hxxps://data[.]em[.]officedepot[.]com/ee/v1/click?params=v1[.]KBKhfh5A49y1Menpmq5N7DHt3AhiAtmPhQe-1R7ghBT-ERYk0xbQIis-kGV5mxzmXfrqgr3POSJYQJzu_spJn9MIC_Ifi9NCqXQqRDSwRr1zAX3ix1wqPr1ynaLiEBR_1BJNuOPx21xDZIGiaBIoecGatcofk7fNXxVnyV4heIYS4Bbbp699rddyvUxZnQ1o_Vjq4aRZO-LqwJ-TmmpZSmOEfOrST8k7m6L-gzWX2uuf9KQP7tElkXFeoNvKPblzExwW0caGL12G__65Vx7B47RJN3m8AZ1Mf4MixgKqttJsB2Kkx0h_gdCEWvrioC6kHaHGW6ku8NVFCWsVRb58gm6XB-19YhxRnf_EYFehhz_9xlBV1sp2_CsREkIgMj6pI-6ariZ63-KCn6gyXgCiD2Zt_qljPC3WJaGEwhylqt-ULg9yJSRI7RnXKAEr5TztnBP38F-F8JEduKZvUGlLrnu3ajjvirUgHocwd4xPU9Odu6dgShMMbp_S5zFS26G3Nky-CM07-8J9TyU9dXbxsoFhNnpY114CukC2X7E5j-mrKrFgf25Qd-h4Q22Sp8J4TizaAmGeyCqPWIYsn7GqSybMIiRqTtsogjrhZhKgGWtabMGNTZOd-EjGI_GSwwLzkqGXyUKhprEyykYVi1v494csQF5UpWjRjDxhr1VjsjSOyKRemWwDOiJX_p822vcIIQDtjfT1e5j0aPwwhnuP0RwABYN1WDELNpBdXP2Tg9mJGMHfKErTgj2sskUdEzslpZ-lyL6A9PJ9eSLNbQhlCG6HTYhpeL2R-agr4l04RUrKQXITRo9xd0Ir-1pq6cGO69UNkwWAyRMHqyLI8xmXYun5hTrVNOe9Lu7yLgUcDAxBoitL0MJguWvyZ5RTL-xfearU5bTdZZNiU3z3VISqyO-X5KARJC02XVUmsYqq8petaf4LU6dWnYpe6o63fTzmAkdlrVcNzC-4RGLO2unNfb1QfhCzWCxHF29vk79OG110_ejosReRiKURXxdb9ETMiBydxpmG08VD_da364X1bOPNMj86UJa9zq0nPmBJ5DHJJgm8qhO-8mWDJlduZVJRIAdvbNUhD98K80ZvEIHvzFhi3XQiCXhaj7DP3rhl5M1uJbrzkqfg_Gr3U0fC9WBnOWsxP62HxUt2bJk4jtGDt42qrX5FCd2kJ-4lCjkA9lU7eFNEx0s5PWMOBmT52E0PVnEqezO_Z7qzKHCzb844R2pmRATFYSfE1RKVczNt2BxZ4y8897GigBQCF5k8McfcWjxiKF94LL_L8Xn0CX5EVD2RAMUamX1KOEAl61a8-TrTEZ565AUIcPrOzdGlL-jlPPAICGKTlSekw7zBMvSguAGeBLbqCIzfB87IlQi95wegVppLulmmpBN34rTb7pedeivSKiuItBJDjggKdU7glSHfzf3Dft4W3lEZORWLWWNF0y3QSA5moOUAnBrQLD8VMlRuZ7Kng_d0yuaYZn8RZcYZcQo3gKhIVx8f0iJuRN-Rlq4iSK953TdWTQJqifNLY1yAOiBQkBna__0iYgsvav_Flo3nwBIyaIqi591urFqGLd6U7zOcUPZOMmJMIo8&pid=v1[.]4we1hROesQ1nEu-pBZ7sMalU-gaKV4gwYWZ00UDKzltgWJsumdXaAVY6zowWB6KLMNiDQMFGx1RRQbc9xjkZfxug4D33lnHs1WOK8zmX0MO5iSuCzpoF03gbfP_bm_oG8C_GL2uTc_bh8ZPhIEv-GSdOezU&tuid=658ef403363b36591f3230f8&configId=abc22d2b-bf0c-4ab0-af34-6fc73378a2c8

Analysis

max time kernel
177s
max time network
220s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-01-2024 09:22

Sharing

Behavioral task

behavioral1

Sample

https://data.em.officedepot.com/ee/v1/click?params=v1.KBKhfh5A49y1Menpmq5N7DHt3AhiAtmPhQe-1R7ghBT-ERYk0xbQIis-kGV5mxzmXfrqgr3POSJYQJzu_spJn9MIC_Ifi9NCqXQqRDSwRr1zAX3ix1wqPr1ynaLiEBR_1BJNuOPx21xDZIGiaBIoecGatcofk7fNXxVnyV4heIYS4Bbbp699rddyvUxZnQ1o_Vjq4aRZO-LqwJ-TmmpZSmOEfOrST8k7m6L-gzWX2uuf9KQP7tElkXFeoNvKPblzExwW0caGL12G__65Vx7B47RJN3m8AZ1Mf4MixgKqttJsB2Kkx0h_gdCEWvrioC6kHaHGW6ku8NVFCWsVRb58gm6XB-19YhxRnf_EYFehhz_9xlBV1sp2_CsREkIgMj6pI-6ariZ63-KCn6gyXgCiD2Zt_qljPC3WJaGEwhylqt-ULg9yJSRI7RnXKAEr5TztnBP38F-F8JEduKZvUGlLrnu3ajjvirUgHocwd4xPU9Odu6dgShMMbp_S5zFS26G3Nky-CM07-8J9TyU9dXbxsoFhNnpY114CukC2X7E5j-mrKrFgf25Qd-h4Q22Sp8J4TizaAmGeyCqPWIYsn7GqSybMIiRqTtsogjrhZhKgGWtabMGNTZOd-EjGI_GSwwLzkqGXyUKhprEyykYVi1v494csQF5UpWjRjDxhr1VjsjSOyKRemWwDOiJX_p822vcIIQDtjfT1e5j0aPwwhnuP0RwABYN1WDELNpBdXP2Tg9mJGMHfKErTgj2sskUdEzslpZ-lyL6A9PJ9eSLNbQhlCG6HTYhpeL2R-agr4l04RUrKQXITRo9xd0Ir-1pq6cGO69UNkwWAyRMHqyLI8xmXYun5hTrVNOe9Lu7yLgUcDAxBoitL0MJguWvyZ5RTL-xfearU5bTdZZNiU3z3VISqyO-X5KARJC02XVUmsYqq8petaf4LU6dWnYpe6o63fTzmAkdlrVcNzC-4RGLO2unNfb1QfhCzWCxHF29vk79OG110_ejosReRiKURXxdb9ETMiBydxpmG08VD_da364X1bOPNMj86UJa9zq0nPmBJ5DHJJgm8qhO-8mWDJlduZVJRIAdvbNUhD98K80ZvEIHvzFhi3XQiCXhaj7DP3rhl5M1uJbrzkqfg_Gr3U0fC9WBnOWsxP62HxUt2bJk4jtGDt42qrX5FCd2kJ-4lCjkA9lU7eFNEx0s5PWMOBmT52E0PVnEqezO_Z7qzKHCzb844R2pmRATFYSfE1RKVczNt2BxZ4y8897GigBQCF5k8McfcWjxiKF94LL_L8Xn0CX5EVD2RAMUamX1KOEAl61a8-TrTEZ565AUIcPrOzdGlL-jlPPAICGKTlSekw7zBMvSguAGeBLbqCIzfB87IlQi95wegVppLulmmpBN34rTb7pedeivSKiuItBJDjggKdU7glSHfzf3Dft4W3lEZORWLWWNF0y3QSA5moOUAnBrQLD8VMlRuZ7Kng_d0yuaYZn8RZcYZcQo3gKhIVx8f0iJuRN-Rlq4iSK953TdWTQJqifNLY1yAOiBQkBna__0iYgsvav_Flo3nwBIyaIqi591urFqGLd6U7zOcUPZOMmJMIo8&pid=v1.4we1hROesQ1nEu-pBZ7sMalU-gaKV4gwYWZ00UDKzltgWJsumdXaAVY6zowWB6KLMNiDQMFGx1RRQbc9xjkZfxug4D33lnHs1WOK8zmX0MO5iSuCzpoF03gbfP_bm_oG8C_GL2uTc_bh8ZPhIEv-GSdOezU&tuid=658ef403363b36591f3230f8&configId=abc22d2b-bf0c-4ab0-af34-6fc73378a2c8

Resource

win7-20231215-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Resource

win10v2004-20231215-en

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

https://data.em.officedepot.com/ee/v1/click?params=v1.KBKhfh5A49y1Menpmq5N7DHt3AhiAtmPhQe-1R7ghBT-ERYk0xbQIis-kGV5mxzmXfrqgr3POSJYQJzu_spJn9MIC_Ifi9NCqXQqRDSwRr1zAX3ix1wqPr1ynaLiEBR_1BJNuOPx21xDZIGiaBIoecGatcofk7fNXxVnyV4heIYS4Bbbp699rddyvUxZnQ1o_Vjq4aRZO-LqwJ-TmmpZSmOEfOrST8k7m6L-gzWX2uuf9KQP7tElkXFeoNvKPblzExwW0caGL12G__65Vx7B47RJN3m8AZ1Mf4MixgKqttJsB2Kkx0h_gdCEWvrioC6kHaHGW6ku8NVFCWsVRb58gm6XB-19YhxRnf_EYFehhz_9xlBV1sp2_CsREkIgMj6pI-6ariZ63-KCn6gyXgCiD2Zt_qljPC3WJaGEwhylqt-ULg9yJSRI7RnXKAEr5TztnBP38F-F8JEduKZvUGlLrnu3ajjvirUgHocwd4xPU9Odu6dgShMMbp_S5zFS26G3Nky-CM07-8J9TyU9dXbxsoFhNnpY114CukC2X7E5j-mrKrFgf25Qd-h4Q22Sp8J4TizaAmGeyCqPWIYsn7GqSybMIiRqTtsogjrhZhKgGWtabMGNTZOd-EjGI_GSwwLzkqGXyUKhprEyykYVi1v494csQF5UpWjRjDxhr1VjsjSOyKRemWwDOiJX_p822vcIIQDtjfT1e5j0aPwwhnuP0RwABYN1WDELNpBdXP2Tg9mJGMHfKErTgj2sskUdEzslpZ-lyL6A9PJ9eSLNbQhlCG6HTYhpeL2R-agr4l04RUrKQXITRo9xd0Ir-1pq6cGO69UNkwWAyRMHqyLI8xmXYun5hTrVNOe9Lu7yLgUcDAxBoitL0MJguWvyZ5RTL-xfearU5bTdZZNiU3z3VISqyO-X5KARJC02XVUmsYqq8petaf4LU6dWnYpe6o63fTzmAkdlrVcNzC-4RGLO2unNfb1QfhCzWCxHF29vk79OG110_ejosReRiKURXxdb9ETMiBydxpmG08VD_da364X1bOPNMj86UJa9zq0nPmBJ5DHJJgm8qhO-8mWDJlduZVJRIAdvbNUhD98K80ZvEIHvzFhi3XQiCXhaj7DP3rhl5M1uJbrzkqfg_Gr3U0fC9WBnOWsxP62HxUt2bJk4jtGDt42qrX5FCd2kJ-4lCjkA9lU7eFNEx0s5PWMOBmT52E0PVnEqezO_Z7qzKHCzb844R2pmRATFYSfE1RKVczNt2BxZ4y8897GigBQCF5k8McfcWjxiKF94LL_L8Xn0CX5EVD2RAMUamX1KOEAl61a8-TrTEZ565AUIcPrOzdGlL-jlPPAICGKTlSekw7zBMvSguAGeBLbqCIzfB87IlQi95wegVppLulmmpBN34rTb7pedeivSKiuItBJDjggKdU7glSHfzf3Dft4W3lEZORWLWWNF0y3QSA5moOUAnBrQLD8VMlRuZ7Kng_d0yuaYZn8RZcYZcQo3gKhIVx8f0iJuRN-Rlq4iSK953TdWTQJqifNLY1yAOiBQkBna__0iYgsvav_Flo3nwBIyaIqi591urFqGLd6U7zOcUPZOMmJMIo8&pid=v1.4we1hROesQ1nEu-pBZ7sMalU-gaKV4gwYWZ00UDKzltgWJsumdXaAVY6zowWB6KLMNiDQMFGx1RRQbc9xjkZfxug4D33lnHs1WOK8zmX0MO5iSuCzpoF03gbfP_bm_oG8C_GL2uTc_bh8ZPhIEv-GSdOezU&tuid=658ef403363b36591f3230f8&configId=abc22d2b-bf0c-4ab0-af34-6fc73378a2c8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c1930000000000200000000001066000000010000200000002ba8de99a3508c9eeb4c19ff11a258f9be7035d7bec881f62b1d115ee78e0646000000000e800000000200002000000091b92cdb9e0c35943e4697a9af2380ed0e32e1b157e36958165787243f77ac0190000000f84ba3952ad0cbae0807199e25af422a8daa9ff7397b9413159e29f6cb28453c9d6eb511b24c00bd28b6a2722fe8665bf706c7fee121e7be259a11c262ab2cf4c1fb00eccb51af360edc04ae682ecee110bd103b493cacaf6e4b82f84912793fc5dfab2db874dbe4a44c471dcad7ccd48d469c40a31fe0e7c362114470c43a2854ef9494de523f7c1a2f5cb59e5f83b040000000a80027a045f32874a0d0e7bd62bfbe31a9f6908336d6f9d09a777c347923d7ed8d191f74a80b6cb0a2e29246bc7a1843bf5bb0ef8fa27b03ef88476ab33bc5f0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410522142"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c193000000000020000000000106600000001000020000000cb1d33c815b67088f17b847edc0d1f921c85574c24a47e646318914315c674f1000000000e80000000020000200000003bada27540faee83468fe41cf881e62865f060065db401a9b232979d93b88dd8200000009e059b575dc67600e732440fe1ae6017bc586e03da49a973c1f6d78391edae3d400000003cc62d4687bedbb84215e44bf8729ab5b44516c127fcb2b2b23a9895007e0041f8e4c4f6fe3173ab2ed5a02c58b2b290d31a6a913fdc93c4c2dbe3ac0431bc83	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 205fb001f03eda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0AAB6980-AAE3-11EE-8C00-76B33C18F4CF} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2880	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2880	iexplore.exe
2880	iexplore.exe
2628	IEXPLORE.EXE
2628	IEXPLORE.EXE
2628	IEXPLORE.EXE
2628	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 2628	2880	iexplore.exe	30
PID 2880 wrote to memory of 2628	2880	iexplore.exe	30
PID 2880 wrote to memory of 2628	2880	iexplore.exe	30
PID 2880 wrote to memory of 2628	2880	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://data.em.officedepot.com/ee/v1/click?params=v1.KBKhfh5A49y1Menpmq5N7DHt3AhiAtmPhQe-1R7ghBT-ERYk0xbQIis-kGV5mxzmXfrqgr3POSJYQJzu_spJn9MIC_Ifi9NCqXQqRDSwRr1zAX3ix1wqPr1ynaLiEBR_1BJNuOPx21xDZIGiaBIoecGatcofk7fNXxVnyV4heIYS4Bbbp699rddyvUxZnQ1o_Vjq4aRZO-LqwJ-TmmpZSmOEfOrST8k7m6L-gzWX2uuf9KQP7tElkXFeoNvKPblzExwW0caGL12G__65Vx7B47RJN3m8AZ1Mf4MixgKqttJsB2Kkx0h_gdCEWvrioC6kHaHGW6ku8NVFCWsVRb58gm6XB-19YhxRnf_EYFehhz_9xlBV1sp2_CsREkIgMj6pI-6ariZ63-KCn6gyXgCiD2Zt_qljPC3WJaGEwhylqt-ULg9yJSRI7RnXKAEr5TztnBP38F-F8JEduKZvUGlLrnu3ajjvirUgHocwd4xPU9Odu6dgShMMbp_S5zFS26G3Nky-CM07-8J9TyU9dXbxsoFhNnpY114CukC2X7E5j-mrKrFgf25Qd-h4Q22Sp8J4TizaAmGeyCqPWIYsn7GqSybMIiRqTtsogjrhZhKgGWtabMGNTZOd-EjGI_GSwwLzkqGXyUKhprEyykYVi1v494csQF5UpWjRjDxhr1VjsjSOyKRemWwDOiJX_p822vcIIQDtjfT1e5j0aPwwhnuP0RwABYN1WDELNpBdXP2Tg9mJGMHfKErTgj2sskUdEzslpZ-lyL6A9PJ9eSLNbQhlCG6HTYhpeL2R-agr4l04RUrKQXITRo9xd0Ir-1pq6cGO69UNkwWAyRMHqyLI8xmXYun5hTrVNOe9Lu7yLgUcDAxBoitL0MJguWvyZ5RTL-xfearU5bTdZZNiU3z3VISqyO-X5KARJC02XVUmsYqq8petaf4LU6dWnYpe6o63fTzmAkdlrVcNzC-4RGLO2unNfb1QfhCzWCxHF29vk79OG110_ejosReRiKURXxdb9ETMiBydxpmG08VD_da364X1bOPNMj86UJa9zq0nPmBJ5DHJJgm8qhO-8mWDJlduZVJRIAdvbNUhD98K80ZvEIHvzFhi3XQiCXhaj7DP3rhl5M1uJbrzkqfg_Gr3U0fC9WBnOWsxP62HxUt2bJk4jtGDt42qrX5FCd2kJ-4lCjkA9lU7eFNEx0s5PWMOBmT52E0PVnEqezO_Z7qzKHCzb844R2pmRATFYSfE1RKVczNt2BxZ4y8897GigBQCF5k8McfcWjxiKF94LL_L8Xn0CX5EVD2RAMUamX1KOEAl61a8-TrTEZ565AUIcPrOzdGlL-jlPPAICGKTlSekw7zBMvSguAGeBLbqCIzfB87IlQi95wegVppLulmmpBN34rTb7pedeivSKiuItBJDjggKdU7glSHfzf3Dft4W3lEZORWLWWNF0y3QSA5moOUAnBrQLD8VMlRuZ7Kng_d0yuaYZn8RZcYZcQo3gKhIVx8f0iJuRN-Rlq4iSK953TdWTQJqifNLY1yAOiBQkBna__0iYgsvav_Flo3nwBIyaIqi591urFqGLd6U7zOcUPZOMmJMIo8&pid=v1.4we1hROesQ1nEu-pBZ7sMalU-gaKV4gwYWZ00UDKzltgWJsumdXaAVY6zowWB6KLMNiDQMFGx1RRQbc9xjkZfxug4D33lnHs1WOK8zmX0MO5iSuCzpoF03gbfP_bm_oG8C_GL2uTc_bh8ZPhIEv-GSdOezU&tuid=658ef403363b36591f3230f8&configId=abc22d2b-bf0c-4ab0-af34-6fc73378a2c8
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47f79c5f3e451fcc51f275bca44c068e

SHA1
252c2db3b77478ec426934ef8234757cd8f129a5

SHA256
62e55be9749d214656ad413294f7d8ed9c8f43bf651a980dfbe3b9d80795d58f

SHA512
62916c1346ecb60536d4d5fe98e2512af243a1dc7090fcd8b9e04e0f6e07829910fa2a0b56f993fb8b8e9aa61ba151f77ccd7db14119604b8bb4af494f9cbf1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1651409ce07ef9c0b240e13b207b243f

SHA1
3197c22fd99e1389db4225c542b3e7b3fef4833f

SHA256
3d61834e45072beac820de19fb1f0fbc4aec0307503ccaae3a031778873cee51

SHA512
56e5a9a29b4c1c5850713a2530a55503e3957ae81dec14640371137d84906baa0967ed81495baf557e41d5cc9e2414da85c5debbd64a1e6c718bd63dc23ebcf9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a70fd175b70c87ef09c26b067e05918

SHA1
0df1c511b4bb562094fcb960b13124e02224b4bc

SHA256
38783ae363f987043841cd1c3a12f1001099dada443025dc34dd3f151496b918

SHA512
114d8f350e36b9cf6ccbe0c7b52a5e243ff0c670f55c711209f03a31c8f30af6fe6c57c9861ecf790c175b0293410513a098dbb2ad8de4596aa6b067011d8b21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5272ba76e718be52cfa6752817ffa9e

SHA1
4a360eb6b73fcb808e708350cc78bfb3e61200ba

SHA256
b281c7d2d5f12b4e2e4848d6764b6e3bfc9ee2a8e52e74810472ab858895c350

SHA512
1d03b0f7aeac9f510feab794c0402930498d94ebfd737f11b3ec9e3d035bfcfc59b93b8b6927175160461b793eb0f7439c32f94022020190c0d89a7770416309

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4bcd75117ae7578675654796f32ba303

SHA1
cf8b3b58f9c136ab9a3eebe9150ddd9105364b72

SHA256
704c4d879181a0279418e96e53d88d3a801acc67de4a107539bad0493383cc9c

SHA512
bb2cb5ec436918fd4d115beac23753646c3fc31a46d06f3d907f58760e39d47c5b752296c5c93c666a0b89c5b2b59f2de8f4a325dd60f91f23c06e491af4a008

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50c5e1c937aa40218b65cb3dfedc1406

SHA1
5161a7c5f39b8a729986a7e6f06dbdd0725bc79f

SHA256
b9096d0352e003ba40c888bb1ce995c8553a15b7f6e57807497334e5c65b2288

SHA512
191a66af5923ed59f163c0e48412c1bfc7e0644b40bbf22b388a34e9601cb7949eb00b1fde97ad0ba8d5b544dce45e82d1b2de66899afce8f82d8dc3703d1c75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
731b3a5013af871ac21c189683152b99

SHA1
026fa168eaeff3d21018dc7df9d2de8e725bcad0

SHA256
f808a4b0e411d69e814cab0c816ee8f0b851781f6e0a9d0f53448036887f690a

SHA512
fa4650baecca9286009d7735630580f23b2afc9212f2caa3f4fe13f5fcb9b9546bc2cf63c1fb3d9a0e2295ddaa5bf2f8f8b8d358560d1a017e92e029710636df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c69866baf546b9fc28dfabbb3347fbc7

SHA1
f7224003d211a87a26041504d7a96222f41a5e37

SHA256
a865a992dbf196685fae0818109ced2c0f8ca080f8a531000558d355fa2767cf

SHA512
a3db5e1f960bed71cb17cfccc9e392076458b521f97dcd26e62ddd47eac589a780c0f5195555babed0974131e1ac54f149b08fbfc9053a4ad2bd086ab373194f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ee6464ae2e8983c3b0fded79ffaa602

SHA1
de64f12cd9c7a136783edc48d8394905bedbfa22

SHA256
1ca53ca01da6c420e6d71a61e45b1d7741ca0c48a538fc47be11879bf34ccd8f

SHA512
7010281576a391d3f846a72e1063035b99e4dbe211ea817d3de77e69b2ac44c4d706dc02b224e77ab9f3d7ce43a482a5ec25ae9b19ada7f62b5e8c8ab95242db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35964845a9dd5da7fc0ef40f4192a8ad

SHA1
91b252595a0f8a64c1f696bcb4be113fdf324b50

SHA256
68eabfc6371a80320e00a6a9fd23298bae7df69b2e224ceb667a977dc89e1ae3

SHA512
679dfb5bc32fa01271fa4a7cc11cba85cc63778e4d5deb9c1a0c291f892a65d513ff3b4f2817de21aa731b0bb2cbfe17c5998472b656087319a4c726490b1148

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46b96fe72f023a356f30c0d9ceec8376

SHA1
9181f718d5694a14e82c45fe3381f7aaf2a1ee06

SHA256
2d9c604b46c218144bece9bdb4ade86fe47b1c244ae572cb83121cd0a004b5fd

SHA512
5f4eff2b17a2d2532a3c6bd43c1fb02f7a2f621abb63b67dbc32eaaf28b699091cfe1a746fd22a34fd8b3ecc4a267c283b21fefa5fec07d8494fa925932f922e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6d6078d8c8d6990491950c8af6c26dc

SHA1
0a650a0ff5bc5132cc35e632bb878e5a27342c83

SHA256
a760924431945a26876d361640d7c52233e5e47b3372ca8684ede73e23adae18

SHA512
fd9de1855e766cf2054a2355d5485268fc3909d7871c302c1784d123cf80216324eb058e12951585f6dea2ea248c750f64ee9c9f1adb314c3f416c95d3eecd5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1648f50dce148afe4710ec030ad3027

SHA1
4d2905b6d0d0d31f45e06645f96e0310ba8cff59

SHA256
9e1df5f4c7776761116cebc9b593f176f7cda7433133d943f3ea43b0013adbdd

SHA512
0ef907561d2134335d82835c60c3a5bd6ad26d104d751676e1a1308d259ba2d46d494fed2d766352173aa8340b8706986a1bbc4315f24e05cefc51150ab36681

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a96231e57598824f3c4b99986bb9d702

SHA1
f7346ca939e0e187b976fa1c457bcc2e894d86fd

SHA256
4fbf1c6e3872b0428e8141ef93f9ded81f325165214bc21ecfce4eef22e4f02d

SHA512
caf80664e21a84b754b97d86e4b33dcc8dc7258eccf3b9f2b5d857e0a6c2ecbdaa859480fc6589bd44fa32ce5ffdbf9e3df9a5989b42e960eba0cffabb21ba4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b168afc2181ee603207cf2787438043

SHA1
ac31431c52acdb89384ebaa5dbcb08fccd5b6de6

SHA256
597ffd47ae0296e3a9782229e426ece533f3a465a1f5b587b5424ab6fd688c1e

SHA512
58c5470e04b848bc3b7383bcfb8d570c2e39e77140ee8534bd0a96a11529363d5c376a3e8b9e87049481d4881a1cd880d1bf1907305c2a8b5256aebad56e7433

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f64fe6a10404bf2dc1ffb6e08e7d10d

SHA1
cf7b1fbd15a380e875ba35b29b5a550e915f1c12

SHA256
88559968474f6fbc7da5236e3d4b444e30517ac0c913fa606c288f5dd6cf7076

SHA512
9a5323b33e6aef400a4de1abe675135d7ab0114d9c94e2b64f5ca4cb4650a24454b0b4a0cbbd81c0317fe6d362c356b353cda6ddd865aed56b45f750720bb05b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d09ecb9751dfeeffb84c29e41babbb26

SHA1
0ee794010db96fe3a4f8425748b48a238cb237e0

SHA256
7167a8821f84a4d595a69b75a13b102aa0b3a8669f465c19d1f7a1c92d712134

SHA512
ff6d29e4f60c82992ed803182c330889ec0a47fa5cf2c1c70d8e4f29448dff19a39bc7e9f0fbeee5b17c2274a63fd45e7a995a2c2c0856beaf435327ffdd5555

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
347b38821d976b73055c68899eae024b

SHA1
3c317b4e318252bed168327a6311d51920c10eea

SHA256
64c876065f8deb12715e46b8b606bb4331beb9560d641d644ea10f721e0470bf

SHA512
008318e289fb9b87652859fd98febc45b75642ac5380e539277e541abe544fbf9d2832be05bc323466b0d10d1b5c23d8802df49336a2f41a4ba2600b5f64d275

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fda2b46d34f8c47c0e9770a48485c556

SHA1
d265ef9e50bf34af7fd96fd826a5cc4a41a07e3d

SHA256
d14f9b3d0dd418eb0592d2d6c7978f04226d4282293b80f75969531381c80149

SHA512
8978802b9504509f85e6f4703c7b53f2475e8ebf80c648f653362c9dd6cffee2e42b5fc8d707c71f5bf5c84a2eedf7a643bf0f48aa9ddf1e55fd333d4222661a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cfa91aa9e00e90b2d4e24cadf4819a33

SHA1
d341f4c097e82752cbccc7947544196a05c9e8b9

SHA256
b593990c06539cf44ae26f2a0b210937b2da6bc41c2d48c5cda4ea644dc9f1cd

SHA512
f63a45cf4ac69decd65538f6cf050b7b02f5e822bc9bef67df6d4bccfe9cdec5a7e58cc8e2dd726959e35c9a98b2bc8713f48063a51d31eeab613d6721822fe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar82FA.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit