Analysis Overview
SHA256
3cb59e70d49226c59e439c065817db704ee03896491181474320fafe2b906e19
Threat Level: Known bad
The file malta_scanner.zip was found to be: Known bad.
Malicious Activity Summary
AgentTesla payload
Agenttesla family
Unsigned PE
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-19 10:15
Signatures
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Agenttesla family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win7-20240611-en
Max time kernel
134s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000cf290375abe30b871f8ae566007d52c81a3d99e145cc35fd6efe895324952dac000000000e8000000002000020000000b5dd660c5a115d10db057f14661a05e5eadbfa9f822bb230243cef030341059e2000000071543850ad8a7b4e3161f765d579ef5d21d09b1bfe6e78e2a04b0a0e9889e4e04000000095d3ad050d88f0ab44f9f537e444297db9af091011987d67ce0e2d912a90f6a1dd0007503b82a7a92f04f7f4ff5b1291b99dbbbabea21656dff0df6ddc8cb752 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000064e30ec084a498ac09087dfbb0f9483de5bc01f48d9382135cfd0921f53e0371000000000e8000000002000020000000dc664af9b1851ce054702dbbf399c9fbfb19b0cfbd13a93d8f130b096961f5e9900000005e8a064d5af669491f3a777a4c7c5dc8dfc1b19ca38cde3b97c6f90f2abc99b424a2e890aa2989c7d94d9dd1114305a36b478e8810238d082265f67e02fd2e0d6169dd5d6a3a75d684f13cef473ae34b4d90d931617b4c24a7481c5347e15f4100971e415919d0fd8f9ac8c53f1e7b41b83a55905f5dc8d0f41c931688a09bb1c087c5ecb6c329509544a7bbbef00f9d400000009ab293b50d3f84d66eee9196d229ffee70ec76c39330f8ed0dc52af73101dabf91ecf76d89d4a7e70d25cc66bf18e8eeec44c123ba4b217a8eeff59f74816f3d | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 206f02f331c2da01 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424954110" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E1D7F61-2E25-11EF-90EB-D671A15513D2} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\de\System.Xml.XDocument.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab41A5.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef4b073c8b14d65e0dbcbed0bab66f70 |
| SHA1 | 6f7c320acafd6d3acb39d4dd5f8e3b0cbe49cba4 |
| SHA256 | 9273b1d6877333942c1f3673f60eaab0d3a04c72ead49c3fc4fbd3459aade60c |
| SHA512 | a84afb851ab8ff73aafb7c06d268be2f63ab14aee24c7557443f1a00c0a13b0861773687cf4bc6a8179cc9f8279dee2577f0a94d63b5d935642851b86d1809b6 |
C:\Users\Admin\AppData\Local\Temp\Tar4267.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a811f980f85fe5710e1a8934194f0a1e |
| SHA1 | ac98462758aa2d2a7b10a9a5f29cae37445f2f09 |
| SHA256 | 883b6fedbcbbd273e745d9933b486813f1aea41ea18e0b4721e0eee7ae896531 |
| SHA512 | 8dd4b6836806e48ee1b60cc585b070d2025d7bb8120bb41391e97c1364735ef4696e7377ef7e8584a91ab4a43d5e656b822b20a825dafc785e5ef90dad35c463 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b4ca99aa536140f59d12c507cd147a6 |
| SHA1 | 1e9802a669245b08cddaba6ad39c18c15218e8d5 |
| SHA256 | d213aef3ff4653c5639b9096e46e3cf49e21a00c67ab5d6a6eff65b77e088a7a |
| SHA512 | 9f8f12cd9f451c9c4d5748ed8447bf0f6b8487100c77bb51d583d3cbcb63ea08a89ef88048e687bfedc9144e19f70f121b0a3fce3a54ef489e699a97a9b1aa0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94c5e02ca6c17bfe169719d6e4775365 |
| SHA1 | e80fe610227b23fcb19bbd1e6d9c4af204dee44b |
| SHA256 | 4a1f8e0cfc59783e1dbb64af048437950f8a100af80f2dc261724f09708ec016 |
| SHA512 | a1d07c421220f9bce00f142fbc9dd527254281e5f69138fbf998d8aaee61b15641959b407207f855667c43bcba7185de896e416c629332b508caa88b254b5934 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75fbe946598bb57c7bbd7f77340027c9 |
| SHA1 | 0d814182c3608380b20304e11cc418fbd24b1711 |
| SHA256 | 2d480640eccb51fa981dbeed2526b32ca2a5e41485bf7b2e34a3e6c3af7e7c2b |
| SHA512 | b5803dc4c09bd3d7d9311b5f6a016aef67e86c3a5b813ff2eadda415ffcc7092cab1db611f0805ec824583d552be41681f6322d2533c6250fcf2b373af94f827 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 999d6e1017e6086c0c6f395cc1f7fd8b |
| SHA1 | baab9d2a3a0d47f3318f7edfa4faa8692b24f89b |
| SHA256 | 0ec1db183cc3d8638bc6e225392375096bd5a7ccfd0d068ab6d92d238685488f |
| SHA512 | 38a191ffb8a383e56c3328181f672a08a54b291f3e76a234ae6b3c2994d41431ad46462a80bfd9f695f0018b361243828c792c441076186d62a48a11af48ed2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33515631d68c3bee65e905e5777dfc60 |
| SHA1 | ae8b420482fa689b75316a43e2af8858eb7624aa |
| SHA256 | d702f30363294c91a7bdb5e57adcebb0299b3ae40d6d3aca62eef6ee133fc093 |
| SHA512 | 4e495f75c86d0785070e3fd87020a52707ece43b4e51439ad1b8d0b597b31ba9d35e1cb415a1a729f126ea15a90adcd518af7f72cc06602099f35fcbeec1ccce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f376dee94d124c1ed01d6edebc85a357 |
| SHA1 | 7fd4fb05180581b14283b894bc84d3a0bda3add1 |
| SHA256 | 531842e2e962f3ec4f07775eaa3dfb0de20f8cc4ce0c739fe68cf936d6d8bb7d |
| SHA512 | 544ae1df215319bceb22f5b5653eb06d79f4d75e4a76f43ad79e7514230eb5a2d1e6017b3246a7fc162ee63fbe38e1f1d4013076e05f527cbad395b8fae70f89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04e49124d61889be50d0e3b5462ee3e5 |
| SHA1 | 4863e589037acd97e827a285396fab3d03c2b220 |
| SHA256 | 60a5a5761ab07f1af4d0d88c64aa892c376f57eb988628ff5e46028ec186386d |
| SHA512 | 7a08eb9f5ea55abf883384a0991d80f57b2bf277fc81fb5e2af764f9e8e0381ce4ab7ad756e4e800cecf5004593de132ef8b35884985145f25df3d0bcd30b10c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7796cb20558f80c0993893533c974a77 |
| SHA1 | c159fea9c6474cbb39e6b7c64009212541a5628f |
| SHA256 | 37e35c0ffd75e812ab8b98ced0a3a15d4cdead628ac232f461a600f55a5ccd28 |
| SHA512 | 8a664769322536b6061abcc069c3c464e0ecba4ea0428e8afc1c1795b54e3111bb0b32efcea901e5538c0b654ddd98e41193126ae4f749eaa67c976213016ec7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a1d0a896fd34b7465ea9587bbf0cc82 |
| SHA1 | d1942f03b3317421b2d906ace855315e9cde59a1 |
| SHA256 | 11414ebeb5a3f99a4ec5ca7b11e0976ca09747618a64ae879ae8c9b48d063664 |
| SHA512 | c2c8e59a28367763e8463de36d1d0bbac18315dc12ff5f6d6ca8f7892a0f909c371f2dc8db3eddaede6bcee38effee56fb1e78247a6a5a741745f6f643020b10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fca9d476061e570b95b327c7d6877a4a |
| SHA1 | 7b3694fed4a88860c7527347be13ee1f486df5bb |
| SHA256 | c95317bb5285d11c1ece1d4eb0ba420d815091c4e5c8d67c933799af8259e010 |
| SHA512 | ad4d30605afb39e1dee2243f124910542ae6ec50c3821ff51b609395b8cee0de0ea4dfde9cc710414451a07ac26a410bec24c42b8091cac11b79718bed61370d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40a9f3745a664123cb849c06e5b4a11c |
| SHA1 | 2c921d872248a9e61b8f21e736b4e101c10eead9 |
| SHA256 | 3705c3c8d0b76cdce5ea1ef7d51b104efa163c1ba994e802c4f9d81ce45e81f4 |
| SHA512 | 58edfaf42a7a28a2e9e095a107509cb1aa1a3981e6cba32eebadb4e63cb46ff65fc83da5979fc7fa0d65e1dc7d5475c2fcb7eff353eb6bd2218fd6b28b995a8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd48cc6f82ca18f009c31f49069bc1e9 |
| SHA1 | 5c4c9edc50050be2f6281f6c9c6b56ec04517d5f |
| SHA256 | 0605e36981608564d6b1695d0667a987a8f756f3ebe91d46c6ab9ba7ca30acd5 |
| SHA512 | 2f2315d4f590584b94e17855d470d4c6e0951f9db66ec42963d582191ebef756b9b3477c17d5a9fefc6fc74381b2a077284c061c3fe94247aca5e6b09335c640 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c6b5531447fbbc6f7b01f9fea7dc6c3 |
| SHA1 | c95ef6476ea3646e44ee4693380851cd6eec6ae0 |
| SHA256 | cacd80d30ad2c0df81e61d1026ba24f521714fa96d4c32289e803ea4efa6044b |
| SHA512 | c55490a7b38fb8e7192def928fdb04ad54113d1366433acc80dd95349c667c3eeeae33a3a52c572eaa830c41fffd3a7e8417d169fa6dff7d4fa90f6fee64329a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 195d51985378e26426f593d2743ff695 |
| SHA1 | e82dd3b2d78ec45a9839e3e10ed54628b3bd8e9e |
| SHA256 | 2320e1b8be17200757aab38f2dbb008806778210ebdd9e4c817a0d992ea94c10 |
| SHA512 | f2ec522979590a4587158b7f1855221d903fb7429378c170a33a5091e2c1969a1f85f00de66292a4c424a6e3a51a5dd7ec4ebd63ed53b071a84cd55bb07a6fbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a17640d356242bad8e91ebc7a20c479 |
| SHA1 | c736dcb5305edd15ce2a220655dae6cd99019418 |
| SHA256 | e6ddb034d2636e67bb75f9c1f81501b0a65a89cd82f18a7e438ce011d3a31d45 |
| SHA512 | 92223c3ef9352dda1d09c58c3c01333cb455d6dd66ffc91c446cbde1f04435c80964c1965c6e86fbc701d023964e8f9f3f4342ebcd442c42f69799650bafbc30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d595ff713f5e62edc25eea6973155504 |
| SHA1 | b1d9ad824ebe544c9f9d7514086607ffcb744e6e |
| SHA256 | 924abcb5cc94627cfab3efdc003f17d5ab890fa56d773cb21c9b9d135909c537 |
| SHA512 | da5ba57772d4a2654f11b822480329cc1081462257d1f555d833a1efe6f4960126b67598ab5cb0faf089380f30e28de5e26f462bbe4a7501f6a5759a5e28d077 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e020bc427c4534dffd346d19edf36f33 |
| SHA1 | d3a8eb68e4301825715363bb645988c18945cf6f |
| SHA256 | 6c619730419d2757542ed47cad8998fdfb1b22415c146834877a8ddc0726d40f |
| SHA512 | 5d07d4bbefe129f6925b8bf706152d2bb8ddaf00e985c1c707f8e30b258abc359ab2bec07591fb30827bb04251341bc855adc8d72545556b9d24afb3fd575e3e |
Analysis: behavioral21
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:20
Platform
win7-20240611-en
Max time kernel
118s
Max time network
136s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netstandard1.0\System.Xml.XDocument.dll",#1
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win7-20240220-en
Max time kernel
134s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c07bc4f231c2da01 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424954110" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005a9384f4ce73d14cbdf07ed7047a6b17000000000200000000001066000000010000200000004e3b62e1b83a1c526f4f5456e9154ec94b66cd71824ff22a018778864e5211fc000000000e800000000200002000000022b881af1160d8430cc36f464764e691d571c7b13d34281a6ece052c19a233cb20000000a17486ff0168b125943bb9ecec64778e3da435b5da8b085f4cd880da6c1c63fd4000000052e190f1c71cd7bf24b324f2559b1c53f5ee88b5745726fc9a0fecb256c4345157513e159e95894ef362bf200d2d8a095317861ec83d73a44be93156a8da8858 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1DEDBCD1-2E25-11EF-AD30-660F20EB2E2E} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005a9384f4ce73d14cbdf07ed7047a6b170000000002000000000010660000000100002000000030547c11744dcc45a33a3fc781bfecf7cc33b5d1b4f3f6e5d29ea5944a79fb38000000000e8000000002000020000000dcb86cb09e9edeaf96644a7f84ef97692bdd2a20e718a5057372e7d0e66b0f57900000006a9d2fadd28fafb00e28e85130081e538e50c7fc18e3deae360cf5194df7800f20775488be4ac1b21960aa50f99b517b2e490aef495bfe5d1b3df52e5016c4a96beb23c31af56163bc1f64d1bf32458f57ba33f569a822d063dc5d436ccc5ca61f88f47b4871c1475b7b452bd208eb3c9c92b340c5d0de45bd65e5a058dcdcccefc0bd4b41127b62943169b58973723f400000001d9c3c865caf8ef11859c16018e4f93c4f4875c80f59853fd00e68a7ffb3a58a4716f5e6b5c0dc984a940288a4240f97126fdf426947da8bc79a86a53503b313 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netstandard1.0\es\System.Xml.XDocument.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab459B.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar468C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 081b7bf23b437e8cec34e3814885be62 |
| SHA1 | 8d4c6c7a03ea553daf15bf606557f27ae512401d |
| SHA256 | d113705924a08b26f05d726fd1b45c4b37aaa59b95ed276cae87abd1eb49e6d1 |
| SHA512 | 506d0b27e0b8dd8691c2ff54f5fca3582ad46fbb7162163d0506e7b4d97dd2d1a434b4f35d3d467ed8feb8fd56c015ebd65e54212a34b1eda1ed535ccccf110a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9c7ed6c7533911200bdeda851dc8829 |
| SHA1 | 41e1a928f638cff383e0f64ca97240b6228ae103 |
| SHA256 | 61ccbd5166ed0aa7a25ff010a1309364fd465227230b30af446bb762aea74aa9 |
| SHA512 | 894304e2bde0d3826c9446398408802ed75f4fe448aac6866d91d38d981be2db5cf525c4cf2f77498406adcf869b59b55de5415bb744cc145af745c6472be353 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1dd99f1ed24ba79324f27f70341e1f46 |
| SHA1 | 9c4bddb1e4733035a1b3d1e19f43bbcf17481f4f |
| SHA256 | 55769d96cc0658815352a69425851d87dc7ab33f611232a0c69f5ff6c6c799c6 |
| SHA512 | 2dbed783ab8618a52b1675bedaabed626eea02d85c374b258d58588b81ba2a46d8d759bc1c31ec06f0de21720b9360445f082f800d8d096e996f104c1a4a13df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f63f627d9f6464500186fa98efa14239 |
| SHA1 | 98e291bc1743f426005f03717fda8dfb658d1408 |
| SHA256 | 8527e447369a3896fb649cd5620abb2fd3e1185f2101064d254acbc3c199f6cf |
| SHA512 | 079c859949b6f481e36adf91c75a27b222b3820f4bd0aec96ebcb3ee83f3b15352789c3f45d5647deffb481efc3a2794e5e5b934241656c0249a737f0aa52b7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1aac20e2b734dbcd0ee1339a44e12ebd |
| SHA1 | 81c47d4161aff21798fc2212e66885030136a7c7 |
| SHA256 | 773cf07380bb5b2b4976edbcb96d38f0b83c57a70715bf1615d88740196d0a67 |
| SHA512 | 5cb29521a182e3cb194b901bdcf90e61b944a778a4c113f973810cab328a0711248d49a8b75c6fa395d131ecdd2b924877ee74826e09e8dd1104c4c972961080 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff87dbaa263dd91b0b60f114948efe9a |
| SHA1 | 81627d1f0cdfa1cf241eceabb5f526a84fa04dcc |
| SHA256 | 6ef44daedf077d2734f3624418a9de640a2cef41e6d66af2595a595824fd4006 |
| SHA512 | 102ae4bfce23041ac07db0232021174abd91012aaaf66f25173bc4dfe0536e09b0b6fdba6d75f941b397ad5aea39a6e1c5c3f29f0e22efe2d62f771f342e17ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 207b9c8eb23db4055a38718b506b0cf0 |
| SHA1 | 4dad982fe78abc3c7da284770ac60252bf4b0bb4 |
| SHA256 | 0cdf1eee7b70bf3f05328e0ccfea0b7b2eb6d61d92b6913069b705b9b9defc43 |
| SHA512 | 060e1aa81ede596671a2366a4e26ed2578beac872443cf3654e1a8d79b0d0d9b1b67b9144d7f937db594e2ba30d4cf509483bbb16e4027b38312fbaf7540b887 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07094740fec09b70d6fd979bd1b19b8e |
| SHA1 | 205d46399cc9328e05f12aa402d061f63b799d69 |
| SHA256 | df9eb57e3aa76c7795d40c9f15af271bf177aa1728d45b7a4bdce6f66842626e |
| SHA512 | f631757acf5a46bee810945d3af584c9a5487a80fcbc414697a5e7e4795b4a7855b9c924c2d9bded99dbd5c3f5321c8ff474defcbe026612ba7923be69e3c56e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4948addfe46d000f8020dafc088ed514 |
| SHA1 | 50c83a16a94b11ff717fbb6d4c0100fff1babd48 |
| SHA256 | 719317e80a7c6363e2f4ac4c0f1e0a265d151becd3928ecc8aca67be1b7bd196 |
| SHA512 | e47835ca1c68bba734c8f00dc11e215df43e2d946a8b407283312e79652a1168568e45f9359e0e309ad1680e01dcd74b2a3aa58774bd8512550cf30ec1bf2ec4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f96875bd3d66e64d0d34890f1cf403e9 |
| SHA1 | 71a783e74e41649b51a7c8dc67aa8780b84c7ed3 |
| SHA256 | d3e19f755828a54b66e864900ffe6de00009a60b9b7abb6d498fc045a22ebd6e |
| SHA512 | 633590b47f4e61bb6560ba9cc25699fef0276ac8f58b891e38321823937474ac6b660d6b0ecff6a8249256d2ba0399227de774aa3067d15a713ece3de2b7fef2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7a79cd0fcfe3e15676f2b7e200b583a |
| SHA1 | e1ac914ad3a3dceb85b4d29f54a97bdda555e81a |
| SHA256 | f9f5b0f83ec6abe233bac5aab96c14531f0e538fe10cc35e50f900fc94ed4943 |
| SHA512 | b9355de66226618ec606fa1f2c4a7d23c69f23837f212372910b1deca241d4164cbcb5dc34ae6026f3b8fd80675ea30d69f069c01f5e386b8fca117d4ac5f197 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4207406fe3eeffc3cd260056b83fcd7 |
| SHA1 | 512efe28188d052c483f7552bb83e6149d8812a3 |
| SHA256 | d14eb9bb3a8984ab8f3bb79e34301125c79414627c55fbb0adeba608a3194325 |
| SHA512 | c454a0236a10d48097673a0aae5ee4139754d2e9d99fc32236ba671ac607700a9035f3bb74d7915964236c3752e1fb2bf0a12f656ecf0bcd98630a4032fc689c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40f93fc61171049d2b4c08ef7e20a204 |
| SHA1 | 2306cf2d1ceedf4b02fad85b7d5dca474f4bebe2 |
| SHA256 | 444bf55beed9a4456589f17cf2615a8e13541477716a661f1fbcc3f87db1638c |
| SHA512 | 78e3b47b9599a731573e67487295f589173f35da85cc8b43cbfb6fa1879b6206c259b243e888b40c4c69ea12521fe645414d594434ac4d9ebe5038f72e0e0fea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7134f91dce41de2360429c1f8e032f0 |
| SHA1 | 021ab4d810125fe3967c180e26bdd6c385f17630 |
| SHA256 | cbcf2931d65f55900a50c0993cc57670b1f6fb4ffe07f06eee6a747b7f82c02f |
| SHA512 | 8c0f503fe86741c9ac11119c2d67d54abe19dd7e4d0d3ea636c7ce26e52511919f3e9ae3ef33fcafaaa5b78d0209c4b174a03467c7846c5ab95d161406d8ffec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cf18a980150a570f608ac6e52c3bc74 |
| SHA1 | 35050072394b6ab3041ca237e893d1b64a3bf0f0 |
| SHA256 | f3934de7e29c8864a88f0d5d22cd7c9d73e0b5c3350c27f3317226a920f9465b |
| SHA512 | b2be25909b2b4a843be6569d7bf9ffe784db9bb187745bb38783c8f9e09c77f4f12a1dff9b549fb60e73d54229d21f01e1f4f46f8ef626a3b8395456db77d7fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecc7252b7be02a897e971e4e92de24b0 |
| SHA1 | 60eb59d9c4a57855832d3e642f13617081916b29 |
| SHA256 | feac1dc3901c8f82da924d2d5cfbc0717a86f3a7841e1e3a3b01ad42ed1bfa6e |
| SHA512 | 177633878de24b2fa8c954177b32d2eb23761daae7aa64a17962ca8f4239657120e24acb4c3beca8ff1763be68d9b12890be9bdf34e0cda6b176fea58d7b5d87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b42e94c8274eb1de2ca2da63a2351258 |
| SHA1 | 9bc5bdf342667e47eeaf03a69e61e179f9f2c916 |
| SHA256 | 36980ca343f61cbca8370344448ad99b2594e809154200af0157184e09796751 |
| SHA512 | 196a5669f57dbb29f0cb20cb82a7c8e3b08f899361878cdf56f9fb941f5e490be0865632daddde1ae73ee7bdeef43c83b55760ba0ec8367f0f177d205da51d50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1326d7f616e1357526b8e4104a8f7780 |
| SHA1 | b3cdf9cf283fc5aa4e9563310fde467a5639be8b |
| SHA256 | 10e05c014e4381ab0c46bc54c53a074557052846f42217545428ba2a5f8e24da |
| SHA512 | 70ef8a559472098633799bc04105c3df3cf00aca5af59118f389ce09619906cc66775d2e5fb4ef5e4c7b8bdf837e7b06485bf99ca0227af7f7e22c497b5ac560 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aef5afc598429f728b94f0bc9d01c079 |
| SHA1 | 6c96ea7d47965924519391e1b6785b477dd9c910 |
| SHA256 | 7644af83f62480d6dd222900a6ad56273a96cddc488c4aebca0f055770019e2b |
| SHA512 | c99d72ae6e6bb80771febc78b2664d6632ff22507c5e4b26eae1c6437b1b00fabd1d78c8b446f5384842334c1a08cd392ed38f996fea48c336093a58309f5e91 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win10v2004-20240508-en
Max time kernel
47s
Max time network
54s
Command Line
Signatures
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\de\System.Xml.XDocument.xml"
Network
Files
memory/4876-0-0x00007FFD8C4B0000-0x00007FFD8C4C0000-memory.dmp
memory/4876-1-0x00007FFDCC4CD000-0x00007FFDCC4CE000-memory.dmp
memory/4876-2-0x00007FFDCC430000-0x00007FFDCC625000-memory.dmp
memory/4876-3-0x00007FFDCC430000-0x00007FFDCC625000-memory.dmp
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\fr\System.Xml.XDocument.xml"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
Files
memory/4168-0-0x00007FF9703D0000-0x00007FF9703E0000-memory.dmp
memory/4168-1-0x00007FF9B03ED000-0x00007FF9B03EE000-memory.dmp
memory/4168-2-0x00007FF9B0350000-0x00007FF9B0545000-memory.dmp
memory/4168-3-0x00007FF9B0350000-0x00007FF9B0545000-memory.dmp
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win10v2004-20240508-en
Max time kernel
140s
Max time network
156s
Command Line
Signatures
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\zh-hans\System.Xml.XDocument.xml"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/3196-0-0x00007FFD2D290000-0x00007FFD2D2A0000-memory.dmp
memory/3196-1-0x00007FFD6D2AD000-0x00007FFD6D2AE000-memory.dmp
memory/3196-2-0x00007FFD6D210000-0x00007FFD6D405000-memory.dmp
memory/3196-3-0x00007FFD6D210000-0x00007FFD6D405000-memory.dmp
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:20
Platform
win7-20240611-en
Max time kernel
122s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000034f75a6f4896ca67973a6ba3bc14ac50d18f4e4c31d985e66f194a79f448c53c000000000e8000000002000020000000f79cc1ec0a2b1a9a542a80f292c7759cb40bf8a614ea0590ab4a31a05ea19623200000007e383f6be31e15ac72dcd6c9ef4f63b0e942d004756523b45d30113ae573ca02400000008636e639325f6ee4f5469cae04bb29fa47f92ecbb8f8b1bcadb032869c344aa9befa37de350f27c0f118de03456e0a9de2b17beb0386991256a95dddef23985c | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 709c1bf331c2da01 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000161614eadb4fed170e333d5dbee06eedc623cb0a352e10243a9d250ea9907948000000000e8000000002000020000000d41eba19e2849eab2e2ebaaa4bd9dbbe5060988c91cb8dde4a90e4ff62368bbb90000000b843a1145b0a240b74aabdbd400da433409f7877dfe5ee46cd6cfb03a42b93818fa5426687b4bd01c74e7ea1e0f0b1764fdfaaa55ef5a1e572be7209243fae4164d380f568617abdb870c40c96a6242f29cf0d21b33599ced5d34a0aa622f8aeee1d0a47b49d3cad98e35d4b9e893a63522339c7f8a34addd851b135b46c2061c63aff43c287dba6939040165d6ea6f440000000f8c443c4c579a4eeb426b485151246892dec71d7e65a0cb94bdd563fc076582e68780efa8fe95e44eb6ca04fe4ff97a080201ab73387c22d1984147d40ffb345 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1DF18D61-2E25-11EF-8B35-D2952450F783} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424954111" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\fr\System.Xml.XDocument.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabBB85.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarBC24.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61260c723e6fa3c4f8b41d4c822d24fc |
| SHA1 | a7a68577301d03b419ec43b76178a6324d9bdf83 |
| SHA256 | 97036078667e3695fa780550b55a28d91bffe7c99b3973299469b98ba4e38f2f |
| SHA512 | 816c0470a663a0dc104104780b676253844d2501521f86fa9366491c1e1c66dbb3d1da859bfbb9daec3be43ed4abb93c6bbd7ec0a95b1005ca1626476f6fe697 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d78276fa019197ac48c44cc5421f045 |
| SHA1 | 68f5dec67384fc59746ca983eb4e33c32d1fc06a |
| SHA256 | 9fdede2b9f7078127101c5319f599a64ae261c01b26aef8b52e66b555f10a052 |
| SHA512 | c56c15b92ec555d0f41abe6e48b25844783781bb1d88a2f42e8063a560d5661b2391ddc2d44c29e622a73f811768d6d4a0e013a67492a05a87c529a43e280644 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5e1fe0354431eaf55299bf6799d9f3a |
| SHA1 | 37fb97ba2a18aa2a99d57c79d5423a02c684fd73 |
| SHA256 | 35e98130f95823e418349f84b5a81bcccdebe8f4a0aa6856d091cd5691f94456 |
| SHA512 | c234ac5c114fdd7e3615b0fe7212188dfd80d4d83364f8773f9a72289238801e23ca13275a594e34956c15217870e42e6a4c2dc086633c684728ff293e47c6e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58ec4d0f83a2714f84cc55a489361ddf |
| SHA1 | 8c9efc72a58034877361c7d792efd28536a134a6 |
| SHA256 | d482a321a3ceafe1134f0142bc46f1cd3886bdb77a5db30b9b465d06bb6136e1 |
| SHA512 | 2133433902a42475580bd61cee408e50807d317f2b94c3421ab2d4131b0fb61f52ca144b15cea2259e916ccbfbb36983b59cfec9479d636e00d3a6aa15c1e28c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc4da733e78a50017776c6a1c7b715fa |
| SHA1 | 9afccf6e855e661750bfc23744ebf9c3799a43df |
| SHA256 | bfab3f4afe8e162ddfd274d9e4cf9e19fbb059f5daf84334751c97914da7b003 |
| SHA512 | ff89b55c4b7bdb1a9f38eea4e6dd8d11caf5fdd029d3382ee22512afb3d88daca33857b278d39b9c49afb64dc75259a6ab9c2fde6e94d0ae23cbf656ae15f544 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7550b2d231d40ee3c6f31c42b0b4dd50 |
| SHA1 | 95a6a9e5b317d901e75b032e7c9432db87b24740 |
| SHA256 | 90ddfbf41e3f15f5cbcb4a631a0f301b378a31fe3c7fa45ef4304f9b379034a0 |
| SHA512 | 567a850e5d0a1081b52da45f6d37814b3cee61c946b3375e7268834e08a0f8ca952e818087771ca1dc03385390f74937af32755f6b0b7356c1cd5fb739312118 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cad9f612ccfe4c55a7a388ab4666e0d |
| SHA1 | b8f2fb5482641874dc828e8bd1256a541875c04b |
| SHA256 | 2f91c930f2ad6393030463e9be51cd4ef1cc5f0cdae9ca80ca48540854006c04 |
| SHA512 | f0030d45fab1e71fece6837cd2e864878d3d3469a7084a3a8f83e2d432c47d737075a5eda0c12966a78663d395a37bfe873d877758cdb7e4a9e3817aa48ff41c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1f63a0010b3c882316de1dcbdd3336b |
| SHA1 | df504bf01d742f2c429cb6aff203ae53f401f0e9 |
| SHA256 | 247b3c0103e1ce715479c1110fdce6e9dab6681dd32bc821488c7e59f9981f60 |
| SHA512 | c898b45174f53e645915abe85a0bdd9400ae41f6a5e6164b57fe0414b23461e62349af002c8e5bee4950d47682c4edc1a175fcf10ba6b901e9bdb812ba342b4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13b61054a0484d635cd315ce13f2826a |
| SHA1 | 210e53d454f3614fa4101d1fced75664efe78a53 |
| SHA256 | 1c53294d56fb763600cf93b3edd36eb9894bedd1c6711b2df38778f0fe587e89 |
| SHA512 | f7f48407f458070f3b02211c050f81c42d1f51728f54b83731e852a6d8936f6fb81da8aa808246472ad4b890ef7576fa3b1423f99200947c92978aea111c7f58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c458ef2fcdc8e2f23fd7d6de124e5f9 |
| SHA1 | 0cd72055472aa42ba8805545c00d5e79382d031b |
| SHA256 | dbaa8a9491af166e25aa816a1f82626fa08ced41420c8f6b27e5c01f3b70511a |
| SHA512 | a8239f56eb8cc8732bb846d6ea113e4e64f75f9feb16a63e7565bb161318c2663c9deb27dfe0e5c90c1f030f90bf2b43fdc4b40caf7623cb9080cfc690f05812 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4768ec2e22fc721edbc9c33a1e08224 |
| SHA1 | 3831091807cf4598471c4382e32cc33194a2bc04 |
| SHA256 | aea1ba9c4c4df70b24853fb4e27f068f9dc43eda7bafdb34a7f527f60bd0f890 |
| SHA512 | 0b5a074c8369ecc55072ccdf1f5c78d86c4a0cd9fcb8513b4db8efdbcce7a735415f766c80a97a8b8ff7224befcc56b34894bd27e35480e3dd7e6f9948b27ce7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94e94343ce0614f345a58dbd5700fab6 |
| SHA1 | 19d5478115d92e4e4631f7c9c77e271ab2388b06 |
| SHA256 | c222770ae233e278c8fe4cf1ce23a05bc41a2f7038911199ce2ff43b1653d3b8 |
| SHA512 | f070c87d1b4d589704e7071feef4571b5b4522c9abef273bef12b09ed0d4e26fa95e552035a79b50621f56c8f298803da18e75c3349dad98f68d29a43e28773b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b2272125a250a3ba41898b41fd7abc8 |
| SHA1 | e29ba4098c4d1d991fdaf579b3332fea39f71703 |
| SHA256 | ede4dd2de13c6e0f34e54c5154b9d188ac7680aeefdf6a170c3203afa11d3d4a |
| SHA512 | 24dd9f26006d541a578007b13c07940e3ea971e7fedeb8f8a338fad00876ef27e7ab8ebfe67587bd7a45e457ba24205e518d3d03c3a7419ea73c4ab46cc77b56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45229e3d04c2c123a959ea3374d8e3c5 |
| SHA1 | 38e1d17b51a59ae34f4736b8d77bc071154d5c23 |
| SHA256 | 0801d484d9f1dcd983900b2df6b9412287af37e0ab0e135857125bbd953dba3c |
| SHA512 | ca0b4771a6caf4ff83bc6682cf253beaed4e2d2ce0b27537a4632eebbc47480b256c4b6acfeadfff0640694ed770e508cca834a7c1b2d901af9a951b105b578b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4028c426c305c06414a762dba9f01713 |
| SHA1 | b3695eda35e5c479220541bbff45368c67e740ff |
| SHA256 | ba0d4939c16090d8fa7193dee6c0cdf2dd7bc2056a5ae04ff1ea37d6292fbcc5 |
| SHA512 | 0e65d84e054690422a6c5cd53a347936d7cfb26a72e34c0fdd26b370cb93eb34eb207aa46da3095fc373d97edf53ec616f139e2445b8595aea073143fdbd1298 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe39a05332a9ee5a0910f53e41fc15fe |
| SHA1 | 1e5315a5aa33bea32e44d314eb21ef4e29ff58dc |
| SHA256 | b15f9ded49cfe0cff7cd146423d3c4815080763de787511c9e23160a7fef62b6 |
| SHA512 | 14bc8f76b6cf901888ce1e09991c8c35e555f7d287f424b4b710c0b02164a72e6f023b2cf92c24048fb50312de2c9c0989379e7788e62cb2eab0e3463fb6f589 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da5f85a77885f162947fdaaca7c20e0b |
| SHA1 | f92195d782a74f67b3872505d1d2b68a594eb6e0 |
| SHA256 | 28473bebb67e41e44bdd63e84e1fbffbf111fa211c3d8fb2c2af46e6cbbfdeaa |
| SHA512 | 0a3cba582138358776080917fe1e092d9d3193fb904fb46d5e22b187ec0a079d1bda0bf3b04e64e3aa056573aae21e70b319c33b5a3bed73f3ff1fa1b1bb2e26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d79d1f1bab7e686fb6f58354025b2585 |
| SHA1 | b34a7e7c969a81e9a7ab76e48ad2695a0f7ada9b |
| SHA256 | 03192bdf950287c7fcba8fd7a6e9d1dd7bafa64eb9d08159cf51bfec78ff634e |
| SHA512 | 1dfc893bff47c8e3b7f1886361891a8b0186eba927125254706c6f4567fc9e9f5ed4e1c13eace9fd5c1912526e5ad948e0cf74a8cfc745c6390fdfdfaae8f7b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb0ee65630105f950f4f90dbe4e117c3 |
| SHA1 | 08cd5bdbb3c52d579d9d3522f3baa5a00c37eca3 |
| SHA256 | cfa6c0687e82fae3f1f53c8cb99b18fbdb21238cf9e2759a1fb5eec03329d0c8 |
| SHA512 | 5c7686e07ae57d8a37404dd8c55183b4f4ed9ca715c9238ce2e3b5489e205782cddb89b75e6ad5c4e64fe80b73376e89bb68bfe3d9877648a2d93841c5e098aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0b9bd8b51743414ffc9420440f7222a |
| SHA1 | 3e855e63d68d51462aef4dabbae5d4f35a4e63e6 |
| SHA256 | 66230ac43e52a37e69396e43146571743e54fc2c090b191a4e824c09fc79affa |
| SHA512 | df74e32e7a30fc9f3d0b7c14ce3a2b9f6f39b4eaecda9a2755bdba9abf5799b91fa04b93956938af701852d9ddc9db8638c53c1e867f7ded2e971aaa4e89edbd |
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win10v2004-20240611-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\it\System.Xml.XDocument.xml"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
memory/3024-0-0x00007FF946E90000-0x00007FF946EA0000-memory.dmp
memory/3024-1-0x00007FF986EAD000-0x00007FF986EAE000-memory.dmp
memory/3024-2-0x00007FF986E10000-0x00007FF987005000-memory.dmp
memory/3024-3-0x00007FF986E10000-0x00007FF987005000-memory.dmp
Analysis: behavioral19
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win7-20240508-en
Max time kernel
134s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000010b2ba798eec3dfe43ebd2b078a6386114e1083bec272b715e87fb60aced32a0000000000e8000000002000020000000166c68b211b4b26f1eeb5a76e1e2a660cd7cb141431ed62396334d5ceb29acb390000000b45e31afa69512e67d3cc5050660c85430c1325df99d9780dae9a01adee8678a16311aab4ed5af32589933db3de33cd5d2cd57ccd27b64aa9042d15792b485be62381137ba55bd4d7e939a88381b746d2f581daa6e048edcdd8cd37c59df5598b8a52f3b4d4f08216af66e3a0b351099679733048146c6f345959e5ca6a6872136cf5330b8853162257cb5a47b25e40640000000d9741f34a15fe31895a47569b3d140cbe648f45fa74208e977963eeb55ad4d42335f48690c9df44eae8f55e29161d9fbc1e1b4ecfc634bba6094d3cf1ab3d020 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424954110" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E115A01-2E25-11EF-B6D8-6A387CD8C53E} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000000a424113ce535fdf02bc1000bee0453872ce5ff3f3ddd96f2cf3188cdb146128000000000e80000000020000200000001f70ddb719255b0333498f603d2beaee130b9ab877626f91ec0bed73eb75ed7f200000006c361d629f4fa62d07f03559e8d4bc0344ce8ee11756ed9a5f494635b0f0e894400000006d8862944a52eef7c11113182003a50e73d3dc64f7bd5936af6858da42100e87a3ec323aa4f0a3d806c040df9dbeabdef5713a672cbf04d40b786630bf7c281a | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60dde0f231c2da01 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\zh-hant\System.Xml.XDocument.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1344 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4C00.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4CA4.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06fecfa041ed94ab88c1c4a173ab32b7 |
| SHA1 | 28a8afc1ae62eee8dcc8d6083f9fe2a346e30a0a |
| SHA256 | a80e2686d7bae4b3de7775cfa52641f35b9cb0773970cedd52b995541dcc178f |
| SHA512 | 99c66b11848805d425287b75729d5c381f741186768adbc6ea3265823ea67e1c2527f6d74b79264c0d7535522fd9275bdbb63f58eec0d255613670cbb4fbc064 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2c3b54fabc5d662bb50ef9e894ace1a |
| SHA1 | 921111454d5cc590d7040050ad4b4fe22f7bf66c |
| SHA256 | 8418c9c49c5433f89d42c66f54e76a0450dd42eae85cd4d92164737fbbc352b3 |
| SHA512 | 09843b85da63eea9a9f1c6a53976d57641b46c7b8ef1213053b8c6b79756285bed45d35e9f6d9c6d2fe73250ba8715cfed1bf73f940fe541277aff6ed2b14162 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c9f022af8dd5cbd3cfdeb1a5e2fcf87 |
| SHA1 | 235d8c0b4bfd7667561d49b1e84f5cc634d66e6f |
| SHA256 | c2fa3cb3085b1907e1b3d05c9b6e7388fce4a7e4c29de7b604c0e9775756ec32 |
| SHA512 | c1084847c2fcc9e49bdd9c60007b6c74e13b3c7645b63c0e5e34cede5d62e09bd38b714741e91feab106a59ccbda4acb1bb1a8d20151a0401bb587f0537537f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27f04298d35d3ddb99a203d77c36c981 |
| SHA1 | 4469941e0eb03a6795786b1d604ed8b59eb8b1b2 |
| SHA256 | 0197c43f0d2ee3c0571933dd04dbafab0004f5227c79c5f55f8b8955d68485ed |
| SHA512 | 9ce41b7910fd25f52fdaea810ce56df0f067bc62ae9bde73a8229f0f39f64d896646062ad3ab3b4034f761b530f3452f0c06f60d8ead064bdf8d0ebdea067aa3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36f97eda29cfbf1aa267aea5336ac3c2 |
| SHA1 | 730b5d1209b678985b6395b0bff9f6d6453f469a |
| SHA256 | dbfe3a26b7de77b2a41e773f0921c6a776f2052752ba3bc1337778ab5577b5b2 |
| SHA512 | 334129e7dc273e75412e42ae0736e69f50ab9a0d8fd87e45304d453dbf6cfd717607484867de996d71bd5a6663b4e219bfea099bbcdca96c75aed845d5e07eb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8c7720d522429ec3743f9c8e03c8a1c |
| SHA1 | 4138e5774d565788f9d55d94022abc050208254c |
| SHA256 | 159089c326a23ff84c045e9eede19ed328b6aafe8580a07c2998a9cf3dc4b0a6 |
| SHA512 | dd721a6305427714d22d905e36e6607bb12322eb8af9f0b10d5b483082e9f1f0d56ef478f95b722663d2f43c3f7b92b0bc0cd3b8ac87df4933df3c784c4edf97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22a9bc1ba896d1497a160f5cfd3c3314 |
| SHA1 | 33d8c5a9e1a4d6a830376b1731a1509ff255b04a |
| SHA256 | 4ac2de02d427cd31bb499b6f4bf802c93e84d0121901c24b257db425a1cce468 |
| SHA512 | 7a871ed6eadb492c8ad370ab92a1288a3caa18dc8cf7151c99e2686e1e22b09cdb71972c274a6c80c15221fb4ae65efa084dcfd4325fe409bfecef5b763b31a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c176d03b85df15d6eba537fd6a7c15f0 |
| SHA1 | b2bd35111c8a837a4393d78415e48b17b63c2305 |
| SHA256 | bb93759cd3d77218b917b65cd004b0b8bf8edab34adfd36d2e0fb62d9cb75934 |
| SHA512 | 5c0187d2be0e1e792053104079bf77d60bf31315c4cbb226fced16a82f1904f8d074613b4cebc9e4b1d8fa595aaf2b74bcac498bb50e58a8262089c989d72290 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfdbf16172ba1c6e1c4e4fae68387336 |
| SHA1 | 1b147746e16979d0f81e562845a8b4e51bbe9d3f |
| SHA256 | 3546b5f53540cf569803d10f6eaae86961005390293806ff7deb0d983b605ce4 |
| SHA512 | c6f9c8e34bc1dc270275f558c05c6a9f322af095bc0888b384eb0de48e8890eb918956a8ace9286258b5d17ec2ca50219e94df5c4b976d75c093ea1e97b17010 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72272b1a2be9facb45dc78c6a1f74521 |
| SHA1 | f40c3857bfdf117b9f26798c3070c7186c9e0641 |
| SHA256 | a52a9f53e1e38fd64a8e821cc0ee6709c0b3d9c81a1044666966753afccbbd1f |
| SHA512 | b1c1d78f7b0c990d6a979af086b63a02a20f11e3aa50394549c6b958e2808a0b32ddea0276f070026d68518541832946dbb79db86ccab59f19e7b69512795e7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1afb3d3c831951ca38a3375128fef9a |
| SHA1 | d68cb792704a5a040cf164113c26e6e3b1b9a05d |
| SHA256 | 672258c02250866c01782eb8f2fae257891a460859432cdfea89580519f4497b |
| SHA512 | 7bd5a919935a461f0bae692dd106258cdd8b22ed137f629c166321bd342aabf01e3180ba4dadc3088518bb9677eb081cc63d72581cffdcaa98f05258d91f86c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f4e1897ecfb3a0c9c630243042f2d92 |
| SHA1 | c296af4ecf696b14f54a543ce236067f4d8fa9e9 |
| SHA256 | 15a484a863aa3320ad96c5d7fdaa8c11a527a64b60161b481ebf8ee01f082412 |
| SHA512 | 2218f36f2300b9698ea1d983545f0d6ea076ca0f2e7e0fbf73d3f6c9dd08d9f96d45d8272b6a713c3d13eb66164f5404a18941875ebecdcb3bf8a46952062a7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3926a72614023a7af6acf3cb6f6ea2b |
| SHA1 | c4a4d628ce7ae0b1f07640a9d3ddddcff98dde7e |
| SHA256 | 33c622341bc36abb42e930ce1723772f93f0ed47d612a2f7752ee66f85f242c2 |
| SHA512 | 9b6a6115bc63758d6f479df8486a1cc0fb097d33e70012f4ddc437fe0239737935c4ae03e2fccf9d9e9af9939049a273e482441987a395a52b86dbc7c8b5652b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fff25872c54aa02cac4c7a31b115161e |
| SHA1 | c4f10be737cd1c8cc7198c784b26a2a1c57fb9d1 |
| SHA256 | dbae785508673c836a5ec12697f8e24025e6bf8fbc41d87fd70585bd77d1c2b3 |
| SHA512 | 614849e897afbcfe43e8404ba183a4fe8140524f4038bb419aee521a6214ee38eeb2bb89a8acf6fa90c5ad444c0a4e8c7986e2327bca6c99e9a42a05df6458b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5519d9692ca365fada7df554a8c33595 |
| SHA1 | fcd15ae66ebf9aedd9552704a8ecadf85ddd46e7 |
| SHA256 | 07de96e6b02f1f004867f42fb03e3eef732459156e5e8588ccc27bf7180038f5 |
| SHA512 | dc3415779878858faa8f4e8fe988d97557bebdd6a7b60aa033adf52c4ca09ff321615dd1f83647e72debea9843b3285f5e9b48ab59c7c33f5e564e65b25e7160 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb303cb03e2499a81e6da88eaaca9de7 |
| SHA1 | 032869da538d5674492ef97fe960314203269ed9 |
| SHA256 | 4d4e2deea603ce6c978039cec47238e48e96bca26a2577d5922780f43cac59fa |
| SHA512 | 45c4d7bc6795b0464ed106084b5bb1079d04627648fb6d95685f3a33a6867e69041c2d45f45c8a0b1f47012f8277de410fde7634f6197cc299d6ada2d3d9f4fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3173d81036c34aa8f87e134cd21191c7 |
| SHA1 | 6338c414b2aa6ceeb1a5dad184de4f05d0a6ba91 |
| SHA256 | 9569c08acd376c3140e757c89ca2a212b79df01aa05c26a72b76f3575a3e553c |
| SHA512 | 86e7960c62a0e544c3aa127ff709ad94f11c51477548f6c50346cb2e89f31436da3f41ac56cd65c56cf28bc9f645950ac3de8634ee304caedde8b4cf12bcaefd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97ba7ae62a992fc8c6ffc77dc47c4088 |
| SHA1 | b45c693109b38b185157c08e7c61ff3847ef6647 |
| SHA256 | 18ed9227136e2f94ebcfc2025e41eca4355d73bca1a08e020ce77ed680516116 |
| SHA512 | ec1896a340bccf3be5c4fd25f27ec3422b1cedbc4c2f80de7b402b4f9e92244ec25a4f71740761318619dcf3edfc49c2951744a0ae7e14c63c70cac0d9d8d793 |
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win7-20240221-en
Max time kernel
117s
Max time network
135s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000040f5497ebd425640bf32eacae3d7506e000000000200000000001066000000010000200000003496bbab17b2c6762ee14684fcbdf5b39d2d98488eb1a09283bc9dab67a6addb000000000e80000000020000200000009878c3b2c7077e6d9aa79a5980cad6e8b7aa16344627b9d739d8ba87487766f9200000008a7986d74e3e8a31ca0aca0fd0f7e795e2b23cb408948e68d98c7338f604892240000000da1b1da75e78ea3ba8246f4977fc736466c3cd153dc82f2eaa9853356d11f8bf922bc5b6fc7499158fb6321cb7c95f0462aa0c23ea7885e7020d07d0791b4390 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000040f5497ebd425640bf32eacae3d7506e0000000002000000000010660000000100002000000060408fe3e3c94d2ac5956c97be30c5dd8bb69af1b1eaf8dbda511f6a107f0fae000000000e80000000020000200000001f8413dec54a79a371b0bf20d4c670fada27a89b586ae40876ab3970dc5a6ca790000000c376460e4ee22c90ce061c782679b3c00a7569481f8ed07cd27bcfc927ff28d339e191a700fec840297926fef993817dc11bcb963cb52caa4404680793a534e0db757a356e428b19d0c25056744cf654399c0c44fa5cd06e45b8c4e37a9bd8fe09a65e183408e9f37eb0b57093df260ea4539105dea78b5ba7f467ec747414efe77a2035b6456bf331ec56575799e41d40000000b0c4b66a6c2ede9e0dad32eb4851626310e086d83d17929e6068e5db0d26b02fe6c7d61356284b4487b7fc1248f80e5b570331719cda3abb0be9dea93fbcb490 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 305c5ff331c2da01 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E6E8591-2E25-11EF-A38F-E61A8C993A67} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424954111" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\ja\System.Xml.XDocument.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5785.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar5867.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f032588c4719bd90dff096313fb2bc83 |
| SHA1 | b26da4e316fdf01d11df02d7f409859b793ff6a6 |
| SHA256 | 562ab11da7c585b9eedf87c4ecc90010ebeefed65ef6fe8eaec0bc96650a1a24 |
| SHA512 | a6d6af53561cffdbd3091849450403680ae4dbf34acc809c4ded8e0b222f87aadd1dd22d2892882a3d3431830bf080dc5c45b7d2fd57a3e56442495c6bc9f304 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 213cbba512386bb7c111cb866d18c248 |
| SHA1 | 134faa6c94476bf7501e5e5aeddbf019298ad6e9 |
| SHA256 | ec7f09d953a64dc9aef9cbff54916b9c608872d77ae7eadc4032b27fcff0cbc0 |
| SHA512 | efc9371ba4e6dd1a50caf1780d1855c755f1e9800ed0270d37925fc89e8181a46c4002e2cf0eb110fca4b7d51a5de92e95d28592b79592882f29acb4e3fc6c0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdf083d2bc3b57206f3e656d94ef88f3 |
| SHA1 | e4693124fe3163b6afab61902cae0cfcd463cb2d |
| SHA256 | 08decf15cec3643639abce220ba992cc242c44118b987d4e0cd1b749eb3d478c |
| SHA512 | a2db6dc350aba147e18dcbe6e2bc90c7fd28992352b3682375571f9bccdfee2fea9f8bf0bdfd1e249e0c006321601751cb0833e0a13acfe44c4351c64d729bb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d77633e84ebd6b9926bffb56deb7bb64 |
| SHA1 | bf6127abe52855a119acd3ae616be871f5d8347d |
| SHA256 | aa04f872033c11866f213da50c2606d1bb57cefa567343a89b857ea13e241632 |
| SHA512 | 0bf3e9b62c40d2f3b9ab1bcdbd0c38a61f73067dbd66a4ffcf3cfa30e020cac273ed730641ecc8485fd0a1f86704763db70664be9375bd2c12513884c3daab16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88f7633f5aaebdda648d4493c66f08a2 |
| SHA1 | 81379a0669f338b509b9a72ce458103539db3f18 |
| SHA256 | 1580035e7b1b9f29e8d65516f853d0fce87f23432c7c0ac0bef15a58b498c845 |
| SHA512 | 60b054931bec5cf73a0947b2e9774c01409b4ced9d37c79153b82de5d4b011457672d92c80627ab5cbb5313bb109d73e1b21eaa253844fbe4319e7a6a914bbb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc677527a77fe11bfaf51ba4ebe35dc9 |
| SHA1 | 7ae7a4916d3737861d6b41b3adf12a243238afff |
| SHA256 | 18afe62157a5231f8c5d5fa2f634f778f07903756739472a6b8160795b774d02 |
| SHA512 | b26b590cade4302d528c9b7d7bbff8b888c7ac7012e152b7da38783509092574af5172f1f0aa56f311e468d77cbe291c88a53b1c7fa77512de9eab4d2ae0c93b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7a30765882066aee0bd0951230a7c39 |
| SHA1 | 5e0d1cf176e17363c2a286b07c4c95dffc59f0cb |
| SHA256 | 04e5af05aabf25e4b68addd811abffdc0cf7d84c747705af61e3968ec5fb2c32 |
| SHA512 | 673c2862eb07e11c648d4cc518bf9f0a031e07ea74505e21448cb04cd86892c844367107f25179eabc62801d0a6deec7efc62d691759d39978ff7caacde848cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d806074a53da59cd12fcd344ec29145 |
| SHA1 | d68a6ce0866870a8665c7a5f52d1bb0ccf806226 |
| SHA256 | e3f95afc07b8a993ecf1d644715d921dae61ab77510302f2cff41baf512b297d |
| SHA512 | eb5072f9655a112b0d70565532641df665640a1bc3ea35dd6b34413619b8fa22e857f8880c110db3f06aed0beb3f47fb86a13d5319e2d6fd6069c51e27328654 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7bff59659085a65249fdbf5504bf7154 |
| SHA1 | cf7d4eb6c27c51b7a142412c1789fdc5959cf7c3 |
| SHA256 | cbaae6f64b028667c3f972cf6f64da3a0e1c2d86f3503fb951108e3d7549eea0 |
| SHA512 | 319ab86970f6f08b2c7fb17874a1c36d7bd3e59c8e1ce401d9700a5c691367bfe38a5f75ff1a9e7344bcf7f177f95c8e34c06406dc15a7246662ec4abbfa76af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b041f247fd2d2dd810e91f2fb27a8428 |
| SHA1 | c6ffd6d9fd136e4d2e7db3c6c3adb9901df87347 |
| SHA256 | 3b91331bb2e210fb697e4d8766970bc39769b1cb83b1ee825c1c265b9f8d7f07 |
| SHA512 | 721a0bb1e81546dd66918f5a9e1d8f04fd6f911af99e92d042ba06ca4ba758d8c30e679c9cf2f706b6ba54cd630f91507ae280fded7348016fd58e4c92184563 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66d2221c3d300e9f58f4d5fbb32c4a44 |
| SHA1 | 765c7a22ba1957b3647d8bbff4e21030e36e4d0b |
| SHA256 | 691eb8a34ab354f683a3c1808ad7fc7534cae6c6d82c5a34a0a147243c836415 |
| SHA512 | afaaa672310e688103cb3e3c3b2f1b8ed1d4e97508a7ebabefd33940d6624446ee2381411553db0a9061ea0f424a474169cae0d30d7cea60ae3cb745a184d0fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 626bee994be217e5dd10e253234c2ece |
| SHA1 | 3a6b2205b78cd4ed62f586bcb2427e17abec0a52 |
| SHA256 | ecebe7180a37eada91addeb3f3eaaa671282d7f59121a5f2b13723f7b76f3348 |
| SHA512 | ab3f58bc6d296f236f593f8f3856eb3277a435c3c57133135017a0d50c5efeb9601fd7b06cdef126da6acddbb8f21fa4726644460a6de6029cbb30c72182e1a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e4ccd2f4a4471a61bcbd134f6562765 |
| SHA1 | ec583cfb15bc857c126cd49f5c2f34f2b9262d00 |
| SHA256 | c95a92af4ae5aa16b7439c8e6f633ae21b3a5be398e7d8df0c6053c34e5ae4c3 |
| SHA512 | 0d44093da3da0e3f7ff080533296c67906b5add54ed7d5f1a75671b90e029eb3f9ac713c127e08193812523f83e1d0ecd8e8f2939d92a54022660c80028ee0ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64cd9716bac60620b37aca9b2834b3cf |
| SHA1 | 0645248d12f7e02ec90c4ea85471f32825219c24 |
| SHA256 | 308d3ce2ede6f75868a3f081fd00034dd3e177320f87787c5f367cef4d5c8553 |
| SHA512 | 770a6dc337e1c3ed113e88a3e8b5144f33ea54d57a7fdc71e150b866e4b4ef2a10fa8511b0fcff0151472e4160a46f89adcdbbd714a5dbd8910cc09829640ea8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a88791df318f9dd37462e3f83af8e911 |
| SHA1 | ce03a67173df5d83dfabbc5d1ce665fa0fa12e51 |
| SHA256 | 25b45c014e68ad2e4c1f35193deb9cf17bef63deed09134e222319732167edbe |
| SHA512 | 053530e3dabd605ec8d73e6ea089e2e223e89ba0c28392fabbf20825142d3b15e5536ec250c4adbec51b691eb177fea89725389bb9b4e02fc0b747e12bc1f103 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49fa9622282f367eedc7828d78e02dfb |
| SHA1 | 5950011667bc057139324fb9e670037e906cfff0 |
| SHA256 | 5398ff5fb0df652c90e68b4cd63215bafe4cb6e027bc807a532bc2971991aa14 |
| SHA512 | e36c71efe05938946c133fa3a4ff88ed4201f8b173182e68a2d7e9c36fe644e498a0ac444037579757b16876a63e0049564bde97e397ccbb901d6fa90d7392ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89b4754bd83f58a0ce7796d8a2b5ec14 |
| SHA1 | 5d2c121c3ca30a1df2b166c95336b7266713ae73 |
| SHA256 | 67f7e7bddcab176249a5e63fd79e0e6ea3364e6dc439228c90713e0caa3fe0c8 |
| SHA512 | 237a8b086738fe63f0bb4126247e183da1754d159b3ce3939f11b6680af87c0ff3cb14098aae76be5c3e83ee774fe855ed654ba43050cc65389626e9b82390ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27df5ec108e6a26a1165b60ff55a1e93 |
| SHA1 | 4027e60ba9242061c2a5d3488f162e273c4908dd |
| SHA256 | c98d71130e544c6306a05465007a4a83e4111587fc963418bd6983e4664fbed8 |
| SHA512 | d619970f75ba1e926a47fe59a6418781ab8172946fade2e86afd85335cb6020a46015e79c2f09179c0326332c3f3b63d6555e9db5ed775e0450c2b5002b08e81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1fc31f1dd00c74b432d566e0b6d1c34 |
| SHA1 | afb23c73dbe3843206d4e1f63fcdc02347311619 |
| SHA256 | 4cea888efb815b2e32f93af70fe8b6d69227d50de5b07f6fdc77c9f1e38dc068 |
| SHA512 | f265924fef803b5b57c83c8b5601828450d7faee83401440cfdda570e94dfd62796404b3d89e40042a78baaa2ada4c7b6f37c0be011820f997a505aa65a5664e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fce0bce592938add8fedf21caca6416 |
| SHA1 | 73fe437c89457f631d67e33abb7bcedc29e30423 |
| SHA256 | ab6f18e720a33886d9b6aa1be574f7b0965b61f075d5a57406d6815a31afa58f |
| SHA512 | 6ff374874a336d76327f942181573c8879722cfca2eeb3c6308cc9c1a1d6afdd4fd65ac71185d7e9087fb3d436c7cf40c823c8d2bcf5309a28b92fb3e1ffbbf0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8634fd0e919ec861c32889c3a5e6f025 |
| SHA1 | 738bc63e1a3a846630921ff15db0d8fa569b455c |
| SHA256 | 6b190ca3ab276e5b8b12b7327006c8970cbeba7d64882bb1e7464945c6331ce0 |
| SHA512 | 1f6945fa34dc1b0885167a0b3e8b534ddf9cee6886567247aa4c0ee5081d9e0ad87991bc2553c153a1439b59216900a5351cc0c848a29e7dce74bf15e565e8af |
Analysis: behavioral22
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win10v2004-20240611-en
Max time kernel
147s
Max time network
154s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netstandard1.0\System.Xml.XDocument.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win10v2004-20240508-en
Max time kernel
46s
Max time network
53s
Command Line
Signatures
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netstandard1.0\System.Xml.XDocument.xml"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/440-1-0x00007FFFB688D000-0x00007FFFB688E000-memory.dmp
memory/440-0-0x00007FFF76870000-0x00007FFF76880000-memory.dmp
memory/440-2-0x00007FFFB67F0000-0x00007FFFB69E5000-memory.dmp
memory/440-3-0x00007FFFB67F0000-0x00007FFFB69E5000-memory.dmp
Analysis: behavioral26
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win10v2004-20240508-en
Max time kernel
141s
Max time network
154s
Command Line
Signatures
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netstandard1.0\de\System.Xml.XDocument.xml"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 52.111.229.43:443 | tcp | |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
memory/2540-0-0x00007FFABF110000-0x00007FFABF120000-memory.dmp
memory/2540-2-0x00007FFAFF090000-0x00007FFAFF285000-memory.dmp
memory/2540-1-0x00007FFAFF12D000-0x00007FFAFF12E000-memory.dmp
memory/2540-3-0x00007FFAFF090000-0x00007FFAFF285000-memory.dmp
Analysis: behavioral30
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win10v2004-20240508-en
Max time kernel
119s
Max time network
154s
Command Line
Signatures
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netstandard1.0\fr\System.Xml.XDocument.xml"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
Files
memory/3632-0-0x00007FF929FB0000-0x00007FF929FC0000-memory.dmp
memory/3632-1-0x00007FF969FCD000-0x00007FF969FCE000-memory.dmp
memory/3632-2-0x00007FF969F30000-0x00007FF96A125000-memory.dmp
memory/3632-3-0x00007FF969F30000-0x00007FF96A125000-memory.dmp
Analysis: behavioral32
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win10v2004-20240508-en
Max time kernel
47s
Max time network
53s
Command Line
Signatures
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netstandard1.0\it\System.Xml.XDocument.xml"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/3512-0-0x00007FFE0F630000-0x00007FFE0F640000-memory.dmp
memory/3512-1-0x00007FFE4F64D000-0x00007FFE4F64E000-memory.dmp
memory/3512-2-0x00007FFE4F5B0000-0x00007FFE4F7A5000-memory.dmp
memory/3512-3-0x00007FFE4F5B0000-0x00007FFE4F7A5000-memory.dmp
memory/3512-4-0x00007FFE4F5B0000-0x00007FFE4F7A5000-memory.dmp
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win10v2004-20240508-en
Max time kernel
118s
Max time network
155s
Command Line
Signatures
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\es\System.Xml.XDocument.xml"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
Files
memory/3832-0-0x00007FF970870000-0x00007FF970880000-memory.dmp
memory/3832-1-0x00007FF9B088D000-0x00007FF9B088E000-memory.dmp
memory/3832-2-0x00007FF9B07F0000-0x00007FF9B09E5000-memory.dmp
memory/3832-3-0x00007FF9B07F0000-0x00007FF9B09E5000-memory.dmp
memory/3832-4-0x00007FF9B07F0000-0x00007FF9B09E5000-memory.dmp
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win7-20240508-en
Max time kernel
119s
Max time network
125s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424954132" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000b55bc09d84cc1d1ac67d7e1c57b17dde9f7ba096f69cd30e6287e0d1ebcbc24a000000000e8000000002000020000000bdc416001b60b569938368953129cc323de961b0a1c2ab1ca6ee4e2ba6ecfe4020000000a0d170c1bd9ebec8c769a76152a8a64cdb8ee5bea72a81f082c59005ff5a072c40000000c9b7ac6613467a894b1c01296470cadc272c3d4982c99f20737a04229e24c4ff6e79acb09e85d3ea159ef526ab80a451bd1e4305b6bb05d4ea68953c299dbdf1 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 909cabf231c2da01 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000002f3ab21e6cb01b914db1c3d8b86f90767b6f5c3c64a2cacad3d2394cd4a46fd4000000000e800000000200002000000025248dccda0ebfcf45d664f2be43c7f8af2f608f54c6149df900f7f101f7dbd0900000009247cb08b1f4ecb6f818fbcd15c3b354b2ec523a1eafecb20088c31d3e15b139906c07d5bfe6c111e23396ead4bd197cd66bd0ccd00a881d4cdc910d7c8ea9c25c7d6fbdf222ecb959f6b7c22f09e65d5981365caf821fb60f1feb59caf81ff1b8e7f1ccd221480d90adf5d13c29a816ae0ee3f5bceb6ac0302907af714794080c320358a35e46a231013cf067d86b9a4000000040af0d82c9e7686c197f3f19fd0b0a562abcb36276acf2868e3d6fc4839db8a7707e7ece4fbf13c712071569c582ed77bd6a7c598711a467d083c4f6afddbc38 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1DCDD0F1-2E25-11EF-8962-7678A7DAE141} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\it\System.Xml.XDocument.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:2
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win7-20240220-en
Max time kernel
134s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424954110" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5020f9f231c2da01 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a69260b98522794b9defd9ebe1e4f4a100000000020000000000106600000001000020000000e3eb723cf3957d0825f4919a9623c6397294c3cb3f3e9491d68dcafac78eb7b9000000000e80000000020000200000005c1cecaa3de69ecc1075726e4c598499d5d290645ebf9a8f8fb408f19d9b96e8200000002a461fa14c870c615222f31cce2bf0b12b630f99a61f7dc61379946f4ce1865640000000315796854338867d2ec9b3ca908604cb9c0fe17d765811ee564abbaaad1e23d633d78aef1255f3ea304bfcd54fc043543e8a4f4e6f997a4eac163bfaaa9e3bcd | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a69260b98522794b9defd9ebe1e4f4a100000000020000000000106600000001000020000000d1576d0af4897fcb645015930d0dd20c8b04205b72a5c94d1e2d99c06ede3fa3000000000e8000000002000020000000d6ebaa6da0e0c74bac4b3be9c7679cf596ddd96e8a1747acb09792cabf650095900000003cceb3c976251e8872eb282ec03467efa0791cb8d94233d29e78fd58ee5ffbe3f18bb70737be9cc9fbacc2be0f2e73f956e1cf0187766d9d24b9601848636bf88092ea1d5559cd73184584603ec5f92cc1e95e3b1b7f4a7d639d31d27cf61c221175d173c144e24ac30335d911206e98ba0fbcbb187c76f4206d91380675f50992f5f720d68d66b6fdffe939683094484000000099248c8d0a28a488283cc34920ddbd881a80fc9e951be13df2c75d0391597a408898df0c2dd18642a4903e525ad9835bdc8c0ffdbd2331d051b8709b3101ff81 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E18E3B1-2E25-11EF-B54F-5EB6CE0B107A} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\ru\System.Xml.XDocument.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab38AE.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar39A1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 050351f1acc5befc5698c8a5647ec990 |
| SHA1 | c6c52ea15a51f112bdd591eef2199023b79b1073 |
| SHA256 | a0aa72e6f8a13b63a478debe5df2fd26b27591adf3445dfd4f3890c94901142b |
| SHA512 | 0e5bc3d72a790aeaed9fe66e6639f3854c72ee33994775d7b73d3ec25a8f9ced0f3f487f7eba6fc8987d0adf527c7081b6a92c5f40b1fa2f8a706c86a001eedd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ace81162d36be5f314dcccedd5b8f501 |
| SHA1 | 6cc86e401bd2ef2f6ab0aa1c6a9e69eb384169d8 |
| SHA256 | 1f60a9b4552099a6f6745f91209cfb0867ad670b56b5f648e27d78fd6c4c28b5 |
| SHA512 | 79d5dbda268a3e6208e990808f29806d2438b596fe5ec817165b25cf65cbdf6217852916ae9dc715acd08dc6f1bd10cad8b3e741b566d6cac6da5c56d0abfc45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0445a4b139a7d6487ef260b12b806ae4 |
| SHA1 | 4441f0795e5b1052680f493aad3025d139735db2 |
| SHA256 | 976715319d2ad4239fabbd02f1d76342499b457fbcb1612ecdf022748fd8df77 |
| SHA512 | e30116e7756e4cdcd7f52b0724a994d5fa87d25956eb5b9e9f9e011a47301a5a546b0afb2d22588eb8ec9c1b36a29a9dabb3fa1f0bbe62f6bb5166d00c5bdc40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f67ccdd3790cd3fdf377c3974139bac0 |
| SHA1 | 6cfb97b99fd7a5744f55c5e41e28221cb693b7c7 |
| SHA256 | 6785b1e87177d98a9d47dcce9aedf125598cea8f0f167809880a53c6b44f380b |
| SHA512 | aae118347c7b297671b4ac12739ec11eadd1b360eac619ec8689982c1c16ffc3385752fa5645439af4b4fd32de41ac54c55d0343fa30cbfab698700e52e9fc3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d84730febd4b21f94c9835c18c22e514 |
| SHA1 | 4bd382c308e9ff0c88f65a5680157be9dd324fac |
| SHA256 | 0af2b6eb1bd34ef2eeb99bcb472e42e4b30dbad9282971acf1822fcca6aec70d |
| SHA512 | cf303a420f172a81d493635d69b140ec16d2d05cd56e7ca5e681ccdfa735566ea8187712fee48604c3d6fbab31e2f361fa5902726ee794bb670af20207aa6148 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb405b5860dd1d2a61c74f1d5d7d13bc |
| SHA1 | df83309e23672f68074f1103177cc2fec427b07c |
| SHA256 | 62bee67afe5c2618887bae278250a9d48018e90d2e93323594ab5520cc6c19e2 |
| SHA512 | 10144c3dacc01284c1b8ea6a68a16405802ae3c2c8af898a37d77c5c15ac7ae07b2301bb76d5acca8557a9928116d9adcb55fa0f92d44b976f306cd24bfd9122 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b704023a1d87c216dc7d9ddb9f2b7148 |
| SHA1 | f0986d20e0b2063ddc4f6840264a6db728356c8f |
| SHA256 | 21da8302b2347a26f8236be244864b773f0f29fb7076d337e0ceeb27182d3be6 |
| SHA512 | aa1b093a202627b20582e172c0b6fb953eb72196d16bbc6d0be5fa670eaf7f2834a45afce690133e4fe6b802c51edc16f686e21089ddbb5fccbc0174c1331ea7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f9fb9715e9aba73e985e613ae5d13da |
| SHA1 | d05d63cc1aa70985d57b5413729f34eedebfb87b |
| SHA256 | 0748e79aa528013c10a0cea6dff934a5f3e0217c442d95d18a240c1868ee3082 |
| SHA512 | c65739c9ba1f339b7a959d2abc8ebb54a08dbabacda302a041150d4cf4b3d9d9a76ebacd0d696019f9cd1cb10bec00ec8271436d0ae229f7928815ba87f6e5a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd20dc396835add1446740dc326233e4 |
| SHA1 | 9eab7022cd6a244ec9e8cc1f773befc5657bfdf4 |
| SHA256 | 42253ccbb60698c13585b2abe9e0215970895eedfa8268390f0b8b26d1ef3ac8 |
| SHA512 | 4a0b56743287d5eee5dec4866a9aa071056285eb56393ebef0f7012cdac24fa21626274ed2bbb0546413cd115ba472c7a1775a3f7d9e42ab27cced52f2aa8a74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4dd95b23a3b311a05782fb8492e11ae2 |
| SHA1 | 8923f847841ba63da630e80e463207ef263bbed6 |
| SHA256 | 0d19eb5230ce5aa6a72776aa15c901fc9dd3917a9e69f29ccac92e2b7c88b97c |
| SHA512 | e6bf7df56cf6dc02e2e820b1bcb6d12eced90e7bb9f648f25d4779f2adac6d29916fa8429624a8a34ff6f99a6ee583c071f6f073f5af3b7719d752f54beca5bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db2d5bff9eb0f79969eb475968724982 |
| SHA1 | 7b80636940928e90e107c8125fd72a9c5b1d4bf6 |
| SHA256 | aaee75171bda825267d4fc36fcdffd33adc83979aac610eb447142747737d919 |
| SHA512 | ed77e20d4b392d61197fcdd81b02b30daa78f8e779c095f7c3171353c69018886cbd3a3ba6afcd6346c29f2d1187340eada730c868405a98fa8b3cc970118ce3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1748e6dfff16e1ad803f76ff19ea63db |
| SHA1 | 24b0c18a786029368f2ca538afc992cdc5da44e7 |
| SHA256 | 4ca658b3d82409f3e695199291a72c46297277656b54a99e81e0b97d158b58c5 |
| SHA512 | aa0fc4b1ca16a4e596249eb5adbcc0d277c4460ea0d7ae15db6dcafdda9d6d2dfe1cb950319a9c905eb9393e30fc639ac78cf55fb6646a8413de4a3a3fb361ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4e7d2f09b0900cb0ef3cbd3990648fc |
| SHA1 | 5c471fb5ad3c3bd3d19cb550292f53746e840d33 |
| SHA256 | c5c088e7dc7589668aa27367016b95965e9027d381c36ab7b6acf6ac7ef1d182 |
| SHA512 | c856f18b207c2a40050dbef0d76bf00f7827e895140373a482199d466636a1e1d063e1ad629013fea480bc528ac09d13677ce600fc04d2bc1e88e6bbfbe8f7d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b99023dbef752734aeddccd2b959510 |
| SHA1 | 0a1dd70b88bf327847523abd55678421e80a1bd4 |
| SHA256 | fba4ed489d3ef099d5e1eb1484559717dd0762dabed46f7c4811879ccfab7bc0 |
| SHA512 | 31449c0c0b11df3c99c15bb79d87116d86afd6ff7ffd9c94aebffe5a11a5b94f1ccbd0269ae7e124a12c8b6e1a20e910ccd3447a16b947e73e4bb95db3525ff7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27641ee7f5a7a07f5169d1b9cc10f9a7 |
| SHA1 | 287e3dcb4e156a61b4632a894837181c149e1ce5 |
| SHA256 | de2010288e70b9e2910759aa766ffe2407f53c674d9c1e927dc3f7bc36c52c34 |
| SHA512 | 38491d3370e001f964815de15ed5f914342c9c44411b1a503c9adb68154132e6efa7a2a60ab416b98f7705ebcadfbec9cba86bf397a6f92a0487f4cdb0dd0698 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 670e29cb51b9424c83adfbce23075d1e |
| SHA1 | c4ee4a4ae82e44cac7ce3b56889c801ab796d394 |
| SHA256 | 97a08c00445b6a6052a690542151f212f6bbc106f51b01dc84285274a5612a8c |
| SHA512 | 16110432acc7849f03b66f669921194b83c2451d7148792a14b16e523f2f193c4d3453bfda7f95dc5610acb1ed3d954d0b20b5ef91fdd098973ea4a67c68450b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 536e2ec8323f791d4d6ce0b8be134a61 |
| SHA1 | a27dc9696e7e75a9562aa506163bd8c0b81ab501 |
| SHA256 | 423b2fe970f988337a28a1aff822c752696195f8bcfe87285472d5c0b1b29612 |
| SHA512 | 9570ec83836cce1ca3de5aefc969eb9bf20040945da97e55e97e9ed2170cf3906484a8717f59f21edc02a1f644d79bebe26522e054aaa714eebe53ba835a6784 |
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win7-20240221-en
Max time kernel
134s
Max time network
132s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{170E5691-2E25-11EF-B5E8-DE62917EBCA6} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002a16825a89dcbc49918749bbb24ff12400000000020000000000106600000001000020000000be51ee06d87cb18123d5b98915eaa60ab2ada4251f70da09d666d23d1638bac2000000000e80000000020000200000009219d7e14c22fe9bfce0ecc557a74af2cec3909ad786d84e97e9c69b396c57449000000082b0079ea6e3bcfa7604a6cbe733f168d4d86e637a53a26cc89413f6d9b96cf5588eaf9993166f16fa9504b591626abedd42357fe7f8e0f6d9e7a52989c99a6ab28bd3a3f4ef132905c2ccba3ce83dfc28df283e7ee50cdef7b824e0f9038f7b2b7f757580c2deeb665ad7eefb6e90a8c87e478d0803b585630a2664dc7630d273ec0b244e5c4339d6686c79081ff62440000000d33ff07f9108474485244010bfb936b23c0b3f0d01edf9d2a69630c3ec9f8c893676185bafd08901b94b5a7732d5ae04e239a6ac844910afe76682c9aa8f96e6 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002a16825a89dcbc49918749bbb24ff12400000000020000000000106600000001000020000000e194a931690c11c8d557901b07d65291aa8962e163e6f89d51ac32c91e454571000000000e8000000002000020000000fc5342cca8d99b27d8c8814e73abb61615ec0b4331915fded4eafe97454d398920000000129b8475a435b4a04ebd76151b375b31ae243261b56b0a009788ae1cb3c7c8d940000000318a66491aabc67933cb3f88b1cabcb1ca872360aa0a595f58a08860e2c488a0bfbc29a8a7f05157bfdd0616fb67a52115a710f63fefe6a71af0e690697690b5 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3088dbeb31c2da01 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424954098" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\ko\System.Xml.XDocument.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab435A.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar444B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fe1f29e7214ddc1462a1ad92f89e3bf |
| SHA1 | e95918071bbafdbc37de3a02fd14b70fe55906c4 |
| SHA256 | a392d73a1851a04523b7c6ef959acd6d342a21e66f629ddb009c1ede150cf0bb |
| SHA512 | 7de8c46e70483e408c4cff17e15d7b2a69e7df5ddf26af9c5ab954feb6ff48db96c7d844b59cb33174bce9236299ad680be023c12ecfe852ea635ae96a12de4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe857f11fc51373de8dd5d1c0ac0295b |
| SHA1 | c99a78cc522bc4d893534fbe371155939a283430 |
| SHA256 | 68390d25a45ec041b45b186b51a57ce3d8cb4bf0d4500bd813f8c6cf02664854 |
| SHA512 | dd7b7041d9784a4069c471f59bdec12515b9371120a8771c5cbcd89ba36c84a3a6babdea7e019547ce438a06fbdcb2cda108734ad51a11ee6489687ee8acfe46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6524d9846c5526beaff656056a881081 |
| SHA1 | 16da4acb3cf9288c9efa35d58ec793151163ceee |
| SHA256 | 8385eec6fe926fb16d87656887d8147f7fd52099784ada61dec84ec562d910f4 |
| SHA512 | 99ff23e2a5781b39e6531a4c1a751ea4e0798bb0a85071d27995b1cd88b78ea13163c2eaedf84bb95354804d2da4c52808e129e56fc1a3b26299f7ab2df5363b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4ff004013d33d74907e1cdac4357fa5 |
| SHA1 | 8194f3c5534e5967bb867439865ea1f8fbad7509 |
| SHA256 | 864e18653eeb90931d9fd6967ccfbc7316d19322afd384c3e22cc212ec83b82d |
| SHA512 | 0dab98187d73248b5ee57f787cc5609be459214fe894f6a9a265e6861555e0540981116834c3502de424763a790f77b495ffa96466f57a685dc3c67e1c71998e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80e4c77c749aecd5292fc60cbeba9190 |
| SHA1 | e4948a8aba950c7ba7f375878bad230a9226f142 |
| SHA256 | bade5bf634d1cead9006ee15b78bdbf726d9935a5e0426fde2072e2ff0f60056 |
| SHA512 | 5e0ed82728763d766b34c63f944361a353146cee45003b705491bb86e46bc48ef60ec1a99ba9b5832236d419865a9e6c19a4ecd489fd02f350243ab97c1325fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e3385ec0d29ab1301ec43b0f3edfc87 |
| SHA1 | 3430d4f399769705f3802ad8ffd084606d683986 |
| SHA256 | 1576672ddc8652866cdf565ee87e1acf3b4db9aaed0a7b08aeee3fe0caa61404 |
| SHA512 | 0aa8977c0eab72deacd34548fb4b5482a12ca9aeaf237d9b5c434347b16d14cda2f3e5825cf6f720ecc729443f0b5fd1190c99eec56980127d7394b3135b7ba2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4d81700d7af7a657cbaf681349a8719 |
| SHA1 | dcac1394b98e0721eda342c37bed2597ae72f75e |
| SHA256 | f08787fde8d5b75865e1de48f0ecc3bf69454fe9f6f72d6b449a54d86f200079 |
| SHA512 | e8e96d75a695bc979a8dacce5373c4d884a9be8c3600351a6b5be6d85bb818e1a8158fa20b84b497db87f226e7dd551ee9db362f14d66495fb9e4c7c636d33c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb93a78ed3b7979da29ed946d25ef1cb |
| SHA1 | bad8b609fc48721120c648be9d143641bee18a1a |
| SHA256 | f0d5c3a831e71b9ae3c55bc1f2c8d1b8f8f137918ed3354976d00ee0afcb85a2 |
| SHA512 | 4cda64d71b2ea827a40406e9914f6194e367efd829d32500fd549a6d1f4d649b6e3ebc2d1460140952bcbcdd41c94a4481d339e2c1c52ab130156658fda068b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e89201b91c41f27c67eb5aeead50bea3 |
| SHA1 | 15c7f5544f66fe4c7477cbd4321be327f00a780c |
| SHA256 | 422c045da0d6f0d3b15a210b92ee71efef6fc8c626402f0a9a6696066b92b96f |
| SHA512 | fd7d2a47d19a3c1b2ab8b44a9f208eef1abd3c7338e652ffec5166936ab753932d4b0202f623195b867b8d1583599df95eb4d797d94cf229c1fa07534b7a26dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37e6858da1c0b6035823f6a988ba5ae8 |
| SHA1 | df1f27d0be13a085d2a18fbed46c7766c90ff965 |
| SHA256 | c3e7e6ee1bc53841e5fe5b95580cb48de93fe75ab6a611c13be60f132e57c570 |
| SHA512 | 9bd94b46c7218950c776fc3292552eaa494a6b1edbaeaf639accba665ca146fdeedc3a5266f93077184cc9e5f5de52a7c04a2c837958c67d88c2c8633f9bb5a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d7efea767f90d6e4d29b7ffc6b4d0b5 |
| SHA1 | 8bfdbdb86d2072350048299dbbf1e3b42cd38581 |
| SHA256 | 93262d02a1a9cc5900f4881d76792e328a6159fdaa6a019651a34a6fcc8f1e39 |
| SHA512 | 6b7b4ce0b4ddbebc5f312bf3301f8e63c8abf1a635977867d47d1ef256f3cc147effb3bc1fb88f939b2968efde70f9812216ffedb9401e92c1b8aeb6966b0f47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc6828df8797ba936bcf6f743142ca5d |
| SHA1 | a128f48ecd33646e398ea2b572ce3fb6acb89b84 |
| SHA256 | 316178b5abfb6037be3a04910300df73e67645af7a90384ca20db3e58cc468bf |
| SHA512 | 862d8e83f96bd5c9316fbbd559bc35516652f4cf8f41f8c1c436223c13f1436b4f65fcdb4378990b5f8d31310e66959cc10cd18911cffc369001bda4feb9cb66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1dc5fd9030ead674f4d6525102984a85 |
| SHA1 | 2ff796b0fa814ea360b02a3a0ea648f584d6ead3 |
| SHA256 | 556311d5f5598e9194ac7ba0ee6cb0006033ff3bd2dd22455547818b9a88dd56 |
| SHA512 | 6371197219d799d7004a8cb62a3dd902877d34f3669d961033d38b57ce2bf27d6357b5a1fcccccdf5f0638b1e3c7501d50dd956d3d7db58b4581e878f383e57e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9dc57736d9ebfd5627adc7ffe76ce390 |
| SHA1 | 71fc9dc2014ec6115b9630777e550ac4b1c9cafd |
| SHA256 | 0165852cb0334ff78bd0823456f1e68cb5721ff70f2eff5a33753b268e00c1b7 |
| SHA512 | 25c0e3bee4ba971e35a445af53240291de272dc2a898a00a14b5c264eddd5b6d16d1e5aecf189bec6e2c30001fd11877d1a7b79c59a18a7006f9e9abb73342d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 343ebf32d34ceff6759964b197c7d0af |
| SHA1 | f64e62ebbaf39bb845793f4fb1d935a51e435ec2 |
| SHA256 | fcba04cafc55e14f5f7c6327c634ff037ba51b7a463eee094d1807cba2091f82 |
| SHA512 | c800842283ae50a273bcad27b92ea35fa4766117c6e7ebadc3b78b51dfbb82179bd4fbdda75b409b804ecc6cac35f9bc3c9da76eba5e4e3b6390b157c5d98181 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 184ebc478f59339014a8771ac1030592 |
| SHA1 | fd7332c91ad3a6c84c1b6c6c6adbb300b43a7ca5 |
| SHA256 | c24c00185feabae024aef5e7809aaddcfcfda8b346b29f06c987b966251d9d32 |
| SHA512 | 01e3e537063a51f67cc42209f7de4b456066d7f77239e65d96de79279a15393710849ed5595d01b8230e0ce157268284211f09c12959359205a9608c48171db5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40850edb662bfc4a2d8c555f73757996 |
| SHA1 | be8c33a2c770c1383eaec80febcb592d7d686322 |
| SHA256 | 0e2c4d659d833512bb467dff60dc44584145fe6a30f59c5f020bdea75ca42e4f |
| SHA512 | 8270cb84af6ab3a4a7fbd70bf7d5aa88ab3cc3c55462ea470f74a431a47c395bbe0ff5f03d7ffd9a169425fbfdfecacb077a65fa543e3fafd7b9d22bc8a60bbb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82d243936550ebe358d0abd5d9e037d5 |
| SHA1 | c6d25e27634bb921c9f4c52e6bad8dbb72dfff7d |
| SHA256 | 5657bf2112d4522cd2bbaa5ac79a54f2113e466e66c898316430424d50a71881 |
| SHA512 | 4b7558fa3dfebf658e990c69f881dab4e32d089b984346d4ed6b5bd891df2cd81e2e6ed3e1edd4017d505d58496820f815299fdc14fcf79bb939703c84cb1a5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb9433ee0b4c72ec52b79afaeebf5e2e |
| SHA1 | 5796b468afc39b4cb39891f187f1d6625df2c093 |
| SHA256 | 26c8b60c93fe69c7df19fecb397bb0149b89d9f8acff336d670e615cd4da1bda |
| SHA512 | 682b2c8c16805d72364e24f46bd30c1147189d2391ae389be7d60a892490df7675b60675f1911479470be3a3a873943802a688203f2f47b4fa2d2b124469f73d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea48617a08348d36a553599cd63c70f2 |
| SHA1 | 071e04590a0cb33c482dcd56b162af2bf3009fe0 |
| SHA256 | fd3bd7f7f01b18c5873f883854d7b03f899d8c0f1e2bc1790bc98443fc099e49 |
| SHA512 | 5648c6d24705866f6ef436f858c7dec30ca1cfd25d464aa56b099eda1485d32fea5ae64f3a127d20392537938bc62b745eb4a3ef00b5a2562bcfef613d111c8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80f81dd50af3461fefa1af4d899954e4 |
| SHA1 | ae4fc1fd19b3d36b29d40cdceb1013e16068fc3a |
| SHA256 | 978495f1fc2b3a0331a05d30d8a80ca1c00ce9f81fabbba2107179f4f760bf5b |
| SHA512 | 3f6543c3cd27e5864140fd60a86d3f0d9170577abc6f89f15692a97d675965f7b5adcfcfeee1a487485b80a7e89e88f39b04231f7bc3875ccb41bbbb3c9de7a9 |
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win10v2004-20240508-en
Max time kernel
47s
Max time network
53s
Command Line
Signatures
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\ko\System.Xml.XDocument.xml"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/372-0-0x00007FF8C2950000-0x00007FF8C2960000-memory.dmp
memory/372-1-0x00007FF90296D000-0x00007FF90296E000-memory.dmp
memory/372-2-0x00007FF9028D0000-0x00007FF902AC5000-memory.dmp
memory/372-3-0x00007FF9028D0000-0x00007FF902AC5000-memory.dmp
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win10v2004-20240508-en
Max time kernel
142s
Max time network
154s
Command Line
Signatures
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\ru\System.Xml.XDocument.xml"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.193.132.51.in-addr.arpa | udp |
Files
memory/2068-0-0x00007FFEAEE70000-0x00007FFEAEE80000-memory.dmp
memory/2068-1-0x00007FFEEEE8D000-0x00007FFEEEE8E000-memory.dmp
memory/2068-2-0x00007FFEEEDF0000-0x00007FFEEEFE5000-memory.dmp
memory/2068-3-0x00007FFEEEDF0000-0x00007FFEEEFE5000-memory.dmp
Analysis: behavioral31
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win7-20240611-en
Max time kernel
134s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60c822f331c2da01 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000eeeea795118de64eecdede0c64499972d45d9d17d1140e1a2642bed79e799040000000000e8000000002000020000000f9fa9a85ba7def9e8fd4e6c7ab983f4d99d03c32e979844913e0bf9e7c0e040a900000006ede568c359ec376ba8589a8cef9531ba56e758df82bd16f87535747b090182be38e9e81c00e9bdecdc746780cc2bc8e437eec1db611a3d5670a6f69bea5e244f3ba3510fa73c35732629f9ecf905649e02b9ab733f21adbe2af06576b68cca07f07ac7acbea204a9c8c5c7887418177ce9f65f17e9d14dd9bd42ad371757f0ed995d45953b49b7a147f82fcedd77d9140000000e59d6c1853941ec8ba82a4b66e03f0dc5c947fe8d11caac144291bedef0718da3b042e440467800ce2a8483aade03f57d4d4fb1dd78aeb813eccc720521da154 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424954110" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000f86e2fa9feb8ec3f07500230e6a98aaa16067c082494b3ca8ec415cdb7c12706000000000e80000000020000200000008232e18cfe4e78a43438cc25835e80de8d733a7775b797b802e9e8d6db33e7b12000000042fcd40cebe1b557d63cd8c3d3352c196cd737c9866efe7d5da5bb8834f9f99240000000722bb2a9431f1a5f573d3c5667bc1b6d2ee8801434570ffc1736e3b41419953b3494d5e063829687199d2020f0903c26ca495fb8fadf426990d1936debb38cab | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E3B5801-2E25-11EF-A13C-DEB4B2C1951C} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netstandard1.0\it\System.Xml.XDocument.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab450D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar45BD.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6e37b6c66f3038cda30f24dd504088d |
| SHA1 | e564e1f392996c67cd60613b62e8f917e9924167 |
| SHA256 | d1fc55d38bcb51f37ad8c29b60b8f79e5a3751d4eac4aee53e16fd138ff38a30 |
| SHA512 | 881393074d331a116bb54863f09e2d98e8a96b7403d8fd541da139fe95ab34286ac63881ed293e468838d5953af029e21313bd9336f27b3a2089aee09f6c2f94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 972369f7463f4f3957e91b1009de3aa1 |
| SHA1 | d8ca273bcbdcaf36daf9d842504371a23dbe804a |
| SHA256 | 6a4eac147f5148b0273f2b0ca1ef800badb8c8bb01f4f065e2a0411f0eaa053c |
| SHA512 | e910c30496f11ce8a88f896467554ab29d42dc95302112bcde1fc26bdca067b6ba3bdcd1feb50b51116303a2325463d7edf4f33b8d23f58cdbeee1f86ae69646 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bfa15d974fb7d64d49a7c1f897244c1 |
| SHA1 | 23a26935012374aa2fa3f6ed5c41cd07b398e650 |
| SHA256 | cec89e538917ccdb27fabe93129d47713ce219967cec1dbdf2dcda29f7135a97 |
| SHA512 | 7ac078f4589d6fa4bf75f38efc82fd0300346907cc3758464158dd9f0452efce79f6992fb0ca427b4e31952ffe78fa778537d8c0c39abe5166f493e9a2900d6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e459b405e622ed9a9949e6d80f9ec61 |
| SHA1 | 6a93226fc3ec902d6fd02a07dcd2a0a9992da4cd |
| SHA256 | 3e4cb7423dfae82525d33d0dfda3ce8038eeb272716b56d89c05628704d37688 |
| SHA512 | 4ce7356e98c8980667e379ad6c41797a69dd20e888f1bdbcc1b076a3aa9d5ffcd9a22c0673f4dca4a7a23b33236aad81ae954a7097231963ca907c7240c8da16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dad462e10c3d72f5bf83c2d447b6b4e5 |
| SHA1 | 09b863eb7865ca0202fb6f318be7b4191f7257bb |
| SHA256 | 8edcfa1ddfc830456114ce99d3225ea10a4dbac7954ba2e0dc375ae034a8385b |
| SHA512 | bdefe29635d255da118e5fd1f83d561efbb49a4bfe5ccedae0e5f4d30df4377822d67950cadf5c648e29960abad71855a3aa31d65e1f383edce67c55a7ccae97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba864ba2d3a9f65d81bd87bfffe4216c |
| SHA1 | 9fc4bb92d91b4249e5cb58cdeb905bd48d94deea |
| SHA256 | 43c05e3540ddd20bcfe560af7d961e55e2d86cb1ede488af3b107dec40ed435b |
| SHA512 | c37ca51cfa5ba2543b700e53d9054009592247379f97de0045acc582a5af69c47281fa1d80439553134abdd4c28d13f3f34a7135637572761954103946a51671 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1e05f684b64c9cbea35edf9d468eb78 |
| SHA1 | dae87018abf7b8ec3dd9d93878dacdf93381a117 |
| SHA256 | 5821449124d064e2980b6a8c4a8a3ffa1882ba09b56e55dda3831dff7df8860a |
| SHA512 | ce78ee5d995e72af3c966d6a1649195a831f3720912dead0260d2cfaf32788b093a1791864ba598fefa57729f847c80ab4eb7e3067b844e8a1369b45a67a72a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be3f080cb5e33e6d6cfeee1eb7e88954 |
| SHA1 | bc1fac97e04c2dcb44708ac653103f372efe9c1d |
| SHA256 | d84d7efd3689461f7aa33ad319a31f551e3e9d52d04d3949d501aeca9a136415 |
| SHA512 | 21b34e2f478d595f69a90be1702861cbf9f863aded9111d5d971e302677f69aff7ed372198973f8031a56a360df0c2ae286c7c3359a652038f0a44c3512ce3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5bcf285a03022f262d7b6ef2fa1c6e2 |
| SHA1 | 7f9406f729d20351bf89c4ae7e61cc1742a4366a |
| SHA256 | 99a2c15b6ed094fe51faabb3e6e9c8fd85c8c435a56abfd8afe27f2548a693ce |
| SHA512 | 5b17455f278f853b0fcf5f737ba7a27adcd059556022d1f86505c5b52a920a153756ccbcb3ff16572173edd0a8e925719a3dfc42bf32c6cb4f8cd006585f0d6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1951c16a8758e2928bdf3109c064beca |
| SHA1 | dbdf55cf2843d5cf5d11acc5c1936e4458e4c56e |
| SHA256 | c22683dc4fb778b1947138ec866ca7beab5d3c2fb4f9bd615f00fd6077f92700 |
| SHA512 | da7bcff699c94e4e962859e1bcbbe7816977e5cc00169d362f17b40682ea653ef4cd95bb642e9a6c34d62775ce57223938f52981a2f8090d9500dedab5f792a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15174e0b467b0a4b0b01a48176b5221c |
| SHA1 | 32c1f8bbb4d334addd2595aea82f8d6097671410 |
| SHA256 | bfdcae54c260e436e9fade60f0a1fe8f5e92a16bc2ed7c1f38a86584a97bb5e3 |
| SHA512 | bcbfc6fd7955e90e31dd507207cf8df107d813630fedf91ebc966cc050a35bd4811b57d64fb80fc8867ccd570aabd78f20851c6b8fc42fdc415f1ecb93847f61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 955d3c8218aae2888b42a83adcc3915a |
| SHA1 | 1d1f7f3c582f5686043d876f7852618815336f5b |
| SHA256 | dc137c1690d755f46d23b8abce4cabc93072f594f5a316d4daaed7df5fa6efb2 |
| SHA512 | c26d077e3adc2e79d529a7ad37101f2d9f2baf6a0d8e01f2f7a7a063162ee7de750bd3a893dcea6bbd662ed256a294525c63ca8041a56f1cd8414c0331a7d6f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adc7ee0120e3e1680bf2570afbd8f66a |
| SHA1 | b03382e9f478b13b2fc19fda87a4a32a38e8ff5b |
| SHA256 | 0a7ef1e70c741b31d988ada1f12723db28cea16c0d49bcb7c2df654c41941348 |
| SHA512 | ffb627fe0ffc2d6b8380b66daa6c8bd1afb560cf7b839f7d1852af3770bce220771a69051745e4c428415fe4c7c17ed130d1bf27106a8612b4a264a17baa4b6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42b9c10f6113184b75b7994310c86968 |
| SHA1 | c37a72ced5ae528208f3cb494fdb5933f26930c3 |
| SHA256 | 1990baa47e8de5838a6518d42f884348548b2108b273bd5033276adb21d97ef1 |
| SHA512 | 2b0914e46c48ee9d2019f69a954b9a24cfb0fffe50e6f69652e10ea856a7b85878cfb9a2a044ca8092205a5e58f49fbd7ee772035a1afa18a774dd91e17341b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b82ad44651e4a3a580fb0f6575708dd8 |
| SHA1 | 59c97e155054247fc6957457ca1afaef64675cbe |
| SHA256 | e5edc7a5cc7df392e65e2b93f5becf761044dc06f61a20f858889cb6116a4da5 |
| SHA512 | 684f9c27739e7294ef8ccd1f9872975c2d57291fee99580278bfd5dcd092739ce8cbb42da7be204e4debe721e275bdb62022eb268485b0610c363cecef2c7fed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6231da81bba4a2a2133c635d73c9272a |
| SHA1 | 8ec4febaf06c4b537ce2972ba0889e8c856b54c8 |
| SHA256 | ad0429584fce75c7fa12d9b4c050e4a5d2643a70737b5fe37ab48b22d3cfb298 |
| SHA512 | e1b100a92b7f0dd14658f1e0ee6df85de2ebb3d000dc02d2573a66f76350e24ec466fa9a51206ff720a13b77f4f8518b8ef2c798461c6b9e04b38e519e945891 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08b6100cc7b95debd01a1c74bb7c2d41 |
| SHA1 | e2dec46d21b316090343d144a8a4addf54144244 |
| SHA256 | b66b24b60c313d7eb0118266a2ebfa6f55b561e4fa384639c8792cfad45c8aee |
| SHA512 | a80eabc91ea2658dba490c25cf10dbff49781e0b5cea9272a3b35b87c7601ea6a77fbf31ca095a5ce86e487c569548a0ba0238ca4138c8a20a6261893c49b1b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7ad4894dc23e85fb93ca7417993499d |
| SHA1 | 9e2a7dde9543f0db7bad3ba8ca592d5fa02bf4ae |
| SHA256 | 0e94c1f90cdab614ecb20f8421a10dcec931f2ae99df750209020899c727ef68 |
| SHA512 | 1852b788320d0b1b74ba8a1feedecb0fc9f8a62a66205b7c4b1c45b481e9f05dca4924ac687939dc041c6122a7de55d70bc1c3e1c87150a4037e650fe0a922d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5e261fc86dc9900461f49efbf47dbbd |
| SHA1 | 60c0ea54667e1a07a8bd973f5ecd2b66d11104dd |
| SHA256 | 6e173e149edc595b9069780675eb54bf1723ecd7494f2be09f7f1e767c7ce6b6 |
| SHA512 | a107a7130617a8c2f42300b096b1e02b77a94d5522925f660a65357d13a28e8979035e78a0df97a289035ad7bd03efe3ce762d4e0c2ebc71dd21cc457ad1509f |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win7-20240419-en
Max time kernel
119s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\malta_scanner.zip
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
153s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\malta_scanner.zip
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win7-20240508-en
Max time kernel
122s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000dc8e80967fbcea00c96c44fbc89e4b2cc51563e60ded4209d09368f95420cfcd000000000e8000000002000020000000996e7c13b33611e4cd2eb4664f93ae5ef0c3a228308f143c9ed1c9e62211375690000000f9cd0e9c3c564f0c4c1bee075fdd7774aa5b1b436c32f4413aaa3172bfd08c5f6d18b59a67fc0702bd7b087e3b3697a4be87fb2bbdb0be459b5bcd1ee53af720b7cee2a788ffc6252d16d00fd726c8f454ed22e8dc62329b7c87846ae038f9937bb1b70290a4f6c7b21584c700608d3993e0c1da7178394102d67f44069e652bdcc13140396c6706881b7c915d53cfaf40000000f28ea39fea6da1a69d1b34f5d45a47c7996079d6c1ed210fc208b206c1bc2eab586632d4236ed2c4d3f7d27f45e1f2f1b154ef061352a8b041012c7442f78f98 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f00ec0f231c2da01 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424954132" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000c9adcc34063a3b31723643c06140f99fed9010973da40039a3294b20705839dd000000000e8000000002000020000000d349a4e1669e8b5e6c3c2df163b78a2b01fa667c763271613ee94234f0a594e020000000eb671fd1dfac475316a7607d955881862f8a2bca6bc75c69480b437db90d86a64000000070d1c65bbe9779510e4d3fe67bade171bdceef96dd95654f11a3dd954425fe8d5ea8d4f54f3c698a4cca3786212237e3a16fad8be73309d58644b55fbfb0dc51 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1DDB07C1-2E25-11EF-A002-FED6C5E8D4AB} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\es\System.Xml.XDocument.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2412 CREDAT:275457 /prefetch:2
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win10v2004-20240611-en
Max time kernel
144s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\ja\System.Xml.XDocument.xml"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
memory/3480-0-0x00007FFAEA6B0000-0x00007FFAEA6C0000-memory.dmp
memory/3480-1-0x00007FFB2A6CD000-0x00007FFB2A6CE000-memory.dmp
memory/3480-2-0x00007FFB2A630000-0x00007FFB2A825000-memory.dmp
memory/3480-3-0x00007FFB2A630000-0x00007FFB2A825000-memory.dmp
Analysis: behavioral23
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win7-20240221-en
Max time kernel
135s
Max time network
135s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E1E8901-2E25-11EF-822E-56D57A935C49} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000020868dad1bd2324f9db4e599a9c9255c000000000200000000001066000000010000200000007294c044cd4cde09b01bc2df30e76750e06b1757d6deb1c4fb2ff255d4bdec1d000000000e80000000020000200000009d540a859d8ca39d7264859118a2547d27ccce8a1faa38d2aab72553e738680090000000b2c657403b35f136946de0be734b8bb8d778ac5cd908406353c19d3a756e4fdf5de6895a71da860142c2128cf26d5cc22d7d9d1312852531ceedcf2d8047a582d8ce657aef7411868e7950af645776cec8cb6740da53707f7af98ca2c39a2a65e347be4d4f0f271db04e25f6115df01597ee1c3551c629b555e19e8f34356d3e50e4aade97daab821948ef1b8ae4d400400000005c8f12f357dfedca45ebd47d5b22b33b28194bb87057e281cc948bc1d492e0b75b727c6f7d5d19f7f61aa531169a31250515aaf2b845a5c1dac486c77220abce | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c06df0f231c2da01 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000020868dad1bd2324f9db4e599a9c9255c00000000020000000000106600000001000020000000a89b8161e9e349afb9e5fdfd6bd0a91a34cfcba321ec75b08315aaecca0b5c2d000000000e80000000020000200000004eae36e51bb2a87d1c8440c9d85453321df3ee459ad2cb9dcc954d68896bdf8820000000d6bf27267b7248029fdbb762df194fa820486bb603aa599bc9138de0252abc2e400000001331b3cc3eb1cecd8942b3168d4eba90f67abdac8509a6e185f2cb470912b91b09fba388a7185bb59133ae153ed7d78b01f8c4da42dfc0a25b614c0eaf6f36d5 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424954110" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netstandard1.0\System.Xml.XDocument.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab51EA.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar52CC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 721851f1c2b18603c448a08d7a58b06a |
| SHA1 | 331864d943b5a01112083b7cb6f7ec1c246402ec |
| SHA256 | 7a9e942c91c549f2cdfd2105390b820943b694e69ddbff3303046b884c1b9439 |
| SHA512 | d63fa34350ffb41b20f671fb25795fb5377dc59ffb9c2027c4dfa6a3ac9c3ebbef352d9e97bd61600409fef6c1b4897bc1f96fe59576a38b7c87f19f9518daae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d891b99e14729133fd3414ba508ae2ea |
| SHA1 | 1e9970ac03a166ad8d9fdb8f50a222742f1e40dc |
| SHA256 | 6d48f743fa5483e9dd89f726fd3b0166ff8896210d92498a91ae84e06572ffcf |
| SHA512 | 4f335c1736bdb5adc1ae563f84538eda2292e8d150e27612b678793268b8a77d056f750466f6d2df50c093456b3385bdfa7deb252a2283e849968d0a4b6b30a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa8f3ef47b3491fbf7ff5cbb24a2e053 |
| SHA1 | 0670ffb50f69b532d923f3d4c091b39b6929adc4 |
| SHA256 | d891c923e63584b12eb0a02d3a69ba61ae69f46d897dc8c5d55dc2bfb19c86fc |
| SHA512 | 48b22afcff5cf6e568ee0facd975ae00916289c0151987f67d82925239fd13a50a6d96bb3d20ba7b615ec6b2583d798d65453a1d6f68bb33ace6e0977af1c6f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0dd3eec91768b6fa99a4481b9211c3e |
| SHA1 | f04f438da6549656256e5cb850a233670271c153 |
| SHA256 | d2d6aa86081b3d6f8f60d8b2e86aacb285c1f4cc07781e1d071d3e743d653898 |
| SHA512 | 039e3381dec7ff4d1ac6c3a8596ad88843c1948008acb6c1205836f6ad824f22f09d032e95951e34a18d2310f590b5f4d31d8014e9f79a7b6b8cbb9abb7bb096 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b69c73c72ebcb1cde48827bde9454806 |
| SHA1 | 690547304cd8e3a9172ec2e2ce99b6c0162bdecf |
| SHA256 | 28b5d0c3e8019daf38bf0659e010f5404365342e844787a17602fcd72f8ba125 |
| SHA512 | d8bf7c87341e1a8e230ff52edf1d913f78e6daefe96142bc2788159b5d8d77124125c73091c78c4f15edf6535433eedf80b6c0296529ae51229adf8bdf504ce8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2404a67fe0401753fd23589efb5bc2b |
| SHA1 | 48146ead0dfc760a19bff18771a6b249aba28d62 |
| SHA256 | 9e938b95ac4f6c95f193c561809546c05750989ce9edf461c4ada6e258367fd1 |
| SHA512 | 92c176c76a0017dc064192efa40f6612e240ae63f16746ee81b62b8503f8e7ca009119ec8de99832e54ec762e280faa2c3ca8df014de2233e47b4b5a1dca4030 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78dfcb8949f0c8de0d936b8b9c33a51d |
| SHA1 | 88f311e1bdcf1231c854834bedfbe1d20eb882fe |
| SHA256 | 1d8dca3c3dc74a7b973b5abc0306f208f6b92d0ba872e32e41dfc1a3dbc26980 |
| SHA512 | 4343c8a5fcb97dad7595dbeec50dbc1fb5b17ae53a69979cc50fd567ec5605906c8719f9a036c9dbd20adf11c6ffea92ea6b75edc0d78e8e58b2940b09424785 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86aa22aab81da03d8c5eea2c07be67bd |
| SHA1 | f7653d5435a532821d3f2d8f35070f5bb2660d1e |
| SHA256 | 6bac88675273262b32a7205565029cc9611526d74de9b2211734fd72969dcebd |
| SHA512 | 953aec941f9c0a8b8e430eebf025cdd8a44dea89a888c8d8aec24dd40a60d682f1b333537a7a22c410d76ec1b22e7d166ed328d111f526d1f901ad34ea848e96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a61c76c91767c5bfa9d43ba11c28b264 |
| SHA1 | d91d2e9d5b802159d2918095d8d193ba03948994 |
| SHA256 | c65e1f348c495d33269e33c8cb383da533e79cd11678d2aaf0657f7ca0d99d23 |
| SHA512 | ade01936d2c4e24d31e7ab337fc9c79f27d472fd6ed068b9c4e8c6803a0351d010c47a4c095aae47f23bfba93fa6baffce25fdef18d9c7f7dc75a28988df6639 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c677d2a2cfd5544ba501b12c06598c0 |
| SHA1 | 372c93397ba60d73ed48877aa4cbff09680eaa45 |
| SHA256 | 5b85a761ba549e374737714fa9100a0de812553ce2d70e393ed173feea9cbb09 |
| SHA512 | deed2f19890d82cb913a8d80e1bf1a10aa6767814279e3de7d89f04c5efd50cd2f9356dacb959263e2cadeb353b149c500e3e6254d276b184edcc4306b974429 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00256467417fb23a02b2867a0b530584 |
| SHA1 | 6c3d6589f4a9cb22bc5ee69a1d8de8ac7cf81a7c |
| SHA256 | 7882d0339e30ea90903947f3d088142c2d342333ef3a3159574e9aef5b7454f9 |
| SHA512 | df5f59c675834eab995554912f8b9b9f66044b9c86bd940db5c0f9fe0efceb5d3f5dc972eb36cb61623db4dd3cd6618b64ce8823ead366f0584b76be6bbbd7a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9bbc051690da6c5f99882ac1cf49895 |
| SHA1 | 0ead8c8a84695105ed1129eb377e2e34398053de |
| SHA256 | a6f3766593e532f468fe78d085ad8d00be1a595e53048653082b40fa5ba82676 |
| SHA512 | 75a936d4e3b0c79ee29c16ff719392a27ace4dc6be82846a3d673e63fdda2e8112a516950a55a55216aa5f19da035d7cfb01a6b7d83b8885c224b87aa3919369 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | caba858095f2ae88592a1fc0589ba014 |
| SHA1 | 70cf4587feea97570d3868c7b12ee92ab9d9a654 |
| SHA256 | 65a124e0e905504da7187bcf08f5aec8c4131c95b0f55a5b2ba7c8651090a7d0 |
| SHA512 | f8abfd38d68414a3cdc62e77fdf8887e2aed0cd00d2c59e1adc14ed77e68df47de4a66b8ca3a845fb9588de617d2962f42775e6588fe6e058907da77dc44c1e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14e20d0c0103deb756e9d81a939d5cab |
| SHA1 | fe7c52eb0d42315f035467e2379118e9286ef6ea |
| SHA256 | a589b36063dd9276eacd6b3f11637501aa07474552a26c45b6ecd3bfb59de435 |
| SHA512 | 311af014a744b146310e650230c74d371c34b22f857e3648ffec05a7817fb6de35ae90545fa9c94dfb30489255b81f1eae3dccf7d7070cabe891009f797460f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe14429e1d0fe6eaa6f4277b0843ba43 |
| SHA1 | aee3a0461371c6e829393fe1fbf3ed6b57cbf006 |
| SHA256 | 0c45f5e3c7c8d78c41eebafb13063eaa54e49dcfbb60ae683044bf293ef85c60 |
| SHA512 | 8a04c61dee48beecaa8e262aeac2b9e6ab8c6cc7f859f0e78213eddd12279d39f8bf4193e9b4f27a699ec1e9aebd77263426ea98fc673a24767e38aeee251fd4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 587dabe8e0015d876aeb4fb89816359d |
| SHA1 | 5628827addceae7ac0da85c23d69de1ac6ab7d21 |
| SHA256 | 798d635f7248f66170f242c2bf316bbce26c01d85f2c7fc54cb8f9fd4742fe87 |
| SHA512 | 0b82488ead76374008080f94a4bd1589537bffa29351f3c324143a994429aff65aa8b74c0fbaba215e2ec31fe172a098b9810ee4943540b326b0d693f82bd389 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 524742d00306942fe90344a60bc97893 |
| SHA1 | 6f9a6ce2e8b11971b0cc6896616c5e7ad87c9992 |
| SHA256 | 500dbcf1fb0100e6907bc9c53774e7ce1e02ea184c58ce2c6979e1c79eeff70d |
| SHA512 | 631870bb995d83c5c7eefc6a83b83018a88b751ca73e749a486037023624c2f66f0bcc061b4c1553f9928b36c537a0049523584fe02de8b32009e0bcb24a889f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01bc4dd853b8eaeab35af5f91f5f4863 |
| SHA1 | 29223846da1a5abe734117c3c5ff60be6fa7dd01 |
| SHA256 | c02864e36417c474e619b41475841ca5cbf3b4092159da9099633074ce0584a2 |
| SHA512 | 6a84ac66f90ad353423b99247005cdaaed443020ae77b16ba409f36adc2c35e0ee7f9c615b8a05fad9b37a83972f241ecebec418bc9deb2d26a47000b5ac5cc8 |
Analysis: behavioral29
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win7-20240508-en
Max time kernel
122s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1758D4E1-2E25-11EF-B02E-F637117826CF} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000687ab49dfb588703dba9b7f471edacca011875071c60ca5f363b88cd02afed57000000000e8000000002000020000000f33052498e5b3af26b886d3214d516054876be93a2758472c44aaeea0392131e9000000012b869486aaa035f4e67336c7ed0ff2643a8410dba9c678571e7413fc5f5ed8fef46e2fa6c2f5c71377cd8fe808149baa59db7407397cb1354e5a2343f9d3c192973af902d17103d06cf74a81ef2402513cc32249e011fa8ba5f05a898e34af212ce2eec402c8d15c7661de957e0d9b28beb992114f6c172fe2a92da42d4e0632367e0e3fb686c3f951e758a38cca19140000000e41d2039bde31d14bc0df6829eaf8d083e39152337f87e63a8ec85b3ed586632b83381fcadc527508502c5a99f1666f12dd1327de996b205f10acd8aa8ee772a | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b06f28ec31c2da01 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000047e8594bb2ece922604387e1d8e6c02bd6b0c6cbf627f572f2d3bae8758b2b4b000000000e800000000200002000000063b2a6236cbc4c33fe3c632f291498944592122822c5d707309121a53429e1ae20000000a21a3ea0a2314d468b929f64c84b62cdad39e223da273594cc9921774f446bf640000000335487668577ce6d6a024dfe42aef72309c7c3e1f267a6d7a36ec0c24b774a32144dd582b3037381df454bfe55b76bb185a4b1a215a9638580a89cb8fda5646e | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424954121" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netstandard1.0\fr\System.Xml.XDocument.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:2
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win7-20240508-en
Max time kernel
119s
Max time network
125s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000034b4b2182e413af9f08a73427901c7e75bcb576c2fae6ee277b38d13c160ec83000000000e8000000002000020000000c623d55f727681a1efc98193cff3db34d905edd8bd1bd4f2f0f20f4c61df4de390000000f8789b89d42e23c2a5a2dcd18eca6cb4eb7b928286e0362cc7e605750f1635af370fdd9a220762ffb75dd0e1759afa6a437c45f21d37aab1276d101dbca254c68b400d010ae84ec586aa6ba49b061657d0c67bfcbd1db81f15035f28eb9f1b5ac02eeaf26a95cc616f02b749432391022127952c52e5f6a8d2c2569f53faa2ab4d94d61e56a554597112a1d590f9de1240000000c766935a763fdaed8ade693dd9ed97c234613f394e55206000b51ea96874db15f6a9fc0cf802c0f2f855cfe08b39e3e18136ffe40f4e852c453c346abb42874b | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8093a6f231c2da01 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1DD24D61-2E25-11EF-A5E3-DA219DA76A91} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000008da5c6232ca1de62b0811ed5b86f9930aa6564104919cfa05246ea53626aaa49000000000e8000000002000020000000b30801248a0ec7715b37ff6192730966162f858143873b13c58d98c5f1af393220000000cbd6b86f09fcaf0b11e31576565a18e4dbee37652ac3105f88b4efe7a7c20f6e400000002341f6263ad7ffdcb8ec02fed24c268b54411d825d259df839735a88cbd609e9b2bc2b1cad5b4ac18a0948ab1e0999510cc3fe0bdd60f3aab3edfbef3ae37d00 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424954132" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netstandard1.0\de\System.Xml.XDocument.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2984 CREDAT:275457 /prefetch:2
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win10v2004-20240611-en
Max time kernel
135s
Max time network
133s
Command Line
Signatures
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netstandard1.0\es\System.Xml.XDocument.xml"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1304,i,12594301322143882025,16832588342008839449,262144 --variations-seed-version --mojo-platform-channel-handle=4108 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
memory/4484-0-0x00007FFF8AB50000-0x00007FFF8AB60000-memory.dmp
memory/4484-1-0x00007FFFCAB6D000-0x00007FFFCAB6E000-memory.dmp
memory/4484-2-0x00007FFFCAAD0000-0x00007FFFCACC5000-memory.dmp
memory/4484-3-0x00007FFFCAAD0000-0x00007FFFCACC5000-memory.dmp
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win7-20240508-en
Max time kernel
120s
Max time network
126s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E059261-2E25-11EF-8FA5-CE57F181EBEB} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7004e1f231c2da01 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000ee1a4a948a9ec8e4981cbad8d2a31f8fcbb19b2333614a5e61c873e2acd3f244000000000e80000000020000200000006ddd38319d3a08a743b2b8bc8d300e7e469aa1c985dc5b0c4a58296b69d2cf589000000031a26a71c9b8cb1916c50febe90186cfd0b0e776877ac6739667db5317b6e6b584f0d819753947566272702f49aa51247f1191b461ffe8b6e3fb98588b3e550dd585e616ee38d0e893d04cd15fe9262e72f7f6529d2c89c1b890d92d1bcb45cd515787d2df902c88f415ad6de165b0efcc43271c525ccc98aa7b6f5fa7cf920eaa636bae1a524657167985052988f8dc400000004947199aff910c0e87d4dd2db08e5523bc855f2646d3bdfe13e08d01fc7c62043b67d6046c1bf3775a6c980898d5ce7c02a0348408825e6f6cb401af457f6fac | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424954132" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000009a579466b789c4db83c498bc9c6494e87248e20e4b5e002eba88bba8720020b0000000000e80000000020000200000002ed87ae7aac144d1ac484ef9c97c92e3bfc27ed9f98404e58e8b9c19b37c8207200000006fc599b32aa6287a18942c07c1ec490621587f2ecdc7b5d981a1d0e7334ce29840000000149839079975eb45215ea160aa3948421c648b3f805b24d007a6c1b294f32b183b8ac4611c0dc76de5bb952a9ce43926b432b4a590a51f969d0ed85b18941f9a | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\zh-hans\System.Xml.XDocument.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3012 CREDAT:275457 /prefetch:2
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-06-19 10:15
Reported
2024-06-19 10:19
Platform
win10v2004-20240611-en
Max time kernel
146s
Max time network
153s
Command Line
Signatures
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\zh-hant\System.Xml.XDocument.xml"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.65.42.20.in-addr.arpa | udp |
Files
memory/1992-0-0x00007FFEC1D10000-0x00007FFEC1D20000-memory.dmp
memory/1992-1-0x00007FFF01D2D000-0x00007FFF01D2E000-memory.dmp
memory/1992-2-0x00007FFF01C90000-0x00007FFF01E85000-memory.dmp
memory/1992-3-0x00007FFF01C90000-0x00007FFF01E85000-memory.dmp