Analysis Overview
SHA256
ac28412fa55ffa1b60368c69e7a8f97d93231027e06f49468aee8c9efa1fbe45
Threat Level: Likely benign
The file 13e954b7a5424f22dea8833910949bee was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand paypal.
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-30 08:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-30 08:58
Reported
2023-12-31 09:22
Platform
win7-20231215-en
Max time kernel
0s
Max time network
151s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C728EE31-A7BD-11EE-BCA6-6A53A263E8F2} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1708 wrote to memory of 2208 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1708 wrote to memory of 2208 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1708 wrote to memory of 2208 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1708 wrote to memory of 2208 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\13e954b7a5424f22dea8833910949bee.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1708 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:80 | www.paypal.com | tcp |
| US | 151.101.1.21:80 | www.paypal.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 172.217.16.227:443 | www.recaptcha.net | tcp |
| GB | 172.217.16.227:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com | udp |
| US | 104.17.208.240:443 | zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3446bc5d560c3342605145dc9e9909b5 |
| SHA1 | 22a01628f97f806a82a8bc4df9c94ff6d45583bf |
| SHA256 | c83f424a137750cef59f3b651619c7069fd9bd9bf9ffef5f3c5c69031522bd22 |
| SHA512 | cadbccfceb13aa0769691579b00578ff0abff7f487bed1782ff7afcac3cef955c084f657a9d6a277adf85dc4e487faf4411956bd8c2e40a94a2c680cf0adb2f3 |
C:\Users\Admin\AppData\Local\Temp\Cab8F95.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar8F96.tmp
| MD5 | 71e4ce8b3a1b89f335a6936bbdafce4c |
| SHA1 | 6e0d450eb5f316a9924b3e58445b26bfb727001e |
| SHA256 | a5edfae1527d0c8d9fe5e7a2c5c21b671e61f9981f3bcf9e8cc9f9bb9f3b44c5 |
| SHA512 | b80af88699330e1ff01e409daabdedeef350fe7d192724dfa8622afa71e132076144175f6e097f8136f1bba44c7cb30cfdd0414dbe4e0a4712b3bad7b70aeff7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c18d52c7da439012e28a0f842da83c7 |
| SHA1 | e4fb8026c943d0a88b2e3f2e0b1ea88544c2f5b6 |
| SHA256 | 36220ca978d9e5d6708cd2601fc4f003713d945c5558022562b8730719be2015 |
| SHA512 | 6e5fb09dca7034181575cfe77d2ba740b8240255e4ee64ecdb2c53913272097585576f2617c591b77137d1cf3e1005ed5cf1ee983bd346ca617734be6962f8d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a03b2476312700377e1f524f284ea4e |
| SHA1 | 512ad27ed1461c4cbb08eb61bf9dedc3fe00ab1c |
| SHA256 | 2420199ddd5e40c599f010cdb51c1053082d0e1e4f5510651318eb83c4d899a9 |
| SHA512 | 6d3e39e05fa59c5f97ac911fedae73a33a27d459819aff97d4be7f4bd26bd1da93bb34e245a51f3de7e13fa38c44de5bb8d4be3e60644532445cc872a3ef2f74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0d44661641db61a655cdae62a620828 |
| SHA1 | 682fda881275f2ebcde3f1d5953586b3bafa573d |
| SHA256 | 84a78f0add84bb14e61e6939a4d8e9acc43da4f8805b04571334c3006d328225 |
| SHA512 | 45c5f321f1a971633042fc563f189838fa816c49695fd943c7977c37b68371ad3e02834668ace9ceeac73f88ac9be7879edc28d340232a15812168043e5dd5f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 596453eab63180969400439c6ad15ef3 |
| SHA1 | b02209760f3508205d71d9e9271da37d63a8dfef |
| SHA256 | 6f613d8c99f7d567795067d4a5fc97f489d0bcea3d56d245bc9d310d1fbae902 |
| SHA512 | 048bb40d2fb080f520eb218038fbc8e15e1b1eea5b025a8e77023f67ac1111f902ffd0c548f3b316955b645a004e6ea623a361f18d3297acc04b526b3871d3a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f2c4f6ef9b7092d2725e6817a050620 |
| SHA1 | cf2aa1a17ff2517fd30f419460709d674420429b |
| SHA256 | d9439fca00c14e09b7dc9b364028471d5d7a9c2ac1b452989b10e34c9901a052 |
| SHA512 | fb50703b53010069537482f0dd469f03732a6ca0cae83a2768f59c6fd8eec3ae9921d6fe763de4671ffee33dd7a5d3f94dcc10ed7f4c01816a92d920bade0080 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acd378e6befd23075f30e0da3a4c2319 |
| SHA1 | 708e87077386fe1ea2b27499dc70184ac2979831 |
| SHA256 | e405be26900e731dabcd56c55554b5ae0c629f1b00e1b6a4bfde02f8b1c91b15 |
| SHA512 | d5b46360e464606462a4118ee87ba7574d523111a4196f25a13d7ac2500659e9f8665918255e835c60e1e15785b3fc5d1959d1b01824da9373f687674365349f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75bfdba611644eb3281528ba63e722d2 |
| SHA1 | 96f4703d305aae2fa646aa13653ccbb7b8020525 |
| SHA256 | a5216c5e34ffeddca9e7701a480e87d897bcfa8956d07cf0139aaa96da9c0b62 |
| SHA512 | c037b8e2c67caf3584ca4a03200b6c38c22afa4426cbb52309e06cfe9b82094a52639f75ef4d52da4d51a732718a875ef85c2a5b3a8dab4b2e87602c9a5ba7b1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAJVCBJI\recaptcha__en[1].js
| MD5 | 61510266707c885874f92adaa220bdd5 |
| SHA1 | 340cf939c72c8e1f01c35a92a1e00da41ba2e9e2 |
| SHA256 | c8b035ee4f00bfd02d12754b51fd3a8a68a1673ab6a4e5eb14f5ff4bfd308ffa |
| SHA512 | f374e32718f7962e517896a560f7fe4d0f05aa3c006582c535b8edc21f18f2c3986bb944c3eef10f676cfad12673be805701b81b05534cba02cacd67da4807f4 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8B3MIKWC\www.recaptcha[1].xml
| MD5 | 61938efa47dc3e92103c91053f4b5502 |
| SHA1 | dfe7ed9e6ac8959159045d95a3113fb460dd6cd2 |
| SHA256 | e569142309522c84c4178d1773b433879d8e50017236225216be8931e5df08c4 |
| SHA512 | d7dd96fb74465cf5db5ebcec5a8e4b6e8cf72bf4cc63dcc2924132e00a5d9a797cba462ea059a1b92e50dde53e402786a18169ec84ef11c388cdd5241ee3a5f5 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat
| MD5 | 1591109c4ab08497f20fca0fe12b4257 |
| SHA1 | 58d163b8489a9c7fc98cd60fbd2bbd72778022fa |
| SHA256 | aa25533a08332eb204bb87e8308630235da9b8a4527fb210ab22966938c4323e |
| SHA512 | 4ffbf1d04ed8ba1a4c42591927fc46a64958f0743e9c480c551d902ff52670652d64b9cbdf25d2dbd4fcba94b411a587ec25e7394f4bf1ba6652636f0e170906 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAJVCBJI\pp_favicon_x[1].ico
| MD5 | e1528b5176081f0ed963ec8397bc8fd3 |
| SHA1 | ff60afd001e924511e9b6f12c57b6bf26821fc1e |
| SHA256 | 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667 |
| SHA512 | acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9VC31Q9\styles__ltr[1].css
| MD5 | eb4bc511f79f7a1573b45f5775b3a99b |
| SHA1 | d910fb51ad7316aa54f055079374574698e74b35 |
| SHA256 | 7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050 |
| SHA512 | ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 749aa5af79de63dcd9276c26127ea429 |
| SHA1 | b031caa18cf659e138ae2064255af3465eba328f |
| SHA256 | eb476ff3da3264f1540e539aa78c822cb16e4e440ed9daee98adf557d502e1f2 |
| SHA512 | ed77596aef394528a603f38ea3b64bc9197e27a6f93a8f2b60bce69d1f8f9f04dbb83e2780e4040f6a18efbdefe68b7f7135c1cccb16cab404c18e82f0ea3efb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be1914c5187bb30e7f15064b45df1f76 |
| SHA1 | 96f4c7d53c3a7f29258ac4c550c4d22993be287a |
| SHA256 | 9cabfb506cb7dc4a1e3678c83198ddd7746935c5dbeb9d841c3e20fb65a47a3e |
| SHA512 | c0616590b9e272314c096b29a29df13e47194094e8d4d4c766eeaae89c42934c8e98d8f5aefc058b12d2b30291279f69190f568d03d336457a65dd40ca38a868 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ac5caa2b939865ec031a25d2ad69b3b |
| SHA1 | 2156d0b80caf13735f42e382aea5d793f0fd50f5 |
| SHA256 | 9ad2f4dd08367cdadb6774baa7d86fb876820e8aef47117ba4fe8d601a90b815 |
| SHA512 | b699c899c334b4b7cf4d29eeb2d0dd7597adbc720c8a4d852bd7fa4ce0b32f8ae43911f99b047c0427da5edbb9d4c046587bcc6946edadab5ff00e8c51124f4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3afc64df4fcbd524c9d62d1ae2221921 |
| SHA1 | 68c6e835df56412f9604734d2c99d452f4ebb204 |
| SHA256 | 87396c012ca222f2b19d659b1d6e38a1fbe83c12d9f021d50dfcbe781c0da485 |
| SHA512 | 535bb80eca84cfccd945e47ea92e0651f3e9bf46a2d98f40b6cb85ba03e9098888c83eb984615389f96c0eb1219ab98c76d9f0edbb365bacf2bb01a42f3fc0fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b18b66f8358c12755ff019f6658335c |
| SHA1 | 47ed808f72b5a103f66a409a86037b56f77f714f |
| SHA256 | 9643f1c50baf728028fbde2ab9aab32a0f1a9b1cef0c149dcffd6b7b06089979 |
| SHA512 | 6b20170267b8096b772999908ca1f04b40a02fbb2a7b43900ec9a917f5b854d874d2b28066ea39d5c3a910813ef808fe4a115ef04a1a751d34e13ca9c4865861 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba14c960dfd99487f4fbdd1715da211e |
| SHA1 | 424aa6671da4f12555eae1bdd91c4436c1e476cc |
| SHA256 | 36af0bb22d6ceabdf0eb3faedb9d77de98c1d4b82e73d59a3ddee9caf9b74805 |
| SHA512 | 9a29d5dcb0b9dfb4ee5d154a7d61092bf37fd8e05d78b26f17c23000e505129a706be301e8a0a8dd490c55bef29da332bd81ed2d30b49a3183c5234bbd69b0d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2de3597ad8d660fac5607a2807d243ae |
| SHA1 | b660af10bf063fffa5d6f3cce8b0d84b2392c725 |
| SHA256 | 205cbd7143678f72930df7d74a5d7f252f09394ebf6eb22fcbc01e399f500403 |
| SHA512 | 326f5c9d66c81ac9e7245fdfb834417e73c5a640aaed912f7a02aef450a7fbfeb914f8e82b8b30b9c1b39972ad9d85b757e70e52edfc37f55612b37632dc0354 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1412753594eacbf76321c203a71deffa |
| SHA1 | afe0be541e570a501c2e49c9ba8583f68ae0373d |
| SHA256 | 09e78298945a2d97ef7650329bca4212ab80011f654f30401423663258ea0212 |
| SHA512 | 2a3b755d066a866e43eaea427c7070153f72cb1238e763e101cca47bd4affbdebc82e268c108c9330d9628028c450bc5de77311fb79fbf60e094ae6762fc0f91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d6a826ad0bf1a458143d53a8ed4fd95 |
| SHA1 | 5b9dd99421bde37409e5956a8edb9500c660e24e |
| SHA256 | a550c4d599856e3a26cd48ac1f002b049b0c03d0267896334d9d80ddb2e8a8fe |
| SHA512 | c4ed664bcddd7f67bbdc10aca58de3663129c6454f8b6634b83b44872d249bb43d2edd6198824bf6e85447813997cd3c2a38bbbbe392221f573a7fcee731d58c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3581c1b96dbbc8420b6b31e3649cf52 |
| SHA1 | 31aa67a5235e333300bd12400156f3079b78bba5 |
| SHA256 | a12b7d56352e3f8ad56b5c5c55e23dddcf5a85279f74c4340df17445a45d83f7 |
| SHA512 | f21a3627f3690fc792daa3fd0ed6964982fdf8b113e671adf853d7e92098426642a0d166170da61a1ebf1464a9e34061fe406500cd4a5cf6d985222d4de0a3a9 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-30 08:58
Reported
2023-12-31 09:22
Platform
win10v2004-20231215-en
Max time kernel
146s
Max time network
138s
Command Line
Signatures
Detected potential entity reuse from brand paypal.
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{CD7FC5CC-A7BD-11EE-9963-F21AB124C203} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410779388" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0848897ca3bda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2735437716" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2717937895" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31079370" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2735437716" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000025ba558cff15364f83b59eef6d4e53a400000000020000000000106600000001000020000000e2920c876bee2401b527aaab6323ae2ef3f30b0d0174811a353f21b8ae1fca70000000000e80000000020000200000000c3fc071bbd30a86bbc67c56e572af6acf3e8f0430c082a5af3d5e317ad51dfc20000000862d7c238577b1bc5d18bd55fdcb48ccc1b0afd83000f1e08d678fa71b5ed213400000000e99f6c48943e1b392043aafb872e05fba6f610fedd3b5da4293d0df030d20b98c2f188bd34305a9db39bb03b66ff0bd2abe3d558ae9f0fee97fba1363d19f93 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31079370" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31079370" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31079370" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2717937895" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 392 wrote to memory of 800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 392 wrote to memory of 800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 392 wrote to memory of 800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\13e954b7a5424f22dea8833910949bee.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:392 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| GB | 88.221.135.211:80 | tcp | |
| GB | 88.221.135.211:80 | tcp | |
| GB | 88.221.135.211:80 | tcp | |
| GB | 88.221.135.211:80 | tcp | |
| GB | 88.221.135.211:80 | tcp | |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| GB | 96.17.178.174:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| GB | 96.17.178.174:80 | tcp | |
| GB | 96.17.178.174:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| GB | 88.221.135.211:80 | tcp | |
| GB | 88.221.135.211:80 | tcp | |
| GB | 88.221.135.211:80 | tcp | |
| GB | 88.221.135.211:80 | tcp | |
| GB | 88.221.135.211:80 | tcp | |
| GB | 88.221.135.211:80 | tcp | |
| GB | 88.221.135.211:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DQ2SYU15\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |