Malware Analysis Report

2024-12-08 00:20

Sample ID 231221-13c5raebc2
Target 0ea9f28d1a3f76017937650b1bcd48ad
SHA256 8f27069efd7b7761cae010dd847259e497e4e4295421f8a30e462ff50eb51dfc
Tags
paypal phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

8f27069efd7b7761cae010dd847259e497e4e4295421f8a30e462ff50eb51dfc

Threat Level: Likely benign

The file 0ea9f28d1a3f76017937650b1bcd48ad was found to be: Likely benign.

Malicious Activity Summary

paypal phishing

Detected potential entity reuse from brand paypal.

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-21 22:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-21 22:10

Reported

2023-12-22 00:42

Platform

win7-20231129-en

Max time kernel

143s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0ea9f28d1a3f76017937650b1bcd48ad.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.recaptcha.net C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f12000000000020000000000106600000001000020000000aedfeb4041afbab0eca8e74715506a75d9d71ba2de286597c1013809be63ce71000000000e800000000200002000000033472a7f37bf0d515eb2b02528da1a89a6a9e2318d8ac84929b6eb4e4b9d3400900000007f02070a9dd35bfd62cf71f1030839e60e88bfac97a988659d2e94d3e3d9fc79aaf0cd86f825b3167cce495df4d0404c0f27dfddb3320739e77cf99e8a31231177761a579fff6a49c043dfd2e813f3343b73992e30611c4cd1fe5d428c1ee6cec0db71e190cc275319063c12307188c4a33942bf115a367f5f6865f6eecfb3d665360cf6d8686aeaeabf0d098538ccbe4000000006a362c18143803dcdec4de5077718d8e4bfe88c684dbb46d39e8f19b809a6eaf026515c6da93811578931a6362ccf3aa854c5f7cfeb6b75bad8618693088591 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.recaptcha.net\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f12000000000020000000000106600000001000020000000c0448f722eb1c7846c0e268a01b13060b73c5a082b1274afd2c2d35d4a09fed4000000000e800000000200002000000073988783da1053166b734f85fc56e930109e69917610336abc18a0ae1124965020000000d1d2eb0c70fb292eb410586788c42b5b956a76f6e0865d0b753629976a1be54040000000ab356c90a39eae0689336e30c4af702433661fbf31336f7a6115cce950ff2069042a9608d99b7b32ad0566cbccfd1435b63a73f8df6b4d2c71bf742cef555f95 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\recaptcha.net\Total = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\paypal.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.paypal.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A81AB5D1-A062-11EE-B309-FE29290FA5F9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "16" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\paypal.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.paypal.com\ = "16" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "41" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\recaptcha.net\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\paypal.com\Total = "16" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\recaptcha.net C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409367475" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50068c706f34da01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0ea9f28d1a3f76017937650b1bcd48ad.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1720 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:80 www.paypal.com tcp
US 151.101.1.21:80 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 92.123.128.181:80 www.bing.com tcp
US 92.123.128.181:80 www.bing.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
GB 172.217.16.227:443 www.recaptcha.net tcp
GB 172.217.16.227:443 www.recaptcha.net tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com udp
US 104.17.208.240:443 zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab6A5.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar8BD.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 4ad0179ab4f90763b43a23e3647af6d0
SHA1 6176934f9b454e9585cc03cc4f4d96c881eeda7e
SHA256 ac2ee018f701ab9033aef42b6ef904c7706680f60dc57fbb899f1372da85be5c
SHA512 425b7b0e36ce833a988c1494c1eb603c2f49b34ba3a329d986462a75ed919ed6e14a2654eda4db09d1e1ef49327c4721baafc26ba03fe6f56750167740e77b8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fefdca1b483773f475542569683a3a85
SHA1 e5ae3b6188937cf351e44030d7e404617e0751aa
SHA256 0778a0c410ba1f2d48e1c3692566f27be4dc66da18039580e13b8949d3a13f51
SHA512 45c6c080d2b553fb3e22e5aa7c5ce235337154aaf56a8ba7d55298f06ac4c5be0b0b34d0dce76162d2ed03d3088bed0146b57cbf200f5734e4d05b45466349d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61f0c2e7d325d214cf6ba0df7c7ae1f3
SHA1 63ef80ede380d05430b1f1f7195aa4f764359cd1
SHA256 3e37d1533221ee3b70048d6eedff807254410bacf3d36a111cf458e217b3766e
SHA512 20e8cd9c79ecb62a316a37c3ad17f7b6f88146f8a0cc40dadd602e0cfdc5b7c4c867a65a6fb5ee3f0f3adda35eec0a9a8545f2a91f828ee3712d481182d34d6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acdf1922a9ced391eed3e7843282f455
SHA1 150988825e1a383912edbe9d87f20ffe307c1a13
SHA256 f5583e981010891a0e0a3371fb745f75d75902cdc42515ad0b108d07e6891c2b
SHA512 d88c993a18d403b78f94246d2930c0ff1100842792ecf8b6205c5a860e4e76e69da16e4f8afc050d49f75259bd6836f09f30eb7c1fc2272a189d92aeb144d61e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e031d5d2675a0b2da88adf6e6087b72b
SHA1 ec8e20ce1a2057bd76a5d76b12e7cb3d820e76f5
SHA256 fbb51ff195100cf574cfec125754e6c056eda8a21daa5a078f7dcdff682e6147
SHA512 5b891861f121076ef4d1ad9a4c782949a56113a77a4543f8233b22c205de1fb044e942b9d683d391608ce7cac0a034ca6fb6e716f8507b0cb0767dcc74cd7246

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4aef51fcfdaafd74b2e0ce16a1424e33
SHA1 4f1e462392a2a113c19a560edd11065dc1e165c7
SHA256 35e927f688d422eccb1447a9b4871427bc8e429d6e533ad6ef138278f8f19529
SHA512 c597ad242e035f2c1dca79983df151a9c8265379a00b5eeb388fdcbfb9304b920781107833de4c0099a7f56132c3ea908aebe0526dca01a2d4b35e9017edf56f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 07fb3e1c0940ec577de027ed4361646e
SHA1 166de959dd705bae745177d0e1445658f01fe93d
SHA256 f6671d8790179ebfc3e82fe5b5a734c8d10984a9a003de97166eb8f87ca3d69d
SHA512 247fa52b26fb5b6eaa2808dc85516849d0fe55c169f6c27b0ac50b93a7e4cefcac09620da974f07beaad8e1d823a37689ab75e9e5773b59ab429b600afaf34d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18c0906ed56c02b2f4d30ea8ade89199
SHA1 d1b5a74155078e99e32707bb0d174b1def341599
SHA256 d1cc57c65311ff7803643a429a0a5894387d3f5fe27e395e28230bc01e5020fd
SHA512 2687b5c40735e521d950258891eb91d20b3e111915eeb2bbc4c6a8ccb328901b1790288e003d4bf3da45a01e50a4d408247a1e3c129171405ad138f0d9514de1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 981ec770c662c3f25ee7735124691250
SHA1 849d7aa7544fb4ce4a19ea469ed534c13c3e5f03
SHA256 61db3a114d2de911889866756191f415216dc9f1cb636dd77cd6ea5b9ec75f75
SHA512 b4f58e93b27a87cf26c010efd31320c027c538427ed6bf82717111e58ff0c4edd90d29018d7c7c7f912c0b16e4a3664a83d91d4656cfce4369ca79ad439f983f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36f5e73e35dabc8319a0f29d4a95f5d5
SHA1 f5d4311c6e9dbc8c5cdbea513b7be349377615b2
SHA256 5d4e5ba6c3e356774d374583457992edb987d5e386cecdb568ca3b8ff768f5f9
SHA512 7bf89c8b05258b83043f7ec3f1084940f06093f4026865f98b82cbbf3d5ae7251f14812e48a9622454035d85019c27f011255d15e4dfaacebdb3e43ab07f3d5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bae01e519c1da83c3839f4ba1f3a9046
SHA1 9c45229111860a7e28b0f445be2d23f60e32ac23
SHA256 0bc2ab0d41c86357ee54904bac218589f576310874d993a85bdc5ddd5fed9361
SHA512 c3516c4db118f685b8661ad648bdd5545f1bbb7509fa22d822b9d7040a2932fb13b1666c5931769bea57559a23008ab605dd5e9206aecf8b77903ac9edbbb241

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89e210dd69b0059ab94bd304d748a391
SHA1 f305296751ba1dbe6cecabc73ec34dceb4aca9b0
SHA256 3f8252c088d380f7b563426c3f08113fafa29465811d834506de16e553a07e2e
SHA512 4f5bbc833a09c551a10a01c411f9473544996947f8d3a6600f13dca155a905b4b6cab5339254562a651e40dcc9b793c1caacde53e86f323ee3389091452819e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e07403eda6da811b316a5a3a3ca17eeb
SHA1 69b1a0f5f844d8775616916d995478454a5c4bb6
SHA256 a64b299a365e444e2d3a91df15157f5350972b393238929d59d18a9282b91cde
SHA512 a9cbb05ffd35e0475fee3b32357fbf91c670fdb1577901b9166914c34fa80293b645970203687d9a97075806e929306c65857ed4fcae74fa5ddea413e9df64ce

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8482655b40bfbd867a18f61eb57b3305
SHA1 da01d87b8871985863a853fdb07d1307b5fbd7d4
SHA256 8e931d1338377a99a3b931121f588b870adace1ed569f5cae70dbfb83ce51ee4
SHA512 b48d3a2af7e4b5d1f5c6fdc48df8d9c9d3b62fb8e32f01f41d594787e5df503c075e48cbd59601caebcbc2bf183ac0dd78a0932f5158c2f18af71a7aa135b3ea

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1X6E6NBZ\pp_favicon_x[1].ico

MD5 e1528b5176081f0ed963ec8397bc8fd3
SHA1 ff60afd001e924511e9b6f12c57b6bf26821fc1e
SHA256 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
SHA512 acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

MD5 9335de9aea6180d2c8d7bb69090abae3
SHA1 45ae93a3c4f6bce87524d7705e2c53168aa529da
SHA256 7c96da83acfb780a10a112a6484676ae5e9a84f191c7293c77b2f84ec262c9b8
SHA512 e3a4ff71e252219c4133b25a459d1ef445b4ff099b1cbb48fc403e869b6255764eb2dadefe0073a9249ef6c33ffe7c8dd2023c194ffd6a9220f219169690519d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HR2PY8RJ\recaptcha__en[1].js

MD5 37c6af40dd48a63fcc1be84eaaf44f05
SHA1 1d708ace806d9e78a21f2a5f89424372e249f718
SHA256 daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24
SHA512 a159bf35fc7f6efdbe911b2f24019dca5907db8cf9ba516bf18e3a228009055bcd9b26a3486823d56eacc391a3e0cc4ae917607bd95a3ad2f02676430de03e07

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OF5WTE5V\www.recaptcha[1].xml

MD5 216ece21c8c25e7234fa3ba3bcd56c9e
SHA1 2e3ad6fe6eb17c485b476de0fab587ebb3b98e49
SHA256 feb856982beccc2cb84e5be4ba48158161cd113797b59a8b218c2ac99a0aa608
SHA512 56a942ea67342ae2dc51e66ffa0a16ebcbd97466773dd1551e28055719e8d7b929f55d825a4e583e15c4119531d5959b1fd56aa9d3a57ffeb72154d426794587

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAEMEB0N\styles__ltr[1].css

MD5 eb4bc511f79f7a1573b45f5775b3a99b
SHA1 d910fb51ad7316aa54f055079374574698e74b35
SHA256 7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
SHA512 ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 065d0e15f2bacbd7715c99a3fcb1abc0
SHA1 614d0386a1eac1fb647f75769a367060afd5113b
SHA256 233556339fbc6f3aa615fa7290df8a73ec03cc150bf3093f9962d34441218f7b
SHA512 121e604d831b0c94458e90abdc788ab8d7851d384f561d94395579fadc6b7d5c07f5f5361a5b6b49469a3cbcf283ae5d5b44227d17a1913a337f4757f6082f41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d3941be8845cc43a9a05cb15f4314e9
SHA1 9cf3ab51dd94f57a9cc24dde06326d7d125f0ae0
SHA256 e1c3fdb8cdf00ad96eb3ff859acfb390ffc812fc70f60d60aaae45eb21b5b30b
SHA512 01b56adbb1e25894d5494f20a6ac41e206c9b9bee5c11d53b18fb4c4e185f9a40544d6afc1f74689acc1935d1db3ce001469483d49db463a0357f349c87c636b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 adb7e35fdb6d90625abbfda2c0fe208a
SHA1 4d377cd564cd10f7f7f9323c78c5a938da49be1e
SHA256 25a6b623c9ef3e0d1289eb9de04581760016ad0c8a96a793620b844502fbaa16
SHA512 bdfe297191a89c618812c0332d02b175ac360cd3fbc23712df7e03f99cf01b662b1b8361f4f7c9c61361053bd206b926cdc01807fd67ac0647f661a399f01e67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ecd94a2f09d96575483dd62302fea702
SHA1 4b00ba68a91845be56b7d3536b3f7edcbd4405d0
SHA256 f4c0a9c035c8c6ac242a171dbf4e23df34411e704bf3adc921433026456c1da4
SHA512 20428e2bc360f45fbeba4f3a5591c722c2fe8083798ea4d296d55baef4e20ee469267928d7da6d89346a8dc2ba1261af97f0e6eeabdc31d70627bd64e60dfd12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bcf944450ba9d8f43a1b01226d8eda7a
SHA1 f71187fe252c9a35e38d0dfc6e06dfcadbdf5cce
SHA256 f4bc52942af32daa778353c3a13d15a7358b53fff6fa2169081d8f942d61fa93
SHA512 37d28f794c3f62fd1d35f972dcc8ce3b7f36cd034b70dcd935cfda22d19abb06d89253dfa4eddd4ab95afa42b00b1f4aa3d53e7e43d32b3d6a5892b9add7bfd5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b52a12208bf8f2b1e1f9c550babad4a
SHA1 36b7fb291a08b679269b21eb3f60ca5f79d122f6
SHA256 db86c0ad0ce40ebe51d0dad88797471af5b7aca347c36faa87cba372f43b8bb9
SHA512 e5d4e2d4a69ff1b75f36d47201df94ecbcd20e724ce9508781a252ecdc7ad6bc3d2f67b09167b848678bf221fe85c61bded473431541f9c5054890e5838e4f66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef3f33c856f293ca85c7facdec5a40ae
SHA1 c5ad383de8fb7bfa0a0545cd7ed03a5a9239e579
SHA256 0274bc1d36195e5e0da44a34e7e933b4625257c9f5f6498897436887fb938d50
SHA512 bdee03465fe287387d9aaf5163b0392846c7579536bb5b86d619087887e7a609e5f8610255b0e35cc985d52efbb7893cda918b202ba8d189197ecedcfd5f9fda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12abecf4a4d57418b9f79390400f62b8
SHA1 f830dc8892d564126bdc2aa2034f8a11374355e2
SHA256 d590a765f47a8230436b8ff230aa38a65bbca692c85a36e6e588af76b723e1ba
SHA512 fc96b8b45801f47e5145b633b9a7388fee972d19136f0f2ea47242eda8924fee0b6ca0a76c6b293ccae43d6994c3ff482f1ed497cb60f0c639c8bc37f0a65510

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 550f7a0b697d3ebe96d82fa63da3309f
SHA1 197c197b945a4ec382c56fac0ed8cfc08589a83c
SHA256 545e6b1e6aa7275c3ac2ceb84bb26586abdff5c2948a7858a6e3c9aecbf1e552
SHA512 8a2c0340a804f7d307a49b6587ff0799cc7cdfd2adc92d5afd32e8dd5a145685eec0d7537169a1d95b99ecbb1e8d7da7048b46020fa53a1c12e76257569d3e0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a262d8af0b634b15a4b788812e18dd9
SHA1 2de515c7ccc0a6b305f8eb78d50c1996f6e2ebab
SHA256 e30ceb73726fcc340becedd2208fe3b4b12cf8b83bb1c0bd00bd8d4f36aad589
SHA512 89756aa8430fcbb1b3b136453b4a54f176482d43e6a5315dd7c5ec8ca832c02bfceaff8edd5c38abe653d156fcd0390936b2788f24a3eb43d6538c9f7a21d2fa

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-21 22:10

Reported

2023-12-22 00:42

Platform

win10v2004-20231215-en

Max time kernel

92s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0ea9f28d1a3f76017937650b1bcd48ad.html

Signatures

Detected potential entity reuse from brand paypal.

phishing paypal

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2028451551" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31077487" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31077487" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{A48C887C-A062-11EE-8184-52EF8B93895E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2032983076" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409970577" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d05a5489e56c74eaa6b39ab0831a11f0000000002000000000010660000000100002000000027ba6ef9b02d7e05e23c3c41a81a5f8f7e9d98f6f6f93a8bb2b5a3f0fecea9d8000000000e80000000020000200000000f1dbcb0a19379713618e93d9b2203e20305d471151a7eda8067ed86a88c2f54200000008697197f715df54eb753d96eddb48773012d3f03e9ce002bad42384dafe7c17b40000000ad88292cc749e50f553fc84901c8a3ab3c87f38a8451c63b1c0f09ec46c20b6dae75aa7c19f1a116a847bb04d352b687a16e17dc50a7f9aa37e0cc42084b0223 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31077487" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2028451551" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90a8a36c6f34da01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0ea9f28d1a3f76017937650b1bcd48ad.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1980 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 167.109.18.2.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PZ64U2GI\pp_favicon_x[1].ico

MD5 e1528b5176081f0ed963ec8397bc8fd3
SHA1 ff60afd001e924511e9b6f12c57b6bf26821fc1e
SHA256 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
SHA512 acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\25xleom\imagestore.dat

MD5 07930a6f671c50a3c7fe8a15c0a69b4c
SHA1 28da5e2d63224c386319c2e77337ad76e09934c8
SHA256 e93c902e3f08b2dacbdcf340bff41fb07a9e148943d12a3b1ea3ced8d041cba6
SHA512 dabcbd18467d412a878bd3f92f8537fcef9a7e40844d388f929517143c093bf54f77b54a6137e2610f6cd9f2b19cd2f1ffea2a75019c37de5e0ffc92dd0179cb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7C34XGPV\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee