Analysis Overview
SHA256
fa55987a5366e8ce3dcf3c0c722a6e255a402bc7aeea22ab7a857712b40f0b9a
Threat Level: No (potentially) malicious behavior was detected
The file 4a69074d1e6e14d8b1fc1cc978bb76ee was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-08 04:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-08 04:13
Reported
2024-01-08 04:16
Platform
win7-20231215-en
Max time kernel
141s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410849120" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d3000000000020000000000106600000001000020000000c99bf5d4212c5295a070e380ebb2939c2190f741400a344bcb3c6edced3b8406000000000e800000000200002000000065a79670f7463358badf7ba48876d0dad9484c8f7c5e90892de4898957d9d96c2000000018dcbf8dda46d6c2bd48770f945e01e108a1d0aa8e3af5a84afea1cb914560f240000000bdecc3fd4eb566ca217da4223a2fadc7df54ffcb6a461ba1bbcc83f8f2897a319adec525d801069ab906925b57642fa720fee9ad880000d3c3edda1325a69be4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60528836e941da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d30000000000200000000001066000000010000200000007eb4f20078ff39c031382ba75d00bb82f45b1f902d46d239f5db097966d90a3f000000000e800000000200002000000087efe5e90a34c770e212c6c16c46f13bf11d338d1b8cfef9f32d01d2c734deb890000000a7ec9788343c0aed5628313c2503c63ea1d903415bd04872eed0ddbaf2678e5ea2d7b20070d99dec29eced75c305120549471360ae1f694c1578f833e53e41aee12258746d9b074b32f440b0fdf5f458542976d088b929d6aa3c486e49d8cf354da182f81bc8a3155e4738fae78a828106b66e2a4225c47de2e1b2408a3b02fe73bf74f8870402e034caebe252ca0504400000007e2d18e4413aca9c484ad4bac506b857a96636f202860fbb36ca1d878a629a1b5752653bfb154475e38543092d1d0aaaddf99d7ea0e2879a064e40c0a6e0bd21 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5E801231-ADDC-11EE-A892-DECE4B73D784} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3052 wrote to memory of 2144 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3052 wrote to memory of 2144 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3052 wrote to memory of 2144 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3052 wrote to memory of 2144 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4a69074d1e6e14d8b1fc1cc978bb76ee.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3052 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | rizki-khaizir.googlecode.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | ads.clicksor.com | udp |
| GB | 142.250.187.234:80 | fonts.googleapis.com | tcp |
| US | 142.251.18.82:80 | rizki-khaizir.googlecode.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.169.9:443 | www.blogger.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.169.9:443 | www.blogger.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.169.9:443 | www.blogger.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.179.238:80 | apis.google.com | tcp |
| GB | 172.217.169.9:443 | www.blogger.com | tcp |
| GB | 142.250.187.202:443 | ajax.googleapis.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.179.238:80 | apis.google.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| US | 142.251.18.82:80 | rizki-khaizir.googlecode.com | tcp |
| GB | 142.250.187.202:443 | ajax.googleapis.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.169.9:443 | www.blogger.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.169.9:443 | www.blogger.com | tcp |
| GB | 142.250.187.234:80 | fonts.googleapis.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | adserver.juicyads.com | udp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| GB | 172.217.169.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 64.233.166.84:443 | accounts.google.com | tcp |
| BE | 64.233.166.84:443 | accounts.google.com | tcp |
| NL | 185.94.237.73:80 | adserver.juicyads.com | tcp |
| NL | 185.94.237.73:80 | adserver.juicyads.com | tcp |
| NL | 185.94.237.73:80 | adserver.juicyads.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ads.juicyads.me | udp |
| US | 205.185.216.10:80 | ads.juicyads.me | tcp |
| US | 205.185.216.10:80 | ads.juicyads.me | tcp |
| US | 205.185.216.10:80 | ads.juicyads.me | tcp |
| US | 205.185.216.10:80 | ads.juicyads.me | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 60a5e0473de1471940dbbea528dd3e33 |
| SHA1 | 40b5e0f3932093d5106d1bf53a912c6cd48e1e9a |
| SHA256 | 6f76f374963b90b7a8e18c72f40f8836ccef657a08530bf6539ea5bd03dbc494 |
| SHA512 | 1b18e92207cb28cef1def502ad7c8a380deada35e727421b5fadf0c8f32af39675009da07aa4fdbeb4693b516b354d0d369faf96f8f39a53b8ed81680eae5c30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3e444519703ed4f44c5870d368ff0d0 |
| SHA1 | 4ec0ce783da186963392f53f5b5ffdf9f4f70454 |
| SHA256 | bf5a1a7b848b9435d3c3cfa602477cfc19e0a6aa1ea6b186ba7b7349191a5872 |
| SHA512 | eb42833a0a55e17759dd793ffae851f0b172b6202f062f63126c410911fe604c68e6f9160adc763d2c3db71652fea749979cfb3d4e8bf7fde0b1e370f927b8ca |
C:\Users\Admin\AppData\Local\Temp\Cab73DA.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar76BA.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4c22c8a66f24edce1b5fb558c7eb476 |
| SHA1 | cd7361c367a9e8f2499c5bfa7d3f8648a8be1dbf |
| SHA256 | a210c14dc6a0233b877982142faf87ce1ed7e9983141794b70b08254dbbff73e |
| SHA512 | 205f31c2c08a0105947a6252fa6ff2b94c918017ad95a8e3cf4b5a0a29cbd2b115f926005f7122940e3fc93316337521917a09e2a612562a50249400b5b22b80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b57b62ebc5e16850195acbbd051e8f2 |
| SHA1 | e299c6ec062ad94f136dbd2504c222b5ea52d72a |
| SHA256 | a408ed8a97a836ba62d91192ea3d6ad03cf6ccac701f331521d467e646d1ad7b |
| SHA512 | 0a80797ad0dd06c18baba488ac2a8d6f280c0f197d9d18574e27f8fd43790d2492255335b9307df137c76f779e2c57d3759787614d8a16b3e021d797c00986ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba84e682b631064cdfe72d467b73d8d1 |
| SHA1 | efe4571d037394bc4695a267614117bcf63f2ee3 |
| SHA256 | 29de32c8583d7d9f45d007fac5b4cf95ad6e328fae74e4657c4e02e48250faf1 |
| SHA512 | f5050dc489063bf38f7679a34c44e7882130fa56db9ed9d5abecc2f220f16251b729e68786bfd8a04542efe8eb007a027d5fc22a5311a7cbf6df34cd0bfa289c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6fa04c82f218b38ece5e94cabac3499 |
| SHA1 | bd050fbd893a70c91d1c123d7b5f7e0c373edf9f |
| SHA256 | 0d6eec0ab22464da6d08c1b58a6fdaaab9bf5e5460e6766caffa3ab06ba329de |
| SHA512 | a6a0590e270c848581652055bf215c7acbfac58651aa786f7838d3550c4c167ea84945cdaefc0b199894ceb8fbc4d96ea6d92abc260747ba0f953873b09a4e8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6dc165029829aa8246fa7e25d1c9602 |
| SHA1 | 7857253f36e98f19991134a8b35421378325af30 |
| SHA256 | 4dc7fc1745a9fc0124008caabd1154d89c1fa99551f9d5ff43c7e3685a86b76b |
| SHA512 | 43d2782f4b1b43df8a3c1b695606384661abdf530bc7109d562be0eff3456c921fafb42c81633a6277f926a9ea9d0b9779815c0c721caa5c55f7a9cbd95c793d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5277d40a56417d629290eec258a564dd |
| SHA1 | a2f85457fa9df9a60d55a019fdbb9cd1de4ef4da |
| SHA256 | 0fd599f2d8c2d680433cffacbcafbbfcb18567502ade9ea63bb9e96f785c7f65 |
| SHA512 | dd31ce6defd936743809b302df68cb7c2e3fc37c2a8812ca577f87b087589131bbcdc95e7799bb863b553389adf95af3e1c308977e56fe2b6dd13360597c722f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06072ebd9eb77b7bd0edd1d064b0f933 |
| SHA1 | d0739b4cff048239c1029732c72827575bcd45c4 |
| SHA256 | dcc59ce3fc240fe3a1ee8e522dc7649a4b9ba03542c6e7d6f32ac77f55687baf |
| SHA512 | b2116ca771aad0253851ef7c93c85d000350e10ae7d2c7193592e00091760013a2f8e3435c67e89c99879f8a389f3cd284280c8260a4c3e9299ed533bc707ae7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 819dfe0c23fc75cafdbbc866b28f2b61 |
| SHA1 | 8a305018b134ca579ed763879219bee7ca97dd66 |
| SHA256 | bc102d0678f201cdf6608d85fdd9d075a0acd183a10d4998963732294119b4a7 |
| SHA512 | 37173402706b98b459a08e4a9827ed939380c62212050a53f7f232f3acfd15047141381f331e33139dd07444277859c85ddc6167e94416818b95e85a5914fbcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e9ea00cc4a94a0e60c530531a1ffe9c |
| SHA1 | cdc44a7109066ef3630e73a2eb805eb4d011af5e |
| SHA256 | 820566ab1bfb481d9310ee1041ad703e8779173f41f3650015fd9d2af4e6416e |
| SHA512 | d412af3434313ba557ab9e751c252130cdf0f784400a33e442050e29a3258936f4035814a383233a2497c45a9ca7861f167bd8d106973632fd3a766019015fc1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-08 04:13
Reported
2024-01-08 04:16
Platform
win10v2004-20231222-en
Max time kernel
0s
Max time network
150s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{5E5BF013-ADDC-11EE-AA35-E650309876D8} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2836 wrote to memory of 344 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2836 wrote to memory of 344 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2836 wrote to memory of 344 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4a69074d1e6e14d8b1fc1cc978bb76ee.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 85.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.169.9:443 | www.blogger.com | tcp |
| GB | 172.217.169.9:443 | www.blogger.com | tcp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | rizki-khaizir.googlecode.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 172.217.169.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.169.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 172.217.169.9:445 | resources.blogblog.com | tcp |
| GB | 142.250.200.33:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 3.bp.blogspot.com | tcp |
| US | 142.251.18.82:80 | rizki-khaizir.googlecode.com | tcp |
| US | 142.251.18.82:80 | rizki-khaizir.googlecode.com | tcp |
| GB | 142.250.200.33:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 172.217.169.9:139 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.18.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | tcp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | tcp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adserver.juicyads.com | udp |
| GB | 142.250.200.33:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 3.bp.blogspot.com | tcp |
| NL | 185.94.236.253:80 | adserver.juicyads.com | tcp |
| NL | 185.94.236.253:80 | adserver.juicyads.com | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.236.94.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 92.123.128.181:443 | www.bing.com | tcp |
| US | 92.123.128.181:443 | www.bing.com | tcp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.216.185.205.in-addr.arpa | udp |
| US | 205.185.216.10:80 | tcp | |
| US | 205.185.216.10:80 | tcp | |
| GB | 142.250.200.33:445 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.200.33:139 | 3.bp.blogspot.com | tcp |
| US | 205.185.216.10:80 | tcp | |
| US | 205.185.216.10:80 | tcp | |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| GB | 142.250.200.33:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | ads.clicksor.com | udp |
| NL | 185.94.236.253:80 | adserver.juicyads.com | tcp |
| NL | 185.94.236.253:80 | adserver.juicyads.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 64.233.166.84:443 | accounts.google.com | tcp |
| BE | 64.233.166.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 84.166.233.64.in-addr.arpa | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| GB | 96.16.110.41:443 | tcp |