Analysis Overview
SHA256
7c8c098ea9e14f0708472aa795393094ba6f4ceea3297d0a47c2abff99eb42a1
Threat Level: Known bad
The file 1b39dcc5de43d2840d6992a561e34eec.zip was found to be: Known bad.
Malicious Activity Summary
Detect Flagpro
Flagpro family
Unsigned PE
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-01 12:19
Signatures
Detect Flagpro
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Flagpro family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-01 12:19
Reported
2024-09-01 12:21
Platform
win7-20240729-en
Max time kernel
122s
Max time network
127s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{693CE0A1-685C-11EF-AEC3-E6BB832D1259} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0006e04069fcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c9200000000020000000000106600000001000020000000dc927fc4860e9bc8f599d0963cd0c656eb02d8a50fc354fccb6649aa3ea7e699000000000e8000000002000020000000be5c03bbc9787ab25425e4b2c568d572e6bff9af88b8043a3025a0fb4d6efac820000000128350ff0d780b74cd9b03e280e1d7cd8a309a4cbe132cf44b0430eb595fa24540000000fe17db3927ce79d697932ecec4ba12c23b6252bab3c3488158f87270d83d053339dfe0cdc258e81e47a002f013e2ab7d1571843b35f3ded7cc8b85e5269bb605 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c9200000000020000000000106600000001000020000000e2ff69a29d884e86ded21ffd29854cb7e435b597a170eead0672e0e672e07abd000000000e800000000200002000000078ba3b961a5cda6ae12a824ef3015d8e0a52c9a3cc671a0bccdc4838bd1ddbdd900000000ee78d85e7f9f16836c154b585d58b73b321de96b10cca69771c4d2b85ed926c1b21ab07e22ce3bf66a0efefe8bcf3dba1fcad9c64b7298fc47c317ec6fda32387cb8f47888fb0d25f4f12f482a5ad74753b6d0c7962353a22c72461a4655011fcff71fd59f1d5b82828b37d9c1985d6d73d3c8091d2a67a0c4df13c44ff7e60bf22f1cace0168e6318b7149e4e47abf40000000129ec2149fe6333df4012515f856cf91883ceff3a465bf37ca7f488226d58144bf56e1dcdaa5e0c679f08099457e90cb5137f902a8a2712e3f0b59d2606dccdc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431355026" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe
"C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:537613 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| JP | 172.104.109.217:80 | tcp | |
| JP | 172.104.109.217:80 | 172.104.109.217 | tcp |
| US | 8.8.8.8:53 | cloudways-static-content.s3.us-east-1.amazonaws.com | udp |
| US | 52.217.43.96:443 | cloudways-static-content.s3.us-east-1.amazonaws.com | tcp |
| US | 52.217.43.96:443 | cloudways-static-content.s3.us-east-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| NL | 18.238.246.206:80 | ocsp.r2m01.amazontrust.com | tcp |
| NL | 18.238.246.206:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 8.8.8.8:53 | cloudways-static-content.s3.amazonaws.com | udp |
| US | 3.5.28.220:443 | cloudways-static-content.s3.amazonaws.com | tcp |
| US | 3.5.28.220:443 | cloudways-static-content.s3.amazonaws.com | tcp |
| JP | 172.104.109.217:8080 | tcp | |
| JP | 172.104.109.217:8080 | tcp | |
| JP | 172.104.109.217:8080 | tcp | |
| JP | 172.104.109.217:8080 | tcp | |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 23.46.73.244:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/3068-0-0x0000000000090000-0x0000000000092000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab4942.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar49B2.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 412e6fba752faf52a10505b913ed55f6 |
| SHA1 | be16b8f0b269ce6d0cdf74657d9e83555e8f001c |
| SHA256 | e54e03ad937043db48de578fea4bc85bb82b3560b4f36330ed7ffc90d805e961 |
| SHA512 | 0379300ec288974b8cfedf4d3aa28ca26172c5637cab986b9c7f08adb06a7901e77d97033f67dbb5772cf87672b0c73f744beefce2b119ef591899b43b8acddb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e7a851d41e768fa116989de2a517767 |
| SHA1 | 5262d581dfe1793f8bacece70f5230e54bd0014e |
| SHA256 | 8fce160546dc0a1819f59eb73027af01a16b9be5f1cf07f9298583602c380355 |
| SHA512 | 99e3cd8450bfbeb7b373055eb17ea957b8dc50390ff8b1d4e15748750c98a33cc7b423387dd59f3586bfc41b03817796ebdec7ee27608c8aa398e54f58f262fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 8effe7c7b543a25cca735e24fc59e4c9 |
| SHA1 | 1118860b46c06bb2ef7201c3886c51b96802f989 |
| SHA256 | 62cb15c4265e09176c26b12c72ac20a0f9471f7823f3e91b8eafb068b7df3dec |
| SHA512 | 858a91563d6e192d5ac14acbea73d8e0a53cd2e840f6c249609f53a8d8cc6fe658adc477baebbf8f6efebba55d2d5aaa74f8f5557e0dd79af6a7ca4fa3600f79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ddad82fd111319d4327858f706c5701 |
| SHA1 | 93fc74f7545fcb6cf342b5d27e266a560534a7e1 |
| SHA256 | 6d865e3dbba8bc564c1c951c89f421dc9658f47172e02d1bf309e0a50fdf1375 |
| SHA512 | e3648e15122605174391c458304a21698f39fbfb559db5a7c6a2163b9a58c15e711174f8a31bb84a4815f839cf68d3cfd3b631b346cfc8f7eca5a8120dc8b961 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a022ccd7449ff422a45b654f7d6d8e9 |
| SHA1 | 285e8e43432dc9029999638f532abf54da50baaa |
| SHA256 | 73c8a681692feacd39b228548a9978cc96fc0ab3cda530a2675ded46e70241ce |
| SHA512 | e41afaa5f61f345229d2f9c3a2fbf9f1e3a183533a7ade7011ded3ffe391486d6eb92f611ec0a689920d18257b847b42f3e178808197a5c46479d078ab7991d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45fd9b2472bf7f4b07e953f276bde50c |
| SHA1 | 768655c79fcbe2e675072149bf838e1d90f9f9ce |
| SHA256 | 61f3e54611bc0602e9a9790f76e2a2fd68cce0f3fc18eef2e8e515287ba8d2ad |
| SHA512 | f2a6075084644225db2ab16a7743f4d786aeba0b2ecf92ad1132a2ec198c3a1df00f3bd247d0ce551c788eeceb3301c638affdd617d1436b9bb07e61fa6e8d94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea2095e7e89f6919bbfb13c3de23f63b |
| SHA1 | d1af4b2b90524baf8c806100e3757c85ec55f29e |
| SHA256 | c1a9fcc074c880782cce217caa7a28fcbf028271fd110980140acfa21c2c2d69 |
| SHA512 | dc07bcb564be65167c6b9a55aba08ceeccfe177b76179745101004ad739d983be8c1f599b73451310be8ba6235f0f1f1cb09b25d8d985b71d2a6450dacadd30c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee1f293a39f6b34655efffd9803cc389 |
| SHA1 | f272c364460a8ab03bc9036a52a4dca5b037fcbc |
| SHA256 | 46f98bf04302c8213561d7d95a5da7efdcefc5d7c2fca98d7c5f224219880963 |
| SHA512 | 58e91bc8de2c1d1a5a952b30513ec103caa7272bcbc2ccbff102ca8afd751d86c025c69cd0d7b5caaff00f2d6adf47387a5b6b9f573243a91fb65dc1dfd50373 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 916a3a2e9be7b3416cd2fa8f1d4cfa38 |
| SHA1 | 08262e18b64cde466005b394046dd58ac5828d40 |
| SHA256 | 0be3cee46efe150c8d49583a4b1ce43335c0b41695ab09729ecc04b5168fd29f |
| SHA512 | b8f045f487b5ed072974a7d0a2dfdb9872ae0769397e02f0fe7270d5dea1a592664f700eed2e263c8f6af2e59fa9700a2dd16833039e3329082c96bfc0dc5fb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1238092b8470cec0164d73b049f7831 |
| SHA1 | 52ca8fc2d1bbc01b1af805d5627b02bbbd00a384 |
| SHA256 | e16ca3d6e92b4e8beec1d8664d52c59633faf001da406197a3c2419dfc730517 |
| SHA512 | 93e16022ee09a6ac82daf1bc37184d36de073138a8eada821c5925f436030d61a747ec59ae9b8e3ca27dcf41350425d79f8957c82b3d4d2ca16ef5685028d60f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c21dbecb57d2a3dd7ab5d47df5c77285 |
| SHA1 | 6a81577f220f380b7ce2a317d2e3de9f53876117 |
| SHA256 | 373e7bcd07b7c785c6e544ee31d3a49eb512422bca88438bfc802ebf365fa51a |
| SHA512 | 0a4ce88a16337c3fd722fd0aff0ad5b8f84c31162e800afe9ae283c641b122770effd7471343ae72b3dd0b196e91d7d311c2338da2760af2551c5323b3ec718d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e7ea27d4cbdfcdfd61a4b03e4cd261d |
| SHA1 | e715b6fdaa559dfe2d379f3696b95956add7946f |
| SHA256 | 37f7067bd9ac6afed2e5f60e07a1a210133fb0eb6c84496e2e4d16f524be17f5 |
| SHA512 | ec545f4c630aa3bb280a0a20a29e1471f53078c68031e47b653fd8893c6851de6eee88f751cce7bbd4251fd7cea82eea423889bb803762841da8fdf4549cfc34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af917601707fb4cd9474d13fc6e0a0fb |
| SHA1 | e381598c7d7ca7b5cd9902cc8cb2f506c15d8803 |
| SHA256 | d931edd18647eff6dbc4aaf5e6b4b1477bfc0d6880c592a85524d49bfd10003d |
| SHA512 | aa760e21cd0ca6ee981230dd186fcb8fb137b658d280458b31f2f8ac34aeb893c085f7f79325b657255aba9fa8132615562e37fd145715f5b7df646dd0058916 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01d6922bbf76d9a068daa14d10027603 |
| SHA1 | d4f52098c9d9c8225876b4ff2cff6eb0f15a826f |
| SHA256 | ff5a1bc7b93558b61eea97ae3260d6f91daf9d2dfe9c263711610b41d0cd9a1a |
| SHA512 | 9cfc8dcc3ca48a438c344a0d5d7ac9c8421ec9931df9839f2e759d3f4a1e663f1a7021ff7794022c72069ba18140af11f8af3a62d88e6ca0d8b504d1dc2df46c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee44e6f7815bdcdb23338f98ff162e19 |
| SHA1 | d6f9bc16a24492efbd4d390499c805fe0041b9f8 |
| SHA256 | 2d0f635230b41e2802f0250d2bc7fc93dd801f6d86f38719f541066e44babce7 |
| SHA512 | 4f11d6e1223d5e8915898af63f593373e75b8f16b659939684b88cca0e83ec17d66ba423c4b1716442121c9a9a798da609bab573f0c3896caae82e90678298c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d26ae6385f017a97f869bf5509da6544 |
| SHA1 | 469376fc69b441074288b4767a47b623949bd247 |
| SHA256 | 33bc3b71294f75d9d3fbd417982fc98a2015a08118be6ab4ce8a01ef49b209b6 |
| SHA512 | 24cad8939740e36fb731e96425818e13bb7fa2d94ba51b8a67f9b9ec568fba0755f8e0dff9d4591876e6a03cad5906a928694ac19d41beed605ac11ae0127111 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bbb0c248312da1c8d2be18424721a8c0 |
| SHA1 | fc7188756a63f578edae799d936de7ec107653ce |
| SHA256 | eb96d958f6808b0762ce85a4ec900b6aa653c3efabd6fc19afcfa7afef06449d |
| SHA512 | fc8d1eff27f74e8a00b8638c98b35ad24f734f105f98f164623e5c9cdc05a8c205b3fc6e306168d59f14eee31f0f004b9f626f26f6522aef827b3e1ff3f084b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 6b74628ac08ed69fee9a822a660c0822 |
| SHA1 | 609920eb9425d60ee4e642616f08c90a84d0089e |
| SHA256 | aa8039ea981ae0c5808ad95f599ea53b42a52a1289102700690a04be0f472728 |
| SHA512 | a2fe961f1709cc076db2f560ae1e1ddd0e8bac8bc9fe8306a12e86bc7ed1dccd41a614d4ea656e35f51c9e0bfffa532bd5b4095ab4a7b710d4c2d702facbfb3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20070b741ece3ade12a70b86bfd7ae80 |
| SHA1 | fb3fec7036303c2b0e089a7bd65daad36a9c6152 |
| SHA256 | 38d11ed6114c8109f59915d0a7dfd29f84e2a0baa1f125d493b36dcbd575c398 |
| SHA512 | c241611dff60eb676e401e8e348d9a03a954cbac332de306b5cef8f1334a9221c79394aa1785ac5548b08f11ab369bb5116d6f52d70f5c86e701db49ed58d1ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d1611fb0f005466ff42bfbb80bd4ca4 |
| SHA1 | 7f432a4547cabcade382e93200e559fec326b862 |
| SHA256 | 9af69d00e0ca1b6b8791db00df70ad0fdfd33fb45f5a5c7d89d57271dc527094 |
| SHA512 | 35f389192c2693caa8d14336e01839578f0d0f4f49461331671b52afc0daa6109721002a25c196e851c501c3e6fddd2fe423227c2e4ddc66730757304030e055 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6754e20f8d3163b526439f07351bdc88 |
| SHA1 | 358aec91e8f5426116bae4f70964f8780bf4e13b |
| SHA256 | eb6393c67e1389644f5208d44814641ef6b05516a9697da3bdca01d8a30708ef |
| SHA512 | 085cb558c4442336876b9b04e5283c6584e4b86f56ebc5c32daa221a80a8b92a716ff1a55adaccab8e31fef211908f086e6a10ea5dbc350aee99c28c2afcf426 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 935fb38e4a2a53a90a7e9caea411e2a1 |
| SHA1 | 39514eb95fef3c3b2dfb6fef44ab0b76b84f8a01 |
| SHA256 | a2797b37d85e8b29d4a77926ca8a15d4fceae60d1b7c2776dc9f7e3493d36387 |
| SHA512 | 33aedb27941c584b16e5c9ed57d7275b263a9f9a93d7a3f864b9e3be2fec0cff33de5b2bb83872cf7f9350de8ba977a0793a6dbfc1d89d478c4776aefdc3e6fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 61fa74d2fe5909d9c7026dfe627c3c85 |
| SHA1 | e01d56eeca4ff7d0c27f4c9367de37da09255089 |
| SHA256 | 11ec050a37ba203e302cfcf4214cabc5434639f17653932dd72cd43a16c31321 |
| SHA512 | aa20ea18a12ebe423d1f68fe15a5efbcefd9204a5881a5bc2cbefd3b2dd9acd5cf3c35a83c917bf7827ef0d203decf41d030b15e8e2c68820dae187e036ccda8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83e14c7fc80e7483da6beeb662d0c8f0 |
| SHA1 | fe0d0e89b084ed86fa6a8e68126928b1dbb17ffb |
| SHA256 | 1a2c84e0a10173e78da5457318cd774af6d516d264e11cdadfd0a73679c64143 |
| SHA512 | 0f9a9fa1b60ac3c1f27cae37166fc841747ae399245227604e1e23f906535d03b93f4e53fff69549f4567492ba7452e597184072584adf2de9844a9c4b5fa401 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 397630fb63605fc16948a950fd76ba18 |
| SHA1 | 840c11528ce5ea4eaae83b2a191578a7ec4c2600 |
| SHA256 | 7235f27836436b77e9fa2f851c837b6f4af5b0ff143f2c3115e9aa1a4f99ec5e |
| SHA512 | 45306a51c578817ab6361da3f2bd957ad20a8ed28ebe3ced7664b7e623c6887bc086dacbd20bb4e25585f0a27b8b74a473ee81b8b8a01ca5197c420627bee83e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6106328272b8e46f289e68aed021ea39 |
| SHA1 | 050fa882b0e5a8ea0f0711dff6dd09397486a924 |
| SHA256 | d42ee961751a287e342996f2cf950fe18a25e55f31715967a6968796cc097410 |
| SHA512 | 61040b9874d4e239dd2063e4ca9904e245d7eb8b9781e4f969de50759cca2cfe8f3e4ff14e734b9d2a48f3a0e12b49d6516e9134b5df7071b8b9e8073159bc19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 575a2765a4426db235e24c72155322ef |
| SHA1 | 974d40721e06337aabb95d2c8491e1384eaa3437 |
| SHA256 | d071de7d28cb7d8cb98ea982adadde9e8237b7a9cef1fee4e258f49bbe35014b |
| SHA512 | fd0f258a4eab701dd0e6df3371f917a6de842676bb21012a1e90aa6f2467d4bfc6cba42def3ce945e216ad926ae6534e988afa732a4df2af9c78bff697c22181 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-01 12:19
Reported
2024-09-01 12:21
Platform
win10v2004-20240802-en
Max time kernel
135s
Max time network
125s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\ielowutil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90c5253369fcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31128681" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003d1c6f3067c0c84abb3839afa92ebb0f00000000020000000000106600000001000020000000989c723019f56c4d8b4d53cf178598db330eb916a173b9fd7c0089b46f957887000000000e8000000002000020000000824e314cdd36040ae7898bfb0e167ebb39b597e935624817770daf85084a13ea20000000be6780ff9c2dbde7729500dd51d2f15859589f9e61af8a34d7ae80d6b39a5e34400000009fa1d6cff2fd654cf1cc3749a33dc6b862e6a93d5915d6e8ca2db19390b7d684c67b40e19c836ef22bc3c3df40b4222be8aee40a981211bc1e9d2142a9b528ef | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1045773811" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1045773811" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{69F2DA85-685C-11EF-939B-562BAB028465} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31128681" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3784 wrote to memory of 4360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3784 wrote to memory of 4360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3784 wrote to memory of 4360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3784 wrote to memory of 4384 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3784 wrote to memory of 4384 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3784 wrote to memory of 4384 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe
"C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe"
C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3784 CREDAT:17410 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3784 CREDAT:82948 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| JP | 172.104.109.217:80 | 172.104.109.217 | tcp |
| JP | 172.104.109.217:80 | tcp | |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.109.104.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cloudways-static-content.s3.us-east-1.amazonaws.com | udp |
| US | 52.217.206.10:443 | cloudways-static-content.s3.us-east-1.amazonaws.com | tcp |
| US | 52.217.206.10:443 | cloudways-static-content.s3.us-east-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| NL | 18.239.62.218:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.206.217.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.15.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.41.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cloudways-static-content.s3.amazonaws.com | udp |
| US | 3.5.29.114:443 | cloudways-static-content.s3.amazonaws.com | tcp |
| US | 3.5.29.114:443 | cloudways-static-content.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 218.62.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.29.5.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| JP | 172.104.109.217:8080 | tcp | |
| JP | 172.104.109.217:8080 | tcp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |