Analysis Overview
SHA256
86478dde55423ea79373c7717db21ed3f16998b88d4c2f14c029b0e4f05e8a2a
Threat Level: Shows suspicious behavior
The file 8a941b3741b3b84f032df3fa8df05f38 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Adds Run key to start application
Installs/modifies Browser Helper Object
Unsigned PE
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-02 21:29
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-02 21:29
Reported
2024-02-02 21:32
Platform
win7-20231215-en
Max time kernel
131s
Max time network
131s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\rllrtxhmayhobt = "C:\\Windows\\System32\\regsvr32.exe /s \"C:\\Users\\Admin\\AppData\\Local\\Temp\\8a941b3741b3b84f032df3fa8df05f38.dll\"" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0D9F6C5-758E-DD20-8BE2-60E46F9555AC} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B0D9F6C5-758E-DD20-8BE2-60E46F9555AC}\NoExplorer = "1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a090c7101f56da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000001f8a1b8d50566cc727223c31269c62af51a7ed4c460a7df1d698f23ea11c170c000000000e8000000002000020000000d722fc14bff0d9806b57a7c35d0181c0d119aa2b94ca3ae57a85105285207e0920000000df1c273ae7d2bb8bab9b4100b0d4e083533ddd37fa0ff7a580d24e748c1d263c400000002128af6f91ee0ec616f17c192e3e7325c31a3734d1e9a0e048154a3d99fba179a45472d39214061835ed9454fe30af8a5d22146967781b09599ce559e91e85c0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{39754A61-C212-11EE-9F2E-4A7F2EE8F0A9} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413071269" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000000fda4a3b16ee8f8d9fb7484515c02e46aa37f68dd59672082aea435b76c35fd0000000000e8000000002000020000000dcdb1fe72bec075a68e1466e770c8a5ff5e6f717d71a470b5f0f0685e207799d900000006aa02c785880bdcd6d7a514dad5d90016ba6dfc10a074030dc091ac50642f22a64760d5efb7ae13ad8d6c297fd04cf72d88f6a955b8af317b819497afc4c4f0597e82ee53868592ed4ad8415639fb7363749507ce3bcc7d6a88cac7c61fdc6fed6729198ab0b3ab2a9abbc8bab42e12fda9a5d84d49a0315d266932fc1021d4a57c39c47b5420169cbc9e86aa9161aec40000000084772fb539317ab934f904a46a2ba8028385f50e996d48c6a5c09a16d40cfce7ee757fb3649ee2354b33167b3f000ca9db09f559dce90d03fc7dc2c222f9d60 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0D9F6C5-758E-DD20-8BE2-60E46F9555AC}\InProcServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0D9F6C5-758E-DD20-8BE2-60E46F9555AC}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0D9F6C5-758E-DD20-8BE2-60E46F9555AC}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8a941b3741b3b84f032df3fa8df05f38.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0D9F6C5-758E-DD20-8BE2-60E46F9555AC} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0D9F6C5-758E-DD20-8BE2-60E46F9555AC}\ = "egoads browser enhancer" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8a941b3741b3b84f032df3fa8df05f38.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\8a941b3741b3b84f032df3fa8df05f38.dll
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ads.egoads.biz | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/1616-0-0x0000000000300000-0x0000000000302000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab342C.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar34CC.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ea56cdf9d4fc0df85b42638c8995f69 |
| SHA1 | eb79edfaf47c4c80024457b3ffecd09bc452606f |
| SHA256 | 846b355366a4432d55a6058cd400d9978af087d09efead011af6621afdccd476 |
| SHA512 | 7fbe94472d6ef3940434b7b6fe775abe22bf2c83b6c6abc7a041f1ae2318f53bc6f7025f1aa513a4e34b596ce2f6f5ffff26c5b97b327a76e0622bbeb39a1b0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 684fb6ee8434903d8d95bc07bb429551 |
| SHA1 | 1e7a0edc9a9bb146c19e09b3be1a1c6348c972d8 |
| SHA256 | f7f0a52eeaa4ee7fffea14afb45a9443d7244c89364ee2835fcf596fb7403f80 |
| SHA512 | 6d74e5042b5cfa431b1b40e0ce0af4f7b8398bb87b62412c15146e93d56c6870b7e7616046a575cb5095e45273f70831e7977e22494b2bf51110a5796dc57421 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1543111c191c0a1efcab25eabd31ca14 |
| SHA1 | fb9dc977904766e79081a5ceee5d9ed39be1d7fe |
| SHA256 | eca05ab3a134513293f025f07c33c85c2eac233cfd0f7072f21012731c8ba9e6 |
| SHA512 | 2bcd404a79af1da2dc543dfa486f9dfc206771433d30411f2eeecfc558f4b60a08f64facc98cd42c590014c6acff66ece9f82440c6e19186d99dd89f49e9aa13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aceabba670211180cbbc941d5a96a0c6 |
| SHA1 | f69ed54f127c87b818456f5afd1ce8d0ab38187d |
| SHA256 | 2bad4a4c2bbaa0f571e5cb79f78846b67373495cfaf2519eb954461f019227a7 |
| SHA512 | 1bb5ca52b7af572fef00edc05bee3cf67c84233258f83f0190377c89b44f2f6e87f37d2074e523dcca9bd36008e9565e7b0c05ee86c701511b40b40159aaaab5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fda5dbf849c569c756038904db24e0c |
| SHA1 | 2ce18e2594e460b4fc33c5c6d1050961b2665a53 |
| SHA256 | b42d22ade4cd344e188443570099239f49e778d6c7cd4b51f0f4282d9a9ad31e |
| SHA512 | c2a5cdec938504e3a36182d173e0213570ca4b35f5f778d35e98c9c6f1636ce6132d65c289ef86f6d76d5fe96808dd49063b60f8f5c879d35a1cb1728f1b5ff2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4708f49217aa4034e803fb7872004ca3 |
| SHA1 | 4ffc001c613ce18b46e8fd1ae80ca582fe51c6e4 |
| SHA256 | f67ffc4a350eabf05a33fbde948491e2135a3099d1ef2e88c9fef706418c264d |
| SHA512 | 69b3088a66d0c416b073d9fa4bce4b1ea34a3a37230680a3877489b3c0e20bba7843820ec3c9e63bb2a009a2c5c5f40dfd2fbedfa822c07d72303f226ff1d676 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ff6cc385159f2e41d98a0e05391a2bf |
| SHA1 | 3cabdadc0897be46868c4754ec1f388bd81b3988 |
| SHA256 | 8c8402f977b65bc52fc7c5cd3a21c41c9559908c262a03158b22f51a2fb94848 |
| SHA512 | d7e203b51a45a9381db56d3d512c50e760fb280d374ee0a1ddb3e4f1741846f938a6fca8916b1be1e9647568c55e6e764c9fcb24ebc2b951febf6bf39eee9335 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae0e274b65411d076623cad8867d6448 |
| SHA1 | 4cafe80479eb2950bbe489ccd2ea43c90a6e2b89 |
| SHA256 | 824f09aa2efbef8551c24839b0b5508cf790f5bd8f758484cc5c5b1c0835210c |
| SHA512 | 835fe6e5761c81621d892f933a3b0a6f327afdf5c18262a3904415233cfb049e877a0fd74ead8b588764dd22750b5e5afeac5374ea4d55e9dfa0e29efb6d1257 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb01afb0bf6b2f68b4eff047fb21a326 |
| SHA1 | 6bdef66bd5118686bf2e05720c2ab885075caeb6 |
| SHA256 | d1225b3a4779dbafb293fb46ca7f8e471186e407b6ae3c54a1580ab7f2a6e3b1 |
| SHA512 | aa7ffa3bdf305f43007885aae1a6f1a080112530c138edb8dff87fb56df19a12a34a93f4868aec47d24f26e343fa3059d861b717373790237e0927ed6b86edae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fead8d446c06735bbbcb842b95efe1e |
| SHA1 | 6627dc0d05f218de48b7921965d9a9a73525236a |
| SHA256 | 9ef398e24f15dbda95009370429cba30cbc8bfa6b3d5873fff701300cb4940cc |
| SHA512 | f5790c304290b54858517a3c232185d43523348cd2b53aa0066bcefc9c768c9fb6353431967ab74d69bf0c102dd6f38187b4542ba960d664f7acd0866d2e97b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 401e64376c42ad9f7c44b0be268b04de |
| SHA1 | c518e9efa1d3f40e89d5074eb5b81fd9853c672a |
| SHA256 | bb89d7ef86f95ee88257f3e1de3e86612f12672031f642184e858f95e4d0bf00 |
| SHA512 | e12924397b72b601f3ab4abf0d1162c28ae9a4cd4c1e22eb31bf71d68a305aebcd0f832b66e274d8695ac1812cdc5e4d5208c1c4e8ce239bf161bfb59dcd0e6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2272d09fae1dbf0cd2d0eebfde99d369 |
| SHA1 | 8286610870d5fddb9e49622c712ea7e0175ab3b6 |
| SHA256 | 7189cf339812607dd52d88297ec2b51a9e0627942c2d1ca8ea9d3a03ed4f3644 |
| SHA512 | dd8a2fc5fb1cd09e3e9c56d1a203c80b668824c7c9ad8a6ef7ea274724d9f3145f913ef13d63021e21bf954ec8e79b8652dc33a4a4d453745f822a74b7315a43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bb793b643f76c9cf79376417001f3e5 |
| SHA1 | 068175ac5e43234494884ea4e5757afda7405bb6 |
| SHA256 | 906e2ef391161ccbacda37973efe516fd146cd4b610d2f61950bcc28a694ac70 |
| SHA512 | c7d58a3898129d699e6a315311836e7c5401f2e1597dd5dd9b6b533bb6816750935ae248c7cc51da5a1be77244790542143a05628a218bbdb35970e865df9b52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92d2eeed6069eaa0b83838bce7df05d8 |
| SHA1 | 04561dfba3fb96f63d834a0a52cb393531a4ed41 |
| SHA256 | d920b575d538f5be41c583f8c1bb158d19bc5e2babfeb58b5d62213587efa55c |
| SHA512 | 2210323c9d28bb74d9bbbe2e28c5f31762a77f29203f0abf6b9fb98d17d06e240b6dfe4b12089a5a8bd76c3561a238a9b9d79440c4ae03d2b051acc73c99f4e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98e3275138c25d94ddcb37962780576c |
| SHA1 | f2848490f7c241582e6508d88f0344748a92bdee |
| SHA256 | 3d0c3fa7e2aad8bcee7614a923643867585e27bba8da44f1edab878e66739de8 |
| SHA512 | 42b7a26bf844685c48ac1092ec7ddb122686e92e54979ea7cfb027dfffbb33fdfe7912ef0a69af2d12a2ae7bc7573acb1c716d7cf8522b33161d48d8b360cb06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d29e8c2960990931adad4b0780f7d966 |
| SHA1 | 7986308a783601286da2c00902fef2b8b2036f76 |
| SHA256 | 2a1682dd78b2620e7c0068b5678c0acb4155d8cbd621391d7f1d3039a64182f3 |
| SHA512 | 6b9556bd1c69bed3522fa67b93d5654a2914d802611ac48ae275fc8535197b52d602ec5c0d1abb58f0f66fb2607a8290d4be8b82a5c2137121d4fb8a27394d5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15740d6d1fc720219bda77330eae0037 |
| SHA1 | 7a1387f3c613bf431c95b23196795417f5ca2c71 |
| SHA256 | fbf8f78b0da6b594220860431eb0746c0f7ae99ce795366e4c411d30c5374a60 |
| SHA512 | 6a6c3b7aec3a0cc9dbe33b24442165300a58cb8b83c7a9a40fde8d85ac3bafb8959f855933c3f65c36c2305b6e0b253159316a6135c4388d34ab5f5911c61da6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43f3314fd07d5098a75f1168a104cc2e |
| SHA1 | b5d3cddc2ddc6f17e5d13ed46923200561c15828 |
| SHA256 | 65e2effb4b1f7855575ec557d0ddcb767126dbd2d8c356c493922c51b327062a |
| SHA512 | 5ea5ca25e5fe4aa4054283bb7d2ee83ba97032bdeeba5d496e6da10ac71ec4eb4116c54f3c669a7fce817987ae767a4be9b683ae1a84f0edf8ec2cf1399a3fb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2c3845c4a5dc8b79b7f746d895d9add |
| SHA1 | a725fe7b3f5cdce823971419cf7b225aa244f974 |
| SHA256 | 4f9680df2472c1f2489480330377725e37c8f9296bf66d551f31a20862a31e38 |
| SHA512 | 19ea180e8dddf8cc0abb7ebbee2bcb02ae4a6f90c3112537d79a6cb813544d71a4068bf10d677581cf1e42ee9891b0f968d18d4f8de5bf38d9481ca335cdf59a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\errorPageStrings[2]
| MD5 | e3e4a98353f119b80b323302f26b78fa |
| SHA1 | 20ee35a370cdd3a8a7d04b506410300fd0a6a864 |
| SHA256 | 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66 |
| SHA512 | d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\httpErrorPagesScripts[1]
| MD5 | 3f57b781cb3ef114dd0b665151571b7b |
| SHA1 | ce6a63f996df3a1cccb81720e21204b825e0238c |
| SHA256 | 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad |
| SHA512 | 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-02 21:29
Reported
2024-02-02 21:32
Platform
win10v2004-20231215-en
Max time kernel
130s
Max time network
141s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\esftzzeiwugqyn = "C:\\Windows\\System32\\regsvr32.exe /s \"C:\\Users\\Admin\\AppData\\Local\\Temp\\8a941b3741b3b84f032df3fa8df05f38.dll\"" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92C942F9-347F-F784-D81A-6E4BF3C7D83E} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92C942F9-347F-F784-D81A-6E4BF3C7D83E}\NoExplorer = "1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "235735595" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046600867cea8cb4995f7301d78886de6000000000200000000001066000000010000200000006828ae0919e1dee58cb73d4ea7f9e87f2292c5a1331d54bc6c4494ff9abd1f1c000000000e80000000020000200000003e06a9328fc9224fa674fe817cdf09f6b03efbce0cd6319674b5a5e0435202e7200000008c426758b48256fca4ddb3920aa7b991ca5e074bde0f6b634648ebcc1e7bd0624000000007ce5f49e073199cf6116559994b008c723465c333e3699e0dd4b734c8a075ad664c8262fb1c6092a1249f432053398eaae096242760316ce4d99ff600003914 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046600867cea8cb4995f7301d78886de600000000020000000000106600000001000020000000a9322164b124f501b319c7930df9fe5cf6d6ce140aacd337d39089e9caa08d28000000000e80000000020000200000002d8b2775ff19525f3a7bb99d3298717168797196c9c69641ca02d7027f2fb46a200000004256348ee841bff7b9957bf5c139b1895b4dd368d19a0b00bc034997d8e644ff40000000c93989e474795aead4ae2859a21ce0b5815d3ede1c91cc8e9e96a0a7437c57f9faa6e21d6e3450dcc9fc4ded9ad3bb7e5aaec0160fa954d66de68368611752fb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50e651491f56da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31086111" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046600867cea8cb4995f7301d78886de600000000020000000000106600000001000020000000cc093f7de853d224ce4186264e0a123c73ac1cfa3e52403debfa0a94add39d22000000000e8000000002000020000000c6caed37204ce6c4ab6d2d67a50315566543aa8daf22482c089880ec7205205320000000fe1bbd43381d74d7a872a802c5f31c0f4a5c2ccfd3cf2983bafd8fb8107bb91d40000000f9311a0e7f29e11ece6ff7dfd11edc8cc627191439c7ff788bde813f7a7cc85e5399d4597fcc22b73b11494900a3704ad66d960f6e139435abf5eaba6f3165f5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413674377" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "233861030" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31086111" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31086111" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "235735595" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 700027211f56da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 109ec1341f56da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31086111" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{398480F4-C212-11EE-BD28-4ECC77D3B663} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046600867cea8cb4995f7301d78886de6000000000200000000001066000000010000200000009c3959ee9e0ddf23800aebddeb2dfbb88e63732058629a5e1c5dcd8dd3484c6e000000000e80000000020000200000006885c63355045cfc71beba30b18e765663584b7d72ab71b2aa2a64cfdd9e89fe20000000365fb2ff26242ca4582c89c4b68567819e3547de9195670239d4f8884f1b508a400000006af60a188f3e0a4ceb9fbea7852beac56a778783b23860280f6766ae4740a6b9aa3afa8208f96244a331a682e79ffa71381f7b49738ec9cd6e5717621930b54e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10a4390c1f56da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "233861030" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{92C942F9-347F-F784-D81A-6E4BF3C7D83E} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{92C942F9-347F-F784-D81A-6E4BF3C7D83E}\ = "egoads browser enhancer" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{92C942F9-347F-F784-D81A-6E4BF3C7D83E}\InProcServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{92C942F9-347F-F784-D81A-6E4BF3C7D83E}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{92C942F9-347F-F784-D81A-6E4BF3C7D83E}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8a941b3741b3b84f032df3fa8df05f38.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3404 wrote to memory of 4528 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 3404 wrote to memory of 4528 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 3404 wrote to memory of 4528 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 4684 wrote to memory of 3216 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4684 wrote to memory of 3216 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 4684 wrote to memory of 3216 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8a941b3741b3b84f032df3fa8df05f38.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\8a941b3741b3b84f032df3fa8df05f38.dll
C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4684 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.egoads.biz | udp |
| US | 8.8.8.8:53 | 202.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | ads.egoads.biz | udp |
| US | 8.8.8.8:53 | ads.egoads.biz | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.egoads.biz | udp |
| US | 8.8.8.8:53 | ads.egoads.biz | udp |
| US | 8.8.8.8:53 | 29.179.17.96.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.egoads.biz | udp |
| US | 8.8.8.8:53 | ads.egoads.biz | udp |
| US | 8.8.8.8:53 | ads.egoads.biz | udp |
| US | 8.8.8.8:53 | ads.egoads.biz | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | cb99b6d5040641081530ef8f6049f1aa |
| SHA1 | 3fa9e3148cbee0e561da3787919043483ee5e5c0 |
| SHA256 | 3e1607026f332ae19539f0621c8b18c820245d196febf8bf258253667ebc94d8 |
| SHA512 | 13cdc5995fa4741d474c00491ea55b26101a88ee3495327950249e8bef1e16de29f46d0c1ffef3682eac0e041f0b06545d51ef8152a33606f0e13fe35e6a1d83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 552a65f15928a9b10754de336408c493 |
| SHA1 | 10c43af1c72462c22e65e08c3bc6ef25039304aa |
| SHA256 | 0c305345a67f5005297bcff546fb7f67030568ef9b93d7ac5e4341b3366d7853 |
| SHA512 | fb9b90454c3952dcd4c0c342e2437b5a67ddbd8a7aece549331106a0dd2972849ae56368d3aacb6716fb4e8c640133c1de43f39290965d0de5aa1e27da200e50 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verBAD4.tmp
| MD5 | 1a545d0052b581fbb2ab4c52133846bc |
| SHA1 | 62f3266a9b9925cd6d98658b92adec673cbe3dd3 |
| SHA256 | 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1 |
| SHA512 | bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1RIAF1U2\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SB302YPZ\errorPageStrings[1]
| MD5 | d65ec06f21c379c87040b83cc1abac6b |
| SHA1 | 208d0a0bb775661758394be7e4afb18357e46c8b |
| SHA256 | a1270e90cea31b46432ec44731bf4400d22b38eb2855326bf934fe8f1b169a4f |
| SHA512 | 8a166d26b49a5d95aea49bc649e5ea58786a2191f4d2adac6f5fbb7523940ce4482d6a2502aa870a931224f215cb2010a8c9b99a2c1820150e4d365cab28299e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1RIAF1U2\httpErrorPagesScripts[1]
| MD5 | 9234071287e637f85d721463c488704c |
| SHA1 | cca09b1e0fba38ba29d3972ed8dcecefdef8c152 |
| SHA256 | 65cc039890c7ceb927ce40f6f199d74e49b8058c3f8a6e22e8f916ad90ea8649 |
| SHA512 | 87d691987e7a2f69ad8605f35f94241ab7e68ad4f55ad384f1f0d40dc59ffd1432c758123661ee39443d624c881b01dcd228a67afb8700fe5e66fc794a6c0384 |