Analysis Overview
SHA256
6a961cc5d2c50cf767f8064f12c6f4009f979fc52f9e537aeb46101253095ecc
Threat Level: Known bad
The file 6bc5d16f750a5304f6b7d8cd04cc10a6 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-20 23:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-20 23:32
Reported
2024-01-20 23:35
Platform
win7-20231215-en
Max time kernel
146s
Max time network
159s
Command Line
Signatures
SocGholish
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c193000000000020000000000106600000001000020000000f418dc5e5bdf351c3377cd8a8399d751968becdd418a77d2be71d07a81682ea1000000000e800000000200002000000046ad8127384f3bcc81de7affb9096b8b7b6e81a97acdb7843d374265e30787592000000039d1c60430e14c9e7c7108f950cdb3c9f383066271f81e98d87a369409a715ae40000000f9a7ea9f6d76c77d6918d25356afa9396ac7e02432d83a5f771b757b3ba08f55e0fd88a44a42ec2aec890e4ac98b9767b9705b12dfee381802ad6a3d49c48c72 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c193000000000020000000000106600000001000020000000bc6186f48b88286f5da1bbc3479edf3079c693f052966b22bdcaab4a2f704d0c000000000e800000000200002000000079014888dd51e952c44f0346603690f894fdb0222a1f2b91d0cf361ae38e4f57900000001164410144e660e869d730099dd2bb65e21179c84b3297dda28361504818c475c47e7351144ec740400e4f5e4538e3abfcf9350a8f5b9e01d38bb5a004e3ed472d0a2cdcdd83f7b4e97f0de65979d610484d62140822354663300f134baed123af2a9446e04b48689c50892272a8136262658531d94f34c116e6073647656f98c39ed9adc55accb53c6b48994da9f68c40000000b07ee0999005ffebd03216a42c9b2ebce378ea3f1e1cf185282f1dd142a66690e16d08112a9437e0acbed5d2500f3d1d153152611b5660047eee36bd573b9b04 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411955452" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0809e15f94bda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{38460D81-B7EC-11EE-BE47-DECE4B73D784} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1364 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1364 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1364 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1364 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6bc5d16f750a5304f6b7d8cd04cc10a6.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1364 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | ads.juicyads.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.paid-to-promote.net | udp |
| US | 8.8.8.8:53 | ghazafarid.ptp33.com | udp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.9:443 | resources.blogblog.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| US | 68.178.195.71:80 | www.linkwithin.com | tcp |
| US | 68.178.195.71:80 | www.linkwithin.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| US | 151.139.128.10:80 | ads.juicyads.com | tcp |
| US | 151.139.128.10:80 | ads.juicyads.com | tcp |
| GB | 142.250.180.9:443 | resources.blogblog.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.9:443 | resources.blogblog.com | tcp |
| US | 68.178.195.71:443 | www.linkwithin.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| HK | 154.218.78.49:80 | ghazafarid.ptp33.com | tcp |
| HK | 154.218.78.49:80 | ghazafarid.ptp33.com | tcp |
| US | 172.67.200.168:80 | www.paid-to-promote.net | tcp |
| US | 172.67.200.168:80 | www.paid-to-promote.net | tcp |
| US | 68.178.195.71:443 | www.linkwithin.com | tcp |
| US | 172.67.200.168:443 | www.paid-to-promote.net | tcp |
| US | 8.8.8.8:53 | adserver.juicyads.com | udp |
| US | 8.8.8.8:53 | paid-to-promote.net | udp |
| US | 172.67.200.168:443 | paid-to-promote.net | tcp |
| US | 172.67.200.168:443 | paid-to-promote.net | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| NL | 185.94.237.73:80 | adserver.juicyads.com | tcp |
| NL | 185.94.237.73:80 | adserver.juicyads.com | tcp |
| US | 8.8.8.8:53 | ads.juicyads.me | udp |
| US | 205.185.216.10:80 | ads.juicyads.me | tcp |
| US | 205.185.216.10:80 | ads.juicyads.me | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 142.250.180.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab64FC.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 15d22736539e2e520b46ffb64890e01d |
| SHA1 | ca2792ce730f3ef898b64056c3b351678de27ae3 |
| SHA256 | dee40678a0b9786f1bc61464cd07c3c21252ffc714fb8da7490008b80844b70c |
| SHA512 | 05a7db3cd46836213538d17243036e56d34a69539f95cd09db01977363c8536efe7c604e3ed1a1bf3de9b3c053f2e9799e85775d47b105b8453422f806d80404 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 3007b8a7cb50d4708bf62689593de3b7 |
| SHA1 | 119dae6c952fb95e04b8ceaf8797746cf5d1b219 |
| SHA256 | 4dcd407df5432c710b62e6d22602c8495df0f958b38861e61924a27e05afb0fd |
| SHA512 | 04603bbe6e2cd6b08eb01830f540e2e7adca4172aa455c2703a66c6c4928c5f5155c331a38c0529c11c4e1a7ec8686ee2c3fc811993faba9a8b3f5ded22b34e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf7392a5731572c600743b8aefe8bdfc |
| SHA1 | 7e5a5f16144e0c68521903fcf42da0a938b9fed4 |
| SHA256 | fb3522f6ce364d6a21b16bf671f747eff1eeb82e0d1a813a2026ae63b7e9c439 |
| SHA512 | 30fb321073c8408ba9910b4b0b7399995b04397ecdc613844f6d2e1d25e4dc43b820069cafee9b8f2c892a0e174a0e534e10511e368d1c4451b462e061e86e58 |
C:\Users\Admin\AppData\Local\Temp\Tar6AC9.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ce2a2245fa6801a55e1ff03fbda2a88 |
| SHA1 | 5908c38880126231abcb7722d538c991835470bf |
| SHA256 | 84638501284df699422d465d21ec31f724da79aaae69e47f7da0f64e3038debb |
| SHA512 | 831f311c34fb6f5c6b4b36547b1b2b94b487f7a71e9310f8ad25775c394d3480ed5a486398ed35c9d8b1f2ec7ed569f8dff9256602dd3e36896c9b44a7f8b112 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1YVWL6AI\platform_gapi.iframes.style.common[1].js
| MD5 | f6140cf2e81a9d5b9bc96970fe1946f6 |
| SHA1 | e18cb20a08d0c13d44b72e36e9560aec2187abce |
| SHA256 | 68cc8a99c8ed5cc0eb3aa2146fd34bee0051bfd98faa3c03b83c78b4a12a8bd5 |
| SHA512 | 1f61bf7228ae9fc1b36249223f4ca0675da05beaa6c00b28b7fff500e0527ee237d139eaf6793ece67f8730dfff0207bf945a848795aab7c57301433449a8acb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6MCRSFJ\cb=gapi[1].js
| MD5 | 288c5ba5b7001fe841c32f690f62cc93 |
| SHA1 | 29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789 |
| SHA256 | c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52 |
| SHA512 | e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b958c87771908b1ddb87427fed961c06 |
| SHA1 | 18b1f24ffe7b187fc528a3a1c684c9477c7457e5 |
| SHA256 | f15f04e0b208b925849954c2244a436216ecbf84c4f4ad014cd0b0ef09c6f675 |
| SHA512 | 9071f50c834a32729b8d64b42627250f6c2bb09d9399db089420d59be7ae10625f442a3b61406fc8c2469d91e2ee27d68ddddc5905d1263609273a38b95f852e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3f888c4309196933a948451698ff106 |
| SHA1 | 0f227222868bf5c6cd432e7bff69188211f2123b |
| SHA256 | 6f83963bd364159da07a9f0ad99edc92f6723e7815f7d67e5b0643fc5e547241 |
| SHA512 | 373321e9d7e087f31dbe48e73527a5a9b326ff10a9eb7c521a171bd0fd57774fd6b81962d22bc2617b57a8bef63912a765f9f62f5bee589f3b423012c9709e3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50fe24be75a8299337a460c3fceed901 |
| SHA1 | 00fa1a8c355e0946c145f6f2ee07f40e12147dc6 |
| SHA256 | f01e6cd47a98159e9651677838fb0bfc1426400cbc822ed5cb3564b5fc985128 |
| SHA512 | ae57879838948c836ed212b006bc9ef3c25cb6a2d7fd93c5d5e96850aa2ff8402bd4af512862cd3bab8596f95beb7c7022bc1b38d55b5cbb7f9c54584f3e76f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8614e08e1127b99260da00c27492e200 |
| SHA1 | c0bebc4b90190a0fb48e9311c910de6abf71c563 |
| SHA256 | f3f869753ea012a7f97d858c6001b4ca8df9c0cbb33b553b447f1a7cb67bc725 |
| SHA512 | a51e28d400fe7ffa27db37880777a75c5f546114de96add183dfe707e065f132148cfaaf592114256cbeef6160801c659cd48d23cf0f6bf40fe2c9bf24b25736 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 459f25b896ce92aac0c89f08282076dc |
| SHA1 | 1468e6695155e0399c506967a67ebd560f37ff4b |
| SHA256 | 16593e437deef4de475fed8134df462444a303ec8fed314e0d9681ae8d11292e |
| SHA512 | 49aab8f86d254654e848d2a04f5c1696bce4f60d0d9ce042ca3363b698d08245852a5fc7e6dcc67c5e54ba92552e7b5c7d53811463698e9526c0e9708a3a3ce3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25ea397e141227bcbcc72b1599e5d846 |
| SHA1 | cb7915c710932862a7e0f7e57e91d5d8ccc96a72 |
| SHA256 | 7b7be48bdc78171290f03a4a090c244d20d6e5162e2c3660f790e17647424178 |
| SHA512 | 5fb69c4605b2f03420c03583d8ae60391af27240834f388b3c1e598e253a8312a6a4d3ce15e2fe24e9b4598f5d7bfedd33a37c0d84da2ddaf8f44a1d454be1fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b22db073dcfcedcb0a4c845d25de988b |
| SHA1 | d0470aca4d92c9369c61cb3e50e238c4ead084d4 |
| SHA256 | f4533c3b8232f4009cd16d5df3c1c14f1e8a9bd0844798eab2e3ceac969a9d67 |
| SHA512 | 8e10e5fcf52d27ab060f812e0b430a35ee778c22ed8d7436ce8baf707d6c487a5bf5501a1d4236263981f7a93b9bb805f157a96d7342dc66ec35a45ce5572525 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | f21ac5d7200961330913668d89e86a97 |
| SHA1 | 7a2bc2bf0f17a3010b144118cc9d603e471fd1fb |
| SHA256 | 25274a8bd529235208b4f8d76e80f29c00623752a5309f1d954253e473f46dcc |
| SHA512 | cea80960d8b74fa5d037b1db5db8a30a86f453db363a22c89f7704645897a8e531c6532051492e576bd06ebe530119c782f7cffd88e96c520f9d16f5fbf0c35e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7cb57ed612d166340ca94d5ae73bf2b |
| SHA1 | 67ea18083552ea1f41a49cb19153864503b4391e |
| SHA256 | 52792551771027f31be9d707d95195cbc8952d17c0b3503742617ceb0044b2a6 |
| SHA512 | 9a289a2e1c7153e1aa2fbc2ac520794249ab63c6181b3f222a14da47c92726008a0d5e6eff01a75b126a6723ab04e571f889b2258255b9b174c2e86d43aca16f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13978dba1bc769e2ccad945e0f2183b7 |
| SHA1 | 2ff1969866aa8591f84bd4e5b4e91110a2e535ff |
| SHA256 | 0770dfc25f63ec1aac7c5522292299bc0f5a13d3a4844b82075a4d69c362c37d |
| SHA512 | 50ba24b4288ba8d2b7874dff43fa69d6c3945dd8b7c30d995c509f9206ab281de4f9d48b3be570eded919a02c337a21632986e929ff0c765610430645dd26382 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79b9d5c7dd445201447ea8ff8c07adb0 |
| SHA1 | b5c4685d6717b96ed99b1fad4c7bde2b93b49f87 |
| SHA256 | c5593ce99852cf39f4fed3c17adbce921c3337c45af137b708232e24d036be49 |
| SHA512 | f08029dc57431093adcb0047cb6cc9cf62a933ecf91dd6ff74682134f6d9c364f20e04f81e8d195a032d442cccbe3859ff5d2791ccf54d49135756644ee1699c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f95601f54f8164a7567e34d0f4b25268 |
| SHA1 | 3bf5fa0b97a3450f913172d549adb0332c22eb4e |
| SHA256 | 2ebb2469b2acfae781b00fd06ba878ba5c26595e23aeae0121807c6e978e5b00 |
| SHA512 | 613df6129ccbc86eb4db92e44f80f7da61278e96c4efdb7c6c4ec246ac698293a621180228cd903695e5b1e3c256b979147e812c9035462f4869bb7195791884 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bd67df36aa7f5928b691dd2695e48ba |
| SHA1 | 592ce29b956a3b9d573ac11fec70c26e36b3d248 |
| SHA256 | edd9de09c0b2930fbc1d3c7647732a16af54c61b2f6005667488696839a5ddae |
| SHA512 | f309484d51a3cf40281963485cb6fa226526cf79b384f7bf66e5a3eb77ac6b896f0ed2882c5e8063cb836069f12d8ac468e2b3647995436e467957b86a7f296c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-20 23:32
Reported
2024-01-20 23:35
Platform
win10v2004-20231215-en
Max time kernel
149s
Max time network
155s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31083513" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31083513" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "177599939" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 806a3a32f94bda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412558542" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40c74f32f94bda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005f2859d464fb564ea9e97dd009a434cc000000000200000000001066000000010000200000005b67137e006ce034b86a6142144963299e62688e665d7182af0934599737acd0000000000e80000000020000200000002701321bab771fe3b2b4f076b6149e3c37f3e96dd23604e788b34624d915947f20000000a560785deaa4eca9a722e80d836a8e98fe43fdc2799d4ab32efc21856e97b03e40000000eff63f41a0d7ee682838733262fb85fcede903b00c899fa84ac16c5b03c7aa4ac89ab5c7cff9e6fb869f4cf94e0d347992b74c839001a4103585efa0a32e5dff | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{352E60DB-B7EC-11EE-BCD9-F21AB124C203} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "177599939" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31083513" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005f2859d464fb564ea9e97dd009a434cc00000000020000000000106600000001000020000000cae875249245a076437b1ff1f0b12a20302eba90df150eca3725038d134f4d0b000000000e80000000020000200000009042350c2a4ff47799ea6ebffe9acb2e8c7c1a875b88efdba2e51ed5c3c4992a20000000224500508cd30e30111b60a35a46d03091bf8a72f8231e86aa6e309dc095424940000000f51d6864b3398bb7433044b2cae76650ed8a82d5883f43f064e6c34d870c1eaa106dc8c0e5c2275565b3e3fb1a6b016a51e063bc0716f73e2de4c92574bf1f3a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "173850016" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "173850016" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31083513" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3400 wrote to memory of 4616 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3400 wrote to memory of 4616 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3400 wrote to memory of 4616 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6bc5d16f750a5304f6b7d8cd04cc10a6.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3400 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| GB | 142.250.180.9:443 | www.blogger.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| GB | 142.250.180.9:443 | www.blogger.com | tcp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 216.58.201.97:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | ads.juicyads.com | udp |
| US | 151.139.128.10:80 | ads.juicyads.com | tcp |
| US | 151.139.128.10:80 | ads.juicyads.com | tcp |
| US | 68.178.195.71:80 | www.linkwithin.com | tcp |
| US | 68.178.195.71:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.paid-to-promote.net | udp |
| US | 8.8.8.8:53 | ghazafarid.ptp33.com | udp |
| GB | 142.250.180.9:443 | resources.blogblog.com | tcp |
| US | 172.67.200.168:80 | www.paid-to-promote.net | tcp |
| US | 172.67.200.168:80 | www.paid-to-promote.net | tcp |
| US | 172.67.200.168:443 | www.paid-to-promote.net | tcp |
| HK | 154.218.78.49:80 | ghazafarid.ptp33.com | tcp |
| HK | 154.218.78.49:80 | ghazafarid.ptp33.com | tcp |
| US | 68.178.195.71:443 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 9.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.128.139.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.200.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.195.178.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 4.bp.blogspot.com | tcp |
| US | 68.178.195.71:443 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 49.78.218.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | paid-to-promote.net | udp |
| US | 172.67.200.168:443 | paid-to-promote.net | tcp |
| US | 172.67.200.168:443 | paid-to-promote.net | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 193.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| GB | 216.58.213.2:445 | pagead2.googlesyndication.com | tcp |
| GB | 172.217.169.66:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adserver.juicyads.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 142.250.200.35:445 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| NL | 185.94.237.64:80 | adserver.juicyads.com | tcp |
| NL | 185.94.237.64:80 | adserver.juicyads.com | tcp |
| US | 8.8.8.8:53 | 64.237.94.185.in-addr.arpa | udp |
| GB | 142.250.200.35:139 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.juicyads.me | udp |
| US | 205.185.216.42:80 | ads.juicyads.me | tcp |
| US | 205.185.216.42:80 | ads.juicyads.me | tcp |
| US | 8.8.8.8:53 | 42.216.185.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.141.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | 1bfe591a4fe3d91b03cdf26eaacd8f89 |
| SHA1 | 719c37c320f518ac168c86723724891950911cea |
| SHA256 | 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8 |
| SHA512 | 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 062fdbb9bb3c118fcc66827cdc26e6f0 |
| SHA1 | 2033529788108b0514b5acae2b0ed3b7e051c318 |
| SHA256 | 10a79f11b599e86eb9a03e62f1969485589597cef2b4d8b2a7f1133736e97c22 |
| SHA512 | 33ecbc35c98d8aa24f24e420dd352fb35048696fdc96cafe15bdae131cc18f81426bc515393a3b940519f289d3b0585516eced7b692ff607bd9ef366db098810 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 824ba3abec0d3a93c099d773ddb9804b |
| SHA1 | 0ccc0646651e7d6b0466fbf2cd05e64cdc8cc14e |
| SHA256 | 9849edf20dd01c7b2e4f8f1b89bb6bec823365e03e990568f1815314ff07c8d8 |
| SHA512 | d82067ad110e2b1ef7c260a1510ed14730936c9496afa7b7922cb7648ed7415a8558a5728dea1cf459d6be87d5133738f422c31ced4e91156b18fc24ecdafa19 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verF349.tmp
| MD5 | 1a545d0052b581fbb2ab4c52133846bc |
| SHA1 | 62f3266a9b9925cd6d98658b92adec673cbe3dd3 |
| SHA256 | 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1 |
| SHA512 | bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PG47MANB\cb=gapi[3].js
| MD5 | ec9a3858b2c06b17c4811845c37209c4 |
| SHA1 | 2df320ad9daf33dd31e6381906f7fdcb598ef312 |
| SHA256 | 421319127de46e1ab3f62ccc60459a5c53a5ad462e5bd62051cf5e346ae26231 |
| SHA512 | a8ac445f151e4a56d1870e7d0a0b3940672a4b6a2b4a1426e6764f8b2ddbb61427b275fd2797373834d10076b50e06e50f509e2b8ee1fb02cf4a936b7e611b49 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PG47MANB\platform_gapi.iframes.style.common[1].js
| MD5 | f6140cf2e81a9d5b9bc96970fe1946f6 |
| SHA1 | e18cb20a08d0c13d44b72e36e9560aec2187abce |
| SHA256 | 68cc8a99c8ed5cc0eb3aa2146fd34bee0051bfd98faa3c03b83c78b4a12a8bd5 |
| SHA512 | 1f61bf7228ae9fc1b36249223f4ca0675da05beaa6c00b28b7fff500e0527ee237d139eaf6793ece67f8730dfff0207bf945a848795aab7c57301433449a8acb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AAZL0E9Q\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |