Analysis Overview
SHA256
7c8c098ea9e14f0708472aa795393094ba6f4ceea3297d0a47c2abff99eb42a1
Threat Level: Known bad
The file 1b39dcc5de43d2840d6992a561e34eec.zip was found to be: Known bad.
Malicious Activity Summary
Detect Flagpro
Flagpro family
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-01 11:46
Signatures
Detect Flagpro
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Flagpro family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-01 11:46
Reported
2024-09-01 11:49
Platform
win7-20240729-en
Max time kernel
67s
Max time network
130s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431353078" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb9000000000200000000001066000000010000200000004d468a5bdb709293df6a42947726885945efa5a7b0deceb3820e1fc2b0b16c56000000000e800000000200002000000015d512bf954b1b18dd6fcb03af783947a570efa6bba47145a2425ac8909e8881200000004eb09ab86dcd6edde31105ce9bd77878f78ba35044d6d6ac6365c83f54db9d34400000009e7eea9519943b45b70e1c58d5d087fed358eff36fcab8fa72efe66cb0680272a09fa38f848fddc05bf1a6de1d9eff3d287f69cebee6db2875d009489eb1262d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00936eb664fcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb90000000002000000000010660000000100002000000024c23e8c52b026a5613e980f4db44e25be0601f0bdad38aff1fb88042738afc5000000000e8000000002000020000000321b1860c202bdb59380f93bc7fbadfb74fbb6fd18bd643b445f6bcf94acbd439000000081760ecf2b805083449979c9e328950be9efc7fe71bb97242e0dadf6ddb7793905cf8cffcb7ea8fc82807e49f58b0aa05ef5a34c6d36851a3118d7f0387fe25794a331908845da1685322697877aae1cec5405296169763481709050d4cbaf45efccbe3a2347803ebc13b871c7487f171cef7e6786dd03f36d4662ada459800d2bf822faad0f2f9d982c9119274b8ea1400000004b105dc09ba4747d08b20a21ad3d8779622861be88609cf2b9d7d76c0200e70f6763f4f50bd443eff7cca3b81a2822a8d8bcf3115d54d1f245761834528c2835 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E0293881-6857-11EF-959A-C67E5DF5E49D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe
"C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:406545 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| JP | 172.104.109.217:80 | 172.104.109.217 | tcp |
| JP | 172.104.109.217:80 | tcp | |
| US | 8.8.8.8:53 | cloudways-static-content.s3.us-east-1.amazonaws.com | udp |
| US | 52.216.114.30:443 | cloudways-static-content.s3.us-east-1.amazonaws.com | tcp |
| US | 52.216.114.30:443 | cloudways-static-content.s3.us-east-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| ES | 108.157.112.144:80 | ocsp.r2m01.amazontrust.com | tcp |
| ES | 108.157.112.144:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 8.8.8.8:53 | cloudways-static-content.s3.amazonaws.com | udp |
| US | 3.5.27.65:443 | cloudways-static-content.s3.amazonaws.com | tcp |
| US | 3.5.27.65:443 | cloudways-static-content.s3.amazonaws.com | tcp |
| JP | 172.104.109.217:8080 | tcp | |
| JP | 172.104.109.217:8080 | tcp | |
| JP | 172.104.109.217:8080 | tcp | |
| JP | 172.104.109.217:8080 | tcp | |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/1824-0-0x00000000001A0000-0x00000000001A2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabF0B7.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarF127.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4b34db607595a9d325461ab18f81f9d |
| SHA1 | 9b6a942f2d128f390611dd27cbb211d57cd07ed2 |
| SHA256 | e89f7a71c4ebd258584c1f2869fe018f367ed85b5c91fc8972c72a89e1458e62 |
| SHA512 | f136d0eb8a5ce65cfade98c43907757f2796caee9ca43fdf04cd37929adf19669f890f06ad26ad84ca5dd5115d5eca8355658fd8f122fa1f3ed0d7f4f51c23dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57b2ab6ae44c9bcb87ea4b2a55fb10da |
| SHA1 | d1f1edf21f8dffd86d0fa3810b7e0cd0ce0043fa |
| SHA256 | bad8bcd19a64cac7f87379e72d1918cc2f9a2f31a6e0539c3c8323ea7b113e50 |
| SHA512 | 2924262593079eb058633702476b0d1d6096dade71c166adba437c5e1a4b573a76335502b58ceb9c698ba63f543902a0ec2da38667d1f1a4d34d2617262126e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5aa89285383e3cb1c85c4b28aee3b73c |
| SHA1 | 9bd2248d528d9ff393fd3e86206e99222939e3de |
| SHA256 | b8cb5186a94cfb750467e0c793fc0a8de4b54aab675a8080a901f16494e35ec4 |
| SHA512 | 8de3c19c46f5e0fc81d795024dad5b6ce38ce07741acc20c9f2beece2c6fd234731b592d79e343d877775afda0280fd76c529bbc2c2ab422fb58243815297ae5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | a07332958a265612efe5cb496851fa22 |
| SHA1 | 7f2c347c34a82b391d6d503f12a31be395e87fae |
| SHA256 | 519e3f0d3cd0c6b2c312bfd25922d4be2d13c52d83f805e0befe985bb55f9bdd |
| SHA512 | deccddd4a30efc877edd28dcb52ffc4e0dfd1cbd9e8982e952a0d11cd3e59cc767615b08561544997d852d8023f6580b160af0f3021ebc74d9229fa7691db7fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03facdf69af8a2da0d84c393ef20f901 |
| SHA1 | e9eac615b6ed9ea4e507c293fe32436c3337333a |
| SHA256 | 17c13b3b5fde0be23039a3dec78821b0035178ca17f8aa11cbbbc3f44a7d5297 |
| SHA512 | 6fe680bd066788c5c8a2e4a63c4649c2f61034eb3e78aa3d4cde962a17a5fbe0a8b281a5dfb4d1f21a04ebc80d6a4a577c8772361af2a96e5d17bbad0c569d2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b7b157ac330587098cfbefdc4f149c8 |
| SHA1 | 8d39ecc3140da51e667e8ec229b40c271195c6be |
| SHA256 | 33a94821a9a869c9202ef156bac26bb57d93c5091c88664be5e34d74d85c6f11 |
| SHA512 | ed37f3dab92fe4df5740c39440897d710afc36c9158495d8b0aeb0e1994fd9dd7d5224bd5e1aa2f923e55527ccce467e4b11678b50cc967deb75cd433b72d7ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78161a1d4bc3bac03236396bff74e13e |
| SHA1 | e0f3fcd6177edfe9ef12e4efe329593b0b79e587 |
| SHA256 | 5b30fc2f4e08ca40b694f8ab65b8b6b5e6a379a50a8821f8a68655fbd0badfff |
| SHA512 | e82fa7c894d76697237645c9c73ec1fb390ea6ca7aadfe439375815386e04fed77672d09385e55d68113f0592a1553e0a7d805e364f85679e3be350039353c1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ba5472ede31e8eb9b9b257f5cddace2 |
| SHA1 | dae75605bd281d39d20d15fbb17bd21d86abb209 |
| SHA256 | 23f34d602fe0762d3f08675485d2a51b981a0257d28b70c05c591776faa02b48 |
| SHA512 | cdc7c03441d07ad453eea557d1f8a4bfbf90ba86c8467995255e0913ed7031ea869d58405e849b8ce5e7f3367cf935d8e8383d75a1eac99e3e2be822fa7c5e53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f107a94de1219778d4705df07299b290 |
| SHA1 | be0a310d7580c3ad298d8a3550fbdb099213d90d |
| SHA256 | 1045c4cf6a9a127b3b12091bc52604a2ed73b16c8bf0bcdfa3e51df716a0ca81 |
| SHA512 | fc4c0942b066ee8f2a811bee42777db2a0a3a3d12cbaff65203d1f2b9cd708eb074f86ca66bdbadf65afa7163741ebdd5791786e159483d68401db93cc53ff38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6622d4c21ae95b3ba4279dfa35c883d |
| SHA1 | cdbdd835082896f7ee0f5766390c6e293c512eac |
| SHA256 | e939a4662b5647a4cc999b00e07df16dca19b20e9bd8d7af76d1876a37fc0bdb |
| SHA512 | 930f1da82b38add1065b3ff65cd5b70da938612991925009f87f994cbba6e819fcee7e9e80481375e249194c472a8f6b06f8d9deb0286fea8606ec2eaf6ceb6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e68443f2d51ec79e5cd6bb997cb46ec4 |
| SHA1 | 7ec7e3eb77a40656faf2e25d5af139eb04c60bb5 |
| SHA256 | d1a124f2a4ac0e39cca6be400dc30838f371c8155c50c4a2253b873e030f5c45 |
| SHA512 | 998954edcdef5e5d3220c2e0a6cea18acbe4d54f4c8e696465b79e3f659236d3e5f2873038ac166ea7c2164e58eb1c2220eb252fa2e557827e3c6890c8129501 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a97a57cadeb2d3afd6ac85754f988caf |
| SHA1 | fa5b9b9079d2fbbac4dc158b00e3e200f142a1ee |
| SHA256 | cae06d6255d9edd48f10d44c341efd424095ca2326de4957f84967869fbe6de9 |
| SHA512 | a3adb077845099231a2334e5cea869df651c4e76958e1f2d3c304346fd1cfca2ece18dad12afc544201255a7ee86316b10c16d6fc194ad1ebef2239c1375c9a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03152cab3c84305379f47b3b445f688d |
| SHA1 | 1fccc1b321b188c56e179b408de1a3f18bf6be08 |
| SHA256 | e05607b216eb7845716db733e14eadaf820b4a60ebf216e5184c648eeda89715 |
| SHA512 | e1b746e6be800beddd662c4a51444e8fff8d4641b836e26f870c3c60dc4eee0e6b3976008f6d7437338d041baf5b9932c17a29a3a17165b2f4f70f08bcdbe2dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67934995f19f607f0867b2dac781a8d6 |
| SHA1 | f8bddbec7f4c257554798a5b91979fb8a9c774e3 |
| SHA256 | 971e103f684a4a8b40d2c1bfed7e2665a2b5d4cec25ef66f483fc17cea695689 |
| SHA512 | 6279839fe393c03ed91b13a2d5cb013d254272083f7388406ea648358cdc49fa0e37c27694df15a6b0d619b3eeb3c3af16e0edae03ea9770025a5e406396da48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 699b598cdae43e5cbe0c09e4b9dd32db |
| SHA1 | aca9c588596d0768b93936bdd0ecb06603ecec81 |
| SHA256 | e9375afadd14a6895ab80e1e735e2b70cef7c3a8b283f62209b6df7653ad5f15 |
| SHA512 | 6c3052c8d5f6736bf7813f971683a480eabe484656cc614c5f5429db62f714bc68953b4d086e942deb80de41198f913fc81e143de4dc537342d4a102f53a437d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08c7e57035a4d5966b07ebcb0733db0f |
| SHA1 | eca892a727979b5e06908aa76c2a4eb8089a6817 |
| SHA256 | 2745009edc5c6088a2d60754e77d134e94cc449176bfba66846e40cd4f07e837 |
| SHA512 | 5d6df1b0488576a9f7024a86c472a5d3fc8c96d8373761a9239e6eae2825f24a0b67fe8c86dafc08d5d5db2a622c98b93333f93748e48f22923f9b0fb74ebaf0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee8886082352cee7c483defa7e9873a6 |
| SHA1 | 37ef692f86570b4b369eb55f6840df7cfbf61350 |
| SHA256 | 18be993508843ddbb04bcc238d0358411a685a262ce221d2eca67ae28d048b0f |
| SHA512 | e5239bdb3ac0514f21fe4f8bae0a864fc9e8f67c84d68342330e0124978554f448173400a9d5d65cbdbc4e6ad6fbd4c0c3140ee2fc552e67827ef52962af5d48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 965ecce7122e1024f4f7d2ab17cb7c26 |
| SHA1 | cbbed31024782a133bbbb605cce29f16ed774b9c |
| SHA256 | c14fe24af7d1b5314b11487deb4b917462d484b776ef924a880974d026eb12e1 |
| SHA512 | 4a48505cfa9a00288bf5ea9827fd6eada97860246909e20ab7bb5ad459694947dde5422779f2642458644228e9e24a329d475aa4a9e6be4a4169b4f4c2a7b037 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d438462cc380e5cc9073f4cc97d73093 |
| SHA1 | 2ca5a347b687dc9a9443c77def2ab0ae1daa78ed |
| SHA256 | efed19aeebdb71f9f3d9acf3158ee4ef828b903c301ec6fbacb4d0d3920e9271 |
| SHA512 | 04643854af0557ed85849cb4d1f38b49458656d50ad9df2bc27fa30a98e75bfb4fdc14c524f7635fdefddb252b569c0d0e418b3e0754042d0192857e696176f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 54f254fb82f8dbcb2b14c4e20e613f39 |
| SHA1 | a737ac7ad4bbe41f7050afdbea6bae189ee6a028 |
| SHA256 | de3b62b31139a56e96f3c9f2ac5fb9d19fe92ac724cd9ffe6a47b3ce9972295a |
| SHA512 | dc6575c0a3e34711bbc7f24266e0c8ca4c113357a3308b06e556f46474ca517ebab0457f60118d36cbd6e93cf312b0ec27cda024accb2416912abd7b5a9c45e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f441bc82b379834bdcd53102249060b9 |
| SHA1 | 1471407cb044a53b61bfb1a599479499e1b94411 |
| SHA256 | 8da85912cd8c6fb28b095b4b29c21b2331fc8d4f74b237d9f5fd9fca5bbd5ef9 |
| SHA512 | 3c7930ce51428b340951e2a53867c640511a7967e6da24ff707b8314d1380ccd67f06b879a28c5a6a8aaa0a40322a8568e6ef126753bf26878bf2dca3ad0a36d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83229a9d045bf6f038ff198c86b5ea36 |
| SHA1 | 02d1664c7a4ca4c837242d8805162ebb1474ee77 |
| SHA256 | 5630925141ec4f5f99264643c59938fe42a9b4cb6924ecac06cd0c5887a458c4 |
| SHA512 | 1aecde94dacd1c2f0bba6d3f5b05d7b94593890563fd754eccf7b79af9eb031f32f99891dde7b385bc74ecfbf893d6273c55ed5f2410cc11e7964f1ed963933d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65060e66f454f651f95e978b6ca0f87d |
| SHA1 | b976fe587e3f57441bf2e9e4129efa47a6719a17 |
| SHA256 | 30b46ef8f1ece8595d64703cdfa28a6ac56efd3df98c59fecadf129401690e22 |
| SHA512 | 97e084fed6ad664d1afed3bcbc2665da75545e5327ef26e79c1c4d3b35eca744b27d45d8feb91de22245dd4f5b16d19aebfff007a2f884936b370e3a4d61adc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e624a6a0fd69d36a19760fbcdca9ee86 |
| SHA1 | 440c2a876aff1706bbb6128ce757a540c586f407 |
| SHA256 | 80ca72db087623b9770f130d22ddd050c65b322a1f40a95240548a8ec00e0e85 |
| SHA512 | 8074fb09cce794f7188b631ea3fe1cb12dfc7d638ba53bc3fa8f9f1e593681aadad6d149bd18dadbdecc31d0310e570b1504f04d7f360b4bd821553defc5f76a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9367e56f5c9b888a93d071cd5c71611 |
| SHA1 | 7504c8eb3949422fcacadeb085fab4e88e47dbf8 |
| SHA256 | 0b32e02202c77b6447c99685b83595ece00c6851510f8ff6c940a49469e3cbd3 |
| SHA512 | e16d6c109634b036a29d27ea79af441c41a05337bf915ed1badafa6778cc937ce267732b65ca39430bc92e2056289f5b81297bccba31d883c0fa74725593be46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 22434cf4fefbe9e186185d0c58550d9c |
| SHA1 | 0ee5f919b83649424e81459058708a77b8be5034 |
| SHA256 | 9a0fa6f4cac2a1002b59f395172be874340ce0eb18583ceb7066a9a6b44964c1 |
| SHA512 | 52548c1feac6d32c9bf62bb3cfabcdbf3909c2a93b652a1846d0562c92af9f5d470f6128ae82ba5a031d8a636a3e54a7a0e858ab0fd1f5eae2d1c0b24328a0f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0a49246ef0260e2ea8040abb4929894 |
| SHA1 | 7980ec2a3bc65e32f2c583f3f4842e3c541d33ee |
| SHA256 | 59e8dc0e7ce1f1d4323190347657a169b7d529895f3ee051a9629307981aa8b2 |
| SHA512 | 9ea1a4ee3d9cb0d7480e422e45e10453c1ac90cca84ab9b82818e2c8ad9ac1ebb69129aff0895bb61fa8886f0a3114a84bf16ca599aca80a9994ad8009866a84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03aa4bbde873c4b9a607aac18b55dbd2 |
| SHA1 | f18caf52f1e03b5f92e8495f8d459d6d2249ddd9 |
| SHA256 | 126b8215cce23210f7264979572473b275eeb862d58a2a7c958e27614d7c72da |
| SHA512 | 2f269f8bbccd1e5dce444163e64ecc8b83d493ea6e331be003f4a56968e9c9f7161e223bd926507f1a0deaf8824d4fc91e32ee893fccf60c78916fd1a66fb429 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-01 11:46
Reported
2024-09-01 11:49
Platform
win10v2004-20240802-en
Max time kernel
136s
Max time network
141s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\ielowutil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3054318769" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E18E3519-6857-11EF-A2A4-C63D5579F9B2} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009a7bf3bae5f3a549b81f23758225dc5c00000000020000000000106600000001000020000000031d60ec87900bf6959a19555455b15d4fd6478af3b57ed14a3ca314b8ed92bb000000000e80000000020000200000003e5ab8875225455ed51b2ae640692ecedd0c2c7e88d302494e38f16f6323a9a020000000b368a5131af88407968497a6e5f7a761e9851d98a1ecd7257f136ee9a3828bb1400000009cef75f886f68fafad2c27594ed7cef44a3048c45eb8eec833ec1ef1777e90155908104d40bc0e9bce299e45862124b35b5368e5353d23a44c6e45e20f100864 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31128676" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31128676" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3054318769" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50af3aab64fcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3956 wrote to memory of 3088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3956 wrote to memory of 3088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3956 wrote to memory of 3088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3956 wrote to memory of 2672 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3956 wrote to memory of 2672 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3956 wrote to memory of 2672 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe
"C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe"
C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3956 CREDAT:17410 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3956 CREDAT:82946 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4120,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=4464 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| JP | 172.104.109.217:80 | tcp | |
| JP | 172.104.109.217:80 | 172.104.109.217 | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cloudways-static-content.s3.us-east-1.amazonaws.com | udp |
| US | 52.217.0.86:443 | cloudways-static-content.s3.us-east-1.amazonaws.com | tcp |
| US | 52.217.0.86:443 | cloudways-static-content.s3.us-east-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 217.109.104.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.0.217.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| ES | 108.157.112.144:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 8.8.8.8:53 | cloudways-static-content.s3.amazonaws.com | udp |
| US | 52.217.47.164:443 | cloudways-static-content.s3.amazonaws.com | tcp |
| US | 52.217.47.164:443 | cloudways-static-content.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 222.122.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.244.67.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.112.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.47.217.52.in-addr.arpa | udp |
| GB | 95.101.143.193:443 | www.bing.com | tcp |
| JP | 172.104.109.217:8080 | tcp | |
| JP | 172.104.109.217:8080 | tcp | |
| US | 8.8.8.8:53 | 193.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |