eba417fe791fc35bfafdc9a0d8ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d041906d87860844a379fd9a79594c07
SHA1 c30de3be46b9ba8df3da005394ed59a0243ce0e0
SHA256 0f51946e75b7ea0866541dfdad63437366eadce68276e72efa808dcabc439f8d
SHA512 9eb19cfc35df9f04f82e4ebc99e2315d94843cf554382a7e478a5377eca1e610f7876981728b578f61cf028897508f691657c49d9c6883ffc942696fcd6cac9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3d67f1af7ef5a80117992133b83da81
SHA1 093b4de6f9d3604c09126ba222651e632109ee8c
SHA256 bd10904d651fe93dbdfb35e4439aa57c920963fc5a35b449d6ffc41ce547de89
SHA512 79a1f83cdb60502fc3fdbe1bef799dc640590cf1dc390fb1a4a94018619f2841413e3b3bb195eeca7cbe1eca29b8010289af7b0c435b7b83cd23871133fdf685

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2793da7c3f4063991be7e6ef680b2b58
SHA1 7845ef870aee6daff9b07020425417ffe9544d41
SHA256 ea1de2a1736c930c14d3cd11ed3aceaf06f1f64b571430cd523b81cd8702a7d7
SHA512 89fad181846736be9312cfd6731ac2f2f545b0cb316e8d4bb24014b56d54bab661d10f7815d0af847ffd90dc6d474d3d29931a4713035bdc5ade6d5826d15f8e

Analysis: behavioral28

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win7-20231023-en

Max time kernel

122s

Max time network

130s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\jquery-resizable.min.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\jquery-resizable.min.js

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:03

Platform

android-x64-arm64-20231023-en

Max time kernel

3400894s

Max time network

171s

Command Line

impact.flight.hobby

Signatures

Alienbot

banker trojan infostealer alienbot

Cerberus

banker trojan infostealer evasion rat cerberus

Cerberus payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Removes its main activity from the application launcher

stealth trojan
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json N/A N/A
N/A /data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Processes

impact.flight.hobby

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 jsonplaceholder.typicode.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 heycock333.com udp
US 1.1.1.1:53 nbrlan444.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 chubmwc udp
US 1.1.1.1:53 ykaltpeubca udp
US 1.1.1.1:53 navrkzuypzzkh udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
NL 142.251.39.109:443 accounts.google.com tcp
US 1.1.1.1:53 navrkzuypzzkh udp
NL 142.250.179.142:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.138:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 update.googleapis.com udp
NL 142.251.39.99:443 update.googleapis.com tcp
US 1.1.1.1:53 edgedl.me.gvt1.com udp
US 1.1.1.1:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.250.179.130:443 tcp
NL 142.251.39.102:443 tcp
NL 142.250.179.130:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 android.apis.google.com udp

Files

/data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json

MD5 5627f76b92fda448488b6f9fb167b835
SHA1 74f541fa5e1d426f3bb82454334f00d34f7f95c6
SHA256 197f023072033f2788068cdd4499d32177d57b88c6f8b925c5bdd64fba34220a
SHA512 d5fc43137dbeb77a65b67d39cd4268d56b8c91f2c9973c796aeea04c627368919481669728b859741ac7af1776bc34ccf9bf153a1abe047f6a8e6dbb24060c2a

/data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json

MD5 85dbcb13f7578dc1ffc8295208846f14
SHA1 19923aaa392d629af94889b6e8538086716f97dd
SHA256 24f996feac74ebaa2f9467af2b32e713388d1a6a28419300d6b6a07d66854dfe
SHA512 42b6efd59263f7bc5e52ee32b333e05179d099691fb6fc9fae85fada132ac24a4450f33057abaa5e68fc7f9a5a5f96df8621705858fb029cf6fca2692d0a7bf8

/data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json

MD5 85dbcb13f7578dc1ffc8295208846f14
SHA1 19923aaa392d629af94889b6e8538086716f97dd
SHA256 24f996feac74ebaa2f9467af2b32e713388d1a6a28419300d6b6a07d66854dfe
SHA512 42b6efd59263f7bc5e52ee32b333e05179d099691fb6fc9fae85fada132ac24a4450f33057abaa5e68fc7f9a5a5f96df8621705858fb029cf6fca2692d0a7bf8

/data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json

MD5 85dbcb13f7578dc1ffc8295208846f14
SHA1 19923aaa392d629af94889b6e8538086716f97dd
SHA256 24f996feac74ebaa2f9467af2b32e713388d1a6a28419300d6b6a07d66854dfe
SHA512 42b6efd59263f7bc5e52ee32b333e05179d099691fb6fc9fae85fada132ac24a4450f33057abaa5e68fc7f9a5a5f96df8621705858fb029cf6fca2692d0a7bf8

/data/user/0/impact.flight.hobby/app_DynamicOptDex/oat/kmjXC.json.cur.prof

MD5 20c3688b0bc0dde53c677fec02f95dff
SHA1 6601f98d47016d569eaa2d2cfb166064c1ddd694
SHA256 fe1ee68d4439c6ea8c4fcd838237c0b6d527045366cfd866bbfdd735dd29dbc3
SHA512 492a34872a901e702fdec19762d01a4934732ad6a8066988bc1f7177e3ea4ff561561fc478db5f2fb3034cfabf445c58be3963733a31c88794aa1e5de7f2e464

Analysis: behavioral14

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win7-20231023-en

Max time kernel

117s

Max time network

121s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\aps-mraid.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\aps-mraid.js

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win10v2004-20231025-en

Max time kernel

147s

Max time network

156s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\home.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069820" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c673c30fa5e1df4483894e0a711271f900000000020000000000106600000001000020000000f9d26fe9bf7ecc2cc45d6dbe7e8105850ee102fc10aa7191a3d508f03f1e79af000000000e8000000002000020000000580f42b2005016c626eafcd9cfae4af81dab4c1858db70da8494cc5c4f7f1388200000000e9fea90c80341d4a3fdd397b1839809d1b2647dcb799fc103dfa3d56193796e40000000c3dd01c26fd500c1ca664c4fd26ef7713bf4115f27baf145031be45b9b722e95f7755cc20b926aec9cb81c02b6329468349e01fbb167e3527c93023dee731a1b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{0A4AEA8C-8270-11EE-8286-5AE36CBDF9E4} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3753649786" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b04b46e07c16da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31069820" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3735993656" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069820" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 100825e07c16da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406677797" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3735993656" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c673c30fa5e1df4483894e0a711271f9000000000200000000001066000000010000200000006684f6c813dcd1353385637265c89bcdf4840ab835de5893fb547630520ffbf2000000000e8000000002000020000000cc47523387757ee71b21eaf273553e14f904d808e44be48befc3dd75b8d9fab1200000008f114a9cd1f08cad0f570ce3c7642b2c1255869d90c587f29d1dc707c1bbf844400000000f312c270ca3f8630acb5425ee5b531244e0ee401c00d9069cd0e261d625f139ea6c3f2320b8d05f998eb3c8e5b7e21e54c5558ec8acf48d4bba693a8d189fe8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\home.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5060 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 0.242.79.178.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 192.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 66.112.168.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BRUT4RU0\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral29

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win10v2004-20231020-en

Max time kernel

130s

Max time network

136s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\jquery-resizable.min.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\jquery-resizable.min.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 254.109.26.67.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 254.43.238.8.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 8.144.221.88.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:03

Platform

win10v2004-20231020-en

Max time kernel

141s

Max time network

149s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\jsbridge.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\jsbridge.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 254.109.26.67.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 192.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 254.20.238.8.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 11.73.50.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

android-x86-arm-20231023-en

Max time kernel

3400876s

Max time network

150s

Command Line

impact.flight.hobby

Signatures

Alienbot

banker trojan infostealer alienbot

Cerberus

banker trojan infostealer evasion rat cerberus

Cerberus payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Removes its main activity from the application launcher

stealth trojan
Description Indicator Process Target
N/A N/A N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json N/A N/A
N/A /data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json N/A N/A
N/A /data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json N/A N/A

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Removes a system notification.

evasion
Description Indicator Process Target
Framework service call android.app.INotificationManager.cancelNotificationWithTag N/A N/A

Processes

impact.flight.hobby

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/impact.flight.hobby/app_DynamicOptDex/oat/x86/kmjXC.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 jsonplaceholder.typicode.com udp
US 172.64.133.18:443 jsonplaceholder.typicode.com tcp
NL 216.58.214.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.251.36.14:443 android.apis.google.com tcp
US 1.1.1.1:53 heycock333.com udp
US 1.1.1.1:53 nbrlan444.com udp
GB 216.58.208.106:443 tcp

Files

/data/data/impact.flight.hobby/app_DynamicOptDex/kmjXC.json

MD5 5627f76b92fda448488b6f9fb167b835
SHA1 74f541fa5e1d426f3bb82454334f00d34f7f95c6
SHA256 197f023072033f2788068cdd4499d32177d57b88c6f8b925c5bdd64fba34220a
SHA512 d5fc43137dbeb77a65b67d39cd4268d56b8c91f2c9973c796aeea04c627368919481669728b859741ac7af1776bc34ccf9bf153a1abe047f6a8e6dbb24060c2a

/data/data/impact.flight.hobby/app_DynamicOptDex/kmjXC.json

MD5 85dbcb13f7578dc1ffc8295208846f14
SHA1 19923aaa392d629af94889b6e8538086716f97dd
SHA256 24f996feac74ebaa2f9467af2b32e713388d1a6a28419300d6b6a07d66854dfe
SHA512 42b6efd59263f7bc5e52ee32b333e05179d099691fb6fc9fae85fada132ac24a4450f33057abaa5e68fc7f9a5a5f96df8621705858fb029cf6fca2692d0a7bf8

/data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json

MD5 85dbcb13f7578dc1ffc8295208846f14
SHA1 19923aaa392d629af94889b6e8538086716f97dd
SHA256 24f996feac74ebaa2f9467af2b32e713388d1a6a28419300d6b6a07d66854dfe
SHA512 42b6efd59263f7bc5e52ee32b333e05179d099691fb6fc9fae85fada132ac24a4450f33057abaa5e68fc7f9a5a5f96df8621705858fb029cf6fca2692d0a7bf8

/data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json

MD5 85dbcb13f7578dc1ffc8295208846f14
SHA1 19923aaa392d629af94889b6e8538086716f97dd
SHA256 24f996feac74ebaa2f9467af2b32e713388d1a6a28419300d6b6a07d66854dfe
SHA512 42b6efd59263f7bc5e52ee32b333e05179d099691fb6fc9fae85fada132ac24a4450f33057abaa5e68fc7f9a5a5f96df8621705858fb029cf6fca2692d0a7bf8

/data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json

MD5 8da2c05151a7f880cad3ae35e6203ec9
SHA1 eca76ce37583f1482287eff5b47eb335d833e2e7
SHA256 a56624379337f865467871c79e398ee067ec64032c4e377e1c4b8f3a484b7f2b
SHA512 faae5e9c4cbfc6775b013ea2effb94ed3c15e2f0d126babd3d74edf526cc63b5980e499ac66ad0d6e7fe47defc10b84d026348cf56a4fbffeca343c3773586d3

/data/data/impact.flight.hobby/app_DynamicOptDex/oat/kmjXC.json.cur.prof

MD5 389860e589de3767aa2bbc35c1688625
SHA1 b1b0b75352bac49c60be31f73ee56bbe2f03b9c5
SHA256 39faa2ac05ef2a68d36bb4cedb2e951cfed686a7c097da66f5194a57324c921c
SHA512 14f4835f6ce5bc14ca855961a2d8c79dc062c55c443ff5042602e5d4d879d7a60f45c6a2ff78f70fbd799a9ac062272c036975d171d037599810f07c51a70011

Analysis: behavioral2

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:03

Platform

android-x64-20231023.1-en

Max time kernel

3400896s

Max time network

132s

Command Line

impact.flight.hobby

Signatures

Alienbot

banker trojan infostealer alienbot

Cerberus

banker trojan infostealer evasion rat cerberus

Cerberus payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Makes use of the framework's Accessibility service.

Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Removes its main activity from the application launcher

stealth trojan
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json N/A N/A
N/A /data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json N/A N/A

Processes

impact.flight.hobby

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

getprop ro.miui.ui.version.name

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 142.250.179.174:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
DE 172.217.23.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 jsonplaceholder.typicode.com udp
US 172.64.132.18:443 jsonplaceholder.typicode.com tcp
US 1.1.1.1:53 heycock333.com udp
US 1.1.1.1:53 heycock333.com udp
US 1.1.1.1:53 nbrlan444.com udp
US 1.1.1.1:53 heycock333.com udp
US 1.1.1.1:53 heycock333.com udp

Files

/data/data/impact.flight.hobby/app_DynamicOptDex/kmjXC.json

MD5 5627f76b92fda448488b6f9fb167b835
SHA1 74f541fa5e1d426f3bb82454334f00d34f7f95c6
SHA256 197f023072033f2788068cdd4499d32177d57b88c6f8b925c5bdd64fba34220a
SHA512 d5fc43137dbeb77a65b67d39cd4268d56b8c91f2c9973c796aeea04c627368919481669728b859741ac7af1776bc34ccf9bf153a1abe047f6a8e6dbb24060c2a

/data/data/impact.flight.hobby/app_DynamicOptDex/kmjXC.json

MD5 85dbcb13f7578dc1ffc8295208846f14
SHA1 19923aaa392d629af94889b6e8538086716f97dd
SHA256 24f996feac74ebaa2f9467af2b32e713388d1a6a28419300d6b6a07d66854dfe
SHA512 42b6efd59263f7bc5e52ee32b333e05179d099691fb6fc9fae85fada132ac24a4450f33057abaa5e68fc7f9a5a5f96df8621705858fb029cf6fca2692d0a7bf8

/data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json

MD5 85dbcb13f7578dc1ffc8295208846f14
SHA1 19923aaa392d629af94889b6e8538086716f97dd
SHA256 24f996feac74ebaa2f9467af2b32e713388d1a6a28419300d6b6a07d66854dfe
SHA512 42b6efd59263f7bc5e52ee32b333e05179d099691fb6fc9fae85fada132ac24a4450f33057abaa5e68fc7f9a5a5f96df8621705858fb029cf6fca2692d0a7bf8

/data/user/0/impact.flight.hobby/app_DynamicOptDex/kmjXC.json

MD5 85dbcb13f7578dc1ffc8295208846f14
SHA1 19923aaa392d629af94889b6e8538086716f97dd
SHA256 24f996feac74ebaa2f9467af2b32e713388d1a6a28419300d6b6a07d66854dfe
SHA512 42b6efd59263f7bc5e52ee32b333e05179d099691fb6fc9fae85fada132ac24a4450f33057abaa5e68fc7f9a5a5f96df8621705858fb029cf6fca2692d0a7bf8

/data/data/impact.flight.hobby/app_DynamicOptDex/oat/kmjXC.json.cur.prof

MD5 54537637c820621e43448e33c2555937
SHA1 7785895e1dcb845e181aea568f9afe0e50ff22be
SHA256 e9893251707ff4e2d7658013e894b65a969b9bbd7ed6649ea7a444e26d7051d2
SHA512 8018fb4fdfa5d0c73301775c5a175b2b116bc0b09ac3891de9b871a578a68e4fa3f57eb2a185140a0cc54c0317dcc723b0c25243de9418e1c6085da2985a54e5

Analysis: behavioral13

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:03

Platform

win10v2004-20231020-en

Max time kernel

143s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\app_get_version.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406677804" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{0DB8266F-8270-11EE-BDA1-4A0B0C201FB9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3795221688" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069820" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003b97c1da6bd61743bfb3911f85184de200000000020000000000106600000001000020000000124edb573a241c15d963ba36910d09cfeb972025b2344ed33707e253143f1121000000000e8000000002000020000000d14cf49ac67376e0417b0e9a6e68433a77ebfe0fd3bb50fa791082a77110e78920000000ff307607ee035ff5a4f8455cf9884ce208e06f390bd36b95203a08e92fa882574000000057b3fd34ddb55a6a1b571879a25af4f1561dccf12bbecfbde3004db7ed6580e346b4aea1ae1f9cf0e5b169d5802e5845a15b1f038bfee97ebab28fc14f4fc1f9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 903487e57c16da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069820" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a00880e57c16da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3821002992" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003b97c1da6bd61743bfb3911f85184de200000000020000000000106600000001000020000000ce129caaedf6f8c9ad08761a18ceb38138cff22c6c4882321b0e9d22e1e04f1a000000000e8000000002000020000000380e24c4b1385bcff5d73a013ad707b18f8160fc8f2df9b390d1536c9c073140200000007cd4bc28c0bb03f6c41af161ebed00e7e98ecead2e09cfcf79ac5b2a70afc267400000004f24db72fdc264b4853428e20756c6d31907599a091d8fb7f5ea30723cb19e017d8f6b4e077318d3b722bbb0e59910d2740c6bb40d6cf031039525d6db56d0e4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31069820" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3795221688" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\app_get_version.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3252 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 254.109.26.67.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 218.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 16.144.221.88.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 52.111.227.13:443 tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XQJAPFBD\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral32

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:00

Platform

ubuntu1804-amd64-20231026-en

Max time kernel

7s

Max time network

12s

Command Line

[/tmp/libwbsafeedit_64]

Signatures

N/A

Processes

/tmp/libwbsafeedit_64

[/tmp/libwbsafeedit_64]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.194.49:443 tcp
US 151.101.129.91:443 tcp
NL 143.244.42.32:443 tcp
US 1.1.1.1:53 cdn.fwupd.org udp
US 1.1.1.1:53 cdn.fwupd.org udp
US 151.101.194.49:443 cdn.fwupd.org tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.129.91:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
NL 195.181.172.26:443 1527653184.rsc.cdn77.org tcp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win7-20231023-en

Max time kernel

118s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\jquery-history.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\jquery-history.js

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win10v2004-20231023-en

Max time kernel

145s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\about1d.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{096D4EA5-8270-11EE-BEE0-FAE8F9EED004} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3723407865" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abe4f06573e2f04c9485dceedf57e48200000000020000000000106600000001000020000000d9e88687ceb1c3e4de61ebfa0226c3dadb53b029ba01229c6088c65a79b67493000000000e800000000200002000000063f998583ff01c9d103fe7098a014f6443271874131329568dd5a348220b77f020000000aa61003bad329e8be843159a052c7ed7bc4f66993960cf69225f559281775fa840000000e4f00dd947b46f3541a813b23d99ba729d939a8998f566de020da3b8406324130f9567222fd658749218ce5d110a875704ee4ebabe72ea203e585cc2441b9533 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069820" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abe4f06573e2f04c9485dceedf57e48200000000020000000000106600000001000020000000aa8e8813c2186435b42ccce33b2ba101ee4f1d09aa60c98a66397440062b5033000000000e8000000002000020000000235519692a823c7a2cdd10bf68fdf538c27d3f53961c62bc26d0c12b3fbcc55820000000cea741f83202434a2ae4e1ad759db317b75c8c54a2507fc81ded11cc6537825a40000000166141d109ce952901ccde0420b98d60bc7e152fa7986d9e693e94126be1039552faa78e901d93113474342ffda893509a48941c42c7c94b0d27fb0b697f985d C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406677796" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3723407865" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31069820" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069820" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3742314228" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f056f6df7c16da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0240ee07c16da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\about1d.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:17410 /prefetch:2

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 8.144.221.88.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 135.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 218.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 32.144.221.88.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 128.242.79.178.in-addr.arpa udp
US 8.8.8.8:53 58.144.221.88.in-addr.arpa udp
US 8.8.8.8:53 16.144.221.88.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X8T7NIZL\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

memory/776-16-0x000001EC86790000-0x000001EC867A0000-memory.dmp

memory/776-32-0x000001EC86890000-0x000001EC868A0000-memory.dmp

memory/776-48-0x000001EC8EE80000-0x000001EC8EE81000-memory.dmp

memory/776-49-0x000001EC8EEA0000-0x000001EC8EEA1000-memory.dmp

memory/776-50-0x000001EC8EEA0000-0x000001EC8EEA1000-memory.dmp

memory/776-51-0x000001EC8EEA0000-0x000001EC8EEA1000-memory.dmp

memory/776-52-0x000001EC8EEA0000-0x000001EC8EEA1000-memory.dmp

memory/776-53-0x000001EC8EEA0000-0x000001EC8EEA1000-memory.dmp

memory/776-54-0x000001EC8EEA0000-0x000001EC8EEA1000-memory.dmp

memory/776-55-0x000001EC8EEA0000-0x000001EC8EEA1000-memory.dmp

memory/776-56-0x000001EC8EEA0000-0x000001EC8EEA1000-memory.dmp

memory/776-57-0x000001EC8EEA0000-0x000001EC8EEA1000-memory.dmp

memory/776-58-0x000001EC8EEA0000-0x000001EC8EEA1000-memory.dmp

memory/776-59-0x000001EC8EAD0000-0x000001EC8EAD1000-memory.dmp

memory/776-60-0x000001EC8EAC0000-0x000001EC8EAC1000-memory.dmp

memory/776-62-0x000001EC8EAD0000-0x000001EC8EAD1000-memory.dmp

memory/776-65-0x000001EC8EAC0000-0x000001EC8EAC1000-memory.dmp

memory/776-68-0x000001EC8EA00000-0x000001EC8EA01000-memory.dmp

memory/776-80-0x000001EC8EC00000-0x000001EC8EC01000-memory.dmp

memory/776-82-0x000001EC8EC10000-0x000001EC8EC11000-memory.dmp

memory/776-83-0x000001EC8EC10000-0x000001EC8EC11000-memory.dmp

memory/776-84-0x000001EC8ED20000-0x000001EC8ED21000-memory.dmp

Analysis: behavioral6

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win7-20231020-en

Max time kernel

134s

Max time network

132s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\about2d.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e01bb8dc7c16da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{07C61491-8270-11EE-B9C1-CA9958541264} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009159649b912a9140bf53d83809c5b2ac00000000020000000000106600000001000020000000132c34d8dc74ee154347b00c70858c4d8d4e97d92f7496efbe9ed38e6c9a5cdd000000000e80000000020000200000003ff8ba90388937cce18f48fad581f4b98c699f6f93d9171066cf28257864f25d90000000cb1a0ba0159bf55df6f7f9db2d9594db3b2d8d53a9396ade1694601b942e844f97d65e5cf07a85f722fbad5b066fda7f6312141679cb671ec2098bdf01c2dd0ce38fd95a56b2948c29c00e9644e844f4e1b71224416a3d7d1a654b8f908f438ab922fa4bfab29113b8f88d0772e9429c8a5155a42880c43d52b177400770d9a41849915cba02d3e9adfcaf8c8efc26be40000000dc7881bfeeccb5978975bc93c26d92e8ce11963531acea7dd03f7898aedfb422d64d938d2cce232bfe50536419db3b54ea88b579819e6a2423333e50ac95ccac C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009159649b912a9140bf53d83809c5b2ac00000000020000000000106600000001000020000000384cb7e31e4e09b4913bb3806542efa3adf3716e353f495bf01a3cf560fe867a000000000e800000000200002000000084fb697086b07d2343f454d361aba4ace5e215dc47db445236b74e31d79f9e8c200000001b9071d2f2a15773cdc97f3687319a1b4452dbe989058c9144e62ebf25d8d3f840000000492e98bb07dd5472f21c971db6a5b58975bffc4b9cdaa1d322cb2b5ba7d3c96e9a22d64d99edb21459460617067ee953ad54a4286cc928695ad57cced3a6d59f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406074686" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\about2d.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1988 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabADB0.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarAE3F.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5315d7ed2d097a124a06b5e9376e3afb
SHA1 6b82a71ea612adcdae75f5f22bdd7d1af9d6d25c
SHA256 07d10cc9202554c89038832eeb32d3f0d19e43e54edf5bccab6dc49a9034f3c3
SHA512 60ae0b99835e93cfd60962c6a9c18e08228b67561d3c4a2d9aafd53264472995c38bf2fb20000ecb31b91b074f40241122b01eceaed4c0f69df30b70ccf31770

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b20e7c6d24e6c01f58487681a1dd8f9
SHA1 d0927ba558ad3c38815e8e7e80aa2b135bcbb896
SHA256 9655789282f86bb3612122860297fb3c30a6063cd7bf1b349caaa0f42cb690d1
SHA512 9082d4710e3fc87f8f2212eed4d1b19f0bb983f729f40f248f43c3764b4cd44a7ae5b5baf950dc34e9fdae88fac195432dc15e0c506880b39757c6c6fae6c2e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 668ecb03840ac2a348e8e20d979a372d
SHA1 1ba6cef8235d28c2110237fcbd2373e5045102b0
SHA256 da80899af9c02d5cee8f7c94a1d9942775eb8e1f24e379bf7b0891bc1d76eb5d
SHA512 52e9ec3318c827af0e6d9e3b72a5f48f30099c8099c5a503b3dd4e89aa137a142f3be087039af3911667b243f1dbd012f31e76910f77418fea018b0615bdd1ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2799ed2dcdd2837a8494c8da15c67d89
SHA1 4ab3357436d957a3367fe03471ee7b608770872b
SHA256 78457d91714e2fb21fc1312c226ff6327b79aad6df983b735f85ae178e32d1fa
SHA512 86dfe551a29a38bb5a7cd47d2b6e0ef1be1a5b1f4110438db38c960ecb7626e4ce01ccf48a0422c7b46af8158f1969b3e06c1209e87a2c9b3fd3cfe74d09d98d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a80dee3f8d36d867a00e7380fd15103
SHA1 0678f44f6a6810614b9cfc26be6d71060f69f558
SHA256 911823213255bb6fc18c13505cbd225fa56be6d09c4dc4f75c275740ede0a1fb
SHA512 531cfeb2ae6a2853153d92091ab397c82d42021af196f110885e63acbb38fcd1300a0f6073fcefeef8fd9d639d2cac2d52f41183fffd503ac1261871b22a5c4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b716a976af3e75fd0cc2f96e174090e
SHA1 9d499463b7140c1595d89b12adccb58cb10b266b
SHA256 afe413c2a184fcc77636282007e4af04020dfaae51bf6d9ce76ee6f8df9aeccf
SHA512 e28e3a7922e5e1e45a5df4a799d3578c595b2bc03beb2fa88acd6c9689b7473c1afdc11c2157480ee8a7c7cabf09f20e365e494e5f1ceda27bf811b6182083cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9af24a8db3ddebd3b232266323cf8320
SHA1 de5166f5ef53ac640157710a5e2a5c54332addaf
SHA256 a8640289eeb7d31ce23b50011c9fe940f9cc9078096c495eb02cceaf76a7a70c
SHA512 60a4d9a1573d7297489b236f1c844d330c64d5d4b294af36c242d5127fcd680382d06f1ce6ad0c8c4e18a9d4f07ad84314f3799979427dc2396a9fe279c48f4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec537a8481efb343b9dc08a600c79958
SHA1 2e8e1cf0c8569930e87b71d37307aea63ec14fd7
SHA256 163b45b8cb7a29e13b88d45dab087a9b7c4a8744a5c68e0c6cfc063eb7f00385
SHA512 90096633d0a42a4c9741693523fa935258730a4455d6066232e819a9d7fd29df6966c47eec28914f44e38d4babde8214be46913f2b7b40420efcb4953af928df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 545093f4c23cafc80d6a7239c15afd69
SHA1 b2eaacb2c9c917ce7b5760aba15debc39de2da7e
SHA256 0e3e70babd3cc68cd418e8e71826c695c1eda8b74e20113f350a5b343df6ddd2
SHA512 e3c17be866a3a0f4871c93c2d9e1a50c180f75d6573b99fb4b08517288ccfd32327d1c79247fdea23b92c36c6604d39d6c48cd42f82bca73e3664c30b9881567

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9030930433883759564e6807803c17a7
SHA1 d4e606c7aec195aa336f48f1f16969d324dbb57a
SHA256 d605ccdd61ceca25985febab618f26c9934ccabf624ef1df2d4d6afe7b073e2b
SHA512 fd86c381d76e9d28749fc7cab96d06a3c4cac98953e3fca0cc4ad9173a5858093cb9d0f184567bc8b9d88783aeb21a2ddbe2752d5462e5c85b1d9366c94c7719

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82f432d79bd6867cbf01de6855b67654
SHA1 4144b409bc53fe8b2e2c1fc34725f72f11cd6125
SHA256 7647f55940d5dc6a6b6a0ab22b6aeb3dddbf2e77f6ed87f4d7ed8a2a25305578
SHA512 8afb96aaf20a3ef36b8aeef966348210843701286583e30d402b95ba3f1bd6732783640b1be370c6d01e6489d74e2181e688fd61c9c92592eb991983c72abab1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8baa1782bc2433034aca545e27f78e94
SHA1 9cbb8de43134b2e6fcb4206b6511875f7f546cd4
SHA256 147b5c2d4d2ab92d138ed704df95f725804a047a35e238aa25c154971d6c3531
SHA512 b8ef870eedbc1583eb9596a2756f4dc28fdf23d1160428b0e4db6dd405cccb6e147edb722a08375d35606bc551d9bbaf6c4e4a53258e71f8633af34678f9f140

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d72596359f614c89280f820383feaa48
SHA1 7c99c7bcb4eabe938af995d3d7299796853c4529
SHA256 f941da7889381e5270f256d8ebacdf5c9d76b1f6585cfc5122300feb207500ca
SHA512 bc74a59f5f9e1da7252f254113ded7bf1f0e082ea050c87b49406654f41cce66e0cb4a2ef6aa0198a32d8cd8f1f5bb8ea19d510f8351be5f8afcd6e28b664ac6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77e38b268f48334f48e8be6868e290cd
SHA1 fd43878cab616fe9f32322989e4c4f0788d8ff83
SHA256 2515820be5d80a799b71c19539c00334832de7cf8db7fb855eff34cf2aeb9cfc
SHA512 ce1d05e17752981130039a5b5f168237b271538c3f0d078709a5283389739b965119f100e17d2f708a72ac15ef343a874fa38b86d8873c87e73b4e32d8f6015f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf1e2848bf5fca2c513899e616a398ad
SHA1 26d99d5c0cdd0145d2598ec4ef54aa15b76be811
SHA256 57a810ab2ea9c8d37ac576f1aa1bc50f0b32b87b62e7aecda296531f3ad7b7bf
SHA512 70de7525fe67faaf18f6f0f090013ae8d38aa27394b1b0c1e1c3d5bc0903da86b7ec954436211650618ecd8216db85c9c697420df74a60b6c68a17673d970220

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cf3419c13e2d39ce17a97e0f2f54f52
SHA1 9787637b73c2f42958414f4f194512fbc72ee871
SHA256 920e1cd9b6234d7347da142cf3eeb4e6e75205e67c3f63afbae78785ebd7fb84
SHA512 04a3d1e56aff590f4460b352a8118defeaea7717a9caaba6c4b554d65e1b4ac6376c433624fd5f1f1c97e0841eb4489f00304e3f45c5cc1b734580a22f2c4b03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1048bf7da5cc879e394862ea904de1f
SHA1 2b0dc0cb5491600e9d0d43b693c161c9fc772288
SHA256 bd348c9f836524e062370272ea70792c72e8077d172c2476b98feb63e1fbace9
SHA512 0573f7e4b6572c580e4240a3a97fe05a05fef476c6e9c25e73b83850e8ebd68e5da3417668bf9178a62cc41c83f05060445702540a59338b4e6830409a3e0c94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 457621a5dd795f6dd86ae147c6739397
SHA1 e23a656a0bd7aec5f893c8bbfc2114e231491854
SHA256 d847a34fa0a3167793b1fa34bbf4f4180d98b50cdbc6aaf0370f5cef7d6664d0
SHA512 43b3fbc0960ecc28f749d4dcd8a3692770421bedd3f6fa23d94443745437bcd7e9e97dc6e3e9eea16081cf8c3054cb20c40a53ccfe79c145761de24b3bdf1280

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2d1a754f6bd2c7ed727659ba676e0ec
SHA1 ff0f7bd1782a30c253dd68dd856959b507be62f0
SHA256 768ee72841150b3b4fb97757540f489bfb0c8fcfc51c03a440a8b67ec8aacb85
SHA512 12509b930521ba2c07f42d1d599307653715db742284c2b359462427e3954f630ca4dbcf5ee561b84259e5c94bc8da283c6658fd401f9d8c729b5e4f10e0e274

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f858c88c1f338a82ee229ae0239c14d
SHA1 4bf31b3bcdeecf9812cfa1ea7c1c2525b4b51439
SHA256 cf86e6ed86984f3691975d6863e587f2e9aae1ccf7373cf070a5fed1a6f2e085
SHA512 0005b7514fddbab5e10e6e2bd83f5fa696220742a27b133e57477ddfed9a9df3e38cd0eb0e1a3545debf9a883232853a16772004bae4744c369ef96cc5fcd675

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f77e3504d3deff89756c18e71f7e7d06
SHA1 4f8e0e96d969cae7053ab2b70fce9d7ffe491e4c
SHA256 2270e83dbc354bb86a03955a82e84aeb8d95f7cd7f6f6424f75d789f0815fabb
SHA512 08df1a0a743155f03beef4a68a8d3051daea0263aa6ad5ae308549de7368f5e5afda58b5343e05b0dbbc4fd5f59ebfe600bb5a606a372c6c917f77d00d43efd6

Analysis: behavioral10

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win7-20231025-en

Max time kernel

136s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\app.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002e1e81ecbc95de49994f369c3e71718400000000020000000000106600000001000020000000bac6a6f298c306acbb79b0d89705f03369b8b7febd91a1d90e83bf987630885a000000000e8000000002000020000000a2e34eb1dfb00eb875282f4be75c9b004a1acac472caee4e3860cfde286fe38f20000000e970493a9b54645b5c49cf69062cfadc399a9ec707d9a1a0f3a6a8142049aa7940000000936b74068b7ca75603977f12ba564f4c8bba7f2b3e7a0b8b411b7f5cd62dd30af7fa9ac1418ff77d29ab384f57efa55d8f0df8608b5d3b3541ed2e4887fc3e5f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002e1e81ecbc95de49994f369c3e717184000000000200000000001066000000010000200000002d01026346994154ab7c16468cb7386da2105aec3f148773bd2776288f19f1ab000000000e80000000020000200000007a1e3f418efe8f1f9470aa0f902e71f520e36eec0d710ab38fb9ac3cecc8bfe290000000c6a2640406296f76b1bd1ec2bef807161ff53f796f895326426fe0d1989bd4f1bdef8e2a44a22682f55d9563cbf2a62941d0192d8956bbf7121e55c763747b07a98d29c9285fbffd665db60f932959050a4ef0cf710513dc4a434e68f9f4f265015640e09ed0ab95756e40eb8344f98f7b15752bf69e916b9f2ef56b086a5e26f42afc0f61472207d8826f43836db7fd400000000a0d181fe776dee916f3c2a517c7782e53cb80c388ad089d2b441da7c2708fde703c7f38c58d5b0aff01a49d97137d2439178a705fae091d92b041d2e231c7ef C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406074686" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{079A5941-8270-11EE-BBB0-CA1D426CB735} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4087e2dc7c16da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\app.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1224 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab4D37.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar4D9A.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5aaf30dd5b01b850570b1d66a684cf5
SHA1 546e08942b96f3e1a47dfcd2ed6c4f4af614d02f
SHA256 ee2c831b2649303851e3ee15015eb186f3cc1a26f8e47e93c5b00f82af4a45ae
SHA512 5b2f91b4a4d50ada2ad95ee5e9a83f47c7266f86a66f2e6418bd841731349322930076ab1890080d9d957406b643850aeb9dbef49870f4a5904534e75cb322b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e41ec392b47bd620314a43b5cee217c5
SHA1 51c93c4789f9b8745afc9461d0b79886f36c7dbe
SHA256 09c2d3bc9796d0b2e495bd67ae29818788ec8a774356a3da13c662cd6171db55
SHA512 71aa7ed291c0c226ef79b4313d5ab094ca3997e888ca18a2aac937411f1ec6a3b77253f545c27693d763715a7dd2509cec0f86f6e85ea88986f56d00f8393b2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3884c77d7506531cebd17db1137641f9
SHA1 8490497ff10be4cfba08c7069f5a8906c2dc643c
SHA256 6a1a9191af636277d53db14c003602171fb23d8280b0f3e563ae830c136e7529
SHA512 c1448cadd336ee5d5610121bd4c007ec0e87bf43de4c3d2116f27c36ef82cea14a325c275019d3470c1c9ee76d8f62bf57533581ab548750dab5df6c096fb09d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a657d4262048811044762d33943136bd
SHA1 4dac90298b445b84a537a606af44932aad652b75
SHA256 5545ab66760c3d3fff66ac106625214070ddf314d9dbd799e2d02bd47da8bb2d
SHA512 1f73516aa78a6691a0c2e6d3b2a078f3c0f215629a1950bdccd529e0714c585f39194f5b36d7cd2918d87392fcb58e40d62e043afdade85b9ef8c0f3cdc87b49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b38e6fc230082b3647492badd431334f
SHA1 1c8be1639ae98b0024b3141a6fa198eba7e71641
SHA256 4d6a94d3483963ac4915e32dceeb6797214230ee74f8631f99ae116b3a3d60a9
SHA512 d40a7253a3aca8851d226dea7af0c390c12d6602944dbad0fd4bcd31b80ed87107122674e7003f61f7ac9a8ca6a11c8ea068dcdcaca162a083e89349e83b0d9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f25fd5ea3132048e89e6863503272bd
SHA1 c278148317dd986121739cae4aa7da3ff4700e59
SHA256 9cdb64e7d2d6d787efde9e8eb56b53c6483aa4ac39325ccdcefa5a3c153417a1
SHA512 32d7349785df1abd8e735d89ed58f8b1204b38a63f437a3a0d81c811bebc0762a14e71c8dd98ed1deffd802982bcd5b48ca0228ef93b1d90d260626db97fdbb9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b85bea9c80b4ba89f7794fe2133d9f6a
SHA1 176aa2468faa52020dff3999b359497e391ba310
SHA256 3f5aff94bfca0e9a94e697b92d02e53daabd718f559ee8dfc8212f78da33bfad
SHA512 d0a31f3506be5505d4c6894d100bda93111dc50151baf7a9347b877600b24fee70060b7c72df6900d6b7a77adfcb6838d8e3f80f68fa92fd47fd2a698deb1e3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 869ad5a09ea21abf47565ea236eb77da
SHA1 8ee3d3d5d4bf6b5f8d1b31ddc3f0fd55e7a15aa4
SHA256 eecd7fb2a7004984be039d48c4b01e3143193acc466a086e6b34f035fdb14a1d
SHA512 72b9ade3d43f71b48fb566597cd42bff243fb67ddb9090f5fe2e559989053abd32810142081f2b2b164f7da0c60adb79f2f1489e999e521ba0e731b2e236150a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b61d5a4b70cb67547073d8bbe2252293
SHA1 c29abd733630e23ce8b2aaefa9a8f2a1f39a58cb
SHA256 a00a2242fb84bd7b3f7aa1ba0a1e06c142dd03815730ebbcba70a04fa799b686
SHA512 c84633f2f7d2c20bbf66b501b75877605da7e47eca3e8fb917644893dbeede60b8f8ebf48cfaa5856a6c6a49abb99bb21c279834946799c8add9656270b062bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 808cdd2f2e7ff22ef1a4915575026adf
SHA1 48ab11ad0f3af5cc92459569165ab8e2a3b88e73
SHA256 7e0f45c5c3565252c67cad726f2e7b343657ba814f85dc2ecf1f966074b12f02
SHA512 ff5bd2bd306b95421d648833af8acdd59d07ef94bd298532127c826a1625f3d85deb091d4d12d40b248bc9537dce5a16015eea46ae06fd37b3c4432b12d16895

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ecc83b34b7bbb9fb05a0a260af67cd07
SHA1 b33a00cbe26c04a482b7c7dd01f512a9d051e8c0
SHA256 22862abff7f2d1dedbd0e814d5459b791899942b6521e0727c59c7bdf7a2da76
SHA512 94fdd7c8ac317750de9c95fcf7401919a2f927f588f8e8f031d28c6fda1672e90aabf939e59dee6fa0da28035eacfa5d2b29b64859b1084d70f2f4f7976f7847

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f049a23c8e4582e08af2d3071f2577a7
SHA1 e2b929d7f6d013d1c212fb29d18e8631895d249f
SHA256 bf001d0947e4ef93ae0955ed35efbb778f2f23405be35e470f21ecb674e5a178
SHA512 28c9098d0cf49efd024e9c51ba8ae5fb82918526ac200dd0e39d72c5e39b8c1537b4d84d7cb7fdf33b66daba3a75ff3d0f31783a679b596eac468f032fa4c5a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bb6a71de9769157364a14ad32486708
SHA1 d3b8da024936e1eabd092c97e940ab24204b6c69
SHA256 9347ec49d33aa8464f4fd8201426b4964d9d045c2377da384e723c583af86f5b
SHA512 03b40e92c910c9c5332b1f78693ef309bce12eeaa5d52560ef5416e0060863dedb5faf815673f452e2a9d65b77681c4eff8d623e2ee612452b57cea95cb5307b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b19a08e27063329c4c8b55efa28c2b88
SHA1 c51a3e29dae8e97618142704045e24613817ca0b
SHA256 df8d0cd81d55c8f14e3ea1f4f1c5ba3dbb88cc3b1d007f1476b38633d034869f
SHA512 da042c279c10535b27596f344168df28a34e221a562a4c75839f2024160b9f50caa204d16ed3a10c7422551ca204b62c3ee521d460781af456d63a3fbd0c6d0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24f6159ff2985e94c37a69b985629b74
SHA1 de37f1e47d7d99c0e1cfaf6e819639417e461424
SHA256 4e5510029609d94f6069152f99ab75a2747bdae4bc79a119195a265ef2b24812
SHA512 6c5f0bdb9d80d4ec122fde7024ae11127769c3d6c30d72a07f14f47d9e24b7c5ddff5f22c9945956afb9656fd9dedc0d41d7659df39158457ec0798f08594c74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9e3d93561273103a6d67b84d7ff80a3
SHA1 9adab59ea4d8c32d087d3222136081fc55283fe4
SHA256 8d42172030cc7858bbba8ec009cdacb2bdb00397f75191f8eb85b39835f80ee5
SHA512 dd28ac688ba10ad08269e3bde8c5d4840cbecb2f6880a177f288e92be545356ee2f35bba55c1cce205183f63deef6284aa8c544f96ff89fdda2554024467ac6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac6d98f48d0ac9504a013824ee1bd38f
SHA1 d351d1cc0f7411c6cc169f20cf16a697b0d0f146
SHA256 6565b5346e5550e20518e0ac306cb14cd13aa5465dcdb6c88e70c573473e6e70
SHA512 3758cb2aa9e5d20580c7c716f1ed161e409e70600f14a1f3f87d737816efb696eced56b33d2ac0bfb14b06abd56d3766465eef21259d8562102a84ad6c07307a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9447a501fb012bc9c92bc975c3c5d88e
SHA1 cb29e0bf6a1d37512cbd34a5caaf91bd3e7ee4c7
SHA256 d83f3531a8764fd62728458ccfbaac971bd8825fa9bb29aad80aa49014922881
SHA512 16db025be1f39b34cb2ef1cf3158853d5904e9bb5bcb27b50fba7f87bd6a2b1345873a622cd119a3965d3533c4752dbcb4a1c7ea7d4923884df262d0a1c192a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80072375cfefd893b8b01f90403c7a6d
SHA1 d2f64c32d8403940cc4781e773a143ffd0047dc5
SHA256 cc185ae363c61c24404cc109b8c43d9f9a980ad215ff1450aa46c695b6126d5e
SHA512 711602df29fccf81a2a909e3aa7878752caff03c7eba7b7eaf90d650835e009d29c647e00e1e3803d583b3404d59e551986e7f680cf5d15bf7fbf8c4b34c93f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af5ea82bbdf66bb608f9e6ec16ee7a4c
SHA1 e9212db3f1d49893d50e3ec26a6ac581a8c66f87
SHA256 3e68c1bfd92e72d6fb788cde75e6fe93806290cb052cc807b9ec7661e28a657f
SHA512 faf8221470930dc83df3a1251b9cccfa6ae7521824bd2b4c0a23fe22f59567adc35b5b08170b4fb55c26c4588a6c8a4948a3b70f963608d4745ce973a76cd6bc

Analysis: behavioral12

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win7-20231023-en

Max time kernel

134s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\app_get_version.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008d5ea254cbc3cc499365b391a5fd669200000000020000000000106600000001000020000000bc524bad629b484628af107f15f71de67e111c4dc51998b423164e24edcf0169000000000e80000000020000200000002127225573d9825a75f4bb4f4d0dc21093fae071acbae04c738600cdd497fa0290000000716302657c489635071236e992988c97ed8d35288bf64d809ed7d3a236b18486ba57653f0165f1fba4ab28f9819b7305d28f3a063135ec0d5befc9657d90316eb22110519e0d16a2681ea6c70bd7878e5a9fa8c46979aebf80f1443896c97138d8cb3b078fe1abac04773de35f926145a17be7fab013aa348f4c6362ac78c304b635bb34c3206c6d56a76c4fa6245bd240000000e8f1975bfc75e2d4659c41bd6fda041c4eb137f0c2d7c0c0934a40fc5d74db9e7d1b9ca940300ad033fe6fd267f354a007bd95fc09dfc0bfa938163dcb7c1d1f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406074686" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70470fde7c16da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008d5ea254cbc3cc499365b391a5fd66920000000002000000000010660000000100002000000075faffe849f4a4ef274fb0e6c4ece9c000fb142a22c8f4e5b13f6667e786c320000000000e80000000020000200000006614802c322c92fb87069b7bca3b9196267da7d296b176e82852c39381ba842b200000006d64afdc914dcf78405e9ce3d3e6406e307bd4cb06540c2e64e86559407b7dd64000000043fdd4ef5c99d9b93e38da0bda9045a68fee292bb698de398076c3534df40e1ad8d0e7b5fc0c5f8af2e9d74cb6a8996b9ebd0eb0f1d5caa02d5dc226b4288c63 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{08731D71-8270-11EE-A512-C6A71AF0F40E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\app_get_version.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2760 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab625E.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar62EE.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 058e6e827eb12bce1d2059f1e67150c4
SHA1 4706348b1b81465b6f43a649ae784c2459007124
SHA256 77abb9ea4e4cee2b4dcc06ca9f9d3857fdb1b34e8e298df29d26662ce7a68803
SHA512 1e41a36716c41d6c2f7b50de6dd1e3323dc1f4fd327ef66f218df40e44c49c7e805e77952307c3e07742d18f8a017b1976af0f423d7d5450a2ee7156a1806d1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7675906d10fcc83aebf3c6387af32a89
SHA1 fb17a633b78367066da2ac1ee726b587c9f11a2b
SHA256 6923965e2ff3c88235bdb98fec22688d97a2940888d3319ba22928a08b1c1132
SHA512 e484f9d8e30bf66f1aa6c9c5651dedefa92fb5e71efd2f9ef8551da5a6331cabc741ef33cf112013be31c264bf8fd1d1e5f3e1538ba942406b15f6463dbb60e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1aa92fec2ffbfaa04e18b55c4cdc8b8c
SHA1 3f4b3c4f46f7a208d6c003a6697674b8568d43d6
SHA256 426f916f523ec4e9602f80f4faaec4ce4dc33b51a7646dc7a90f06e6a6320a3f
SHA512 c7411e13108618402a1497404d7014c6bc0830c7f5040ba4cf0182fedc3fb41be182046c995609e1f8e51d62144c74afdda4e32f6fa9517929aedc6014265375

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fba03350bdb07f1e6f0c913c3e393fbf
SHA1 252c2dac22fd35c432412aa645e2cb3a59f0f713
SHA256 53311c8b526cb50e0ecc20b2d65b92a427d49d2b696b0b196c587623f084deba
SHA512 a43c69636139ae7bc480c71fdf227a8e38b23c1a2d5cfe4724b4786190e760bb264044dd5dc4d777ca249a33f3954b78994bfd74ab5f83ee2ce1a34b5d11a90e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a1a523b58066dd52712428776f14029
SHA1 bf00a1ce1cb5cbaf203ae8aedf373aeda9467562
SHA256 19241c9c3e6ab238becc8c2c00f16a25277284c620f342bfcdea0c36ee76dc62
SHA512 9cae4ea40921d48162febd7b73a0378b253c9db50fd84b0a110a5e47358ec3de5fb0dc741d8a69bfc23b076fe7e296759e9122237a9a183b293e257b0e497a0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc11d640696805ff7f6fd448ae5d55af
SHA1 cbce3d6431b3873c1ffd66bf315a2afe3ec77b25
SHA256 79c492eb66fef4fde23001c2e41cecb577b57a17db073a7ab5c0305abf3c52e6
SHA512 ede868ef2285b71fec89e891e4cd9b28ed62ed407df91696895d49a16eff738e277e606d94f463f816aeea1c571862f32a92dde7d7f15bd682237d08364535d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 202d35e3960daaa21813888004654d9a
SHA1 2c0a3a866cf6c322b081a83079a98220feef851f
SHA256 e475cc6b48f5ae593fb0e69530168db5fdd11184e29eebabcbeab8f69f0b85d6
SHA512 db1b28eec063a12f620efc3f73b0d2eb9d47b20c8bb94b8260f6d77caa9401783578c82b12d96c725d04cb2c8a9484b5bbc08626524ec0d98ba2e9bf54fc59a8

Analysis: behavioral21

Detonation Overview

Submitted

2023-11-13 22:00

Reported

2023-11-13 22:02

Platform

win10v2004-20231020-en

Max time kernel

144s

Max time network

150s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\error.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\error.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 254.109.26.67.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 218.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 209.80.50.20.in-addr.arpa udp

Files

N/A