Malware Analysis Report

2024-12-07 22:59

Sample ID 231230-kxbfzadggq
Target 13e954b7a5424f22dea8833910949bee
SHA256 ac28412fa55ffa1b60368c69e7a8f97d93231027e06f49468aee8c9efa1fbe45
Tags
paypal phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

ac28412fa55ffa1b60368c69e7a8f97d93231027e06f49468aee8c9efa1fbe45

Threat Level: Likely benign

The file 13e954b7a5424f22dea8833910949bee was found to be: Likely benign.

Malicious Activity Summary

paypal phishing

Detected potential entity reuse from brand paypal.

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-30 08:58

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-30 08:58

Reported

2023-12-31 09:22

Platform

win7-20231215-en

Max time kernel

0s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\13e954b7a5424f22dea8833910949bee.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C728EE31-A7BD-11EE-BCA6-6A53A263E8F2} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\13e954b7a5424f22dea8833910949bee.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1708 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:80 www.paypal.com tcp
US 151.101.1.21:80 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
GB 172.217.16.227:443 www.recaptcha.net tcp
GB 172.217.16.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com udp
US 104.17.208.240:443 zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3446bc5d560c3342605145dc9e9909b5
SHA1 22a01628f97f806a82a8bc4df9c94ff6d45583bf
SHA256 c83f424a137750cef59f3b651619c7069fd9bd9bf9ffef5f3c5c69031522bd22
SHA512 cadbccfceb13aa0769691579b00578ff0abff7f487bed1782ff7afcac3cef955c084f657a9d6a277adf85dc4e487faf4411956bd8c2e40a94a2c680cf0adb2f3

C:\Users\Admin\AppData\Local\Temp\Cab8F95.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar8F96.tmp

MD5 71e4ce8b3a1b89f335a6936bbdafce4c
SHA1 6e0d450eb5f316a9924b3e58445b26bfb727001e
SHA256 a5edfae1527d0c8d9fe5e7a2c5c21b671e61f9981f3bcf9e8cc9f9bb9f3b44c5
SHA512 b80af88699330e1ff01e409daabdedeef350fe7d192724dfa8622afa71e132076144175f6e097f8136f1bba44c7cb30cfdd0414dbe4e0a4712b3bad7b70aeff7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c18d52c7da439012e28a0f842da83c7
SHA1 e4fb8026c943d0a88b2e3f2e0b1ea88544c2f5b6
SHA256 36220ca978d9e5d6708cd2601fc4f003713d945c5558022562b8730719be2015
SHA512 6e5fb09dca7034181575cfe77d2ba740b8240255e4ee64ecdb2c53913272097585576f2617c591b77137d1cf3e1005ed5cf1ee983bd346ca617734be6962f8d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a03b2476312700377e1f524f284ea4e
SHA1 512ad27ed1461c4cbb08eb61bf9dedc3fe00ab1c
SHA256 2420199ddd5e40c599f010cdb51c1053082d0e1e4f5510651318eb83c4d899a9
SHA512 6d3e39e05fa59c5f97ac911fedae73a33a27d459819aff97d4be7f4bd26bd1da93bb34e245a51f3de7e13fa38c44de5bb8d4be3e60644532445cc872a3ef2f74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0d44661641db61a655cdae62a620828
SHA1 682fda881275f2ebcde3f1d5953586b3bafa573d
SHA256 84a78f0add84bb14e61e6939a4d8e9acc43da4f8805b04571334c3006d328225
SHA512 45c5f321f1a971633042fc563f189838fa816c49695fd943c7977c37b68371ad3e02834668ace9ceeac73f88ac9be7879edc28d340232a15812168043e5dd5f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 596453eab63180969400439c6ad15ef3
SHA1 b02209760f3508205d71d9e9271da37d63a8dfef
SHA256 6f613d8c99f7d567795067d4a5fc97f489d0bcea3d56d245bc9d310d1fbae902
SHA512 048bb40d2fb080f520eb218038fbc8e15e1b1eea5b025a8e77023f67ac1111f902ffd0c548f3b316955b645a004e6ea623a361f18d3297acc04b526b3871d3a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f2c4f6ef9b7092d2725e6817a050620
SHA1 cf2aa1a17ff2517fd30f419460709d674420429b
SHA256 d9439fca00c14e09b7dc9b364028471d5d7a9c2ac1b452989b10e34c9901a052
SHA512 fb50703b53010069537482f0dd469f03732a6ca0cae83a2768f59c6fd8eec3ae9921d6fe763de4671ffee33dd7a5d3f94dcc10ed7f4c01816a92d920bade0080

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acd378e6befd23075f30e0da3a4c2319
SHA1 708e87077386fe1ea2b27499dc70184ac2979831
SHA256 e405be26900e731dabcd56c55554b5ae0c629f1b00e1b6a4bfde02f8b1c91b15
SHA512 d5b46360e464606462a4118ee87ba7574d523111a4196f25a13d7ac2500659e9f8665918255e835c60e1e15785b3fc5d1959d1b01824da9373f687674365349f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75bfdba611644eb3281528ba63e722d2
SHA1 96f4703d305aae2fa646aa13653ccbb7b8020525
SHA256 a5216c5e34ffeddca9e7701a480e87d897bcfa8956d07cf0139aaa96da9c0b62
SHA512 c037b8e2c67caf3584ca4a03200b6c38c22afa4426cbb52309e06cfe9b82094a52639f75ef4d52da4d51a732718a875ef85c2a5b3a8dab4b2e87602c9a5ba7b1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAJVCBJI\recaptcha__en[1].js

MD5 61510266707c885874f92adaa220bdd5
SHA1 340cf939c72c8e1f01c35a92a1e00da41ba2e9e2
SHA256 c8b035ee4f00bfd02d12754b51fd3a8a68a1673ab6a4e5eb14f5ff4bfd308ffa
SHA512 f374e32718f7962e517896a560f7fe4d0f05aa3c006582c535b8edc21f18f2c3986bb944c3eef10f676cfad12673be805701b81b05534cba02cacd67da4807f4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8B3MIKWC\www.recaptcha[1].xml

MD5 61938efa47dc3e92103c91053f4b5502
SHA1 dfe7ed9e6ac8959159045d95a3113fb460dd6cd2
SHA256 e569142309522c84c4178d1773b433879d8e50017236225216be8931e5df08c4
SHA512 d7dd96fb74465cf5db5ebcec5a8e4b6e8cf72bf4cc63dcc2924132e00a5d9a797cba462ea059a1b92e50dde53e402786a18169ec84ef11c388cdd5241ee3a5f5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat

MD5 1591109c4ab08497f20fca0fe12b4257
SHA1 58d163b8489a9c7fc98cd60fbd2bbd72778022fa
SHA256 aa25533a08332eb204bb87e8308630235da9b8a4527fb210ab22966938c4323e
SHA512 4ffbf1d04ed8ba1a4c42591927fc46a64958f0743e9c480c551d902ff52670652d64b9cbdf25d2dbd4fcba94b411a587ec25e7394f4bf1ba6652636f0e170906

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAJVCBJI\pp_favicon_x[1].ico

MD5 e1528b5176081f0ed963ec8397bc8fd3
SHA1 ff60afd001e924511e9b6f12c57b6bf26821fc1e
SHA256 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
SHA512 acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9VC31Q9\styles__ltr[1].css

MD5 eb4bc511f79f7a1573b45f5775b3a99b
SHA1 d910fb51ad7316aa54f055079374574698e74b35
SHA256 7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
SHA512 ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 749aa5af79de63dcd9276c26127ea429
SHA1 b031caa18cf659e138ae2064255af3465eba328f
SHA256 eb476ff3da3264f1540e539aa78c822cb16e4e440ed9daee98adf557d502e1f2
SHA512 ed77596aef394528a603f38ea3b64bc9197e27a6f93a8f2b60bce69d1f8f9f04dbb83e2780e4040f6a18efbdefe68b7f7135c1cccb16cab404c18e82f0ea3efb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be1914c5187bb30e7f15064b45df1f76
SHA1 96f4c7d53c3a7f29258ac4c550c4d22993be287a
SHA256 9cabfb506cb7dc4a1e3678c83198ddd7746935c5dbeb9d841c3e20fb65a47a3e
SHA512 c0616590b9e272314c096b29a29df13e47194094e8d4d4c766eeaae89c42934c8e98d8f5aefc058b12d2b30291279f69190f568d03d336457a65dd40ca38a868

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ac5caa2b939865ec031a25d2ad69b3b
SHA1 2156d0b80caf13735f42e382aea5d793f0fd50f5
SHA256 9ad2f4dd08367cdadb6774baa7d86fb876820e8aef47117ba4fe8d601a90b815
SHA512 b699c899c334b4b7cf4d29eeb2d0dd7597adbc720c8a4d852bd7fa4ce0b32f8ae43911f99b047c0427da5edbb9d4c046587bcc6946edadab5ff00e8c51124f4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3afc64df4fcbd524c9d62d1ae2221921
SHA1 68c6e835df56412f9604734d2c99d452f4ebb204
SHA256 87396c012ca222f2b19d659b1d6e38a1fbe83c12d9f021d50dfcbe781c0da485
SHA512 535bb80eca84cfccd945e47ea92e0651f3e9bf46a2d98f40b6cb85ba03e9098888c83eb984615389f96c0eb1219ab98c76d9f0edbb365bacf2bb01a42f3fc0fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b18b66f8358c12755ff019f6658335c
SHA1 47ed808f72b5a103f66a409a86037b56f77f714f
SHA256 9643f1c50baf728028fbde2ab9aab32a0f1a9b1cef0c149dcffd6b7b06089979
SHA512 6b20170267b8096b772999908ca1f04b40a02fbb2a7b43900ec9a917f5b854d874d2b28066ea39d5c3a910813ef808fe4a115ef04a1a751d34e13ca9c4865861

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba14c960dfd99487f4fbdd1715da211e
SHA1 424aa6671da4f12555eae1bdd91c4436c1e476cc
SHA256 36af0bb22d6ceabdf0eb3faedb9d77de98c1d4b82e73d59a3ddee9caf9b74805
SHA512 9a29d5dcb0b9dfb4ee5d154a7d61092bf37fd8e05d78b26f17c23000e505129a706be301e8a0a8dd490c55bef29da332bd81ed2d30b49a3183c5234bbd69b0d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2de3597ad8d660fac5607a2807d243ae
SHA1 b660af10bf063fffa5d6f3cce8b0d84b2392c725
SHA256 205cbd7143678f72930df7d74a5d7f252f09394ebf6eb22fcbc01e399f500403
SHA512 326f5c9d66c81ac9e7245fdfb834417e73c5a640aaed912f7a02aef450a7fbfeb914f8e82b8b30b9c1b39972ad9d85b757e70e52edfc37f55612b37632dc0354

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1412753594eacbf76321c203a71deffa
SHA1 afe0be541e570a501c2e49c9ba8583f68ae0373d
SHA256 09e78298945a2d97ef7650329bca4212ab80011f654f30401423663258ea0212
SHA512 2a3b755d066a866e43eaea427c7070153f72cb1238e763e101cca47bd4affbdebc82e268c108c9330d9628028c450bc5de77311fb79fbf60e094ae6762fc0f91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d6a826ad0bf1a458143d53a8ed4fd95
SHA1 5b9dd99421bde37409e5956a8edb9500c660e24e
SHA256 a550c4d599856e3a26cd48ac1f002b049b0c03d0267896334d9d80ddb2e8a8fe
SHA512 c4ed664bcddd7f67bbdc10aca58de3663129c6454f8b6634b83b44872d249bb43d2edd6198824bf6e85447813997cd3c2a38bbbbe392221f573a7fcee731d58c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3581c1b96dbbc8420b6b31e3649cf52
SHA1 31aa67a5235e333300bd12400156f3079b78bba5
SHA256 a12b7d56352e3f8ad56b5c5c55e23dddcf5a85279f74c4340df17445a45d83f7
SHA512 f21a3627f3690fc792daa3fd0ed6964982fdf8b113e671adf853d7e92098426642a0d166170da61a1ebf1464a9e34061fe406500cd4a5cf6d985222d4de0a3a9

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-30 08:58

Reported

2023-12-31 09:22

Platform

win10v2004-20231215-en

Max time kernel

146s

Max time network

138s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\13e954b7a5424f22dea8833910949bee.html

Signatures

Detected potential entity reuse from brand paypal.

phishing paypal

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{CD7FC5CC-A7BD-11EE-9963-F21AB124C203} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410779388" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0848897ca3bda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2735437716" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2717937895" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31079370" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2735437716" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000025ba558cff15364f83b59eef6d4e53a400000000020000000000106600000001000020000000e2920c876bee2401b527aaab6323ae2ef3f30b0d0174811a353f21b8ae1fca70000000000e80000000020000200000000c3fc071bbd30a86bbc67c56e572af6acf3e8f0430c082a5af3d5e317ad51dfc20000000862d7c238577b1bc5d18bd55fdcb48ccc1b0afd83000f1e08d678fa71b5ed213400000000e99f6c48943e1b392043aafb872e05fba6f610fedd3b5da4293d0df030d20b98c2f188bd34305a9db39bb03b66ff0bd2abe3d558ae9f0fee97fba1363d19f93 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31079370" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31079370" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31079370" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2717937895" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\13e954b7a5424f22dea8833910949bee.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:392 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 6.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 100.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 174.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
GB 88.221.135.211:80 tcp
GB 88.221.135.211:80 tcp
GB 88.221.135.211:80 tcp
GB 88.221.135.211:80 tcp
GB 88.221.135.211:80 tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
GB 96.17.178.174:80 tcp
US 8.8.8.8:53 udp
GB 96.17.178.174:80 tcp
GB 96.17.178.174:80 tcp
US 8.8.8.8:53 udp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 udp
GB 88.221.135.211:80 tcp
GB 88.221.135.211:80 tcp
GB 88.221.135.211:80 tcp
GB 88.221.135.211:80 tcp
GB 88.221.135.211:80 tcp
GB 88.221.135.211:80 tcp
GB 88.221.135.211:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DQ2SYU15\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee