Analysis Overview
SHA256
b0a4f107ec1add6f330627614e0d26aca6a53761f666f290ef08a13340e84088
Threat Level: Known bad
The file 6d253be03e6fce23b31811746fee1b07 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-21 11:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-21 11:06
Reported
2024-01-21 11:08
Platform
win7-20231129-en
Max time kernel
145s
Max time network
149s
Command Line
Signatures
SocGholish
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411997041" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50015bef594cda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f12000000000020000000000106600000001000020000000cde1279c0d819a4cc1c1d88ee44e873f9b6184a36d0b3ac703399fc1ca9fbe9c000000000e8000000002000020000000b745498b42ec362027fe7049a0ea6f36e82093b8653da95a9cbd7ba17529d897900000006b02b68c9ce4abb60e2054f42c9bb46cf0c3b718407e4a839c6ec046326dc01ba601b607be477bbebccd9ff563d3994d2d24d0466413c935860ae6330132a4fceb8fab7c0275bee6e7bc0aba5025e1a1dd1937b17c93349bbcd53ee42678f7c7779d5d34c3d755ea4e2fed7b3fe706f000512d61527e93abfdfd4fae68eab4efa373c3e3d6659958fe8c97e2d2ed48b3400000004dc21c638d3ae3f60f1da6944011204cd9a54f787e1376d96d858a6ccb0422318781b0b9d9155feaf6d571e8a4516b4ce19425809b3785469a8d197cc142a13b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{16FAC5B1-B84D-11EE-9278-CE7E212FECBD} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f1200000000002000000000010660000000100002000000087d8c6ae82b87102a8a5fd8a42b01efb4ebe8b6fcdf1ed0a7bb943978925754c000000000e8000000002000020000000464e9f3d157e2e7c06fdb92b388292cc9a55ac1291a614bb3669a1498a93450220000000c7e68dffb9f100a2e86da59786f8fb3f6a3e3e18a602edbb8ec43b14a0ca7c74400000009f6a61a483620171a4d099ddd59a2b19779453e68d89b43e336dbf94481d810e1a14b609da16ceb5649287d89b3c68786c8bcc5f735333c772a33d365e2631bc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1672 wrote to memory of 2932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1672 wrote to memory of 2932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1672 wrote to memory of 2932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1672 wrote to memory of 2932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6d253be03e6fce23b31811746fee1b07.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1672 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.instantonlinecounter.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 68.178.195.71:80 | www.linkwithin.com | tcp |
| US | 68.178.195.71:80 | www.linkwithin.com | tcp |
| GB | 142.250.180.9:443 | www.blogger.com | tcp |
| GB | 142.250.180.9:443 | www.blogger.com | tcp |
| GB | 142.250.180.9:443 | www.blogger.com | tcp |
| GB | 216.58.201.97:80 | 3.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| GB | 216.58.201.97:80 | 3.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 3.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 3.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh3.googleusercontent.com | tcp |
| GB | 216.58.201.97:80 | 3.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 172.120.219.158:80 | www.instantonlinecounter.com | tcp |
| US | 172.120.219.158:80 | www.instantonlinecounter.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 68.178.195.71:80 | www.linkwithin.com | tcp |
| US | 68.178.195.71:80 | www.linkwithin.com | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 68.178.195.71:443 | www.linkwithin.com | tcp |
| US | 68.178.195.71:443 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.180.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| GB | 142.250.180.1:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh3.googleusercontent.com | tcp |
| GB | 216.58.201.97:443 | 3.bp.blogspot.com | tcp |
| GB | 216.58.201.97:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh3.googleusercontent.com | tcp |
| GB | 92.123.128.174:80 | www.bing.com | tcp |
| GB | 92.123.128.174:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab10E2.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c0ed8a2e1fb529b9417d8bc72b7528a |
| SHA1 | eb27e1799407585192c1823e586d945404ef333b |
| SHA256 | 1d105bfc972a74e2eaa81c2788dc909c0c136efec4d2acef74cf0a5caf1507f9 |
| SHA512 | 86c5551e61b4c66be7d6af0a14a0a99e4296e54bc7d70efc9589d5a52b7360d63867f40bf1b37afdd89245ffd838a1a6064db74574263dee92714c08654a469a |
C:\Users\Admin\AppData\Local\Temp\Tar1338.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed75868fb2b3fe22560b7c1c718907e1 |
| SHA1 | e5930d74cf304346b061e65028fc34b05925e4d0 |
| SHA256 | d46f1903dffd0640af1b9939bf9a076b94550b90980c07ec926a5ff19fb82d2d |
| SHA512 | 310e323078bb722f07f73288796100be8879bff6c211e51670bc6ea004c9498c8505a18d9a80ca3e97d6279a9ad852a30935e8c7064d2e1288783b6c5941aad8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 81896978b48f05d4850884d73d59339d |
| SHA1 | 81d49e7dcf10d27941c7872b65b4ec8a90b4685f |
| SHA256 | 1c923cb8d58319753937c9497f0f42a55ca5de04f6385cfcc48026a18fac9e84 |
| SHA512 | 2109b73ba4422a4bc3f506b9a9c71aaa1457ddb23c4e29ea932ee3eedbb79abdae39adf81f56c021907bf86335f4d325c4bb99b68fec54001fc60632e58171d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24
| MD5 | 3e455215095192e1b75d379fb187298a |
| SHA1 | b1bc968bd4f49d622aa89a81f2150152a41d829c |
| SHA256 | ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99 |
| SHA512 | 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a1fd385e078628113ba2afd59f739ce |
| SHA1 | d2d0f8a302bf9362b1a483440e04748c64905d91 |
| SHA256 | b890f3758dfcc2b34b18df94301c8f4e6d0790fa0088f00b879af29d99b870df |
| SHA512 | 1404f392ff95ae695628c07be6cba784b9c24e718366609bd67a8d89a31a0917d36009be9ebb88db8af6f2cc42b887bd742a9232eae97de39e7663c5c6ab8b60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | 6ce7d4c1fa178ca395150410299afa1d |
| SHA1 | e08a059bd5cf6e11a0b1274519fe2b6e4ba755ab |
| SHA256 | 3c51e0e6d735a5ad269b407de0297f37dbd7d1fb9bc4dcd0f42bf1f93bcc4e29 |
| SHA512 | 9a344c5eac2f44539bf2b0f6e9a985b8bf3a7925fc7b3d43956b25597bcdf454f939298704ccb5354461ecddb3638973d9c7fee036ebe55248899fd82474079e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | d4ae187b4574036c2d76b6df8a8c1a30 |
| SHA1 | b06f409fa14bab33cbaf4a37811b8740b624d9e5 |
| SHA256 | a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7 |
| SHA512 | 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4273b0c68977a768cfed0bcbb892fb3c |
| SHA1 | fa748fd5c68d6db77817300659236e782d738aba |
| SHA256 | 296c221b71bd2f540a18a97df9331bc7616da3a4f87db12af28ab030fc8ff8a3 |
| SHA512 | 3495ccc2e40a32a8663ff32248bc64a051e9659ba4fd2960c4ee6f5abebf8b751e45aa9fae1d0eee9ebf7fd2d663a4f51a4dc8da4e4e67770385b202ddd81508 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3RLIFA2\platform_gapi.iframes.style.common[1].js
| MD5 | f6140cf2e81a9d5b9bc96970fe1946f6 |
| SHA1 | e18cb20a08d0c13d44b72e36e9560aec2187abce |
| SHA256 | 68cc8a99c8ed5cc0eb3aa2146fd34bee0051bfd98faa3c03b83c78b4a12a8bd5 |
| SHA512 | 1f61bf7228ae9fc1b36249223f4ca0675da05beaa6c00b28b7fff500e0527ee237d139eaf6793ece67f8730dfff0207bf945a848795aab7c57301433449a8acb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3RLIFA2\cb=gapi[1].js
| MD5 | 288c5ba5b7001fe841c32f690f62cc93 |
| SHA1 | 29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789 |
| SHA256 | c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52 |
| SHA512 | e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38d60126c08639c6fed7e87b3129f591 |
| SHA1 | 073c61415d6d546a22737b82f802023cd242b7a9 |
| SHA256 | d9e3312d791dd29fa261ad9d7d8930c4c4c1df7cc4cec84641413b3f0e247fbf |
| SHA512 | 7f49cb56a3ad8cb5b3959c5c73cea48bcfa3a59a4cc3897a95558a2679f4b06a088567dfebba404a5bead7bb812e5fe76b5c28a762649657d7d77db44f882be6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6dac4c175b3cda1f20e89857a869cd2b |
| SHA1 | 9a7099cf4a30c4569700a64c764b4f4b84b73a64 |
| SHA256 | 4bb9fc6819e7b8b6b772d79bec1b277c38859e0cb8934d27b708fe27e737bf4b |
| SHA512 | 132b8c452604d776438783562970f92660c0417a29198385d3a089b791efecaf3a969059f57121ef42d4c23cb97fd0aee4c12b92c39834a60c5b88815ee767be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45229388b074145f10791f3321c462a9 |
| SHA1 | 41c302286b81382d66dc65989b2f4ad782afc1b6 |
| SHA256 | cc4a878b6c93a74f9a70752061b1a8fe06cfa84ab691a7359e2228ddc88686cb |
| SHA512 | 7904bc831632407f7a88d358f57c34975a17a1e9b9723684430ac2e521a45ab76f311fd09c8bbb5ab826b871ea0b0929f7fd7272c71b4c66b1958d371379b9c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3915cdcaf18316346c028d090cd79d55 |
| SHA1 | 741a624ad23ba7e4283d078d07df0c6ea80c32ad |
| SHA256 | 2842a861772aa9048f51afab24b695fe37a93addd004b3a54563d020d2984cc8 |
| SHA512 | 8d0620d106e9fd0dc66242b9e932b8a4a748a6c0e6445acdf37213d9775f040768a626a31107d762d4d5407e5f7b8bb549136e8e0bd380640f6206a12579bbfd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 156098158c74cc0a2e5c934347468942 |
| SHA1 | 4747e5d01758e99f6731f6e1f36a0a2019c939c6 |
| SHA256 | 200649797215097efa35fbf5db327f3d548e8409d2eb6f33f268882763993f63 |
| SHA512 | 88c5fc35073adc7b633744a0a6bf8e48f54c5285c10439463f7aead1fed54d0a970714bf5bfb69de81c2a074da4ec3214e1632de6071ebb8fc522ca824d1a75b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47e04ff3f9e619531381474b3181cebc |
| SHA1 | 8b9e6666abdf1f73c7d60a29a426860d6df52abf |
| SHA256 | aa1abc5170602740a7bf400634144c74aee93bf0372d9e279158553b069cb211 |
| SHA512 | 123f776b57998f7bd5a5099ef054342e4d0fc9b110c05cf0da3ede818387b020fe072d82ade0d1a6708f5c2206247b4c79d088034cf724a39d2eb968558c5a29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15a4d44762dfb00e62b775e69e5495f6 |
| SHA1 | 8451147d06b073c1051532dd54ecc8408d1f309c |
| SHA256 | 3f2f922813e798b2bce96c116e27ccca33349e45a8f6c7938a6c15fec4f159bd |
| SHA512 | 5e95b7d118990c891511bdeaf1a5e5a756d7ac1e751453145a235922e8f7b7e5e0f7e7b63cdf86dd84d818be3ac197d0a2077dde4a801e7dab521d08b71fdcdf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9020be1e0b8f2a408310e58e99ec749a |
| SHA1 | ab7251f6beeda6a7f9331d7ed9c3a65bd6161007 |
| SHA256 | e7558c3d8dbe4447a019a71e13a818f8665a910eb27e65314193e9a24b08fec2 |
| SHA512 | 3a3b9701dcbbdaaa930d28a764817b5f4a45449afec24d8d16ed60da50b8fc4a5190ae01c54f2a8fd02bff1665b26a449965f539972caa91d857c2c917f492e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 7da910fcf8381026a0f6c1bf651717ad |
| SHA1 | 97bf379fbf8854358c564030d59a3facb23431e6 |
| SHA256 | 77be743e38c35ab55cd0903c67b6d48f8d7b83e330bc4c5529d58861aefd3bb3 |
| SHA512 | 4241a24169fd0e70e966e09adf3e9c92bfdea7e0b5b23a8ce8b786ad3d6baa97ffbec3b0fee95f63a66dd359c9c8be9f8634941d0af58f487d16172a5eb119f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba4c86421a677abfdc0bf5354b7c277c |
| SHA1 | ea947d7556346ae36f2b98a1a9bce836e4ba5f3a |
| SHA256 | 07d59f094928eaa176447ea7ec5118c70557bdb4c295ce3c1ef56bf6e980e083 |
| SHA512 | 43c5e02ae9a9f0eb330123985197c223f2128409a687d7769db70c3f9463e91e3254b80c0a4f126f029aa33cbd1f9241e5ca19420f12df25c5a573f793ccd553 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 541dc3764b61b9254f65da5ae2ef7283 |
| SHA1 | bbc0bdda58a07c71ac4a48a04f34a1c9f802e6d8 |
| SHA256 | 7f32a9c59b3875f58895749e37a0ac399fce1757ac3e2511885bcaf0e1145071 |
| SHA512 | 4f1a646593a5411a0d8a8d6efd136e33afe222ee22910165631d8736afb7d65b3b9ebd5aa7bc2c087c456391a71cf825d86b2cc6ff914cb0f8dfafae7477f41e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6971d9f31047b754f79fdf6c3389121 |
| SHA1 | f22abc1326d70f2b729776b9034494ee65c8c2bd |
| SHA256 | 541b417b49d0b0f3dc193b19778432fdb774d8cf6dc5037060101740272979d7 |
| SHA512 | 5b5e748e10213b935ba179e65674b00034350485a732250b7a786f9fbcf7c3c509287b5166fe5cec8ec04b2e482ba73d94cfbd144bdb9ecbf1f43b10e905b00c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d42831047b93385c5f065f276d0c79b |
| SHA1 | d3b41141d634683f3684ba9f89b9af5306e728e0 |
| SHA256 | 298b017a8fbd27eb60fbbd1c92056f6b3cb4acdbd2e659654c4a2b2778fa492c |
| SHA512 | 47b52b1912f90c2faca4f537faac0d76451bf7d5cce0d4f85698bea50df0544ed2fd6acb787d43cc04fcecf0c701d6ccdde9145527aa4f6fd3242c4c0f4bd278 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f89d1ee7d34c6263e5865e32b1f6d8fc |
| SHA1 | c812e73d8e0f4e16123c918faf0c1ccf945bc939 |
| SHA256 | a8e864791ab2de9cdd503e94e85119c0089477cb30220099c2d84ff45936f9b7 |
| SHA512 | 90142ed087f0331e8f5c6be6eb00039591fce2371642e3b63aaa208d1202ebf5d64b48a4517ef77beb69a9eb840ff1f3868143fb3ad5c8aa1589c2b332f61914 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1dd1408608b16b19b1f419555889b325 |
| SHA1 | f49cbb027d2e69bcae07df60b2dbf76515a09625 |
| SHA256 | 3c6452d211950c792e97d5a600ea32a57784ca36aaf4565503da57a04609256c |
| SHA512 | 9873b6563209f111a12363c5b36c28928b3aef1f461fc76f2794b68ca9e771f98894df0a48eef4d1f92ebcd6cc7e538872417fabe63c17def4c874e689188477 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34897b89cdb1be5b2fbfbbbab7dc5619 |
| SHA1 | 97273bbfa25b7018fc38b810ffc7939e9804f821 |
| SHA256 | 88f5f6d2322e418b51097ee768f7e413b22d0cb160e03f9fdde8f0d7260b4741 |
| SHA512 | d9f935ba1cab810f36b453819231be73a970c8387c599f58fca9a99e3402829ea9b6c501e42bbab602181cc7379a336d07a8331422784d2c3e5f2c388c069636 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7885df6f8df4548722416417d401e30e |
| SHA1 | 1e8ae51160faa5a785c4d3ca4b049d5c9a3e796f |
| SHA256 | 6b365187b5c6af2fb6ca07b0123b412ba747fb9f2489e03f2b618e3ed71ed59d |
| SHA512 | a061045c69869c5e84055e1c03ad5e460a745f52b2bde8da54f41d7685f6c552305ba324a7e31116bf595b59061171e154567a6ab69a0289f8f209eb0f76a143 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb32c7fa26bfab1571331c6e83f62a98 |
| SHA1 | 0689e2fa8b59588a8055d7ec688dbfb2b02d13ea |
| SHA256 | 39c8c66c70a87b4304e18d22dc00c7eaebf79785e5624a70b7063d0fa9be0607 |
| SHA512 | 6b57e38a9ba1263aa885401e37ee84181a259a9b964dd706227bdab011cc18610c79fa302d38c1d9743ff1b6af745d50a1e740e1646eead55989dbedd715a51f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5280595cb1b79980c6ad8188b09ad95 |
| SHA1 | 3d324a673994a9b5a006484e1a657f44b632942e |
| SHA256 | 39ff5482a85cc1f5f3b4aecf0bd21c640c7192c385f71f146ef6cf26bc175b28 |
| SHA512 | 432ad63da0b19c377e5d7d235ba1b0072c5e8f7be1b2e158680006aec31db12a6ad419bbb49d334003950cd1849b7eb7d0cdcccda18b18dd7b0740672c454b21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17ed7020f88ab07c882361db13608035 |
| SHA1 | 0ac18f31797ac75953e86e8c84941c02cb61c0d9 |
| SHA256 | c8efc0008aa4514bb77419571ac7e1466a2127ec47c6a9c7b13268a4f98ec198 |
| SHA512 | 40144d03c26acddbf1ca24e19974a6fa9cbbfb08f1285b524db1f33f387549a584597a3d61ea54b7a7f1c2a51cf52163609510467c2e4f3a2fd0fbc62189e01d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20dda431d0c0ca10fa17785394b9b48a |
| SHA1 | 5282ae7eed6c77445b131b97628312cd6831cde1 |
| SHA256 | 3f2252135d4622716f87ebffaed567f43ecd78efcf7e1f0880fc20f351ae2345 |
| SHA512 | a4f1af702e4ad7951a3904e5d67dfb0ff7f9a61131afdb2cc6005f8bc3c3b6f3f480597ed19b322e047905b1877b6327046e892fb13ee66f57be28c35aacac01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbc1d47a9c5f60f978008646cf766416 |
| SHA1 | 8aa4272c67bc5a0becf9e0d1844bc0f8b8af68ef |
| SHA256 | a9ac49805829fc9987b6b183138593e5cc05756184c25f7e78ae2894a19361d0 |
| SHA512 | 8ac9b8ad4ac61929a53ee4fe2b2f4e147184b4b9f4460d44ed599800c95e57ceaa8915c2944f208750f51953f6c382ef88c8c952d130a14294944663f471ed92 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-21 11:06
Reported
2024-01-21 11:08
Platform
win10v2004-20231215-en
Max time kernel
135s
Max time network
151s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ed60d6ae529e0e4187beee4fa1d8750f00000000020000000000106600000001000020000000245b71404219827119d69bb40ccaa8090e5353b5fe655741c3215b84a6481c3b000000000e8000000002000020000000a7b6e716b7ac66284231789bea00072b0f0345ce282bb414273a91cda9f92a9720000000aae7105daf143ebc453004871adb8f5e1628abd20b8816ea759e31f5b843dd454000000007716cbbb607a4eed13575879b6b062a9e8a9832067d3f92305cb98deb507d49c8b41c3faf7b2e2f49040bc07cea2d68eb9b1cbe7e1aaae84374d90958771c50 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4007592118" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a055c3005a4cda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412600154" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{19A1120B-B84D-11EE-8024-524326B4BB5C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6023db005a4cda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31083609" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4007592118" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ed60d6ae529e0e4187beee4fa1d8750f000000000200000000001066000000010000200000005f58422a715d93832c06118753969b72147941e0288f8fbeb6bd2475db14971f000000000e8000000002000020000000aa937b372c50c5a5478e9e3c7c0acc1f20a0f7b8229783cda5508e8e6b926a70200000009ee9e5644da6f4f681e8cc2ea379db3734f70dfd2fa01dcbb9cd41a75babbec4400000009bdeab1cc86ac4d71e61c321693178a6f8ea69c9c9a8a98fb1e072590e7fb96f094a973e3df8a5728b45a6b2677f0eb602e0c7c3e31ecb9e13f53825b816e6e5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31083609" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4704 wrote to memory of 4508 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4704 wrote to memory of 4508 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4704 wrote to memory of 4508 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6d253be03e6fce23b31811746fee1b07.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4704 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.180.9:443 | www.blogger.com | tcp |
| GB | 142.250.180.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 68.178.195.71:80 | www.linkwithin.com | tcp |
| US | 68.178.195.71:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 216.58.201.97:80 | 2.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.instantonlinecounter.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.180.9:443 | www.blogger.com | tcp |
| GB | 216.58.201.97:80 | 3.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh3.googleusercontent.com | tcp |
| GB | 216.58.201.97:80 | 3.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 3.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 3.bp.blogspot.com | tcp |
| GB | 216.58.201.97:80 | 3.bp.blogspot.com | tcp |
| US | 172.120.219.158:80 | www.instantonlinecounter.com | tcp |
| US | 172.120.219.158:80 | www.instantonlinecounter.com | tcp |
| US | 68.178.195.71:443 | www.linkwithin.com | tcp |
| US | 68.178.195.71:443 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.195.178.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| GB | 142.250.187.226:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 158.219.120.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| GB | 172.217.16.226:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.180.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| GB | 216.58.201.97:443 | 3.bp.blogspot.com | tcp |
| GB | 216.58.201.97:443 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BPK32G26\platform_gapi.iframes.style.common[1].js
| MD5 | f6140cf2e81a9d5b9bc96970fe1946f6 |
| SHA1 | e18cb20a08d0c13d44b72e36e9560aec2187abce |
| SHA256 | 68cc8a99c8ed5cc0eb3aa2146fd34bee0051bfd98faa3c03b83c78b4a12a8bd5 |
| SHA512 | 1f61bf7228ae9fc1b36249223f4ca0675da05beaa6c00b28b7fff500e0527ee237d139eaf6793ece67f8730dfff0207bf945a848795aab7c57301433449a8acb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M4T5ISGA\cb=gapi[1].js
| MD5 | 288c5ba5b7001fe841c32f690f62cc93 |
| SHA1 | 29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789 |
| SHA256 | c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52 |
| SHA512 | e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | ecbee8be1b3e68b8e56274a975f204a9 |
| SHA1 | 1f1c78785a4971aa3f1bb35fe28417795ecfd6a4 |
| SHA256 | 39266a7cfcf244879b79c5d99dd6b259063f954bfc47640558e773810eab1be3 |
| SHA512 | eabc00ddaa5d31c3b80515f9923ff193e89c1561e3f65dadde2e52d91ad249f6c215d34971b58e54d2643368e3712a01c1dfd7ec362f651f8ac3cb4bc8aeea3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | c070c537976def9dd4e8b1ded4cceed5 |
| SHA1 | 5a8e1598fa98897a3b3ee5092c814cda8a144f1f |
| SHA256 | 2178a36c836b6e56f782e4cf8d24f9b582774c0cf138a0c4b8c808f3fcf5b7cd |
| SHA512 | e83ffb26390f6b13297d135f83a762b35959b1e71cde667814244f74d0fa52b862d67d29cf952ec5ec79f2c0815b89cacb73fb7596a3d42a518bbf33545f87b9 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verDF83.tmp
| MD5 | 1a545d0052b581fbb2ab4c52133846bc |
| SHA1 | 62f3266a9b9925cd6d98658b92adec673cbe3dd3 |
| SHA256 | 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1 |
| SHA512 | bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DV2I56HE\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |