Analysis Overview
SHA256
64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147eb
Threat Level: Likely benign
The file 64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147ebN was found to be: Likely benign.
Malicious Activity Summary
Unsigned PE
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 01:37
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 01:37
Reported
2024-11-10 01:40
Platform
win7-20240903-en
Max time kernel
96s
Max time network
96s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147ebN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437364554" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6A504DE1-9F04-11EF-972C-F245C6AC432F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147ebN.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2696 wrote to memory of 2672 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2696 wrote to memory of 2672 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2696 wrote to memory of 2672 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2696 wrote to memory of 2672 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Users\Admin\AppData\Local\Temp\64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147ebN.exe
"C:\Users\Admin\AppData\Local\Temp\64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147ebN.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab734F.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar73A1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 611caf6c8b33b7fc88f3164a61ef10df |
| SHA1 | d7f34ee3e58c7bc22646b15d0a489b91c940c865 |
| SHA256 | 869f2a113c69cc568cc969359f57994e85f2c590ad930bdae701982aec90149b |
| SHA512 | f99a64b600afcfbd3ac5f9a45f7f54d3f70d911bc7eee13d8a23f333104a5b2d147a5253e0fe34d1cdad4b11b2cf5335f73ab9724ca696532035f4674815eabf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0935e60d53e6622012dd9d9c64b7f19b |
| SHA1 | 6656bb63623e29dd59d5885542e9422bb04c3832 |
| SHA256 | d6974e77fcf6ce01f4bc437d510e055cc19d7d43e8b349885643b6d7018dc012 |
| SHA512 | 1c2b9f4bb410c9b3acf719995985895765e5d974f7a260650334c85caf5b3adc78de39440896b7e263f344ac00600b7144fd76039b50171e1061af2a1916e96d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adb713952da87917243ddcd73140d105 |
| SHA1 | fadfc9012d910dec89260698c1224d77b3c808e7 |
| SHA256 | fd711684d4f7474298ba7e7668036f3040763f9cfd5558335f96a6bde09f0fd4 |
| SHA512 | 373664fb999b3fef27d804b9ff68be4c1280f6c03041f8bb9a95f65b28731b0614a91be3e189e8633fce058a70b91c921cbb6533c43a7bb838951d4c7262cdd7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e51b6a2a8e14c7c05e7511f998fb645 |
| SHA1 | f0036691940be0957504fa39173837f5406e21f6 |
| SHA256 | 034018c0bcd093bf1d7d3c9914b0908958edef5e5b91c3667ede207ea9acf45f |
| SHA512 | 889dfede8039ff51ca9a664089a57c4027423d009f89785ed15a2e8f913e1c029b52e4801ded17b4984a5c910e7c687343661dab5de9f5ecddf9c442b0df9aec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f601c80686c17fb852ca0677c42b8929 |
| SHA1 | 9813eae9c72c0af54c5615f2665a38dc58468ee6 |
| SHA256 | 7806e2f621bbeda5cfde8b957c6cd9b8515d4a5694ecbee899fa8e4235425186 |
| SHA512 | 4fd101fa7145f44737b173e07ac8094a0079bb3f4086211a58ffb817af54f8b08b90a03c5de6e57648d7532196662c4bc5da27de472c6d497b668c500c9c34a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01ee153ed2dbb1c70d3f9a3dc5a7c609 |
| SHA1 | 29ff30b45e536ad52991a44a07b1e89846f10eb3 |
| SHA256 | 24435c9c000b763019755123d654a3c3a9b172fa2248a654d0a68a1181234f58 |
| SHA512 | 796d9b28bce112e997e20f18ae728f4906e28eeeec21849ff77cd4abb136690fb1cc0ab39653850dfaeade0faa0e53eddf17a674e835a4fbb52fbdc0507b4b1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce2b1e4479124dbb62c5e2b8906aa0d4 |
| SHA1 | 8235ec39345e02a5bad24cacae95ff27cca518ea |
| SHA256 | f103662bbd30f709c3d0701e0910a639457b6e78e8c7528b90352074922067c9 |
| SHA512 | c5a13c7b2e8d55547d8353713e41a7a1ef9a335b82fe571187be55ff125b54b626150ebe45c5e8c954571f087c36d7082cde817edaa637e7f5e0708e7dcb5864 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 644c930db6d910bd4ca827bd6450bfc3 |
| SHA1 | e3250d0efa29f56220ab607645a91ffd65d43d4b |
| SHA256 | 0a38a0616feba3b6362d484ccc8477e3c8a984af4553779a2776b517c5b595e8 |
| SHA512 | ff3cfbfbc6e79319f08d509844dee93c7d9fc72ffd0cafeec948e0861e69cb4d757ea0415464756bd91a5a1e8240ac265666d65a6c371a1e358ded4b608209f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d02b230c61834f28db54616143407ce |
| SHA1 | f67558e362d2e0d67ab1a29f29eff45eed9bac6f |
| SHA256 | 203c372015149504997121ebf2ceb775beda55932a90b8f02e6c46a3824fdb51 |
| SHA512 | a8e0599f290823877361e16e7d78d8e813db7f991c32b843014e918d42c173e54ce6575974548de9f0bfc31b324771516292e7ca25fef63cbd701bc80565f9ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a1e8ff1ab5e2260b81a2c715832ade2 |
| SHA1 | cff584ea02d966b245d36e668f82b943e18c852a |
| SHA256 | ffc4dd586a309fb933de5305ff91dcce5e0835d2eb493f177f0efb741d326fd2 |
| SHA512 | 849768b60601a1ee5e738567d2c14f2460764501a4ec03259d7ed9d9d461ac7db90c4726e18487316e156f4969b4e7dd08361569f3b93cc62656edfb4c8dbf52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ea7b5763167e5979eee0fce3f3957c7 |
| SHA1 | 1901c373215dcc3b777b50e88adbe41a1a1dd359 |
| SHA256 | 00a1ce11ae734acdce8ed2a4b19efa9d50e83ba96f4ede9616aeabe87331bc46 |
| SHA512 | bf9fa41668d3f1c2dcc484e1d5363b392af61478f19b444e73f9b4b8e308b80963ca14e23f4ed3650b208f21db335e1f90b36b2a82cbbf28e09b9c3b563cf441 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64fdc6bd3cdc57b4a5de6cc340e71a2a |
| SHA1 | 62617bed106c832486e8dbbbcebf5eeac7a13a4f |
| SHA256 | 12e3f559e5608956eccab6e38392ab1ab1961529d116cf892fc018d92d0e8d00 |
| SHA512 | 503b9b5a62a27b0bd967cb5ba069b83052872cd3b6d6fb8ac157c9239a69860645a214c4f100f86f4976df4d41970c407bd8417a993810d1a84869c1f1600e21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b7f8f945cfb186b62ee1e1bd19bfbf7 |
| SHA1 | 3f0d63c4f46848ed7baaec2b8546461de83c6d8e |
| SHA256 | 1baba4bf912e0e5dc7f6b9d99e9f3969a3f282f4c6052f14321457d22e3ee4b8 |
| SHA512 | 05a5f631d204e61cb8f4570d5edb69858c44ceadb1eeaf76dde1ef80149c14cb6aa1afa41d23d4d2b1bee51d9b898c664d66182555a1565ada12159e52a6332a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2939c79ca9fe1318ba224ddc6ad6243 |
| SHA1 | cda0ca616a21e29a2cb5803190f654602458c529 |
| SHA256 | 892c44233dbab440d17ff4effc5c89ddc0100f98d8cd21ea57d8aadd8710b7ac |
| SHA512 | d42f888162ba81f7f16d3e83d426c9ff34912a9f5bc2bd353e293fc3d182f6fe46eb51e0e2ceaeac2ca8980fd6adea24fc60014811b51aa0fbfeff77d831ddb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ca8094da636af9103a409262cf2ee10 |
| SHA1 | 417e1fd044e481af768cf014567b49403f97bc2d |
| SHA256 | f145426f64fd6e13a98d9845998babd1ce3922ebe67cd3a00dd82df20eff39a5 |
| SHA512 | a53794be12edfbabf8bc5b51ffb28c423e65ea33ea71ae2664b1001336c3aafe485ee574c28b66fce594ce2c0a3243b0878dad3101fbf3f4f1bee15a0c984fe0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a16abd00470734d4f3b6ec0d540fcb2 |
| SHA1 | 5dd92a2d722ceaf4d6fcdebff62e7eabb2b0804d |
| SHA256 | 1d743d6e9f642aafb88dabc4fdc88a0f408e66b3cc9b0c29fbb3f128b299c16d |
| SHA512 | cd99bc0353ab7283ee236f9c94e5e617c7c8c39434420c051f208045f91535851768039bd4c96ef1338b87a0fd3b478bd3b7489bbb6096f813deb257398b18e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5fe58727b575d8dd51d581ad3f3e6f8 |
| SHA1 | 103b12c9dfb0c908759755387fa3b6fa4c201d46 |
| SHA256 | a2ae086551416676f1013194dde4e916abe2ca479c3dd9ade6004ff60018792e |
| SHA512 | 669dae3b9d8e8d97f0bc4a45969cdf09cdf95a05135e433b40bf128cb8de68b857d67ab66a3631747690fe99c77e6f3af4b321a85c989a8f5a7b0cbac3fa62e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec67032ea0c3e13c52030c0f49ad11f8 |
| SHA1 | d5867914d65139927819f57cb969bcf47f39ca7d |
| SHA256 | 3ae4a48f50a29a56e77fa897826b96b8d1ac4067d83bee43e248d4ba5554b680 |
| SHA512 | 36e0b2f190493fe3b1087eea0c4e27c6fcf43ff2c629f4c22bcce3b46e2903564a74230f5d571064a0c544bb7636b6e2e67c67d565cb114ec258ab4b7dfb3022 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac0b9e2fe954b323502b7054eb72d06e |
| SHA1 | 0165f97db515d56c63f3ab6d7ab5945da83c547c |
| SHA256 | 540716cb9473977010f9b5fe867db222183d118dc1bc8228b905f6030b049c0b |
| SHA512 | 0b21df0c38344c186020f2e2ac5107c9af0f5317acd497cc0a2cce60e9064cb29dba625fd7666069bd97e310200ef6e61c2427b69f1ff2e6aebe65eb62318325 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 01:37
Reported
2024-11-10 01:40
Platform
win10v2004-20241007-en
Max time kernel
95s
Max time network
97s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147ebN.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147ebN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147ebN.exe
"C:\Users\Admin\AppData\Local\Temp\64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147ebN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |