Malware Analysis Report

2025-08-11 02:52

Sample ID 230913-2m9pfsaa44
Target feed
SHA256 28b777e7ed5b8c789d3396bb5c0340641558bccf2a9ea352863a1835c5ef27d1
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

28b777e7ed5b8c789d3396bb5c0340641558bccf2a9ea352863a1835c5ef27d1

Threat Level: No (potentially) malicious behavior was detected

The file feed was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-09-13 22:43

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-09-13 22:43

Reported

2023-09-13 23:00

Platform

win7-20230831-en

Max time kernel

845s

Max time network

848s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\feed.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EC803301-5286-11EE-83C0-7AF708EF84A9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b00000000020000000000106600000001000020000000c3c776a2d92d86c9c20ef40a7e3557fd2b06842bd38dc2ba68985c6c2820f29f000000000e8000000002000020000000cc1434df69b68cf02dc26a9fcad27e5688ba1eaaf2727d987e760edc17ee2c1b2000000082d6e0f4e2394138fe49ece3fc1d1ce21d8d2ac01332531cb92bf1204586abe840000000e90c1ee019b113b35daa86ffa30bc98f8fbf75f37c10a861d3376b224705dcb62754551cf797f04c24304fb73ed1338005b94c6aea2917c98d13182c9e16d00a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b0000000002000000000010660000000100002000000094cca09737c1ee0b8387cc076acef12f9a3436a9211b41016da8b10a5e471845000000000e80000000020000200000003e9658c1d27a6d5a7985405b8c54d3194d96b3fdab7de68b0fb320ca04a269a6900000005275e44173fa97d6d6a0cb13f097c852b4b4c70dc8e68af698ee107f19c8b19608e4b06f83fe62247463ee864d78f33a0b1e138b5051ba82e9434e6b3538f077add9814ff9e08a5d5723138988b93fb73d4d35629d22d85d2d7677f553fe09adbf286b9e5741d604763ff484a8ba7cba1938450a98215d3ee7e0e08eecc63927471c01e28c184a1dd83583c4d2b750db40000000a10ef663a648af704e5edbeb918a85369cbca5bed790f7a440e86d5d8916c6c1b6407dafda4602ae3c63121305c6d8c884b899cf6113dd37b4c1e131714fb3d4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 803786c193e6d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "400806869" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\feed.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:284 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab61E1.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar6271.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0524991e94611b69d722e1bf54e47f9
SHA1 7e7d95a9d447732b80fc7899f4317c7e2271e75f
SHA256 34584aa5406491857c5d6591cc3965a0d7d8f0ed012f2f405337bfcfb9d275b5
SHA512 8bb9358ef83a85e284a5bf9556e9bdfb99a89ed0ad0702bb7e3113e61af81bdaeae55f434123273c3026a4749e661bc6417a94df8cc3d2f6b04a1273f05f35d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91a3a9dae592dba126af3f5e96a765d7
SHA1 69b39a33479e4d271b025a68a3a2e4c0ed9c6485
SHA256 e52319593b6f846b69da0f18d301baf54e44e43ae5c67bc68420371bcebd0aeb
SHA512 9a7808dfd9685320624c6cfc7ed3ee26b3e435faaf925a32d9989594c27a2cb89ea8a0f11a4aa045915feee2e652f52ded5f110560ad6327ec96b55d9c939e4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e5b25ce04a9e94618f13d6670f326e3
SHA1 4325c617553b492db02a786628e147c11092cf13
SHA256 08de60a0ebd2336de1c5e9b9f5330b83c9704009a89dcae3ee4b157dd76b95c2
SHA512 9353381ee66c6c42939693b967cd89c0b5fb18318890d09f9234289aad113c80b907a4219e276e7e9f14b53965717df792749f78cdad7548968f4f9c6b949195

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d8b38a583dc4f08721a1a24698df5e8
SHA1 d080e2178f5c4f9b1596e510c0a253f3d76ec85a
SHA256 dc783dafeea48f1d21522b6508d27b7d5be467bbad146c94abc8d3a6fdee8f00
SHA512 341fb322aa33a9b26dc89e58dbb73d31b424134c8370ffcddd02a978eaebc7a960bb3a51935ed1399fecf5c677b89b471c409b72fb2e287af6d34122c65603c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd42eae6f652a7ba4176109f5e08b3df
SHA1 249f68f9489e8d433483c70fbf1fd06729ccdc84
SHA256 96065f7abe21fca85ec39fa882f28acea56003af07c9ab01f215e5c1a821ff96
SHA512 d03256fa05146ca636a4d56b98cc1e45c14c2c696b1d3d89ab107f049f3cb62bf2a0f330474f105575b545f17d890215a0bc206c79b67ebe7cb4bdc094ac00a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc55e32da285335d7e2394052b3b8101
SHA1 eaf3cf263fb15c4c514584664a2f314777c93dfa
SHA256 eb17637fc2c1c353fe32fe922539f46ee6241421ce3cd66b65b7c060032a6ebf
SHA512 652e49c3df1e97cb6b6f696bb34a0ccb9adb497831eca0792b3354264c35149039e357eae7f05efd886ac12769335bb2bb40aeb0077b453469601244ac00e440

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4679eece6e261489fff3c2eefe7d4b7
SHA1 460f5b857b7fcc8ef1dffa5ca7f4f6b2880a25d0
SHA256 8ad2792985eff5d147e1ea4d46a9b3b2c7bbe3684e7506118f20de98922b594a
SHA512 397372c980644050575aedd47eeae462b06cc44ad678cadabd8d5cc0a65290ae678031c060a987884aca9ffab616e7768d557b394f295e3a46c7914160dfdb0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e53f3b3c156e63b7daec762f870d84e
SHA1 8969d98460b4af54655b3e77cdcaa05227f658b1
SHA256 6a44bdf0d1400c2cc034100867173246bcb67b16e943e6ac817f30756b3f49fb
SHA512 c6c6e32ce0c1f2ed6728b84fa928958e71257f58cce0e548f1d7e41dca29b833f8b676a5294c2cad679481dd4fcc47efb8300354816b67eacddf4eebaa8a3b4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 312fe61324da544d009086b6e0b91268
SHA1 0f78f7542d05a0e4c58785138a2f5a342dfa6bfe
SHA256 708ad37f1edd47883996fb4574d77a614f7565bcc670ac8b34a143c0e9843937
SHA512 de9ebb858ce2ef55b409d0b9f339e8b1c929d2805f91b65e3d3884506db9f1bafc53d4c7c94ebc22a57db39ac4c6fd59968fae359b9da067ad20423660213aa8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e579473c69a7e948999e57e4e402953
SHA1 d55f8668fb56ce3a5feb73ca5bb3c00f1dcb0e22
SHA256 c78e310d34997e793cadadabefa8419b59d29affb9cbdcd070abc02ca7f1bb75
SHA512 186a9b9a0a60e682f1dba3dd6c912f0ca9b3d1222cf65fa8248d8fe3ef733e6c0010065856603adb7da603c95f6c2266107f409bd0ca341bf260f1b0c07990ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 167ab07297d719c3c9de61192ade383d
SHA1 08170db0d910ab31f2319013627be446bc20dc8a
SHA256 66e6dd58d4117087a89debb2891e19ebc1acda1eb0900917955be5bbd0e8bf5c
SHA512 f9bbf5ebd3d8331bb78e1b0d5087c265226eda9ff0ea119ccff3db0fa386b4771f3307656e168e5f799d678e832a0d44f77393aadc67e12042000eb06d6cbad4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0694912933b105c6e5c80ad17f0ab3ee
SHA1 40cab11c89ee6d8051767e0a60f12a7eadc55e28
SHA256 51022fa3ca3d9dbf3989a0b6c7795999351f82610a666db9afa0545354565f7f
SHA512 467e8cf396ad4537491fd457b23646dd0431650b04e64c2804b6d424c0dea05e5b096622fb38191eaffa08aae98744c8e795e8bbe18fa9e1f1032907f10fa408

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4a2882449efa87f2d0ec7059a12090a
SHA1 23a01c2e7cdd3a95981b890a09141254995d221d
SHA256 ae6a60e83f047f241755cf38d70eac987d4f929a7f2787753cf3c43285dd7b28
SHA512 974f2e1cb2457f12dbca14599f6632cc8f871401f2f3eb3dac9159b7f18cf2f223df184bb4fc9e51ff3779c746fbf2e9f2e9f2dfe11d9382b710a2a8fb6b04d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a510d7dcf6ae658dbbff155c4af13cb5
SHA1 4fa0cdd899d4f49ad6c9403ebda330ebd7ceaf67
SHA256 228c775943b4fc1202252e463184684ee8bc60e92f2367df0294e6fc0c9897d7
SHA512 1654f857b457d172d011e950c76973c96eed2c36f8569288852c9e8c67fb43bf6555ee3ce5b3f5db9f6f9c5c33842edcc5f15d58de3eb55c39e203256c6b9296

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cc0bb8b215711be9a9856a403cfe75a
SHA1 8abfe7bcbb3ef03068baac5f09bbcc01bf75d73d
SHA256 0dd2318feec8316d0a4733c16d44d69367433f7d609d1ad3005ef05db932b882
SHA512 d9534c9431726b201396c94cd1a0edb093a2b248fa898f015fd54facbc11b49299a4906aae31c43f4781db338e40202d487ac36c5110cfe47f2ceadbdb03ccd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60e99cdfe649ac0dba21af8cc2a73cc6
SHA1 892b7777029397f6b3b26204c1e09588bdcf7d1f
SHA256 7786b4ecb2aa773933dc19cc24612059e8cb81d725532b375c4f86aa87e07e7a
SHA512 9430cbd3558b0df3c900decaa90a77dcffe7236cd6579d87d15796a590eb7cc007ac9bb47e1be3e367ff05b4ecf21535ae587d3bcc88ee2a5bcb5f0eb938f25c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aea0ee7f6dfa4ce2b0e9818aa974598c
SHA1 d41ef642328f8a15a64bca63a5efb393938a952b
SHA256 1e5b67ebe957e6a58e05ef1a88c162b4496d14c2aa4f20f916bab62cba24e9ba
SHA512 053e216ebc67a113668145bc8c5fe6729f31958407e28ca3fb65891c9e6e118c0774e0a40390428a1e1d1a2f2bdc25bc25bde042c99c8dddc760755b7331fd7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72a10a870b8d70f3ed1de9e11ffbb291
SHA1 201a288327633695f82073d2e395c04bc13e8a4c
SHA256 bb90bb99f5f4a3e8489aa489a92bc6ebd2358c375cb0db1e00dcc34518d7e908
SHA512 55e15b0f2f0ab3eca2264201230db538fd8b27de2598841df6d3ffa7ae90b506c23b788484a709a95b666514e6a708304fe9c7f2e681a1846179e131d0546656

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22c50e7a02175576ea5a5882b570e031
SHA1 7a46fa1a844eeca7f7b75491b89967d6f00eeb89
SHA256 bb2ffd3e3d76de09c652852eddd3ef58836ac669e2728e3f24bc5c041183edca
SHA512 3a80cd95dd03240ce8fad9a9f5ea6bc2c64365f7f6e0fa51a31bec8a6a8ad4b612c6a384a7752ce9cef1f93caa06913f615eb09ae2c205b468b5411243fb2f8f

Analysis: behavioral2

Detonation Overview

Submitted

2023-09-13 22:43

Reported

2023-09-13 22:43

Platform

macos-20230831-en

Max time kernel

2s

Max time network

12s

Command Line

[/usr/sbin/spctl --status]

Signatures

N/A

Processes

/usr/sbin/spctl

[/usr/sbin/spctl --status]

/usr/sbin/spctl

[/usr/sbin/spctl --test-devid-status]

/usr/bin/syslog

[/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature assessments enabled com.apple.message.signature2 devid enabled Message Gatekeeper state assessments enabled/devid enabled]

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/feed.html"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/feed.html"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/feed.html"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/feed.html]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/feed.html]

/bin/zsh

[/bin/zsh -c /Users/run/feed.html]

/bin/zsh

[/bin/zsh -c /Users/run/feed.html]

/Users/run/feed.html

[/Users/run/feed.html]

/Users/run/feed.html

[/Users/run/feed.html]

/bin/sh

[sh /Users/run/feed.html]

/bin/sh

[sh /Users/run/feed.html]

/bin/bash

[sh /Users/run/feed.html]

/bin/bash

[sh /Users/run/feed.html]

Network

Country Destination Domain Proto
US 20.189.173.1:443 tcp
US 23.46.71.26:443 tcp
US 23.46.71.26:443 tcp
US 23.46.71.26:443 tcp

Files

N/A