Analysis Overview
SHA256
28b777e7ed5b8c789d3396bb5c0340641558bccf2a9ea352863a1835c5ef27d1
Threat Level: No (potentially) malicious behavior was detected
The file feed was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-09-13 22:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-09-13 22:43
Reported
2023-09-13 23:00
Platform
win7-20230831-en
Max time kernel
845s
Max time network
848s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EC803301-5286-11EE-83C0-7AF708EF84A9} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b00000000020000000000106600000001000020000000c3c776a2d92d86c9c20ef40a7e3557fd2b06842bd38dc2ba68985c6c2820f29f000000000e8000000002000020000000cc1434df69b68cf02dc26a9fcad27e5688ba1eaaf2727d987e760edc17ee2c1b2000000082d6e0f4e2394138fe49ece3fc1d1ce21d8d2ac01332531cb92bf1204586abe840000000e90c1ee019b113b35daa86ffa30bc98f8fbf75f37c10a861d3376b224705dcb62754551cf797f04c24304fb73ed1338005b94c6aea2917c98d13182c9e16d00a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b0000000002000000000010660000000100002000000094cca09737c1ee0b8387cc076acef12f9a3436a9211b41016da8b10a5e471845000000000e80000000020000200000003e9658c1d27a6d5a7985405b8c54d3194d96b3fdab7de68b0fb320ca04a269a6900000005275e44173fa97d6d6a0cb13f097c852b4b4c70dc8e68af698ee107f19c8b19608e4b06f83fe62247463ee864d78f33a0b1e138b5051ba82e9434e6b3538f077add9814ff9e08a5d5723138988b93fb73d4d35629d22d85d2d7677f553fe09adbf286b9e5741d604763ff484a8ba7cba1938450a98215d3ee7e0e08eecc63927471c01e28c184a1dd83583c4d2b750db40000000a10ef663a648af704e5edbeb918a85369cbca5bed790f7a440e86d5d8916c6c1b6407dafda4602ae3c63121305c6d8c884b899cf6113dd37b4c1e131714fb3d4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 803786c193e6d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "400806869" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 284 wrote to memory of 2592 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 284 wrote to memory of 2592 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 284 wrote to memory of 2592 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 284 wrote to memory of 2592 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\feed.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:284 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab61E1.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar6271.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0524991e94611b69d722e1bf54e47f9 |
| SHA1 | 7e7d95a9d447732b80fc7899f4317c7e2271e75f |
| SHA256 | 34584aa5406491857c5d6591cc3965a0d7d8f0ed012f2f405337bfcfb9d275b5 |
| SHA512 | 8bb9358ef83a85e284a5bf9556e9bdfb99a89ed0ad0702bb7e3113e61af81bdaeae55f434123273c3026a4749e661bc6417a94df8cc3d2f6b04a1273f05f35d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91a3a9dae592dba126af3f5e96a765d7 |
| SHA1 | 69b39a33479e4d271b025a68a3a2e4c0ed9c6485 |
| SHA256 | e52319593b6f846b69da0f18d301baf54e44e43ae5c67bc68420371bcebd0aeb |
| SHA512 | 9a7808dfd9685320624c6cfc7ed3ee26b3e435faaf925a32d9989594c27a2cb89ea8a0f11a4aa045915feee2e652f52ded5f110560ad6327ec96b55d9c939e4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e5b25ce04a9e94618f13d6670f326e3 |
| SHA1 | 4325c617553b492db02a786628e147c11092cf13 |
| SHA256 | 08de60a0ebd2336de1c5e9b9f5330b83c9704009a89dcae3ee4b157dd76b95c2 |
| SHA512 | 9353381ee66c6c42939693b967cd89c0b5fb18318890d09f9234289aad113c80b907a4219e276e7e9f14b53965717df792749f78cdad7548968f4f9c6b949195 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d8b38a583dc4f08721a1a24698df5e8 |
| SHA1 | d080e2178f5c4f9b1596e510c0a253f3d76ec85a |
| SHA256 | dc783dafeea48f1d21522b6508d27b7d5be467bbad146c94abc8d3a6fdee8f00 |
| SHA512 | 341fb322aa33a9b26dc89e58dbb73d31b424134c8370ffcddd02a978eaebc7a960bb3a51935ed1399fecf5c677b89b471c409b72fb2e287af6d34122c65603c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd42eae6f652a7ba4176109f5e08b3df |
| SHA1 | 249f68f9489e8d433483c70fbf1fd06729ccdc84 |
| SHA256 | 96065f7abe21fca85ec39fa882f28acea56003af07c9ab01f215e5c1a821ff96 |
| SHA512 | d03256fa05146ca636a4d56b98cc1e45c14c2c696b1d3d89ab107f049f3cb62bf2a0f330474f105575b545f17d890215a0bc206c79b67ebe7cb4bdc094ac00a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc55e32da285335d7e2394052b3b8101 |
| SHA1 | eaf3cf263fb15c4c514584664a2f314777c93dfa |
| SHA256 | eb17637fc2c1c353fe32fe922539f46ee6241421ce3cd66b65b7c060032a6ebf |
| SHA512 | 652e49c3df1e97cb6b6f696bb34a0ccb9adb497831eca0792b3354264c35149039e357eae7f05efd886ac12769335bb2bb40aeb0077b453469601244ac00e440 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4679eece6e261489fff3c2eefe7d4b7 |
| SHA1 | 460f5b857b7fcc8ef1dffa5ca7f4f6b2880a25d0 |
| SHA256 | 8ad2792985eff5d147e1ea4d46a9b3b2c7bbe3684e7506118f20de98922b594a |
| SHA512 | 397372c980644050575aedd47eeae462b06cc44ad678cadabd8d5cc0a65290ae678031c060a987884aca9ffab616e7768d557b394f295e3a46c7914160dfdb0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e53f3b3c156e63b7daec762f870d84e |
| SHA1 | 8969d98460b4af54655b3e77cdcaa05227f658b1 |
| SHA256 | 6a44bdf0d1400c2cc034100867173246bcb67b16e943e6ac817f30756b3f49fb |
| SHA512 | c6c6e32ce0c1f2ed6728b84fa928958e71257f58cce0e548f1d7e41dca29b833f8b676a5294c2cad679481dd4fcc47efb8300354816b67eacddf4eebaa8a3b4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 312fe61324da544d009086b6e0b91268 |
| SHA1 | 0f78f7542d05a0e4c58785138a2f5a342dfa6bfe |
| SHA256 | 708ad37f1edd47883996fb4574d77a614f7565bcc670ac8b34a143c0e9843937 |
| SHA512 | de9ebb858ce2ef55b409d0b9f339e8b1c929d2805f91b65e3d3884506db9f1bafc53d4c7c94ebc22a57db39ac4c6fd59968fae359b9da067ad20423660213aa8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e579473c69a7e948999e57e4e402953 |
| SHA1 | d55f8668fb56ce3a5feb73ca5bb3c00f1dcb0e22 |
| SHA256 | c78e310d34997e793cadadabefa8419b59d29affb9cbdcd070abc02ca7f1bb75 |
| SHA512 | 186a9b9a0a60e682f1dba3dd6c912f0ca9b3d1222cf65fa8248d8fe3ef733e6c0010065856603adb7da603c95f6c2266107f409bd0ca341bf260f1b0c07990ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 167ab07297d719c3c9de61192ade383d |
| SHA1 | 08170db0d910ab31f2319013627be446bc20dc8a |
| SHA256 | 66e6dd58d4117087a89debb2891e19ebc1acda1eb0900917955be5bbd0e8bf5c |
| SHA512 | f9bbf5ebd3d8331bb78e1b0d5087c265226eda9ff0ea119ccff3db0fa386b4771f3307656e168e5f799d678e832a0d44f77393aadc67e12042000eb06d6cbad4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0694912933b105c6e5c80ad17f0ab3ee |
| SHA1 | 40cab11c89ee6d8051767e0a60f12a7eadc55e28 |
| SHA256 | 51022fa3ca3d9dbf3989a0b6c7795999351f82610a666db9afa0545354565f7f |
| SHA512 | 467e8cf396ad4537491fd457b23646dd0431650b04e64c2804b6d424c0dea05e5b096622fb38191eaffa08aae98744c8e795e8bbe18fa9e1f1032907f10fa408 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4a2882449efa87f2d0ec7059a12090a |
| SHA1 | 23a01c2e7cdd3a95981b890a09141254995d221d |
| SHA256 | ae6a60e83f047f241755cf38d70eac987d4f929a7f2787753cf3c43285dd7b28 |
| SHA512 | 974f2e1cb2457f12dbca14599f6632cc8f871401f2f3eb3dac9159b7f18cf2f223df184bb4fc9e51ff3779c746fbf2e9f2e9f2dfe11d9382b710a2a8fb6b04d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a510d7dcf6ae658dbbff155c4af13cb5 |
| SHA1 | 4fa0cdd899d4f49ad6c9403ebda330ebd7ceaf67 |
| SHA256 | 228c775943b4fc1202252e463184684ee8bc60e92f2367df0294e6fc0c9897d7 |
| SHA512 | 1654f857b457d172d011e950c76973c96eed2c36f8569288852c9e8c67fb43bf6555ee3ce5b3f5db9f6f9c5c33842edcc5f15d58de3eb55c39e203256c6b9296 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cc0bb8b215711be9a9856a403cfe75a |
| SHA1 | 8abfe7bcbb3ef03068baac5f09bbcc01bf75d73d |
| SHA256 | 0dd2318feec8316d0a4733c16d44d69367433f7d609d1ad3005ef05db932b882 |
| SHA512 | d9534c9431726b201396c94cd1a0edb093a2b248fa898f015fd54facbc11b49299a4906aae31c43f4781db338e40202d487ac36c5110cfe47f2ceadbdb03ccd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60e99cdfe649ac0dba21af8cc2a73cc6 |
| SHA1 | 892b7777029397f6b3b26204c1e09588bdcf7d1f |
| SHA256 | 7786b4ecb2aa773933dc19cc24612059e8cb81d725532b375c4f86aa87e07e7a |
| SHA512 | 9430cbd3558b0df3c900decaa90a77dcffe7236cd6579d87d15796a590eb7cc007ac9bb47e1be3e367ff05b4ecf21535ae587d3bcc88ee2a5bcb5f0eb938f25c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aea0ee7f6dfa4ce2b0e9818aa974598c |
| SHA1 | d41ef642328f8a15a64bca63a5efb393938a952b |
| SHA256 | 1e5b67ebe957e6a58e05ef1a88c162b4496d14c2aa4f20f916bab62cba24e9ba |
| SHA512 | 053e216ebc67a113668145bc8c5fe6729f31958407e28ca3fb65891c9e6e118c0774e0a40390428a1e1d1a2f2bdc25bc25bde042c99c8dddc760755b7331fd7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72a10a870b8d70f3ed1de9e11ffbb291 |
| SHA1 | 201a288327633695f82073d2e395c04bc13e8a4c |
| SHA256 | bb90bb99f5f4a3e8489aa489a92bc6ebd2358c375cb0db1e00dcc34518d7e908 |
| SHA512 | 55e15b0f2f0ab3eca2264201230db538fd8b27de2598841df6d3ffa7ae90b506c23b788484a709a95b666514e6a708304fe9c7f2e681a1846179e131d0546656 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22c50e7a02175576ea5a5882b570e031 |
| SHA1 | 7a46fa1a844eeca7f7b75491b89967d6f00eeb89 |
| SHA256 | bb2ffd3e3d76de09c652852eddd3ef58836ac669e2728e3f24bc5c041183edca |
| SHA512 | 3a80cd95dd03240ce8fad9a9f5ea6bc2c64365f7f6e0fa51a31bec8a6a8ad4b612c6a384a7752ce9cef1f93caa06913f615eb09ae2c205b468b5411243fb2f8f |
Analysis: behavioral2
Detonation Overview
Submitted
2023-09-13 22:43
Reported
2023-09-13 22:43
Platform
macos-20230831-en
Max time kernel
2s
Max time network
12s
Command Line
Signatures
Processes
/usr/sbin/spctl
[/usr/sbin/spctl --status]
/usr/sbin/spctl
[/usr/sbin/spctl --test-devid-status]
/usr/bin/syslog
[/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature assessments enabled com.apple.message.signature2 devid enabled Message Gatekeeper state assessments enabled/devid enabled]
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/feed.html"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/feed.html"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/feed.html"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/feed.html]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/feed.html]
/bin/zsh
[/bin/zsh -c /Users/run/feed.html]
/bin/zsh
[/bin/zsh -c /Users/run/feed.html]
/Users/run/feed.html
[/Users/run/feed.html]
/Users/run/feed.html
[/Users/run/feed.html]
/bin/sh
[sh /Users/run/feed.html]
/bin/sh
[sh /Users/run/feed.html]
/bin/bash
[sh /Users/run/feed.html]
/bin/bash
[sh /Users/run/feed.html]
Network
| Country | Destination | Domain | Proto |
| US | 20.189.173.1:443 | tcp | |
| US | 23.46.71.26:443 | tcp | |
| US | 23.46.71.26:443 | tcp | |
| US | 23.46.71.26:443 | tcp |