Malware Analysis Report

2025-08-11 02:52

Sample ID 230913-2l99lafc9v
Target feed
SHA256 28b777e7ed5b8c789d3396bb5c0340641558bccf2a9ea352863a1835c5ef27d1
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

28b777e7ed5b8c789d3396bb5c0340641558bccf2a9ea352863a1835c5ef27d1

Threat Level: No (potentially) malicious behavior was detected

The file feed was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-09-13 22:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-09-13 22:41

Reported

2023-09-13 22:49

Platform

win7-20230831-en

Max time kernel

363s

Max time network

366s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\feed.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007832999c35766c4bae1b34334b3bf81200000000020000000000106600000001000020000000f1ca3615bb3c1ceb42db7d5cd6392aa5a9f71754ba81b12a6efce3dcdba6d849000000000e8000000002000020000000d0ab0bcb6f40f41232110547bb24778d6deec3bba4d96b78a9bbc4894f30cdf7900000009a0d2797ef3313a8f6c1f7ad2558fa346f14b49c19c94aae922a71cd776e09248a6e69f3a9d4d43a83d7c20378d7cacec941c1c18f7747ae546f7f96c5c3018592bacb5440cd03c63696ce01777ae36894ba8fe303c4e8a1302769f89dc7a6044db2c5519d1ff90fc848e3a2bf848e7757b2d22642bec8c4d400f8e14225ef6e3d37b3a73e5b6eb8ce980a9aa434cb3c4000000059489fe38a7e50f0d3272af17df20a52e3a8c778e52e7b26b70da2ca9d3a836edea981277e3a8ef0035b1e65b5401fb4be0776c19f4507f0800db5a744383a54 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007832999c35766c4bae1b34334b3bf81200000000020000000000106600000001000020000000b343235d0d2429bf8beccef5ef0782e6fe9f7fe7a23d0c770bd641e30cd10aef000000000e80000000020000200000009cb6d27b42a435153536b0d9bd5fdb7b1715d80026b82e533db532dc05669c1320000000fb8734b4486648971ad7ab2f96e420ab7c1aafa9311d980d29788bf27cd44ce1400000002d5ce092407dbac344ba7d370957ea960f51730c1c875e3dd1c0b91b02425a99404d56dbc512018b4b812f5cfd04e64df258e52fd7c93180fff07a9b9b517a38 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5085068893e6d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B2BB1361-5286-11EE-934E-DE7401637261} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "400806768" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\feed.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabDA59.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarDC51.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06eb5abdb8188b1fffa0fbcf12f30588
SHA1 f908a1f8821e8f545c245498922a5168a396253a
SHA256 512df0068af88cb5b9763b329f2e1468819b0ed48a100cefad4edf08117a1021
SHA512 56a7648714d4d60ea2f8c0e28a212118be7de372baf2e146f50ae1e03677506614b755c296c125c017f55bdf7c98c3fb440547d137951bb2330e2f7779bea33d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e25aff74948eb26867efb74b3092736
SHA1 a4384fde6b5d291f103b82dee0cef6407224c3ec
SHA256 307d75190844af75cda7a313244b15ab56a32b5f8b49d9138483c9355237d793
SHA512 0bde5c06b6f7f26f4cdf10faa575fe278e9a045bf6f3a244854aee17385e922bfc6ed9bf3541595499d86052e64bfe7f6694ad374d26f72a80c408ba8209897e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccd3de82c893c2a7c077d4c0abce3b88
SHA1 ad76a90de232038ce7ceba2495d43fbb5843b598
SHA256 b2be8cb67cbdf998e42378f5c484fd651cb4db3b457f91609f912ac84eeee713
SHA512 42c084313fc3f04eb3d5c52139529d03ef1933a07af40c0d1872ea783c888f8723f2adcc240d9bc317222f940afdca67702ab4a7fa3e804e89815d9c48a6d4d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d5a3bc3ccb29d88e0a8cd8d31cdd50a
SHA1 e4e35b33cba9edc8483b23939356eeb90bca3298
SHA256 b8132803545320210db86437a95ccf1a3cabcc4256137b6528773dd68504f5c1
SHA512 31114958f18ec7067a5feea8cdcf8932a9f5d5568f8b73f00cfad3f6b156070904c023eab1a8a3f912a573b9d3927d60caf28ffee8b330c5aad575a2be3d45a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62a4acbc8aff6a962d1f5b57d1f56621
SHA1 aec2a6dd1140b59e4b0413f4e53b0ec9fcb011ef
SHA256 f5797fde154abe15a5c37ae88b592ab19c8bb7bca3935ae085c90e2e601952a3
SHA512 ea14b5881ae0fc3c5e92c2a8bded88975035ad8047ca751bf4cde330af1601a27c0a20c76e887958715149b3411e2809dec5d396237a0e12ccec53d26a02f600

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d2f2777ae9a8848d719e4a640abe6be
SHA1 5a7dd7fed3beb777e2ab3161b6d42affad55c052
SHA256 60dc3acbe50a62a9ce964ebb6124ca7272efc4f6cec993b3769cff0784c15042
SHA512 cd68b0adcbdad89650f4bbfdbc52dd01e4d32ae2c54b8782bcb430e7204d128fcb6555fe09e607970d877f8d73a498219ea5b538e1e6c6f663d5c2abcee46296

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3c93005c7aee5aebc8a00e5acb38634
SHA1 5a63f592dff55ce8282887fb085d9a1469ce11e1
SHA256 30e6dc30349ca3bebd09cd78760aaeb98a8d3d64cf62d8a9f98d421c5ed5fe6d
SHA512 25234a1229b66cb94795b55e96bbe042196ba0cbc431de0f12842f77efbdae1268febc9c6a251776976161610dc7f6df1981625c47f224bf6224e78631522e91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b9c061dd11e358b5924c017f8980158
SHA1 5566e216c773c19cf78b44c44876556d75c83cb8
SHA256 5c231076f7345bfe2e8acc9ac747a57d83eea473e093243f9ceb2ed9326c85c4
SHA512 e2768c76eb956b13c59a4c40e06bc8d973af5e5a8d2ce6ca1abde0edb7ce093e08a90ecb8f46881a1c631d905f3255bc1bd25e02427742fd4feb74716b4ac692

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 402cb2db8f315d04f3a6c211dc064d91
SHA1 5a2e1497a06c52cdd1f0dbba92121e356a20a94e
SHA256 9b08eaa1ff5963a0edb38d28f3e1676c6d700dbf3315c4b7df94612b135a33ac
SHA512 64ad91c5ae173913ef566ed5028097e3e8b0a27700dafd6e011c289f34e9738d4fe0b89cb07783f4c4a531171a49d043fb9ccd6010f6b93a2fe197db63074a67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4f67ff97b45de336237d71966763965
SHA1 21c57cf4508b517e8c18ea776e65cc368588fccb
SHA256 6188924b24d8d54f03fc212679dfc77f2551ebd614100579e30a883df5bc9a9d
SHA512 382bde2fbbb8b7512565a1c9a4cb133c0d42c99fba49a4e3f6fec659a75f45e024b651b99fa43c35382defaf4215051f8cc01ccaaf659ec91dc7cc81b420e011

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c60db0fa3f5b709dd6a61bcd417cb0e
SHA1 cf614852e095fdf781cdd255745114f4bc75a5e5
SHA256 01313f50a4baf076866e12800d43ae21d70d73e6b63adb28a8cd381475f7c545
SHA512 d7b474ef299a89f5db9b31723be7d1368bfbacc7b210e346ab6421f74de5b3aa8a9fae39007fdf318d96b3d68f048bb00dd1ecfeb966aa9b25e57f4168c6288b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 387959670585fdb0ecf44a5ce78eeda3
SHA1 0ea390284c8ef71c1a1dde337c5925a0165512a1
SHA256 bbfb2e57b50782f6344b4f34421f5397b64f7d19b3360c163e6977d3540522a1
SHA512 1755026be43ddf0c526ab34165aa756a163a29c12c9f4f6e927647e359dc03094b85c398cf65c67a56dbc493c48d9f1912d836b5a0dc4f7ce457f56de80f3867

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01190d8b3fffd0afe740f622a7a77521
SHA1 bb6fa6cae5dadaaba642f25ac2e06f1819b39bcd
SHA256 0e23f10c4a90552369cb6930380b109a4ee6eac4dcb2f2164065ab940d8d0511
SHA512 9870fc2195170ae3b0ce4d9d132d6f1b7f8e6e3abf97e7834297008497afb9fa561d6979c0c92c7c92e9f920e8616c7e2aacbed299bcb3878265e2277f15d7f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0405c7750a8aff687684e40f722e95b4
SHA1 d497f4e334a41db9580251cde3cccaa3513e9b98
SHA256 340858b8c6ee2678b5aae3138b451e89d5a0383d07d7bdd0a95ca05e627272cf
SHA512 9e009edf4d5399e7dc3cf4800d3cedd0839645c59e6058d62f22587ed99886a162b6e8acc1d9709b35dac39a9090db26d9885d2e05cdfe89cc6d97722a40d05b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0eb2fd5a3f73ef0928adbc56d638ce7
SHA1 a66459171b8236959227f22a1a90a25217bfe7ab
SHA256 9fd0084b5ef7411a869c21ddca817574d6aeeed8bba745ce94045c3b42711d9d
SHA512 e805fa8b7fbf44e0e94e0960649e212b799ed80ee4dfb3b91beb1fc9efeed6d53d4a6cbc706c24665297e010d6b2ad2e91e5f37bf5b9b8d9b8d5af26bdaee79d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2555d9f87021e20fbd24e87b5225729
SHA1 9b7c1e23fe15e7f77dc4c74988aadfdf096a9855
SHA256 a49b70e6c70b1a31041273b111ce90406010830e4ef8b7531ef625c9e5338fb3
SHA512 cbc8a58f17c2678eabed58cf8fa0c5cc05ca1dca3c33475bdd4f22f70527a2d1c6c5f840d1b1bce3775a6f560eb8e9a09cabe72e67ec4744fef0839d7428b6a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94a63d7efffc868209a6b1ea92d64a7b
SHA1 e4ec6e641cb18864db293a3a57b9d1ad93d5a373
SHA256 f83383a4a2dc20448e2e794f7e4010e36acc02354b02d9e6ad029c4d29015710
SHA512 869772adb023cc40d00dd2f83d206abc680bc0ca2318530a575c5ebc250991af344ac3541d4c9becba284e509cd9fd84daf1578b34a744dc84001459e5df4855

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9aa29a54a801d7ecae0b991ace843fcf
SHA1 21fb3a2f16bb14885547934d88192dc43b328533
SHA256 5ab04710eba1dd687572d2bdcd47df68aeeb810397d6f929cafb02f673b1d875
SHA512 43256746d422032b48c2cd2ba7a1ec112a96f35e04ae0239752112e8aeced71489604fd15c9cd5bd5e79b18515b5ce2603d38949448d6c3c0d1a93efc37821c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05d545cc1f1e99a0c255eb0f546bde9a
SHA1 d2d7b157c4404761a558a586949c7366179b3315
SHA256 f20f0c1f7d180f2e00be6820415fcd0496379c66d132cff63fed367b40fd965a
SHA512 07ee56d56cedeb694efdee54b8e1c1474d54301a07314f068aaf51c3ddab30771dd514362ae452929113dc4e4f78a7ef2808503429bfdb2809504acdd395e544

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d77dffbf17eaacb02aa0632593cc7be9
SHA1 29f21688ef708264f00f817ba1ef3cf87f436dfb
SHA256 4dd1aca631dccbbc2b8cb56db7c1276c1c1c2bcd2516d4c37806f4f111414109
SHA512 a7da140544e0722b49f356cd16f26e0ea2a805f345fe9d137a4413fccf8b71fec7a7d975acb227ca13e5feae2eabc5de0a90662edcf742260362bbd60503dd9f

Analysis: behavioral2

Detonation Overview

Submitted

2023-09-13 22:41

Reported

2023-09-13 22:42

Platform

macos-20230831-en

Max time kernel

70s

Max time network

72s

Command Line

[/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature assessments enabled com.apple.message.signature2 devid enabled Message Gatekeeper state assessments enabled/devid enabled]

Signatures

N/A

Processes

/usr/bin/syslog

[/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature assessments enabled com.apple.message.signature2 devid enabled Message Gatekeeper state assessments enabled/devid enabled]

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/feed.html"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/feed.html"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/feed.html"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/feed.html]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/feed.html]

/bin/zsh

[/bin/zsh -c /Users/run/feed.html]

/bin/zsh

[/bin/zsh -c /Users/run/feed.html]

/Users/run/feed.html

[/Users/run/feed.html]

/Users/run/feed.html

[/Users/run/feed.html]

/bin/sh

[sh /Users/run/feed.html]

/bin/sh

[sh /Users/run/feed.html]

/bin/bash

[sh /Users/run/feed.html]

/bin/bash

[sh /Users/run/feed.html]

/sbin/mount_msdos

[/sbin/mount_msdos -o perm -o nobrowse /dev/disk1s1 /Volumes/firmwaresyncd.izH3qi]

/sbin/kextload

[/sbin/kextload /System/Library/Extensions/msdosfs.kext]

/usr/bin/rsync

[rsync --ignore-times --links --perms --recursive --times --delete-after --include=/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current --exclude=/Contents/Frameworks/Google Chrome Framework.framework/Versions/* --exclude=/Contents/Versions/* /tmp/KSInstallAction.vrCD0vwhm8/m/Google Chrome.app/ /Applications/Google Chrome.app]

/usr/bin/rsync

[rsync --ignore-times --links --perms --recursive --times --delete-after --include=/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current --exclude=/Contents/Frameworks/Google Chrome Framework.framework/Versions/* --exclude=/Contents/Versions/* /tmp/KSInstallAction.vrCD0vwhm8/m/Google Chrome.app/ /Applications/Google Chrome.app]

/bin/rm

[rm -f /Applications/Google Chrome.app/.want_full_installer]

/bin/rm

[rm -f /Applications/Google Chrome.app/.want_full_installer]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info CFBundleShortVersionString]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info CFBundleShortVersionString]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info KSVersion]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info KSVersion]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info KSUpdateURL]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info KSUpdateURL]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info KSChannelID]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info KSChannelID]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info CrProductDirName]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info CrProductDirName]

/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister

[/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -f /Applications/Google Chrome.app]

/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister

[/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -f /Applications/Google Chrome.app]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin

[ksadmin --register --productid com.google.Chrome --version 116.0.5845.110 --xcpath /Applications/Google Chrome.app --url https://tools.google.com/service/update2 --tag universal --tag-path /Applications/Google Chrome.app/Contents/Info.plist --tag-key KSChannelID --brand-path /Library/Google/Google Chrome Brand.plist --brand-key KSBrandID --version-path /Applications/Google Chrome.app/Contents/Info.plist --version-key KSVersion]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin

[ksadmin --register --productid com.google.Chrome --version 116.0.5845.110 --xcpath /Applications/Google Chrome.app --url https://tools.google.com/service/update2 --tag universal --tag-path /Applications/Google Chrome.app/Contents/Info.plist --tag-key KSChannelID --brand-path /Library/Google/Google Chrome Brand.plist --brand-key KSBrandID --version-path /Applications/Google Chrome.app/Contents/Info.plist --version-key KSVersion]

/bin/ps

[ps -ewwo comm=]

/bin/ps

[ps -ewwo comm=]

/usr/bin/grep

[grep -Fqx /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/]

/usr/bin/grep

[grep -Fqx /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/]

/usr/bin/cut

[cut -c 1-108]

/usr/bin/cut

[cut -c 1-108]

/usr/sbin/lsof

[lsof /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/Google Chrome Framework]

/usr/sbin/lsof

[lsof /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/Google Chrome Framework]

/bin/rm

[rm -rf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69]

/bin/rm

[rm -rf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69]

/usr/sbin/chown

[chown -Rh root:wheel /Applications/Google Chrome.app]

/usr/sbin/chown

[chown -Rh root:wheel /Applications/Google Chrome.app]

/bin/chmod

[chmod -R a+rX,u+w,go-w /Applications/Google Chrome.app]

/bin/chmod

[chmod -R a+rX,u+w,go-w /Applications/Google Chrome.app]

/usr/bin/find

[find /Applications/Google Chrome.app -type l -exec chmod -h a+rX,u+w,go-w {} +]

/usr/bin/find

[find /Applications/Google Chrome.app -type l -exec chmod -h a+rX,u+w,go-w {} +]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/chmod

[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/chmod

[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]

/bin/chmod

[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]

/bin/chmod

[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]

/usr/bin/xattr

[xattr -d -r com.apple.quarantine /Applications/Google Chrome.app]

/usr/bin/xattr

[xattr -d -r com.apple.quarantine /Applications/Google Chrome.app]

/usr/bin/hdiutil

[/usr/bin/hdiutil detach /tmp/KSInstallAction.vrCD0vwhm8/m]

/sbin/umount

[/sbin/umount /private/tmp/KSInstallAction.vrCD0vwhm8/m]

/sbin/umount

[/sbin/umount /private/tmp/KSInstallAction.vrCD0vwhm8/m]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch]

/usr/libexec/xpcproxy

[xpcproxy com.apple.mediaremoteagent]

/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoteagent

[/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoteagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.imfoundation.IMRemoteURLConnectionAgent 500]

/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent

[/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportCrash.Root]

/System/Library/CoreServices/ReportCrash

[/System/Library/CoreServices/ReportCrash daemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportMemoryException]

/usr/libexec/ReportMemoryException

[/usr/libexec/ReportMemoryException]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportCrash]

/System/Library/CoreServices/ReportCrash

[/System/Library/CoreServices/ReportCrash agent]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

Network

Country Destination Domain Proto
US 20.42.73.25:443 tcp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 17.248.236.69:443 tcp
NL 142.251.39.110:443 tcp
US 8.8.8.8:53 e673.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
N/A 224.0.0.251:5353 udp

Files

/Library/Google/GoogleSoftwareUpdate/TicketStore/.dat.nosync02ce.KaZL09

MD5 89b8d39274ab843763802b1bab057355
SHA1 ecbd29c0aecef8dde1d3c63d24fcf0c52ada6f4b
SHA256 ce282b49b174defe931185ce29d236a9a9abcd635591e9b190287aa58ae18a49
SHA512 6e2ed7f0a1111dd6d80e0a7c770e7d187e607ee04108d057e45e1fbaf9f361f6f03cc13a04fa193e8044745ce4c3ddba8a27a9345419de2f3aca4a84f0f4d6cb