Analysis Overview
SHA256
8f27069efd7b7761cae010dd847259e497e4e4295421f8a30e462ff50eb51dfc
Threat Level: Likely benign
The file 0ea9f28d1a3f76017937650b1bcd48ad was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand paypal.
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-21 22:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-21 22:10
Reported
2023-12-22 00:42
Platform
win7-20231129-en
Max time kernel
143s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.recaptcha.net | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f12000000000020000000000106600000001000020000000aedfeb4041afbab0eca8e74715506a75d9d71ba2de286597c1013809be63ce71000000000e800000000200002000000033472a7f37bf0d515eb2b02528da1a89a6a9e2318d8ac84929b6eb4e4b9d3400900000007f02070a9dd35bfd62cf71f1030839e60e88bfac97a988659d2e94d3e3d9fc79aaf0cd86f825b3167cce495df4d0404c0f27dfddb3320739e77cf99e8a31231177761a579fff6a49c043dfd2e813f3343b73992e30611c4cd1fe5d428c1ee6cec0db71e190cc275319063c12307188c4a33942bf115a367f5f6865f6eecfb3d665360cf6d8686aeaeabf0d098538ccbe4000000006a362c18143803dcdec4de5077718d8e4bfe88c684dbb46d39e8f19b809a6eaf026515c6da93811578931a6362ccf3aa854c5f7cfeb6b75bad8618693088591 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.recaptcha.net\ = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f12000000000020000000000106600000001000020000000c0448f722eb1c7846c0e268a01b13060b73c5a082b1274afd2c2d35d4a09fed4000000000e800000000200002000000073988783da1053166b734f85fc56e930109e69917610336abc18a0ae1124965020000000d1d2eb0c70fb292eb410586788c42b5b956a76f6e0865d0b753629976a1be54040000000ab356c90a39eae0689336e30c4af702433661fbf31336f7a6115cce950ff2069042a9608d99b7b32ad0566cbccfd1435b63a73f8df6b4d2c71bf742cef555f95 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\recaptcha.net\Total = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\paypal.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.paypal.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A81AB5D1-A062-11EE-B309-FE29290FA5F9} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "16" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\paypal.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.paypal.com\ = "16" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "41" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\recaptcha.net\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\paypal.com\Total = "16" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\recaptcha.net | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409367475" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50068c706f34da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1720 wrote to memory of 2620 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1720 wrote to memory of 2620 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1720 wrote to memory of 2620 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1720 wrote to memory of 2620 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0ea9f28d1a3f76017937650b1bcd48ad.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1720 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:80 | www.paypal.com | tcp |
| US | 151.101.1.21:80 | www.paypal.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 92.123.128.181:80 | www.bing.com | tcp |
| US | 92.123.128.181:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 172.217.16.227:443 | www.recaptcha.net | tcp |
| GB | 172.217.16.227:443 | www.recaptcha.net | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com | udp |
| US | 104.17.208.240:443 | zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab6A5.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar8BD.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 4ad0179ab4f90763b43a23e3647af6d0 |
| SHA1 | 6176934f9b454e9585cc03cc4f4d96c881eeda7e |
| SHA256 | ac2ee018f701ab9033aef42b6ef904c7706680f60dc57fbb899f1372da85be5c |
| SHA512 | 425b7b0e36ce833a988c1494c1eb603c2f49b34ba3a329d986462a75ed919ed6e14a2654eda4db09d1e1ef49327c4721baafc26ba03fe6f56750167740e77b8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fefdca1b483773f475542569683a3a85 |
| SHA1 | e5ae3b6188937cf351e44030d7e404617e0751aa |
| SHA256 | 0778a0c410ba1f2d48e1c3692566f27be4dc66da18039580e13b8949d3a13f51 |
| SHA512 | 45c6c080d2b553fb3e22e5aa7c5ce235337154aaf56a8ba7d55298f06ac4c5be0b0b34d0dce76162d2ed03d3088bed0146b57cbf200f5734e4d05b45466349d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61f0c2e7d325d214cf6ba0df7c7ae1f3 |
| SHA1 | 63ef80ede380d05430b1f1f7195aa4f764359cd1 |
| SHA256 | 3e37d1533221ee3b70048d6eedff807254410bacf3d36a111cf458e217b3766e |
| SHA512 | 20e8cd9c79ecb62a316a37c3ad17f7b6f88146f8a0cc40dadd602e0cfdc5b7c4c867a65a6fb5ee3f0f3adda35eec0a9a8545f2a91f828ee3712d481182d34d6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acdf1922a9ced391eed3e7843282f455 |
| SHA1 | 150988825e1a383912edbe9d87f20ffe307c1a13 |
| SHA256 | f5583e981010891a0e0a3371fb745f75d75902cdc42515ad0b108d07e6891c2b |
| SHA512 | d88c993a18d403b78f94246d2930c0ff1100842792ecf8b6205c5a860e4e76e69da16e4f8afc050d49f75259bd6836f09f30eb7c1fc2272a189d92aeb144d61e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e031d5d2675a0b2da88adf6e6087b72b |
| SHA1 | ec8e20ce1a2057bd76a5d76b12e7cb3d820e76f5 |
| SHA256 | fbb51ff195100cf574cfec125754e6c056eda8a21daa5a078f7dcdff682e6147 |
| SHA512 | 5b891861f121076ef4d1ad9a4c782949a56113a77a4543f8233b22c205de1fb044e942b9d683d391608ce7cac0a034ca6fb6e716f8507b0cb0767dcc74cd7246 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4aef51fcfdaafd74b2e0ce16a1424e33 |
| SHA1 | 4f1e462392a2a113c19a560edd11065dc1e165c7 |
| SHA256 | 35e927f688d422eccb1447a9b4871427bc8e429d6e533ad6ef138278f8f19529 |
| SHA512 | c597ad242e035f2c1dca79983df151a9c8265379a00b5eeb388fdcbfb9304b920781107833de4c0099a7f56132c3ea908aebe0526dca01a2d4b35e9017edf56f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 07fb3e1c0940ec577de027ed4361646e |
| SHA1 | 166de959dd705bae745177d0e1445658f01fe93d |
| SHA256 | f6671d8790179ebfc3e82fe5b5a734c8d10984a9a003de97166eb8f87ca3d69d |
| SHA512 | 247fa52b26fb5b6eaa2808dc85516849d0fe55c169f6c27b0ac50b93a7e4cefcac09620da974f07beaad8e1d823a37689ab75e9e5773b59ab429b600afaf34d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18c0906ed56c02b2f4d30ea8ade89199 |
| SHA1 | d1b5a74155078e99e32707bb0d174b1def341599 |
| SHA256 | d1cc57c65311ff7803643a429a0a5894387d3f5fe27e395e28230bc01e5020fd |
| SHA512 | 2687b5c40735e521d950258891eb91d20b3e111915eeb2bbc4c6a8ccb328901b1790288e003d4bf3da45a01e50a4d408247a1e3c129171405ad138f0d9514de1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 981ec770c662c3f25ee7735124691250 |
| SHA1 | 849d7aa7544fb4ce4a19ea469ed534c13c3e5f03 |
| SHA256 | 61db3a114d2de911889866756191f415216dc9f1cb636dd77cd6ea5b9ec75f75 |
| SHA512 | b4f58e93b27a87cf26c010efd31320c027c538427ed6bf82717111e58ff0c4edd90d29018d7c7c7f912c0b16e4a3664a83d91d4656cfce4369ca79ad439f983f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36f5e73e35dabc8319a0f29d4a95f5d5 |
| SHA1 | f5d4311c6e9dbc8c5cdbea513b7be349377615b2 |
| SHA256 | 5d4e5ba6c3e356774d374583457992edb987d5e386cecdb568ca3b8ff768f5f9 |
| SHA512 | 7bf89c8b05258b83043f7ec3f1084940f06093f4026865f98b82cbbf3d5ae7251f14812e48a9622454035d85019c27f011255d15e4dfaacebdb3e43ab07f3d5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bae01e519c1da83c3839f4ba1f3a9046 |
| SHA1 | 9c45229111860a7e28b0f445be2d23f60e32ac23 |
| SHA256 | 0bc2ab0d41c86357ee54904bac218589f576310874d993a85bdc5ddd5fed9361 |
| SHA512 | c3516c4db118f685b8661ad648bdd5545f1bbb7509fa22d822b9d7040a2932fb13b1666c5931769bea57559a23008ab605dd5e9206aecf8b77903ac9edbbb241 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89e210dd69b0059ab94bd304d748a391 |
| SHA1 | f305296751ba1dbe6cecabc73ec34dceb4aca9b0 |
| SHA256 | 3f8252c088d380f7b563426c3f08113fafa29465811d834506de16e553a07e2e |
| SHA512 | 4f5bbc833a09c551a10a01c411f9473544996947f8d3a6600f13dca155a905b4b6cab5339254562a651e40dcc9b793c1caacde53e86f323ee3389091452819e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e07403eda6da811b316a5a3a3ca17eeb |
| SHA1 | 69b1a0f5f844d8775616916d995478454a5c4bb6 |
| SHA256 | a64b299a365e444e2d3a91df15157f5350972b393238929d59d18a9282b91cde |
| SHA512 | a9cbb05ffd35e0475fee3b32357fbf91c670fdb1577901b9166914c34fa80293b645970203687d9a97075806e929306c65857ed4fcae74fa5ddea413e9df64ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8482655b40bfbd867a18f61eb57b3305 |
| SHA1 | da01d87b8871985863a853fdb07d1307b5fbd7d4 |
| SHA256 | 8e931d1338377a99a3b931121f588b870adace1ed569f5cae70dbfb83ce51ee4 |
| SHA512 | b48d3a2af7e4b5d1f5c6fdc48df8d9c9d3b62fb8e32f01f41d594787e5df503c075e48cbd59601caebcbc2bf183ac0dd78a0932f5158c2f18af71a7aa135b3ea |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1X6E6NBZ\pp_favicon_x[1].ico
| MD5 | e1528b5176081f0ed963ec8397bc8fd3 |
| SHA1 | ff60afd001e924511e9b6f12c57b6bf26821fc1e |
| SHA256 | 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667 |
| SHA512 | acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat
| MD5 | 9335de9aea6180d2c8d7bb69090abae3 |
| SHA1 | 45ae93a3c4f6bce87524d7705e2c53168aa529da |
| SHA256 | 7c96da83acfb780a10a112a6484676ae5e9a84f191c7293c77b2f84ec262c9b8 |
| SHA512 | e3a4ff71e252219c4133b25a459d1ef445b4ff099b1cbb48fc403e869b6255764eb2dadefe0073a9249ef6c33ffe7c8dd2023c194ffd6a9220f219169690519d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HR2PY8RJ\recaptcha__en[1].js
| MD5 | 37c6af40dd48a63fcc1be84eaaf44f05 |
| SHA1 | 1d708ace806d9e78a21f2a5f89424372e249f718 |
| SHA256 | daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24 |
| SHA512 | a159bf35fc7f6efdbe911b2f24019dca5907db8cf9ba516bf18e3a228009055bcd9b26a3486823d56eacc391a3e0cc4ae917607bd95a3ad2f02676430de03e07 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OF5WTE5V\www.recaptcha[1].xml
| MD5 | 216ece21c8c25e7234fa3ba3bcd56c9e |
| SHA1 | 2e3ad6fe6eb17c485b476de0fab587ebb3b98e49 |
| SHA256 | feb856982beccc2cb84e5be4ba48158161cd113797b59a8b218c2ac99a0aa608 |
| SHA512 | 56a942ea67342ae2dc51e66ffa0a16ebcbd97466773dd1551e28055719e8d7b929f55d825a4e583e15c4119531d5959b1fd56aa9d3a57ffeb72154d426794587 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAEMEB0N\styles__ltr[1].css
| MD5 | eb4bc511f79f7a1573b45f5775b3a99b |
| SHA1 | d910fb51ad7316aa54f055079374574698e74b35 |
| SHA256 | 7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050 |
| SHA512 | ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 065d0e15f2bacbd7715c99a3fcb1abc0 |
| SHA1 | 614d0386a1eac1fb647f75769a367060afd5113b |
| SHA256 | 233556339fbc6f3aa615fa7290df8a73ec03cc150bf3093f9962d34441218f7b |
| SHA512 | 121e604d831b0c94458e90abdc788ab8d7851d384f561d94395579fadc6b7d5c07f5f5361a5b6b49469a3cbcf283ae5d5b44227d17a1913a337f4757f6082f41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d3941be8845cc43a9a05cb15f4314e9 |
| SHA1 | 9cf3ab51dd94f57a9cc24dde06326d7d125f0ae0 |
| SHA256 | e1c3fdb8cdf00ad96eb3ff859acfb390ffc812fc70f60d60aaae45eb21b5b30b |
| SHA512 | 01b56adbb1e25894d5494f20a6ac41e206c9b9bee5c11d53b18fb4c4e185f9a40544d6afc1f74689acc1935d1db3ce001469483d49db463a0357f349c87c636b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adb7e35fdb6d90625abbfda2c0fe208a |
| SHA1 | 4d377cd564cd10f7f7f9323c78c5a938da49be1e |
| SHA256 | 25a6b623c9ef3e0d1289eb9de04581760016ad0c8a96a793620b844502fbaa16 |
| SHA512 | bdfe297191a89c618812c0332d02b175ac360cd3fbc23712df7e03f99cf01b662b1b8361f4f7c9c61361053bd206b926cdc01807fd67ac0647f661a399f01e67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecd94a2f09d96575483dd62302fea702 |
| SHA1 | 4b00ba68a91845be56b7d3536b3f7edcbd4405d0 |
| SHA256 | f4c0a9c035c8c6ac242a171dbf4e23df34411e704bf3adc921433026456c1da4 |
| SHA512 | 20428e2bc360f45fbeba4f3a5591c722c2fe8083798ea4d296d55baef4e20ee469267928d7da6d89346a8dc2ba1261af97f0e6eeabdc31d70627bd64e60dfd12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bcf944450ba9d8f43a1b01226d8eda7a |
| SHA1 | f71187fe252c9a35e38d0dfc6e06dfcadbdf5cce |
| SHA256 | f4bc52942af32daa778353c3a13d15a7358b53fff6fa2169081d8f942d61fa93 |
| SHA512 | 37d28f794c3f62fd1d35f972dcc8ce3b7f36cd034b70dcd935cfda22d19abb06d89253dfa4eddd4ab95afa42b00b1f4aa3d53e7e43d32b3d6a5892b9add7bfd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b52a12208bf8f2b1e1f9c550babad4a |
| SHA1 | 36b7fb291a08b679269b21eb3f60ca5f79d122f6 |
| SHA256 | db86c0ad0ce40ebe51d0dad88797471af5b7aca347c36faa87cba372f43b8bb9 |
| SHA512 | e5d4e2d4a69ff1b75f36d47201df94ecbcd20e724ce9508781a252ecdc7ad6bc3d2f67b09167b848678bf221fe85c61bded473431541f9c5054890e5838e4f66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef3f33c856f293ca85c7facdec5a40ae |
| SHA1 | c5ad383de8fb7bfa0a0545cd7ed03a5a9239e579 |
| SHA256 | 0274bc1d36195e5e0da44a34e7e933b4625257c9f5f6498897436887fb938d50 |
| SHA512 | bdee03465fe287387d9aaf5163b0392846c7579536bb5b86d619087887e7a609e5f8610255b0e35cc985d52efbb7893cda918b202ba8d189197ecedcfd5f9fda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12abecf4a4d57418b9f79390400f62b8 |
| SHA1 | f830dc8892d564126bdc2aa2034f8a11374355e2 |
| SHA256 | d590a765f47a8230436b8ff230aa38a65bbca692c85a36e6e588af76b723e1ba |
| SHA512 | fc96b8b45801f47e5145b633b9a7388fee972d19136f0f2ea47242eda8924fee0b6ca0a76c6b293ccae43d6994c3ff482f1ed497cb60f0c639c8bc37f0a65510 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 550f7a0b697d3ebe96d82fa63da3309f |
| SHA1 | 197c197b945a4ec382c56fac0ed8cfc08589a83c |
| SHA256 | 545e6b1e6aa7275c3ac2ceb84bb26586abdff5c2948a7858a6e3c9aecbf1e552 |
| SHA512 | 8a2c0340a804f7d307a49b6587ff0799cc7cdfd2adc92d5afd32e8dd5a145685eec0d7537169a1d95b99ecbb1e8d7da7048b46020fa53a1c12e76257569d3e0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a262d8af0b634b15a4b788812e18dd9 |
| SHA1 | 2de515c7ccc0a6b305f8eb78d50c1996f6e2ebab |
| SHA256 | e30ceb73726fcc340becedd2208fe3b4b12cf8b83bb1c0bd00bd8d4f36aad589 |
| SHA512 | 89756aa8430fcbb1b3b136453b4a54f176482d43e6a5315dd7c5ec8ca832c02bfceaff8edd5c38abe653d156fcd0390936b2788f24a3eb43d6538c9f7a21d2fa |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-21 22:10
Reported
2023-12-22 00:42
Platform
win10v2004-20231215-en
Max time kernel
92s
Max time network
149s
Command Line
Signatures
Detected potential entity reuse from brand paypal.
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2028451551" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31077487" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31077487" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{A48C887C-A062-11EE-8184-52EF8B93895E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2032983076" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409970577" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f0000000002000000000010660000000100002000000027ba6ef9b02d7e05e23c3c41a81a5f8f7e9d98f6f6f93a8bb2b5a3f0fecea9d8000000000e80000000020000200000000f1dbcb0a19379713618e93d9b2203e20305d471151a7eda8067ed86a88c2f54200000008697197f715df54eb753d96eddb48773012d3f03e9ce002bad42384dafe7c17b40000000ad88292cc749e50f553fc84901c8a3ab3c87f38a8451c63b1c0f09ec46c20b6dae75aa7c19f1a116a847bb04d352b687a16e17dc50a7f9aa37e0cc42084b0223 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31077487" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2028451551" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90a8a36c6f34da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1980 wrote to memory of 4476 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1980 wrote to memory of 4476 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1980 wrote to memory of 4476 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0ea9f28d1a3f76017937650b1bcd48ad.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1980 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PZ64U2GI\pp_favicon_x[1].ico
| MD5 | e1528b5176081f0ed963ec8397bc8fd3 |
| SHA1 | ff60afd001e924511e9b6f12c57b6bf26821fc1e |
| SHA256 | 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667 |
| SHA512 | acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\25xleom\imagestore.dat
| MD5 | 07930a6f671c50a3c7fe8a15c0a69b4c |
| SHA1 | 28da5e2d63224c386319c2e77337ad76e09934c8 |
| SHA256 | e93c902e3f08b2dacbdcf340bff41fb07a9e148943d12a3b1ea3ced8d041cba6 |
| SHA512 | dabcbd18467d412a878bd3f92f8537fcef9a7e40844d388f929517143c093bf54f77b54a6137e2610f6cd9f2b19cd2f1ffea2a75019c37de5e0ffc92dd0179cb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7C34XGPV\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |