Malware Analysis Report

2025-08-10 22:50

Sample ID 240108-etk84sbhe6
Target 4a69074d1e6e14d8b1fc1cc978bb76ee
SHA256 fa55987a5366e8ce3dcf3c0c722a6e255a402bc7aeea22ab7a857712b40f0b9a
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

fa55987a5366e8ce3dcf3c0c722a6e255a402bc7aeea22ab7a857712b40f0b9a

Threat Level: No (potentially) malicious behavior was detected

The file 4a69074d1e6e14d8b1fc1cc978bb76ee was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-08 04:13

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-08 04:13

Reported

2024-01-08 04:16

Platform

win7-20231215-en

Max time kernel

141s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4a69074d1e6e14d8b1fc1cc978bb76ee.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410849120" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d3000000000020000000000106600000001000020000000c99bf5d4212c5295a070e380ebb2939c2190f741400a344bcb3c6edced3b8406000000000e800000000200002000000065a79670f7463358badf7ba48876d0dad9484c8f7c5e90892de4898957d9d96c2000000018dcbf8dda46d6c2bd48770f945e01e108a1d0aa8e3af5a84afea1cb914560f240000000bdecc3fd4eb566ca217da4223a2fadc7df54ffcb6a461ba1bbcc83f8f2897a319adec525d801069ab906925b57642fa720fee9ad880000d3c3edda1325a69be4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60528836e941da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d30000000000200000000001066000000010000200000007eb4f20078ff39c031382ba75d00bb82f45b1f902d46d239f5db097966d90a3f000000000e800000000200002000000087efe5e90a34c770e212c6c16c46f13bf11d338d1b8cfef9f32d01d2c734deb890000000a7ec9788343c0aed5628313c2503c63ea1d903415bd04872eed0ddbaf2678e5ea2d7b20070d99dec29eced75c305120549471360ae1f694c1578f833e53e41aee12258746d9b074b32f440b0fdf5f458542976d088b929d6aa3c486e49d8cf354da182f81bc8a3155e4738fae78a828106b66e2a4225c47de2e1b2408a3b02fe73bf74f8870402e034caebe252ca0504400000007e2d18e4413aca9c484ad4bac506b857a96636f202860fbb36ca1d878a629a1b5752653bfb154475e38543092d1d0aaaddf99d7ea0e2879a064e40c0a6e0bd21 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5E801231-ADDC-11EE-A892-DECE4B73D784} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4a69074d1e6e14d8b1fc1cc978bb76ee.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3052 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 rizki-khaizir.googlecode.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 ads.clicksor.com udp
GB 142.250.187.234:80 fonts.googleapis.com tcp
US 142.251.18.82:80 rizki-khaizir.googlecode.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 172.217.169.9:443 www.blogger.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 172.217.169.9:443 www.blogger.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 172.217.169.9:443 www.blogger.com tcp
GB 142.250.187.202:80 ajax.googleapis.com tcp
GB 142.250.179.238:80 apis.google.com tcp
GB 172.217.169.9:443 www.blogger.com tcp
GB 142.250.187.202:443 ajax.googleapis.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 142.250.179.238:80 apis.google.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
US 142.251.18.82:80 rizki-khaizir.googlecode.com tcp
GB 142.250.187.202:443 ajax.googleapis.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 172.217.169.9:443 www.blogger.com tcp
GB 142.250.187.202:80 ajax.googleapis.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 172.217.169.9:443 www.blogger.com tcp
GB 142.250.187.234:80 fonts.googleapis.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 142.250.179.238:443 apis.google.com tcp
US 8.8.8.8:53 adserver.juicyads.com udp
GB 142.250.187.227:80 fonts.gstatic.com tcp
GB 142.250.187.227:80 fonts.gstatic.com tcp
GB 172.217.169.9:443 www.blogger.com tcp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.166.84:443 accounts.google.com tcp
BE 64.233.166.84:443 accounts.google.com tcp
NL 185.94.237.73:80 adserver.juicyads.com tcp
NL 185.94.237.73:80 adserver.juicyads.com tcp
NL 185.94.237.73:80 adserver.juicyads.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 ads.juicyads.me udp
US 205.185.216.10:80 ads.juicyads.me tcp
US 205.185.216.10:80 ads.juicyads.me tcp
US 205.185.216.10:80 ads.juicyads.me tcp
US 205.185.216.10:80 ads.juicyads.me tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 60a5e0473de1471940dbbea528dd3e33
SHA1 40b5e0f3932093d5106d1bf53a912c6cd48e1e9a
SHA256 6f76f374963b90b7a8e18c72f40f8836ccef657a08530bf6539ea5bd03dbc494
SHA512 1b18e92207cb28cef1def502ad7c8a380deada35e727421b5fadf0c8f32af39675009da07aa4fdbeb4693b516b354d0d369faf96f8f39a53b8ed81680eae5c30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3e444519703ed4f44c5870d368ff0d0
SHA1 4ec0ce783da186963392f53f5b5ffdf9f4f70454
SHA256 bf5a1a7b848b9435d3c3cfa602477cfc19e0a6aa1ea6b186ba7b7349191a5872
SHA512 eb42833a0a55e17759dd793ffae851f0b172b6202f062f63126c410911fe604c68e6f9160adc763d2c3db71652fea749979cfb3d4e8bf7fde0b1e370f927b8ca

C:\Users\Admin\AppData\Local\Temp\Cab73DA.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar76BA.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4c22c8a66f24edce1b5fb558c7eb476
SHA1 cd7361c367a9e8f2499c5bfa7d3f8648a8be1dbf
SHA256 a210c14dc6a0233b877982142faf87ce1ed7e9983141794b70b08254dbbff73e
SHA512 205f31c2c08a0105947a6252fa6ff2b94c918017ad95a8e3cf4b5a0a29cbd2b115f926005f7122940e3fc93316337521917a09e2a612562a50249400b5b22b80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b57b62ebc5e16850195acbbd051e8f2
SHA1 e299c6ec062ad94f136dbd2504c222b5ea52d72a
SHA256 a408ed8a97a836ba62d91192ea3d6ad03cf6ccac701f331521d467e646d1ad7b
SHA512 0a80797ad0dd06c18baba488ac2a8d6f280c0f197d9d18574e27f8fd43790d2492255335b9307df137c76f779e2c57d3759787614d8a16b3e021d797c00986ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba84e682b631064cdfe72d467b73d8d1
SHA1 efe4571d037394bc4695a267614117bcf63f2ee3
SHA256 29de32c8583d7d9f45d007fac5b4cf95ad6e328fae74e4657c4e02e48250faf1
SHA512 f5050dc489063bf38f7679a34c44e7882130fa56db9ed9d5abecc2f220f16251b729e68786bfd8a04542efe8eb007a027d5fc22a5311a7cbf6df34cd0bfa289c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6fa04c82f218b38ece5e94cabac3499
SHA1 bd050fbd893a70c91d1c123d7b5f7e0c373edf9f
SHA256 0d6eec0ab22464da6d08c1b58a6fdaaab9bf5e5460e6766caffa3ab06ba329de
SHA512 a6a0590e270c848581652055bf215c7acbfac58651aa786f7838d3550c4c167ea84945cdaefc0b199894ceb8fbc4d96ea6d92abc260747ba0f953873b09a4e8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6dc165029829aa8246fa7e25d1c9602
SHA1 7857253f36e98f19991134a8b35421378325af30
SHA256 4dc7fc1745a9fc0124008caabd1154d89c1fa99551f9d5ff43c7e3685a86b76b
SHA512 43d2782f4b1b43df8a3c1b695606384661abdf530bc7109d562be0eff3456c921fafb42c81633a6277f926a9ea9d0b9779815c0c721caa5c55f7a9cbd95c793d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5277d40a56417d629290eec258a564dd
SHA1 a2f85457fa9df9a60d55a019fdbb9cd1de4ef4da
SHA256 0fd599f2d8c2d680433cffacbcafbbfcb18567502ade9ea63bb9e96f785c7f65
SHA512 dd31ce6defd936743809b302df68cb7c2e3fc37c2a8812ca577f87b087589131bbcdc95e7799bb863b553389adf95af3e1c308977e56fe2b6dd13360597c722f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06072ebd9eb77b7bd0edd1d064b0f933
SHA1 d0739b4cff048239c1029732c72827575bcd45c4
SHA256 dcc59ce3fc240fe3a1ee8e522dc7649a4b9ba03542c6e7d6f32ac77f55687baf
SHA512 b2116ca771aad0253851ef7c93c85d000350e10ae7d2c7193592e00091760013a2f8e3435c67e89c99879f8a389f3cd284280c8260a4c3e9299ed533bc707ae7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 819dfe0c23fc75cafdbbc866b28f2b61
SHA1 8a305018b134ca579ed763879219bee7ca97dd66
SHA256 bc102d0678f201cdf6608d85fdd9d075a0acd183a10d4998963732294119b4a7
SHA512 37173402706b98b459a08e4a9827ed939380c62212050a53f7f232f3acfd15047141381f331e33139dd07444277859c85ddc6167e94416818b95e85a5914fbcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e9ea00cc4a94a0e60c530531a1ffe9c
SHA1 cdc44a7109066ef3630e73a2eb805eb4d011af5e
SHA256 820566ab1bfb481d9310ee1041ad703e8779173f41f3650015fd9d2af4e6416e
SHA512 d412af3434313ba557ab9e751c252130cdf0f784400a33e442050e29a3258936f4035814a383233a2497c45a9ca7861f167bd8d106973632fd3a766019015fc1

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-08 04:13

Reported

2024-01-08 04:16

Platform

win10v2004-20231222-en

Max time kernel

0s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4a69074d1e6e14d8b1fc1cc978bb76ee.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{5E5BF013-ADDC-11EE-AA35-E650309876D8} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4a69074d1e6e14d8b1fc1cc978bb76ee.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 85.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.169.9:443 www.blogger.com tcp
GB 172.217.169.9:443 www.blogger.com tcp
GB 142.250.187.234:80 ajax.googleapis.com tcp
GB 142.250.187.234:80 ajax.googleapis.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 rizki-khaizir.googlecode.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 172.217.169.9:443 resources.blogblog.com tcp
GB 172.217.169.9:443 resources.blogblog.com tcp
GB 142.250.179.238:443 apis.google.com tcp
GB 142.250.179.238:443 apis.google.com tcp
GB 172.217.169.9:445 resources.blogblog.com tcp
GB 142.250.200.33:80 3.bp.blogspot.com tcp
GB 142.250.200.33:80 3.bp.blogspot.com tcp
GB 142.250.200.33:80 3.bp.blogspot.com tcp
GB 142.250.200.33:80 3.bp.blogspot.com tcp
US 142.251.18.82:80 rizki-khaizir.googlecode.com tcp
US 142.251.18.82:80 rizki-khaizir.googlecode.com tcp
GB 142.250.200.33:80 3.bp.blogspot.com tcp
GB 142.250.200.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 172.217.169.9:139 resources.blogblog.com tcp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 82.18.251.142.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
GB 142.250.187.234:443 ajax.googleapis.com tcp
GB 142.250.187.234:443 ajax.googleapis.com tcp
GB 142.250.187.234:80 ajax.googleapis.com tcp
GB 142.250.187.234:80 ajax.googleapis.com tcp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 adserver.juicyads.com udp
GB 142.250.200.33:80 3.bp.blogspot.com tcp
GB 142.250.200.33:80 3.bp.blogspot.com tcp
NL 185.94.236.253:80 adserver.juicyads.com tcp
NL 185.94.236.253:80 adserver.juicyads.com tcp
GB 142.250.187.227:80 fonts.gstatic.com tcp
GB 142.250.187.227:80 fonts.gstatic.com tcp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 253.236.94.185.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 92.123.128.181:443 www.bing.com tcp
US 92.123.128.181:443 www.bing.com tcp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 10.216.185.205.in-addr.arpa udp
US 205.185.216.10:80 tcp
US 205.185.216.10:80 tcp
GB 142.250.200.33:445 3.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.200.33:139 3.bp.blogspot.com tcp
US 205.185.216.10:80 tcp
US 205.185.216.10:80 tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 142.250.200.33:80 3.bp.blogspot.com tcp
GB 142.250.200.33:80 3.bp.blogspot.com tcp
GB 142.250.200.33:80 3.bp.blogspot.com tcp
GB 142.250.200.33:80 3.bp.blogspot.com tcp
GB 142.250.200.33:80 3.bp.blogspot.com tcp
GB 142.250.200.33:80 3.bp.blogspot.com tcp
GB 142.250.200.33:80 3.bp.blogspot.com tcp
GB 142.250.200.33:80 3.bp.blogspot.com tcp
GB 142.250.200.33:80 3.bp.blogspot.com tcp
GB 142.250.200.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 ads.clicksor.com udp
NL 185.94.236.253:80 adserver.juicyads.com tcp
NL 185.94.236.253:80 adserver.juicyads.com tcp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.166.84:443 accounts.google.com tcp
BE 64.233.166.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 84.166.233.64.in-addr.arpa udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 210.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 96.16.110.41:443 tcp

Files

N/A