Analysis Overview
score
10/10
SHA256
eedf4777657feccaaa0f41376507e29afae7eb2109161d13f35fc94bbacd6291
Threat Level: Known bad
The file 9648708635355a93e555ab597313767a was found to be: Known bad.
Malicious Activity Summary
Medusalocker family
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-02-12 04:47
Signatures
Medusalocker family
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-12 04:47
Reported
2024-02-12 04:50
Platform
win7-20231215-en
Max time kernel
120s
Max time network
134s
Command Line
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9648708635355a93e555ab597313767a.html
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413875125" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D6FF3421-C961-11EE-B517-EED0D7A1BF98} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3000ccab6e5dda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000096aaf9ec66576be49bb9ad1b6f7ac6c6ea3865ed2651f731101fe4350c1c4beb000000000e8000000002000020000000bea805f8e33cfa127b95605467b8fac78b8cf606c33dcc8ee148e05ec31b7f9e900000009d4270396f45983713e0e351997da845c58653fd06e2f7b3b3ddac4bdff254979bef75548952e76b7aa25a2465c10ef363a3abce8cfe4f23ce2c40ac0e749efc3a775497fec4ffd4d4f191f1fd60b1cad676d87523c6c028962841c37076ce1d1a4e82281f0ee80aaa945c42bca0de0f37e0682e04cc25b9ea25b803a275800eb7489e8fa51f96b66ab03c3fa38d114c40000000acdee2b446d3ca41cb7482acfca55576fe4fce7edf00e56f0b38b023c9f383a015d35ee097cd447ddbed4bb5260fc8b46dc3f7e8d93727c1bde7598ed4ee2004 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000000482e75df4910e9fa1f0b1abec7887532a76644b34a27bed624968845b64a76c000000000e80000000020000200000003912cea900075c8a5ee73bde931318af3a6640544fd6419907ef9ccad3ff248b200000002b9a7576664ef3e784a88743844c361ea52a3fe54cd88f2bbebfa87ca045680040000000c253252731d9e0cebb846aa2b5f3ff255f7a71b8958aae803293377734eae35e7a70d726aa1dd56e3096a79571041fc2787b9f9355e5ac017c2b023f32721848 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2748 wrote to memory of 2844 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2748 wrote to memory of 2844 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2748 wrote to memory of 2844 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2748 wrote to memory of 2844 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9648708635355a93e555ab597313767a.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2748 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab8FF3.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar90A2.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d24bf36bb5287a3ae24b08c80bdad31 |
| SHA1 | 4dc9cfbbab6f97b5a48e0c5637a742f231680509 |
| SHA256 | 453cbab001c9780aeba505c1e01c825564cd1c1e15fe118e1425b5199abc22be |
| SHA512 | ec0ba1666a2dd03ee112c96b25eeda25f13f6b49032958dd9b2f887f0165be8633e6857b13a9a8e271d76261b26e03bd696412ddade8594f80e34e0deb9f6972 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f1b5b3b6a7f2b3157f9f0dcccb8e6ed |
| SHA1 | 16fe97c5bb7bd98360ef29b0d3456c605643146a |
| SHA256 | 0d20e511d090f6f439088a1eac712288218238cab3f8ac91ba0b408be5b7b949 |
| SHA512 | 8b34de4b85d8ff57d4aa5d6dba8fa20586f5291a3beeccde1d25d0ca76c3587269548e57bd4f5a4b4ca1131a450b9631177994a88bfc28062a2eb7c7e8a0466b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0df66972e277972ee7781b20a62ce64 |
| SHA1 | 985535754c81a7a2fdcfb4f35ae085b778155dbc |
| SHA256 | b464757734eb7e99f445f2c2f4aed60771a35c0f5cb34b01606e96e297103bd0 |
| SHA512 | 814d797f9d27258108af57853a7bfef918760bf8db4d202ecfede01ce9e91514b9c9b703997d22afc28d8904504308791346ec3618e39dbfc7b45833d4dddd14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27e064a62ec3a4d8caad25f7bb393388 |
| SHA1 | 78d43a86b73762dcf7e2ec617e1f2194d48ff6b0 |
| SHA256 | 67378650aa7ba44b5b572805e383e336b43ef1392527f276da745506c1f74d3a |
| SHA512 | 60cc81f549d83112c904a25599c191d173887cd64a8f6b2b61e414542a47a5e7edf584c0a0f4b58272423734a59594db71515ec32294742fb1156f7ea7d45cd7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 329c9c9efb55ce9f674c409c70dacdb0 |
| SHA1 | 18ebec74129d3d99b0de44049ab718304f31b309 |
| SHA256 | 561af6252f2d938ff7ddd410e03a40c1718f3b37ba0d3b20d5be287b0cfe6a36 |
| SHA512 | bf12238271cb670db4d3e408d0288a83a1da8357f55b6f1fb05a142e1dc6cc242b8027dd054951a81f9aa84fafc8d68bb48245a3382a0e58e8276e54be249fff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 109f4e1ea6e29ce7fa51daa599816f42 |
| SHA1 | c3dd9fcbd97e722322462ff8c8663960dc53f216 |
| SHA256 | daa301e7c73cc77961590b92bab4d193f5913380dc477bd6f45542512a0cd717 |
| SHA512 | 05af96175cb34b0db37691f530dbf1e212fc23d664afb9205c37ebb0cc7ae681263685ce08f7b1eb0e1a833f12af936ade8619c56a11e44eeb8014a0f4b7ff58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cdac150fe2fb141e34533a5b47b6ebe |
| SHA1 | e02fecbc5bcfb31d7e1884aa4a26257569e31f83 |
| SHA256 | 793f02a9d3e178ec6b17b9948acaeb10a5e2386004c94760480be750242e7c6e |
| SHA512 | 4a43823ac031b491857391d54af67de83437875769b725c00f3e8da301fcead330d6e0892a0142f67446c989ab68b43538307fb6e32ea7a8e2a5ef0e5f7afe89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0579c84a32bdd64366e28c796de879fb |
| SHA1 | 2bc455037ce706f817f4774024a0bdc9379a00d1 |
| SHA256 | f6eb22788c4688fe1e90ee874444401c7dd2e9affb9499b7aee62f2b3f5949e4 |
| SHA512 | a587157f782d69682909c6d11a0c7c403574ace84d313a70eb05b0f61b4e3ea09b2611ad3ec17270f6a90852bc0260dacb81c26f066a3559970eb571baea624a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5d457a0b09514edd1cc4831bb175617 |
| SHA1 | 0c8ce77669088a5208785ffb99e829c208983a4e |
| SHA256 | efe768389f19224e088ed343af36c62c2b62734ded2735cdfef1836dbc53aef6 |
| SHA512 | 81e283e129b48557be87251ceea5eb2c2f1344ac1a0acfee0dfc05998ae3cd86f23b87e54ec4c977f7c46745d3c2be2839f8fba2dbc9e7c58adc5c01263898f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb1b5d1360723931a930d00b756afad5 |
| SHA1 | ab14d0366ba2fd6206522a15c14e6aa55fbfad23 |
| SHA256 | 8629fd033e0f9e878ca429cc6d88c493fe22250df0595a3f17bef047f6da2b14 |
| SHA512 | abf0308ec0b42f36a5132cf3f506347bd65b20b57ff2d5d6a0f211254325712d6200840ecb9cbfd03ea7f8424650a49b983695e27b85f22ff7bd9ce7df7a5c71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94eeb0b1b78766194b789023f9e49e71 |
| SHA1 | f810727b5262ea6c913a76d5e382f818b1773859 |
| SHA256 | 5df0865cccbd684a55cfc1f870f75b389d3d5592a32711bca1ceaff2e0b40c32 |
| SHA512 | 39fb169ee59954e6c2c9a46a09f2301303d63d8208c0758ef67b6d5e60c580102cf61f71d85bd9e371d642d2069dd560b62b7e8596a3637051fd0668dda6ccb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2a86d7b6e02317b4473fd33bfc39fae |
| SHA1 | 1b0c7ee84e0776b6a4214fe15fe72164e71a7334 |
| SHA256 | f4ff911a37b495be085372e30b924c51ec337a00f2e04ab2a284dbc693be3f7e |
| SHA512 | 0a3112c1b50226035610d743e69e1e1b930d4a5e932033fa06df1490d693ed9851634c85a7ea6941b1823df7c45eb0730fe00a9e96a8f19bd9cc69786df564c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f41c3bf268c523f934cbecb86c18e4a |
| SHA1 | 16f8744a402a038ab46f83c3c124346923a3cba9 |
| SHA256 | 2046b45155020a6b2d83be965bbe7805a0320694ac79458bd9d27c09dbbd0242 |
| SHA512 | 9cc39a0dd90e90bcd21ac724de481c96442a1c2bae79614d22f46363968b4486199d80008706493ff050fa0fbbfb720ef544d4b9b4a4162d3e092450a73c8da9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a685cc5a14c35e1de7b8891396ca111a |
| SHA1 | fedf61e47fec333a595ed02423afb252cf0f47ff |
| SHA256 | cb093c9c949da3d155f601732d7ae5e9cdef7bd25071371fd5774ea8b465b45c |
| SHA512 | cbaa0b6f932ec1de736751d454fabb6957b75b300adfe201f6aeb89b795a977e90c56695d3ae3fbf1fd2ba6a3140d2ed60593dd99a84cebf105f9d452ce0257b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4502488542e98c9fd3e3ddc4ef16626 |
| SHA1 | dbe79a47551cbc9af11c4c2df5c34bafe09e5579 |
| SHA256 | 8a66d8fdf9ed9565790c6e312d33792ca1863cace434a7d3fd1eb8cfaa98facf |
| SHA512 | 321663e91e9256448fa311fec53c089fb44741b82eb2f171072a4d348eab7557e54455579d54e35211a1a7675aede2ff5d47ae7668d1781493cfefaa21b2dd2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 930f51dd3cd09e4b856b2446d9919601 |
| SHA1 | d78c04efa3f21aa91c0a009886812f180555f70a |
| SHA256 | ed1dbf28b3fe12fd09f60ae2792bc238678d1256432ff9a6ee2f5f44e68bff3b |
| SHA512 | 5639ac6c398e2a877a464842f605a9ddcb6d8dd322255a05029ed71ea2b90c89e257b8f700f6d5716f9b814e50ef0b00c846e80382e827a1daafa4167457aba4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d41536734da25e7c13dd54fbda474cb5 |
| SHA1 | a08ca85750dfd3f6260e05e9353e9f145bd39265 |
| SHA256 | 4175a961bd22d67b539eb17f61b29eaf4544c2c006d9783ce5e177b093a49570 |
| SHA512 | 83e28c52956aec57993d356ba7a1511b61dc11a305723b7714d07382245d82a8a36bd254bbded8dd00b50c71b42d817b7df7ddb4f30e6afe60278214af90a830 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6de8c1133e89b3ebeaf645bc95734ded |
| SHA1 | 23351b2ac2de4fc90bfef2d9fef9c977fa82e8be |
| SHA256 | fddbae9b4663e552ab0d43da8518347c867a84941f244917320f8521294900b7 |
| SHA512 | 842e8fa07fbe7ae36f93e6c74c05112a014b6351cf095c84b0e56ad6d06301f84c37b61999cbdba6d3d58b779bbc09711b9c5791c445e01ce5e82e4473a850f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95ea3863e1c3ae769bcba8d74ba24d30 |
| SHA1 | a0099b1d49849dca1245dbd771f16d89489eb516 |
| SHA256 | 80b51b970685a71c51fee4af3bae80ece6b43696c8ea662a1b4f6bfc85b3a8b7 |
| SHA512 | 223d788fee716aeffb92ae4ec0377e5d5c3616f554fe3d6ea8591b29bf72bd4b84cbe8d94bed7c135fe21c08d6536602ab890d8eb4d5f0c7bceaed96eaa22c24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 182d0f8e9b00661e40cb1950ebbf94ab |
| SHA1 | 94fd668a114feb4b5d518e29e82cfe57f8499730 |
| SHA256 | fe618a022d13a4098486e221718fa261a00f6b74fee41011b52b88f21f718621 |
| SHA512 | b9a7c3c2ad6f72150f9967da7edb2d3609720713538b733edd471762fd20db10132c4b4aa3f4de3be433a1f7aff0766ff5e90583082a0588a8dee60ecac15236 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-12 04:47
Reported
2024-02-12 04:50
Platform
win10v2004-20231222-en
Max time kernel
90s
Max time network
146s
Command Line
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9648708635355a93e555ab597313767a.html
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015a2f750fe9ee1479ecf0c8cfb11934c00000000020000000000106600000001000020000000671082e0368051e1aa3abbb1a859a5242c204fe9a2a09291f25474bcbe598fa3000000000e8000000002000020000000f5043a9d7ee9838e5d67c5312002d1557cd4d921788ac3fc06138268aa5147cd20000000b9aabad6b2ffb06ea9e5e7faf2c013e4bb38cf6e5bf929eb72a1e81d68af4721400000004382a403ff8c5c382c84e5ce6ae973b6dbc7f8630a0c0b3d6fd6e3ec1becfd27b78ba92d1758d7578b0f7197cdae7bb89ec7e1382cbf9eda3a7d0c6c394493c0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3117360132" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 403546ba6e5dda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31087982" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30d24fba6e5dda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3117360132" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31087982" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015a2f750fe9ee1479ecf0c8cfb11934c00000000020000000000106600000001000020000000d490ba607be6347b383d87e286100df93491874f83c907f24ac153ac168f3fbd000000000e80000000020000200000007c6bbeabe55100b88d2b26b50a6464977a101a38c62bebaeec078ef39770514e20000000c28fe1d2f744643c22b4015ba9e147b5dd96dc1d8185e689f4cf6f9d378f2d7d4000000077d773f78648668c1cd6922e13a43e393c3611135ab42bef5f59cf8681b81830eebf4b6a3cffefc119423896e8119a6a4f206d1e4fdfe0dd668aa255e532459a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3121422536" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414478254" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31087982" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E5633312-C961-11EE-A0B6-6E02734BA6FD} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2468 wrote to memory of 4920 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2468 wrote to memory of 4920 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2468 wrote to memory of 4920 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9648708635355a93e555ab597313767a.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 8fd431c366b2dea43a45adc6b74ef110 |
| SHA1 | c32072cd706d6bd394dec6c6115dae39eba961a9 |
| SHA256 | 15563cd7452e269c705038683038978efbfdc6374e7546ce53cf4da63d79cb28 |
| SHA512 | d457d4247e77ab09497500f627c3f1462a267962f1b2c69b5b28943ea426c36be1df2de3320f2349fe08441edea63c97cd32dfd89c84537ecdc57ad678b04c17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 6e89104dc54cf9f6ef8ec2df9d38dc2b |
| SHA1 | ba9fa8653a6c58cb3d8c7bce69d8ea2baf78db61 |
| SHA256 | 4c94a38ada16dde13fe44544154beb16b85545366b221f34470146ff9fb653af |
| SHA512 | 649d1cb392a06c3791f531d4f9469182497f2bf9b4bb1ae0e83c64d6942c33796d0735517f36c3a7d08c85443e7f791f613ecb8eee18fe89cf19d0f76539bea2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |