ce826c68b96206b9b3380b7016960596087c6dca10acf3ef5673100836efc332

Analysis

max time kernel
141s
max time network
148s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 05:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

InnovationAdoption.exe
Size

5.1MB
MD5

58f62fa7b769cf46ebb45b0371ac70c8
SHA1

62cca1e9d286f5254b2783972b8d1602ed5729b4
SHA256

90caa25d237b6bffaf3704bac2d652a6829d784fb8663b406b71d84a33e1f58e
SHA512

8abcc963484249053d507d10c06eeaac96d003f3f8522cb2795e8c30bc1be2d5c9b6fa9b7a92bfd61eb97b678de55795007b7b746b052a2442e7b566d20077ea
SSDEEP

98304:NUQuKfHrXijxsiH10+gvI4hbqTyDOSxdp+mgulfa2FMIRavQzZi:NmKfLSj2q0PvIWbrLxdp+mgulfa2FMIe

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InnovationAdoption.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50e01fdd651cdb01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007ef43a12589e3c488647be19cb140bf300000000020000000000106600000001000020000000f6952f61bd3e0d48b7267b8b0975614a5717088a88b593937f403fabe0d21c88000000000e80000000020000200000006fc290287a58f6d644962ebe5f52529136386996225fb19fc79137c18a979bd290000000fa866309d434204585b1f2c1efa9a9994fb0cf9826dea813c1d15620dbc2d9faa3497cdc105592b67c3815a2a9448fc13127a3dc8ab64fb0186f0841368d530e26280855e12475927d3b0560a759e7e4273159c3ee1792c6d13ba7ff25eb8d0632906d0744d1129f00a2a9bfccef95ffa8d8e3ecdf24c2ae1840a1d5cd7d1bd527cd872410597cde8ec2270815a39e8c400000008284cbbe2058259d7a969c99ad852f8edd61ea7b7e782348bfc025d3cb2adee5b68f80221c330263822e831a518ebe65a3eb4bb54e505c3f21c90fe4d6261953	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434872012"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007ef43a12589e3c488647be19cb140bf300000000020000000000106600000001000020000000f690aabf45bc2fbe9b0385b751ac7988f504db8f6813ca00ef022203c48d8008000000000e800000000200002000000090e140acb886e4eab71fdbc1e374f1a9d1ae4405aa9f5a46d7f1cbcfe8b5b7f620000000320230557ed8bec4948449ed3299298abe4ffc70c99dcaaa96e0cacc5447c3b1400000007fb82225b0549e31d677e6d3640e172e41dab0e932f9f0b0678e53354b6cf8a8d8291bf3b441e90f2e06834848a2edb31156a31895785e5ebacb9dbd95f7028a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0871A091-8859-11EF-B557-C20DC8CB8E9E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\Version\ = "1.2"	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDC217C7-ED16-11CD-956C-0000C04E4C0A}	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDC217C7-ED16-11CD-956C-0000C04E4C0A}\ = "DSSTabCtlEvents"	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\TypeLib\ = "{F9043C88-F6F2-101A-A3C9-08002B2F49FB}"	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\HELPDIR	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\MiscStatus\1	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}\InprocServer32	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9A5593C-CAB0-11D1-8C0B-0000F8754DA1}\ProxyStubClsid32	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9A5593C-CAB0-11D1-8C0B-0000F8754DA1}\TypeLib\ = "{3B7C8863-D78F-101B-B9B5-04021C009402}"	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TabDlg.SSTab.1\ = "Microsoft Tabbed Dialog Control 6.0 (SP6)"	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A4FCCB0-DFF1-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib\ = "{3B7C8863-D78F-101B-B9B5-04021C009402}"	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9A5593C-CAB0-11D1-8C0B-0000F8754DA1}	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3B7C8862-D78F-101B-B9B5-04021C009402}	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TabDlg.SSTab\CLSID	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\TypeLib\ = "{F9043C88-F6F2-101A-A3C9-08002B2F49FB}"	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TabDlg.SSTab\CurVer	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib\ = "{BDC217C8-ED16-11CD-956C-0000C04E4C0A}"	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\ProxyStubClsid32	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9A5593C-CAB0-11D1-8C0B-0000F8754DA1}\TypeLib	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib\Version = "1.2"	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus\1	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid32	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\VersionIndependentProgID	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32\ThreadingModel = "Apartment"	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\VersionIndependentProgID	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A4FCCB0-DFF1-11CF-8E74-00A0C90F26F8}\TypeLib	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BDC217C7-ED16-11CD-956C-0000C04E4C0A}\TypeLib	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\RICHTX32.OCX"	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3B7C8863-D78F-101B-B9B5-04021C009402}\1.2\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\RICHTX32.OCX"	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog.1\ = "Microsoft Common Dialog Control, version 6.0 (SP6)"	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\MiscStatus\ = "0"	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib\ = "{BDC217C8-ED16-11CD-956C-0000C04E4C0A}"	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\ToolboxBitmap32	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3B7C8862-D78F-101B-B9B5-04021C009402}\TypeLib	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Version	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}\ = "RichText Apppearance Property Page Object"	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9A5593C-CAB0-11D1-8C0B-0000F8754DA1}\ProxyStubClsid32	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\COMDLG32.OCX"	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ED117630-4090-11CF-8981-00AA00688B10}\TypeLib	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32\ThreadingModel = "Apartment"	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib\Version = "1.2"	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ = "ICommonDialogEvents"	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\ = "SSTabCtl General Property Page Object"	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{859321D0-3FD1-11CF-8981-00AA00688B10}\TypeLib\Version = "1.2"	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\COMDLG32.OCX"	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid32	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3B7C8863-D78F-101B-B9B5-04021C009402}\1.2\HELPDIR\	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{ED117630-4090-11CF-8981-00AA00688B10}\ProxyStubClsid32	InnovationAdoption.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ED117630-4090-11CF-8981-00AA00688B10}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	InnovationAdoption.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus	InnovationAdoption.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2896	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3044	InnovationAdoption.exe
3044	InnovationAdoption.exe
2896	iexplore.exe
2896	iexplore.exe
2648	IEXPLORE.EXE
2648	IEXPLORE.EXE
2648	IEXPLORE.EXE
2648	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2648	2896	iexplore.exe	31
PID 2896 wrote to memory of 2648	2896	iexplore.exe	31
PID 2896 wrote to memory of 2648	2896	iexplore.exe	31
PID 2896 wrote to memory of 2648	2896	iexplore.exe	31
PID 2896 wrote to memory of 2648	2896	iexplore.exe	31
PID 2896 wrote to memory of 2648	2896	iexplore.exe	31
PID 2896 wrote to memory of 2648	2896	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\InnovationAdoption.exe
"C:\Users\Admin\AppData\Local\Temp\InnovationAdoption.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2896 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0cf64f777cd519991820f8e2570e7120

SHA1
7c9dd729e1e16357a4027f6651deae42650559fa

SHA256
3478571fd3b3686d18ca6fc0f842ef74389746877ad779b8272b529e459a69a6

SHA512
4e1159f33aad6e8a2f643b151ab2d8db0125c2ca1d18d1fbdf0df36769de6e7ddbe449a21b1b7e53ea908041be532aca51a91b1347b96a4fed8e8acc34c16832

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18cf32d8ee2eb7422ed3cba6a99ec1d3

SHA1
756a1f51b556f30b55620b2bd61d09dfe0ad559e

SHA256
ab2ea207e6d0a23af4623556970b312056f2b04f8f304534221f4ea44d4ab4e8

SHA512
3b99b77f47daae8911cd3645125f217c12aace79a77bca46c7da1084d8bf56b255d8c1fcf9fb14bc3ad41705ffc85b2bc9d3f5c0cb90b408ec39dfbe188f8a8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f3da6e478695f1d1daa25082edf0ed3

SHA1
03c897d0968def9d07efbc6d50f657dedcdca6fe

SHA256
68c72ab962dcb06448e7eb629479250ce9157301516f6d5fafa545d0d1b3e23a

SHA512
1b4a2fe062351211a498bbe49637e64f70e9a27f0945ef95ceedba8241ca3f7e32d500435ac2a21dd2adcebd52d44e433782aa5db64e1801f8aae685f1b4be4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23544b3807c29e3464f244542afe4f36

SHA1
7679432bb0c05bf9658f6b23b33368f2f1204056

SHA256
070a7b262e4c709ef62dfddc584636ba9cb2304957a3417b8b9a0b38b4e60edd

SHA512
72670bdb835c9118311b609020e3775c37d85d358e6bd9256a62b91aff0a6e75cb71362bbb1d92204c16f66c1df374adefab633480372822273f3e83214b5ec8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85fe7cbcb1dd80f9111090d894a91810

SHA1
e4badd8cbbb373fe4befc7a95ae3a0480a1d1db0

SHA256
43f2459373c1a8c72224cdb0e38e3ffcd401b9b5dbb4e021cf4491a2cd194de3

SHA512
9c7114e516044752b1c68dea602352ac01339d61e4fb850218c41356a55e857ecbf462f5d645a5993814bf8a5c9190382c2c6525ee4837113e98c9819740fbc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
deef0da61589368391edbb81c246ade1

SHA1
f2fa7d74fa50a8844216df731fe1e39efb1a36b7

SHA256
06844ec23ba05c8d61ff89ec08d93705a7b9d01eede400e6cc533c599f07f670

SHA512
cb22cc9d85a09fdacacbc4ab36533333bed9764eaf780308e771d23041b5e4119b34354af1765e1bc7971eeebae10b122825aa2e83a49db6af9db0e6d7a370fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db47ff10290748b3d92d0818966855eb

SHA1
b1d8fad50c38080166d3c6bd229ca36d5522140d

SHA256
921f38beeb0142b7e70de6bcedc156c3d66f1f292cab96ad7e62172c5b3c5608

SHA512
662e223720f1163527872122a798dd09e4b7dd4c7f9a9e3a514ee3e2d14baa4cf087e922c5cedb7a34adc3cc44bf12a54d1a895d1cd61ecbe3b7544e2cabd792

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6f085067f803ed346f59491d1ba93b5

SHA1
a3b11e3e541449f01dadd4ae2c744fb9983c084a

SHA256
97f8ccdaa27b19a1832d57d28f316d23ca275e2782c09e2eb0b607391a69c14f

SHA512
b2427fa21a1e684ad499f0f7d2055be21179d696184e07baa5811ed6ae5714e30dbff2c2b9dbf6de1a7d5bceccca94b42144ce233565012af5eaca53a0c4750a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75eb89b34d0dac9eb1aded8d34b80725

SHA1
75df29a51fa1792d9cab4c6bd0f80d5186eeaee3

SHA256
70ce5a3f72349d5c5a7652ade5abc77e4ccc55b857bfff38100a281e7edc2ac3

SHA512
a99317e796fe88f844d0f3af435839f47a96beba2b7114af11ed354adeaa222e617b24ddc9ebfb680275b851961049f416875ab6015b3eb9204af78148a99270

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c5343305bab480f80cadca4ae174ee2

SHA1
931ab352867aaa9a9c8aeaa773eccbd889eadab3

SHA256
d313d59d4bfd6f190c4bde2941640d691158cfccf55ab8a23d776279889a6293

SHA512
8692f20ddcffce88077e6a0737152476a4489b99c9b8bd8d45e591f0ef6c67b4a4cc8fd895389059f613d513cb3ceaf2751922ceef7ffaaabd2d098517a74d75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e667ac0c307a49a984aab3f894fa8eae

SHA1
dc9732c8957f205ce7a8e926149a9182d1fd0661

SHA256
227e26fa0e24d69b2548bd1c3de187bba82248f8b58c107601b61b6bb3beda72

SHA512
152dee8266cda89f3f55cabd502c0e66075ac345966855d3124832db3ab32ca6aad72f1b917a0feb3ab3dcd2398437fe9decb74cf53e526a63e4883fa02f38a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6fee5cda7c3b375900572d8ba6f7472

SHA1
9a26eed006e3bfc856c57d82b260358dc309b1f2

SHA256
d40f5e407c031ac0acfd87a10a3e0b244cd3121036cf74f4757c2222fdca653d

SHA512
88a2c96d12955566de7c63c7fb87125f172f6c35cffe33ef4765aab133338d3ead541d8ed85e71e38d7097565f33c817967453f2e3393c96632a70d4f63d160b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
646d7920e813a1783451ea7c817bb46e

SHA1
2dfc1e16ade2eb3c3a3dff7bf418865c35046067

SHA256
613a842ac39c852dcd240fcc45bc7901bb4582770384ec3fb601e42257deb229

SHA512
60714014523fcfeb48e0de48acdc081b8a86337caf5cec9403f266d3104e189f0c24e31e5a43cbcf6eace65fe19340764edbb5b8ddc421a707d28b7fdb724b44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b8ac6253989f9d7bbaf024b7e533576

SHA1
f7bedefb82788c6b0798af8274fc92a381cf2d5d

SHA256
f1936b2f9a7f36d749923d2294d3cecf2a0df1dd6b700f07f2e3051a809bbaee

SHA512
4ba10e6538f1b22c752fad9709e216ac30094faf2e2bf3b2fd53e5eed8d4a6b96952b8626b00a3ff578e19b88d88d0feb8fcd59251cf2c3f073ac236e68a8457

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55c796a3f68e485725fdbec281f935e4

SHA1
554b2e45d4bff2f25b465486fbc2b12808094e5a

SHA256
fb5768a81b16669f60c977914c1a02834d345867c01e9a9b04fde5c02aa862ff

SHA512
f28e4dbbd7aed406ca16317c8c97f52e07ed5fbe0059357eb33ac2f2e6840ee3b0da03d13472fcae45490f158faaf158634f43279cb8429f02dc71a238cabb13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db884df2ba140035490a0d6f48a68af9

SHA1
f507054000b2ae013e3b4897f3506973304161a2

SHA256
74efab08c4dfa80a2fe091996d1d3fc03ff8c8482d92c0716eddf40609223879

SHA512
192461df102c095be3e2ba1cd25b65c2ece354479de930ee2c20aa3b3b61c884276f1343b30ad15ae269f13103e92c5a56b723bc437730bf55a830e0130f7b8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4492cf36180989e4a6b848a4aef3261

SHA1
bb6bd82e41838588d233f62c5ce7c4be907c52e9

SHA256
08b1a3852a38a16cf96a43a651063277411ecb5ae51cdc26daa766affb08ccb1

SHA512
a5d4396ce63d88e908ab61cab90892b4f744c4398f21661f6ef3b2dee455885531a29576e6d24452cf95100ab4ab08955856fb0d104b8d4826f3041e817b7a10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99b215fc0fa3749802241d0276d96d85

SHA1
f0405a52ea7a32b2a92d36ee585e32a501a28e6d

SHA256
c293c4620402fb5120aba2ccff6aa047fc08e3f76c7553eb3bc4ff28f684f811

SHA512
3718ce9a1a0bce56a3c65d9be8da4f24117daca9e2c6c747ba08afbc9fce358e340f9edbfa45d5446e56b9a8fdde6b1c8bf201b220a4839212e90915a35f8f46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9d63d18954d8395b91371281922084b

SHA1
82e98f3d4bc28670fa0346aca6d2d045e9ee52f2

SHA256
1f7daa4317b5bc0a0f03627ba9b301df556c11a7f536b0c89d5a09d8dd6ebe1f

SHA512
bb939a5fba121e2b05c769d7d323b1cca02fc2f756d2a04f5a0ed5d5d71f6faab4907699c52834f2ad0f24cc65ec35cd4ab81677220517730ba3156c04e16dc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab69BE.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6A5D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/3044-3-0x0000000003D70000-0x0000000003D72000-memory.dmp

Filesize
8KB

Download