Analysis Overview
SHA256
1107fab9ef36e6a65c3353d545ba63d022f36b0b7dafc15f5f25d3ed44ef7d5f
Threat Level: Likely benign
The file 0f56264e3414b713b157a1d19b4764bb_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
Command and Scripting Interpreter: JavaScript
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-03 01:16
Signatures
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win10v2004-20240419-en
Max time kernel
145s
Max time network
130s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\a2\index_files\guid.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9090d46f8,0x7ff9090d4708,0x7ff9090d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2794499833602984479,2497618093614758406,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,2794499833602984479,2497618093614758406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,2794499833602984479,2497618093614758406,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2794499833602984479,2497618093614758406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2794499833602984479,2497618093614758406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2794499833602984479,2497618093614758406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2794499833602984479,2497618093614758406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2794499833602984479,2497618093614758406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2794499833602984479,2497618093614758406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2794499833602984479,2497618093614758406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2794499833602984479,2497618093614758406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2794499833602984479,2497618093614758406,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 850f27f857369bf7fe83c613d2ec35cb |
| SHA1 | 7677a061c6fd2a030b44841bfb32da0abc1dbefb |
| SHA256 | a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a |
| SHA512 | 7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401 |
\??\pipe\LOCAL\crashpad_2900_ENMKOARBHBSDPLDM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 62c02dda2bf22d702a9b3a1c547c5f6a |
| SHA1 | 8f42966df96bd2e8c1f6b31b37c9a19beb6394d6 |
| SHA256 | cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b |
| SHA512 | a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 34872810a7eef5e4fa82e5a34b4d78a7 |
| SHA1 | d2d2242423c6e4f23c26d2d79345c000f3ac3103 |
| SHA256 | ae93e20a7333584153e413e31679c90163e48d24d2ba86128279d918471033b8 |
| SHA512 | cd27568fb318c4fb58effc8b425ac0744352f6a39f67ac01e227affdbc3bc8e09fa5e8540e89dc8f0de8b1513a1dd6de1a86183fb37ba8e71ba1b1258f28836f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 437b174c257639d52462b54de084d329 |
| SHA1 | 502ba3a932422a43324b0f2c0b89fd1e331fdf5a |
| SHA256 | 02c2b150d0f872f8a59b4838f0d3af490187a4cdce0a0fd9bd2d2e61728b1d38 |
| SHA512 | 8761774092a39186d5398fdd94e3655aee48cfebf4ff5dce3e325c4a24a64e382e08672e44d7469122fdc7b8259321863b34c8f3ab25350cd2c182684168fb6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c0e110e7-941f-4ace-bfb2-7b036b2e501c.tmp
| MD5 | 2a33d8d29b77bcece7f09cc0e261eb23 |
| SHA1 | dadd8190a535b79df7630fdfbfa32a53f84906ac |
| SHA256 | 88f68104c573ad4b7ffd311449548cd66484343a715d96a2bc025fbb23d15c65 |
| SHA512 | dc289a5549d6aa2223f559ea8e739222e98b93e74dcec6fb0975793b38b200d11392b715d43d989eec059787c03a5b9f57f68a6c81d8fd05617c964231fadce1 |
Analysis: behavioral7
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win7-20240221-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\a2\index_files\saved_resource(1).js
Network
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win10v2004-20240426-en
Max time kernel
91s
Max time network
147s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\o1\geoplugin.class.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win10v2004-20240419-en
Max time kernel
138s
Max time network
102s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\o1\main_files\boot.worldwide.0.mouse.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win10v2004-20240419-en
Max time kernel
139s
Max time network
125s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\o1\main_files\convergedlogin_pcore.min.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win7-20240221-en
Max time kernel
119s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\a2\geoplugin.class.js
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win7-20240220-en
Max time kernel
134s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000d0092fd5b9ae511bbad099ac203bc41d45a1ce060987cef12a5a2e6d76a0e009000000000e8000000002000020000000b3a4187447ecd708eb8095f8adedf588881eec13b4b472c487a34fbed3cbdb432000000094a252d14d5b99e1c10604b2f0a9dfcc1ff98444babfcefe48f4ba7cec961d374000000025534c9835e08295cb70493ee938170196c9864bdafbf4770adc418d556422d0b7378f03f8984506757b7ae99f56145e97e0c871120cd1a3e7fe863ad9fa4277 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60acbca2f79cda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CE25ADC1-08EA-11EF-9FEE-EA42E82B8F01} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420860872" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000b7af5ae1c47409fd9c6bdd5226efa68d5976a4d4c8a095a427821077f1803c18000000000e800000000200002000000050ad71228c33074b162d456be865939593d3657499ee2fcf4b2d1ccdef6e9762900000007ffaa1b9dd8f7574f397ad1ec7068924b2348ca9d378cc956725859aeb147983d5d527779b4e1668ab64d714a5b7258c0947bb4529e7a0d52b46c147fe464d9e8f73f125f1664c8cb05c80034e059ee4e394fb393d90ede7215b0b1d83692534c6cb04f25797cbf948e5795014359cbe480aba9f5df05ee5884e64761a687883f1f9f578e64eb74339fa2745395c483e400000006b89550366c7713b54c69cc6937969e4a50d6267bbc3849c8180edec4e8cab81e52f74b88609f67a7fea47faf9b5ea1e6da58363d18bc4209cde9109688551f6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2904 wrote to memory of 2952 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2904 wrote to memory of 2952 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2904 wrote to memory of 2952 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2904 wrote to memory of 2952 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\a2\index_files\guid.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2C9F.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar2DA0.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bc08c4e06e12ee9b0c7af7e9826f9e7 |
| SHA1 | c059e36d672592471cb7224abef9c78c7a095bbc |
| SHA256 | fbb00819191d6cf160e56a647a9d801bde523c259b442e3fb44dd8f36a39873d |
| SHA512 | 2e6396630bdc0b4b76a946fc68583de84cfec6e7b34934b0e07f63033644a6b0bf13db3ce9fc11b4199935d1e48498ba8bcd807021904584af9f6b28f97bc37b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc5a08ef0c4519135b995d8fb0c9c469 |
| SHA1 | a6d197ad05a12bfecde84b190d390db7a018960e |
| SHA256 | 372c133a46cb8e468df31e9f17d95f64398304240e33166a256c1f48b015fbdf |
| SHA512 | cb000ef00fdc0dc74da82849b748ea6d9780e3583910de737c62f85ed10b533d10feb3445b30e8a2eccc217e10ad924175e68963b73736bb18c691a691825261 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af230a9528705eb536e6c4c2a9a82c9a |
| SHA1 | a1d227f537087aa91f87f4ae5ef8ad5e6a1f3dab |
| SHA256 | a43bff27f355cf7b682bcb53f87b3a60a46bc6ffc1a874de5298ecc4471a5160 |
| SHA512 | cb1b8af35a4de7849d0cbc50a4dac0ac3e7a3a85da4cce245f382681726ebf078f8d47201f0cbfdfe5b816bbf93d0fb7bce534b631dd8c21b19dc22ef1b12623 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d018bcb2382693d10fd6097c36d31361 |
| SHA1 | b6f45884e4382dd6c1ffb7369064557b69f674f6 |
| SHA256 | 445c027bc9cb0b0bbe402ac1cbc0ee5f325ad0f6a042487514ac5a93c748c4a2 |
| SHA512 | 54df6cc7d477de6850864f6c902984b8d37264a72d40c3b2d2740d2f5197d348a67c1aad84cb7f36a7774e3262e3cab364f4cf0f2382f3f7f82e2b372b3e0e72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78749412a45a7a1eb0c6e470b60aeb14 |
| SHA1 | 0b1bbad70b26ce148bd2d57ad8f3d7037fd2bc9e |
| SHA256 | 8f858ba900c17bf86e6af362eaedb47b3fc8ab1b7764297878a091bbddeecfc5 |
| SHA512 | 4df54e9c619e65110497373a0580c35ad60ed9670676cb532c5e60713b964a6a8415c75a75273d646110842dace1e90884ffd729be230857ccfaf92ef0221b74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89677dda5a2843729397ebd20fc38c53 |
| SHA1 | 62d50e4edb498cff715dca82c1761ac1dcd8c4a9 |
| SHA256 | d57d7dbdbf8d0d675d1306cbc7b77d54a45af5e252f6f1a2abb6ef91659b5f07 |
| SHA512 | 65509d063e6d96f8f3ca84be47ff79f5b856c6faf87fd1f97768257c7eb8e94ad00aac691582d954781c137cfc994f72052068561023c2852b578ae9594b16d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb14f9fe4537728d90f2d77bb8aa461f |
| SHA1 | 80b1db9264cd43e6e8ba8ab2c44bc5631ba7031e |
| SHA256 | c13052a9037a465d6a29e05cf5dce701cdde317f4230eca87ab81e797cb62c04 |
| SHA512 | de50dd71d2d83ab1c298170f0aa07ac2216faebc8421944f326c6d3ac94f2094fde2b57d1b84a982816fb80a2419179e62f14d6bdaec377a97f8051de9562443 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad6fd7e99814e5f8e5e77a97073eeac2 |
| SHA1 | 09ebc093f50980754e3e1ddf31a3d11a413ee1cb |
| SHA256 | 8c59fea0d0a53f8b4b9d04f40a38fd38ab7c077d2d6e8d2244f8690584a505c9 |
| SHA512 | 1d44214700042a864aa9849a20020883e35e3f2b994637032fe9416fa6c31cd3b5948df646d21e3b33b2310b4f7b74ada6cdfa5aa02ea4219aa4d41e02e1deba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c1facfd56c0d2670297ad7397d620f3 |
| SHA1 | 39c3d1edd28c53e1d9afb439d2ac4494dca44b97 |
| SHA256 | 77252caa589782124ee7b3b97cca080d41f67ab9f9ba210e1b5a6c689aa15cbb |
| SHA512 | 0797e79fc6e76127e52863350aa8466a238f04db0060e6386b2a2dd387091cc2c38e0ed8594e0f4ac43364b23de0665dfdbb4d17e3c2c4a3b27292779fbdac39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc8b84772b489eb88c82bc6b275d4ce1 |
| SHA1 | 28d0ca4048cf635d02233a35e37f2cfd28dd3054 |
| SHA256 | fc01e0d8f8cfcaff1692cc50a86be0ca5c94988d620b24bf63d3a68fa05a19e7 |
| SHA512 | c7f808ba00055a9bbe077980a980349dc5dacc060a1f2a1203613e47279a048964412f656777fd65d8d86f0d00477c49d20740d5d04a78781a34031ba0c8c3ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95f1f71f2608d479953a00f7a7a11784 |
| SHA1 | 4617dbab33b854a9e9c6cc75637a9da890d42dcc |
| SHA256 | 39be8ebb90276ace45870aca7c96c3d28e23ce9a8a24d9035984138bc8730cee |
| SHA512 | e5d4730b6d62acb1ef897e6f20f7c13f65b2a0a5d105ea7824f0afeee99b28ac774a43c6b06488703d7a7013ffc637b209cc4292211dba8edb24e5b4da806464 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e81e60b2de1181b12f707bcd38522d1 |
| SHA1 | dda7081d918fcb26ce800ef72b3ba353ed60d30b |
| SHA256 | c052f96405b2421c80471260e5fb52599666ff31cb414b5b5ac47dab2975e313 |
| SHA512 | b97076bed1892f79053370e02f10eda581c8929acf35e94943cf4ecf6e816358821da0523b67557c7d5640302055c708979b7c092733d2b34fa4feb4f2a6d3da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0e84765f29058deaf9f263fceeb0ac6 |
| SHA1 | 52724a4861b11cc7c8ed86fd3e589304d2595064 |
| SHA256 | de4764cc23c77251ca2903cad01e06d2052a6a4ef68b8a38f62960efa8ef1741 |
| SHA512 | 675cb51a98a553118bc91cd54cd0dca18264442e1b941ec8e517aa619dd6024aa8af5dc9f88819cf3afe1100e5678d0f8e2c59a58d769dc63561c89d33d53780 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c22ae966d141c289c3f565e090df1fe |
| SHA1 | b1c757e625cbcbe4149c861031fe89ba90f7a678 |
| SHA256 | d03628e802de249a054a676fa50fed5501d073bd147fd525614cefede6b35edc |
| SHA512 | e3b998b242ad7033584eb7a85ece9ba7ecc14a0f29fd170449edc35d16a7dff5e401d0cb34c0dbd452ca77c08d560fada5bf411252326eede57da7486a5add57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1070e0c5c437132e6c6487fc9717513c |
| SHA1 | e4fffa5ff21943757f4e0e725d4524a69ac1c6e8 |
| SHA256 | 20c4f94b3e8e44114c90ae19693924362641621dcab1743b0089c9e4a2650bd0 |
| SHA512 | c20a1e99e347f444205c750d829c905603fbc732179741c4c04ce1fb494d6d8efbecd82380ea8ae23366df0a44017d1ac8aed1cc8d203fe6ba8ee4061f9996ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c21877c49268276d5cb4ccb82dc33c0d |
| SHA1 | 6ab3a0986563747720b80791dd0f17854e1c4646 |
| SHA256 | e94816d5a9a77f14c9e82198cc3a9ed5b242dbfface2c59a082102ba6474bf22 |
| SHA512 | 67ceacd2791c2093aa1355b822d35c32bb28505cb3dbbfc55b67674f1707cdffe3eb2303a984d472d12545044e9af60d18f8ac9c7e2f7a1ae1786e7a37b57850 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bfdc8b10ff8d2ed62c46582753361b0 |
| SHA1 | 5e997ce311b6ae3ad9543ccae3ee4d2586e1fb4e |
| SHA256 | 29f0079752ff6d17aeba4c266c94c079412ab4f005e2f633f1582451ade1d73f |
| SHA512 | 86bd9d94b1a77d8d3d389af5f61060e656772dd10e344c20917ce398000f65846d948e92d8e9fa666ba1b403ccc25d3fe7cf16c5b67d6dee68485da9f2246b15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0ce16c9ff1a9b08ee8c845179700b6c |
| SHA1 | ac6a18a907cc139e7d521b58540b525a8f4cdb52 |
| SHA256 | e92497419a0bdc6d1298ce093c9383ecee68361e65e15b468b1162d17ec6b6f4 |
| SHA512 | 5011016b808912c149461f0bed6c8cc07586126ec27a8cb0740d837381e2cd1edfe96553023158e0f117f98b33b92b9e664987c9407be1a7ef6a6bbab2025dd8 |
Analysis: behavioral13
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win7-20240221-en
Max time kernel
138s
Max time network
137s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420860880" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000a27a3b0c0c5ff0d8976bbc4eb0c5bf23959386aff8f2824e96bc94513a7a27f2000000000e8000000002000020000000f97a58b5a71cf81ad801934c9849c7b7194625007d17f888422509d8db191a87900000005ef860f5658422c5e200d207c82daaa1115cd51f96fb0841dd49b1b20117a8ad914510ef6dd40ed164bb5e659a7e862ca8078553812bf101d118456a9536834f083ae279accb928cad53b91a67d8cedeacb6516edc47cbd930ea6f039429c4cf4c94874e34bff689c01494e0a10b1da3febf26cba327f5fef160acf3e406761c7f2b47025174324be5c4b8bc098fd280400000005163d32ae87c418d6be418e76883797aa5f735b7c2bc2cdfda8356f846d1ed03bd8e11694dcca290ffa0ea344684a27ea89ec2edb7415bdd6f15b2becdebccea | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000003a1ad7ff844ad079b0702427dcb8af4790b4e56b8eed80ae418829c04d73fd17000000000e80000000020000200000001fd43ea3e701f82a84ab9d2dbe9945a4ab2fb880f8c7a4b7c67888a349b480122000000094091eb34af114204846bbea72167514b08394130d583336c41e5257faed8299400000008b5b4d56f31fb201caea30e6c7fd0d3c5a7873931703559d51c18496a16fd9b38906f8d9d7a71956b99c09f7cd4f6950834573ec871147a152bde7383411ba14 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0c3b1abf79cda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D17A4761-08EA-11EF-9511-66DD11CD6629} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2008 wrote to memory of 2232 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2008 wrote to memory of 2232 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2008 wrote to memory of 2232 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2008 wrote to memory of 2232 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\a2\main.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 172.217.16.234:443 | ajax.googleapis.com | tcp |
| GB | 172.217.16.234:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | o.aolcdn.com | udp |
| SE | 192.229.221.24:443 | o.aolcdn.com | tcp |
| SE | 192.229.221.24:443 | o.aolcdn.com | tcp |
| SE | 192.229.221.24:443 | o.aolcdn.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabC776.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffd9a8608b87fec7ee82e610710b0349 |
| SHA1 | a7468a8f04f48ab9dddc3fef6e2151deb9b4335e |
| SHA256 | b95e5a134e0636f58335c200210af8a400c8fb944f59143a564e0ff22e1d2263 |
| SHA512 | f4ff24943fbd6dcca4c7d8d22dc8409f1cb2836c9f8d05f3dae614be21d36abfb2caeec0c5744d9dc1b6784cde344342ba3495784b0d522b6d69c224984807f7 |
C:\Users\Admin\AppData\Local\Temp\TarC788.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\CabC885.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\TarC8D6.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 413c9f0af83bdeddbae8a480ad4ef0bf |
| SHA1 | c476d297f6cbd77a1f63623f43721926ae0da3fd |
| SHA256 | bb4dab385bd0a8ae3d8c8d09d7acc188c3dd726d04244ee0618f0698739d44ab |
| SHA512 | 5ce6dd5ad2b6b1a223f4b526f32aff9c010d5ce69b74606def7d23b29cf04233aec4a92410ee679dc11ff383c6b5d67f38b7be70c3832d5dff6b66969288ca68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7cc40c167b00fd74bc6d8e2e3c826040 |
| SHA1 | e531998ebc3fefcc34c125332605a2a1eb30625a |
| SHA256 | 6fd103c1d07cbda7ec22af85adc93f6a23f70abb046e82eb375881e14d73fe3b |
| SHA512 | 3cf36571ea35d6acdd056e82ed78d6c8deb09aac321f072dd3bfdbbf33d2a6dea84bf1cca055bfa55fc697e3a4b9f710e765367cf2a476284fb6f4346bece1d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60f5932e894498ad8b5ac4a6075fc7b6 |
| SHA1 | 9342180ac9f1e89f8978556a5917f4112d647bee |
| SHA256 | 505e0c51fdfee5966790bc0bb18f9a95f68b19c6782d8ae9b2fa04e994d02403 |
| SHA512 | 48bd46753dc937cb7ec80f0a98cbcd71736e0542ad9cf08f20a33c61848381c3481124a4f679f3b05514bdbb6f89f81b8312b366944eea6a55b09e24f665ebd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afb6c886e393d87c256ce20a4e3a2f87 |
| SHA1 | 4c1540dc738cd133f0c0cd5295e6941fba17d992 |
| SHA256 | 60b06ef2f514bc824abf223b712f979c925c73f37411af6f8d53265535b231b1 |
| SHA512 | dcd0f660690d5b178a2f92b6732f117e3e74a5c0df39ea9d8caceb9abd649d94406e5b290b98d65228c2fc72531a50b3f2401105c70e6f86cd71aa6edc03b9f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 438800b16710a63f4147835daf3079e7 |
| SHA1 | 9c51a6217ca115db6ed36c5335bc49a5ec204ec6 |
| SHA256 | 779f4511a4c10527be80dcb475674e7eb68e260d17fb8e33cd0c50d8e0a3fdac |
| SHA512 | 8b6754a12b5628cd4c8d41428d6e3ec7794d92e5da0aeee0fd719c3fd0816bd77a6ed47e9a4ef0d6f039529911ca918a32074e23552ac428398a6fbdcf42fe3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1da66f5cfb02ce8b3028e8f662596c0 |
| SHA1 | 762b4f9c5317e1a1a40b3c0d7ebc62cc40265e42 |
| SHA256 | 1cd35de22e349f1564e80647b409e1d29620ac33d529cda97dc592e2417bdb3d |
| SHA512 | 72af73311b5b72688bb0f3778b30154a89a90ad7048f8d4b1b9c8d84ec95425264d4e960ee85b2f46989ad92e6a95c1f11d4a9a54d4d20a00402cfbace9fdd49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dde6da31d58286237927ad7b3c171387 |
| SHA1 | 5a70c22403d1191bb5a7965234fede4a430c8ebb |
| SHA256 | af55fca9f4c86df448ac30eec83c01388e5205798cafc8ce09612908b829c396 |
| SHA512 | d3faf15d5efd5838d5973329cda4485c68e746e62a6780c8f82b44cadb2ea7aea061a44e6d214e42fd2dc4b4b8d039ba39c1136033a6aefa29dcd378fb8c29d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 866d0ff8b585c74ddca1711fc709a57b |
| SHA1 | b9def372de598b19736e39fa09d5e8a2166e4c89 |
| SHA256 | 39c9e9a5aff098c4feebe9f410144a9cc035dc4f62c5e168bbb0ea69a488ad99 |
| SHA512 | 945262ad4b11e088f29f8e6c6c1669037cbf5c38d81b722c70f833ac38f3f2852e2a4cf849507018d198c1ad3361ddc0da99ec7fba3b2cf1f3b3a8e396f53884 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94e4be9ca71cee629337820ae6869f7e |
| SHA1 | 5a21092a72bab6cea2eae94c389cc49c911e2af7 |
| SHA256 | 0707a956776d794372d243e6c2b4ed5e6d83a279827dd0fff8b8b1272085d332 |
| SHA512 | f9242d9239e92a696e10ddc9e5c272bface6461f067e0a9c53737ed78d5cef2f0fc4561e5d2378f359deb83201a4742b8fc48d1eed93da284ab55f57fc972a27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df4bfb13b0d73bc5af3a3c71754cd9c1 |
| SHA1 | d074ad21d83f447f58515e87a43b11752589aa8e |
| SHA256 | 6152b53594793f78b241ac716575cea08a91086874cc4e7197fa30e458fccc08 |
| SHA512 | 76c6e2aab1245055e6f492a0d63279003d86dd7e5588fc6eee7d4d2838ec01a07f8aca7c28ad84db018a6639da33ff570d3bdf5c51c28e95d0880d391a414223 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17d4d30e950c966bb7b119b217dc3a9a |
| SHA1 | b7d2a7a0c249b21e7a3d94b1bc274749f4e58d98 |
| SHA256 | 8ede9d55e829b593a8bf14f87ef321e6991f5455a58de2ac46fe66a41407c136 |
| SHA512 | bc0d5f9ca1dcdfb2fb3d32fccff5e453a2af88a4e3120bd10bbbc7f7f4d6320af12ad14068dc1e8fed148e51c22cc3ffd5a83ba042829cbb8b76a3f2b57df25e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f79db18b3698ffc30615080f8dabcf2 |
| SHA1 | 900fa03bba9302a83ab0cd3acc64d68263d3d686 |
| SHA256 | f98ea842ab5258c8d36e13fbace07594a5022ce99fa2f2b24ae2d0d52ac3b2d7 |
| SHA512 | c77554c63c6f1e307872f8ab06fd2ad75586f28ac64dba61c54a161b7acc2e33e2bd698d457092b94445c07fd16454ea07e57889424e6e39524de76afc05f71d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 477c485f9ae68484357bc6fb72aa66fe |
| SHA1 | 053d1183468708f01ab58e3f3d6c2fea0fa98454 |
| SHA256 | a1943c6b6451dc94605b0925180482544f116c633875ee5ca787a1a61decfd10 |
| SHA512 | 8dd3d156069f6b06483f3c4d4fe5750f6323f25bf11994d0884ac02f54156ddf59f48a89518b853d11282e329d5ff72022c496c9b7c2d19808f707051f5ac097 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08c9e5bca725f7580407ffda43b7720a |
| SHA1 | 99214a647105d3c920d2d3cc82637999c56e3af2 |
| SHA256 | ab631f5771312925347750d16684c3cfb4765e3aa539ecaa24543d845eff9969 |
| SHA512 | dfcd7d754046f35e2a719db48402498fa10aad359395247f93912323ae4293423fad81e5a21eeacfa7f3b3db5bf66496ebf114650de8b23c4ebbfeeba9e3c95b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c4642b5b53105b9c0cf10318059a6c8 |
| SHA1 | b1e4a15bf3469dd5bf94ad919104a4fe8a285b32 |
| SHA256 | 59fc9419deb8d6c6b031fc89a5809456f5423ea4c88a112a3159fcfb056431f0 |
| SHA512 | 222e8e70339bc69e8120e8901a73e9e9fd8d7ac874f7ee664e4eeef241256edd25e0a51c27ea77710e4cc584f53a7d38101fa4e832dc4d4df01be8e5f33ac93c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2007fee3aa87be7a6be38834a296064b |
| SHA1 | 4feeeb8f9f250e014f814b096076b132b94cce2a |
| SHA256 | 04ce4aa529f493552781fc18753d0296e85bb8c7fa80f828060b463c55edbdef |
| SHA512 | 500c9f131eb03f4d7ef52f8e7cbffa8841264218c37c4e67d1421e8fb876531add71c63a01a8951f030d7dd59facdc9ac175a80930c0d0db36482ef333722b00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a656646ba60176afe0f84462b89bae2a |
| SHA1 | ecc91db7578864fd3645a86f95f8a678bb2f52cf |
| SHA256 | ce80ccc8f1b6b249ca0444be428480212c319621b134f38d50ade23fb6f80e38 |
| SHA512 | d98cb3b842071449c2df57211e463cba073785ee10af8839acc67d5fb321e4541f74626f006c574070c1500ea57472c2174702f17fb2bfef260ce2c2dc57a1c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | c16417a0c759f80a4006083404099f06 |
| SHA1 | ba3f3861ab19a5c15f75f7ea6f5d92ea2eaebd66 |
| SHA256 | 536afb94a0aa2180d98b3dca0bb367623e032a76440d2a8da235c2c3639f866d |
| SHA512 | a90554ce4643f05ca742b48c939515fdbc1d4f40f7138aa3afb72b1176d66b52d4db7563278e9ee8dc1bdd9a6158fe1204e1f35d7e6cc44824c4ab062c0c2c92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a920d838e4f29cb79df7d5287cdd93c |
| SHA1 | ad0990cce884a16af508717d9281c3ce4cd0c395 |
| SHA256 | eafec65c041c94fdb8ea7b6ab521f3038455e1737ee36f691225474a2f4301cf |
| SHA512 | e49376070a4dae7eda3d0e17dc0a19e6f40a0a627b64bbcbcff4f4cedca61bfb10ca0d0e7f8ab73001a240ccc0566a4b19c3d45e765ddaf05c920c555d46dc8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0708f6fe3440888c474c49d12d7d2c7 |
| SHA1 | 084b2523ee85551a6517f55a09fb4fe9e2eb2448 |
| SHA256 | eafc6fac52c9b09c360e74d0f9618ffff391a5edd6eb1caa5edde68e4ea01fd9 |
| SHA512 | 7a621eb65e9af821c84d10e658be0340f54e868298752ad6cc5d9dde3a869af636659f59dba4d1ec9381ad20f77a49c285a8c91fe0eb1e95c36188f47597730d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4745ef5f0d7bec44f4e68c304a2717c |
| SHA1 | f6904e4ba1436df2403ebe30e8b56ce163877850 |
| SHA256 | e10618e06e1aa1a321bb8f242cefb115a4254613df37f0a8f17b0ae5cece12e8 |
| SHA512 | 2c290a8d0811a48a52097346232d0282920d23747ad76e34de159142082664de4371e05f0c7bc2edc7fd20f269b0dd04b97c4153781a621100bb020c9f390a81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08a5334f53bea4922f3311a56613539b |
| SHA1 | 44cd1674cc04f5e2031fce47e7f4fb980431bed6 |
| SHA256 | 5828539c6291044d252dfd936fc4e077b849715e8ea2500a3275f6ebdd2cd80b |
| SHA512 | 9608c0a702b791aa7917b07e49da4014bb18e304ab79e9c376912de3974315a086a107aab84b6109e110fe8cca49a533143fdb46961b921afd4921eb43f4d74c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | b589bf901d3c2f7dfafd6bf94caa9560 |
| SHA1 | b6ad6ad7c8fe7c1bb4780165871924963ce41365 |
| SHA256 | c5ddca485d41d556cde53697acac3412e972e3de9a9becd57e1313236fdba858 |
| SHA512 | 206b3cf790939564a568d8e952b0841ac0971d6b06fbc94b3a1308c9dbeb3f666df9662e1b2536397db7cbd4a5b8a3d898edcceb6d96ba769b397dc0a20e2787 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6d1ca07f914820f1022a59f2fb182fc |
| SHA1 | 44f8f59680df3456790bcbc835c83dacb550a82d |
| SHA256 | bf67b0e327deca025c833a9362b09b240ec5e8cea1e756f6b954777b1183d6ce |
| SHA512 | 41928a2cd47886d9b9cb3cb6f4f89468d8c4d1748a5ac56ad51a410b3cfc7f365fd8db05aa708f9643cc1a6cf3e175ce837456c3ddff2a62921c912305b53aea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2756c243386cce1aeda3dda38a0f2be0 |
| SHA1 | 4bd9781a5a48a8b4e75994f02db4f2d3ef3b1a26 |
| SHA256 | bf8b9481216baff91e1eb348e766a28fc13f5e99673a5043a532114b0042b656 |
| SHA512 | 94e2e3dc30f1fbf10bbccf4148b970362face8d737b1df94a2f4d13f5ff0080fb8e7f8b8246550315a4dc75ec4235e19132e3b21a04a6dd42110f4db1cf9e946 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f6bde123330218a7c4af619123c4f39 |
| SHA1 | 649cab837b027415c1b6f102fbc953426b7328f1 |
| SHA256 | a9c388e4fc10a97eba9ba7f84d82675262b19f9bfb492dcddf736db0c1ed6665 |
| SHA512 | d07b8ee730e32b4d5830fa27eae81fdf6134f77f00e0ea58faf603d872e40a0c795cb7b3c4d23db2b94e51b1991d6c724445542eae6b3a705eb6f6f913d45713 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8d594854d8268bc9cd40efaea8121b4 |
| SHA1 | 8610ce0d74e9ebfe34b4eebc9cab727edaedb873 |
| SHA256 | 802b6f112df6d881ab3b0118550f5f5d5e0ed873a83d6facc66d5aa8e64e4438 |
| SHA512 | cee427122e7a39f1c2d083d69ff34464b90e8027970c9d850761b80c84fb1d33ddd6eeddeb2e9d0da64302ea64399877e3ec1b63a5c89ff8c4bd20cd1b149447 |
Analysis: behavioral16
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win10v2004-20240419-en
Max time kernel
145s
Max time network
144s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\main.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffabc146f8,0x7fffabc14708,0x7fffabc14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,2277040090505915602,9299809543253914777,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1916 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,2277040090505915602,9299809543253914777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,2277040090505915602,9299809543253914777,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2277040090505915602,9299809543253914777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2277040090505915602,9299809543253914777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,2277040090505915602,9299809543253914777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,2277040090505915602,9299809543253914777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2277040090505915602,9299809543253914777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2277040090505915602,9299809543253914777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2277040090505915602,9299809543253914777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2277040090505915602,9299809543253914777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,2277040090505915602,9299809543253914777,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 850f27f857369bf7fe83c613d2ec35cb |
| SHA1 | 7677a061c6fd2a030b44841bfb32da0abc1dbefb |
| SHA256 | a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a |
| SHA512 | 7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401 |
\??\pipe\LOCAL\crashpad_4384_HNLJKJVVRYQSONJQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 62c02dda2bf22d702a9b3a1c547c5f6a |
| SHA1 | 8f42966df96bd2e8c1f6b31b37c9a19beb6394d6 |
| SHA256 | cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b |
| SHA512 | a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1b4075a8516524e16dcb507b58362d7c |
| SHA1 | 7e04bcee127aa40041e560ceb5da24b866db19d5 |
| SHA256 | 11d46b18f290e170804600cd9450e548d0f99e2c3647750ce5b2aeb45715b576 |
| SHA512 | b405abdcdf7599131ebae798a3009b23f9cfbbf3acbbd461dde817ae2913be923841d97225fa345fcd2ca167f2e4c78cf331402b5d9a86f8e1234fe8d2c3a35b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 373205386155f1a55fa4903aebb8125f |
| SHA1 | 109d138df5e85b38adb4592658da52a87bab4c7b |
| SHA256 | 5c2a0b83ec22700c1be703b0edb7bd97834dd1ce4cf29b6b6d5b8b61648aced0 |
| SHA512 | f07d689cc7bba3c41e7b88d937a2f6542492f54df77a4a71a3f377ca0af7570ab2e481b410591c3cc5ccc28f0418a4a803ba3f5b0bcc0f94ae7ac2769df85538 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7f27906e644e3575b1fa77c5e27a4078 |
| SHA1 | 978c5c49814cd6d742e352e35a2059cea290e58c |
| SHA256 | c5236600a98d6652750c0417003159c95dac88b5e6d20a6e8e7b55e02c0fe3bb |
| SHA512 | e44ce99bcbb4ba8e76cb3b2d38c6850cbe845e7211bb0f107866800206cad8a50aa1903c193fe85051e29e6e50ac0d14ccb8c1bd0e86af59acec687531c3ff58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0deaaa431722e09facc2516c7e76be08 |
| SHA1 | ea0a4675d5d2729519db39f69bea63fbd5f677ce |
| SHA256 | 7ebd8a02d1175d9949534da096033129e99b3d21b574ad0f019305b26507ec3d |
| SHA512 | 3bbab16713310d23640d76cbb81897ad221c47e93c940a011fa04defc5f83156bff174bf8246b120bf7c8ad86e22726d4b95ad47a4c952999714a83b9264da5a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win10v2004-20240419-en
Max time kernel
139s
Max time network
110s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\a2\geoplugin.class.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win10v2004-20240419-en
Max time kernel
146s
Max time network
126s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\a2\index_files\tcode3.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff44ee46f8,0x7fff44ee4708,0x7fff44ee4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7706705742585124277,8780274897996947898,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,7706705742585124277,8780274897996947898,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,7706705742585124277,8780274897996947898,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7706705742585124277,8780274897996947898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7706705742585124277,8780274897996947898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7706705742585124277,8780274897996947898,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7706705742585124277,8780274897996947898,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7706705742585124277,8780274897996947898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7706705742585124277,8780274897996947898,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7706705742585124277,8780274897996947898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7706705742585124277,8780274897996947898,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7706705742585124277,8780274897996947898,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 850f27f857369bf7fe83c613d2ec35cb |
| SHA1 | 7677a061c6fd2a030b44841bfb32da0abc1dbefb |
| SHA256 | a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a |
| SHA512 | 7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401 |
\??\pipe\LOCAL\crashpad_1056_KEKCVECUNNFAPIXO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 62c02dda2bf22d702a9b3a1c547c5f6a |
| SHA1 | 8f42966df96bd2e8c1f6b31b37c9a19beb6394d6 |
| SHA256 | cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b |
| SHA512 | a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c8c09c6c35fbd118892f98e8dbe5f235 |
| SHA1 | e170222d3d1a6ad40bfa6177f8c66c5d5dcc223e |
| SHA256 | 9a704a3d03324aaf945dc46d9ab087f2a92cc79c2b1303bfc2436b23380d408f |
| SHA512 | 369bc2690d07e15fc09154b78d28443c83ec4563dc476f5cf02855403a93776e9dc74b06ca68420a3a5c0cb310c92762700ff120cad618afcacf32d15e576898 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d6699dcc85bf2fe511016a297dc36017 |
| SHA1 | 3326ba557a0b6e5932e58fd8955bb7e74a365ef6 |
| SHA256 | 92ec604274d7e9ffcb6b64fc7b544a38ac84cd290db8e56a2c1fc21efe1bed4a |
| SHA512 | 828318cce627e304906f6dc9dc8887d5af52ad7ff0a383e9e41af85599c8b785cb8064a7900ba68b87349b51956c2f42111527107bd7aae7c63482df2f4ac98d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aa60a9412aa5e2b6491d5f18ed857436 |
| SHA1 | 557df22caee181f632a62f2c0bc036cd07550060 |
| SHA256 | 61fd0ee3a79922278b5c34d4735c1bb9a5b681b0b266f74cb87e649d3c2777da |
| SHA512 | 3eb0b3c68b2cad23c4cb3659c1dc78222a371cefd69b20a9843db1456f76bd54b1602ea8bfa9fc684d6c288d64441d5ab59eb82b69b2e0e80f337a545695c453 |
Analysis: behavioral15
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win7-20240215-en
Max time kernel
121s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c600000000020000000000106600000001000020000000f4a2169ebce31c8994343ad98a221965729a16e836a02003efa18992a8a97f79000000000e800000000200002000000017af31749b46611520370b95844d682cb5e13028c924e1bcf0e449e75b60619f20000000435c524ca6ab4863e47f1a222941649f40e46b6db749ec943c5f2e394391278b40000000645e497d4eb6186f9732fc620cb49d6720618c58436478d8349915c2847447a82bf7c798e3f649dab4ebb1ec5479b87eded17337dd9bca62e2c020e234634fa5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c60000000002000000000010660000000100002000000063167253950b9e0c4ace7b73e667e6d9ad3e5c91498be0e70c8c8237025b038e000000000e8000000002000020000000ab7f1f055f7c2ee59af9dcab62fea95412d2b8fe49673cc451d858a618254fde900000008a318feaccd310fc257356f0999aba212ae44a16863549b275d9a54bb3a7a78aa6d3a34e7cf7f1308e7328950153c903e5968aaae1769154123fa4772616da03446d0e9f7c5df718893eff7136b4bf2738ddaa329dd332899cd5421df00a64e9dcc62d1c377b8de0c7d87936251ec99b46e83c490102c899609c93ab801bf56e702a80189b9388f2a66d23e880cbf9cc40000000ce9553b0b20b11f690a18edc215ddcecae34930878dfcfa85806e4df9e69eea7be46b87681abec41a9c143ea3445c51b437656354a55a6120ecc9edd580715b5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CE2F5281-08EA-11EF-ACEB-F6A72C301AFE} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420860873" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0af21a3f79cda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2760 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2760 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2760 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2760 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\main.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2760 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4137108c3a59e46603b2d66f107cef58 |
| SHA1 | 516ab23820da8d627f00186a8871602d15411b34 |
| SHA256 | 2afb2e2b991696bc205b5d2b5784a6f0329884b99456819a9ccc7a12eef84c62 |
| SHA512 | 9269f1476e3c3f5c7cc90380cbb0c1083a301479be622b894d35b70a6cf5ce897b194c3198c9b23022c38bc02b164c37f213ec93e0829213b717ac566dd34121 |
C:\Users\Admin\AppData\Local\Temp\Cab2721.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar2724.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar27F5.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55a777844c44a41fa768948e988481ff |
| SHA1 | 4e8f48b5b5716da9b4837e9b157607e36188b7c9 |
| SHA256 | f7598a486318d6bbf18ef3828da06ae374c9439cda171b82e68754d9ed27acc3 |
| SHA512 | f8649359529b35084b37c49e3dd744ef20bf744cd3a0e5031165e1d3cab013e9b4c581a55012f18fddfd9cf2af51e2b4c80dc10551bbebf73a6b1f075c3fa88c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cc783a13ef960ecf2ba343259d37e0f |
| SHA1 | 9c75f28f1d8c88e6af01b0364ed432d8be8d3ae5 |
| SHA256 | 660d05c62ccf7a559c20306473303fc3401bcfbd7f3ce8abf3ac11a019009250 |
| SHA512 | 91b2b5102694d5c70a08a42225897c34e82c44359a8125822aeb6df2c9a65493fd41594e9744fc7c5d945ba417369847d078a0b88cb3a16978808c556197f16c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5accd1110d0748c9b430f16718fdd2dd |
| SHA1 | 2aa476bc473756f4e9fcc2cbc77ec3592ff23e41 |
| SHA256 | 29040ec106a17eec50478f5394f041409486133805e3d869e151d499deb63ef1 |
| SHA512 | fe8484a52ecdaef241b30074886d6ad47cbca09559f5b6c4cb066b2f45d54e769b46a304bbc5833ea2314147b2e22deb95d3751834635acf97e395cbf3726609 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b86e0610976f75b2f484856769978bec |
| SHA1 | 5d6e61992d7feac6780bb97b12dec6ad8c8a9359 |
| SHA256 | c5f716ddd80bf50cb9a085bc899fd1b439c9ce4dcfbd9b00e5bfc653a2ff7507 |
| SHA512 | 437ea75dfb90ce63a0dd96d90d885568063e3f57d3651465ac2517d5eb6a2c0f4ca86c16e7ea06d1c8fbf1add4d4f5046d3a2ce00956c1af522b9232aa593349 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68f8e83d07142d080a7b3bb022b35769 |
| SHA1 | e9466a0c4b1032c7478aa25052f61a518d0e214d |
| SHA256 | 927a2d7da9cbdd45f9dc5b328e5e9a04236d19bbf85636b72f7587ceb00e6afa |
| SHA512 | fc4ef428db06f344da9dc390903c3bf3c1c5c3f063cd99616d57f8de87f6f8910f6360f45b0302ed0dc835b5c28ef3d811b2d07ba81f0c3dc8efba677b88f69e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbec1ccd378dfb8542bea454f20f3365 |
| SHA1 | 41d7bc384df6c0c530fbf904f79535db71d03fb4 |
| SHA256 | 6501779ac1ce40d36324592127b1fa69ca4612ab26f6b46b65ef8a87119bbd2d |
| SHA512 | 575c4bf0d776dbec27bc47fb7f58e2e968de8f1c6d8bc243c39a57adb2cf0b1df181221d7039470bc59801af7fe3436bb7803b25d7e485b6219740322040ca53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71756276488267f23d0a4d7a3a6f6efa |
| SHA1 | 2bc6532cd06550819d1dee5d6c2a62c8c98bd17f |
| SHA256 | 98fbc5522b0a17371aff76fa168fb61f337a18444186d955e169599ee27909c5 |
| SHA512 | c6faa216d9f4afc428416ec28344c82ccc11a4454371f7281e88f8af567f6d70dd2cba78a920fa5b230f9e16080b979f219e2ae6739315d97627ccc0c574da6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 616376933de6ccc699938d715db19bb9 |
| SHA1 | e8e35ad9148c86e58c02ac22a8f205de20625f63 |
| SHA256 | 34275242a776ce4decc7210e1de59385ab000d480803872d5e7059f038511363 |
| SHA512 | 5125506c095c6020f79ec73cccec3944cf8c7817a8fc232d3c3d8fdb976990fb5a1e0519146bd386019beb69dcb432bb6135bd0efb4bca28d9d52d6f7665e7b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | d68506e891f41e947aeca98ed2de2dbc |
| SHA1 | 2e466e5e8b5aae584c458978fafe80328b801cb4 |
| SHA256 | 380efcf93bebbcd5cda8fea69497273589197c8cf3f61657a55ab560e60a6f01 |
| SHA512 | 66d592d0ea7c7be4f292303c9b38371db19b97cbbbfbeb286548689eb096dfa98c390816eec540b61b9e45b5f91c303a5620768596ed3ee5a9a2f5e646664ccf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 460d0d109b6f58269e0b76ef5ece5d9f |
| SHA1 | 10040cc34d2f1fcf5d351fd531d432847cb1bb49 |
| SHA256 | 0ef3fa45708ba52740d524a276ddff8fddf7466848f42dde716313f30b3fdef7 |
| SHA512 | b72602b2243bcd0bb293e23a26d0be6d102c0c3d0206d85e8810e4ff5f1f71463fc79fce033a830367f00ee0faaf2343c86db27730a2f3014bb34189f33f5f41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 607dcb96638397e322c536621903b8af |
| SHA1 | 1ea8724012d6185e721e18ab1c531b21754a6aed |
| SHA256 | e2ae78c37d25723ccfb900a9a95386cbb7a6a13574e7a55f53884bff24021885 |
| SHA512 | 0f23b56ac1d206808d8c5eeebb171e7e261d07721d79c45265130126225d74d3b520b655e404dac058d787d217448b9e44b827b4f28a4559e5685777f41a86f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c74ded98693b570f849464cba81936b |
| SHA1 | bb865f6edbd33653822035b89d1177ec183365a2 |
| SHA256 | 612c8a9502ea75dae22a5b17e132371d022c1d5368b5334e16cfaed250035b64 |
| SHA512 | 1bca50331db980ea4e4248d4bbe1ad7288be9d45d0c1009610c9ca0f55b0f5dbdc7e09aa169e2df911e4559378d0923cb09c4ec56268db8d3fbe7f3e47b9133c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5b92b42b6a7dc44175700e174d3498f |
| SHA1 | 45e963244258229980a4b9e546d50c8b7a00b80e |
| SHA256 | 873293f23ed7bd03ca709a9adac7c615fd1368d44d9d2e61ea127daff012e354 |
| SHA512 | cf721f2538f658ac80154e5c5c4a65db2db6792daac1f2cebc37db194a9fdaf5c145f1ea0fe71b51d874bdd3da859e01cdd9441b99edb2d78acc36c30e73a108 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b48d25473c482f0b828c0767fc742fa |
| SHA1 | 083ba36bfe96d189e98886654ddd98aa90b2dd6f |
| SHA256 | d1248785f9c35624db391b0c7b1e0d833f38119644627a5c126763a74a041717 |
| SHA512 | 8f7cb056a8cc1a7df5abf912d6d4521a8b4c9234b051ce6820123b990a7a582da6c6437af655bcd406ecd03ac51d8214c3448f06cc13303bfebc46672a86398f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | c7708f0c034c05f4e338928f9062446a |
| SHA1 | 0aafcab189ee0233c8e1a457af2628629db6be58 |
| SHA256 | faae49aabfefcb3052b81eee12593346c6dc1f07caeb465705e08b6250007067 |
| SHA512 | 6182828c39ae741f4551c6610f539db0a9a15ef89626315ea82f1dcbabd566dab231da05c0698c57f17e6ac4c85c7b9a929f73667bdd241ccc0c462a23ff117a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94178b4abc9f2f5bcc40aff35f8cf56e |
| SHA1 | a9ba876a801b480fcbfa564541bbbf2cd2f794c7 |
| SHA256 | b6a0b86b8d4a9afaf37225f3057836d09c832069ce929ade07e1f10c5f81533c |
| SHA512 | 9584fbd6fbadc2498b9d0cc50fd0007aabebb8d847f33eb61fce3e5a0ac9906720a7040b8f4a9939e4d21738fcf3410a35331c46e7618be213ccc4bda2ac63af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f4a66d82d4b273ba0be2cc892d86d62 |
| SHA1 | 419179d4a9aa9630db949e2f04ba900b48ef778a |
| SHA256 | bd0cd955d6d08e5bb91654557674fdf50e63502b184f85241af3d092c0951c75 |
| SHA512 | aad43364dd1507958f6855218bba3a18c203c1f40828474c0a4cc7613f1555c5a99faff6fdb6b258e4baa34e47e4ef75f210a7115cd778dab1dde8f60c2b641b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10a23d47c179f4ba98f66fe32356234f |
| SHA1 | 94e0de40d3c69610fe3024d1cb2c0053e39b1c2c |
| SHA256 | e5495c42f3552ead7860b561d0956c01623c14e324749574ec19a39d0ab338c6 |
| SHA512 | a667e9af2ac8c7284b62e358f25b7c550df9b266b9cd729d438a9e0713a58a2ad1fc7b1890cb6e0e15a7cb725711f7d0400b6ac3b8fdfa6ef599069e4a8238a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd50c9ced30c569b26278eb8e4b91a5a |
| SHA1 | 1c5348619b13247d7f7c648f77179aec08e7ef22 |
| SHA256 | d30f4883712ca7bdb17db0a3809ca50ba96f396853abbaf3821d3590497a112d |
| SHA512 | 5fa04b0c5da18127d091807142932c5e5c3458a6306e3c62b72340aef55cefa12a62e6784f6ac50daae6c286039b69b5678b67f09c45ee62900f7522b56cbbdf |
Analysis: behavioral31
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win7-20231129-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\o1\main_files\convergedloginpaginatedstrings-en.min.js
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win7-20240221-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\a2\index_files\saved_resource.js
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win7-20240221-en
Max time kernel
122s
Max time network
130s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420860874" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d03084a5f79cda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a96069000000000200000000001066000000010000200000006fd27e541c8d6e499464f9f20c3e18a0d6cb90df20990435214b208071e6a0f1000000000e8000000002000020000000f928bdae13e9f7f7de983def81de575fd6ad5f8d5ae164d3274b7a5e29413a5090000000630ade1b2b21d72236d20c56107b8524c775aed6739298cfe9418e337a0719bfa8096a7ac303ba285bfe9d694666a6fdb3c14b65470fcff46b0aac1f165c42f0bb841abd1979a0fc3983c44c9372eea764bb9b64ea205f7fcec15ebfd1ed69548fa758a275c48be8d5af285e2f3a0d4672c2f51ef6de56b5fe418789e6a4e7c2eec462f2462f37d806de4b54eb3a253b40000000f010b0f2a2cee800ef527e109b6bf5e10b62751c58d912a1e1dd25dadc5ca6223d850fb5c0c2fd407e9a4e6b4d94fbe4cde5e28f7819b17ef0061dd187eb1118 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a960690000000002000000000010660000000100002000000063308841663fe7d36e267792e71a3e61d7a3b6b1718c8ddd553d312bc19e1746000000000e80000000020000200000003d93221a38d3f6cbde0dc19f4c3e467cdef51e51aeef9c860a384dbc69a39ffb200000002daf63de694074d8b37f4447dca36763e8bd9ef06c21f5a33ddce1bc7daa15e840000000df9f301e5a9278479490429d5034fd923129d9542820211de301d18ced621b9bfb3b3e5a8f22c5dab3f0e3540ec4d12f85438bda90a3cc539dcd8eb399d29c58 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CE279221-08EA-11EF-8FBA-CEEE273A2359} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2440 wrote to memory of 1884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2440 wrote to memory of 1884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2440 wrote to memory of 1884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2440 wrote to memory of 1884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\o1\main.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | secure.aadcdn.microsoftonline-p.com | udp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| GB | 216.58.204.74:443 | ajax.googleapis.com | tcp |
| GB | 216.58.204.74:443 | ajax.googleapis.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1B40.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar1CBD.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 055aaadcf82fd2d30d59441dc2e713ae |
| SHA1 | e0d62de3b350fd237a4fc69b65087bc80c09945e |
| SHA256 | 3d07788fb34bdf303fda7bebc3f4bfba4c62c06eed7f79063d357c4495937996 |
| SHA512 | 27550af237ec24cfb014e1bce554024adcc0247b124bfe923814934ae284b4fcf96cb0f8ad5201720cb6b6b42980507170e985a30a5202350a086ccfde5ea3dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64ae0d757bbae0a4678f8e7fa61b8e21 |
| SHA1 | 63dc9aa290b0c049c9deff510a9ae4331884e3d7 |
| SHA256 | 847ae106310fd7f1cab175a29a7cefc8199746986a5ee70e8191c2bb51777820 |
| SHA512 | 5a7e9f4c7292e3cd93d0ef2d152c16bb5b012dee96bc4b2a86249e4915e1c9b83430bf7540fff63e8224825e64e85a60fc2b785147dddf8eaf492542ea7d5172 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38dd8f793c65715375e7867b76d7633b |
| SHA1 | 19e4242b0dc99fc0b5a88e9b2eab8d83dca52a67 |
| SHA256 | 05723176c1dd942c919b0b9e1f4566f645ba3671d6d332fabd5fea6c7d40a7a3 |
| SHA512 | 0d3cd46e0149ccbfebe501b805782bc95963ec8d1a1128fc3247842a2bde0ab926628416e05f2c8768296e40c7fedc315ed50f32e2be25b24192ddb183b6c358 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fbf2044dcc150dd788dff743e8f4c22 |
| SHA1 | 0555dfd4aa586799fd87d4cd7c67c03b3fc3d64d |
| SHA256 | 5f96219260aeb09774ebe778cc9c03618524df24840f56a636aa2205c99ed3d9 |
| SHA512 | 1d946ab3f377fefbab642cd7d2e5c087cf1c573900f7efc562821948e2288c74e0e79a61f3427332eb82c49a2a7d8b3d8d90ece4ad61cb8ae7c41726a352411b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f00a2381ec6cc3b71616d2ebb48241cb |
| SHA1 | 684ef8ac94900e94752e2a08466100d91db47027 |
| SHA256 | f0c641a10385dd222fcf9a1d7252ea9f424e78d04f1b68c3c99bfb340c8247c7 |
| SHA512 | 3513f0ce6c1458e16e4fbd643bb73ad4df59ddeac297cf133cec08999e44e2281e8a883213a006c70b37cc0677f9e9f29bd2d5fc6c91a555a3f68a7da55a3c30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ea1d944e11fca1b5c2e98d0b0cdc173 |
| SHA1 | c605a93695a2d439defa0b690bb23337c0a986d0 |
| SHA256 | bfacad65fbd53546f78181afa5b84c9674718ac43ab9ccec92f668b8649cb172 |
| SHA512 | 3c170a1d2b6686195b2bd4e95dd1c7cc59f16a1c368f69ad619817351439eb2e1f9cfc93c0d4498e30ce5e724fcf05f9d2ebd69e711e19b77a774356c128c378 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b20080e415d7ac7101229bcc654c1083 |
| SHA1 | ed4aae4e95893a6e5ed3d1b3196ed4a17fe6d694 |
| SHA256 | b1562f97d1311714193b02b7d1e89d5ae7a32376f4ac937559c4f78840f54d83 |
| SHA512 | d9766ccdc9eff23030b99f934a98df54837e241dcb25b584d59aef2b9baa9e07c630c69b9e06723b369a20d914baec6309dc7b228d0997b0a3ae0ff65bdbd940 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3a752eaaa04bfb6d4c3fa1de3372ee6 |
| SHA1 | a86e22b0827af000248e6a758af1e45e591452bc |
| SHA256 | 5b280372e1bc5b23824ac4c0bb521e4c8bdc7bfa094b677fc8234c87eb1f3b5e |
| SHA512 | 8ffa571b09c7f7a597afd21c7ecc0f3b480f8ae2e31a45c389e7a1087adeef1cf118cdaf4c5fe5aa9e80ef59611bbbec9d6dd245c04dd3373e957431af810df3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7ef5ee848d940e3ce248aeea8c07b4b |
| SHA1 | e4d55a87d4982f8667d9ef23eca7b44eefa77d4f |
| SHA256 | c4ceeda801c4bae13a29edb448c87767ae7065fc4d165564744af372f50546ab |
| SHA512 | 615dc142036552e2b98605d751c2f8b6b2003c16bcbbf2b4d4b02d22821dfecce581ec7d1d22e960e103d2fc7976d5654bd38cdd55a1193aa99fe1a1a7c2a3ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dadb657db838c208ed19fffacd9e792f |
| SHA1 | 1dfbf09cc0b0f5fe0696e5ad20aa759b99d97f09 |
| SHA256 | 9d99c2dbbce57786d6dfecac0e4f86e8789b60c5ad82bebb9bab3cff8677f8a7 |
| SHA512 | 56751f0ab7190d87128c5eaba8b0ac59096be06ed06c68e168b16859c14754d202a89df54317bb36c607ef3c6e44f2c23c27e8e13b1b345e93bf3b7643bef627 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3790f57230fba45ed9f31c780a205181 |
| SHA1 | 969aa767dc2a7a40430a8e0cc355baea7f6ecbd7 |
| SHA256 | 783be65fa11830fcb6329c30b2e0c7478b3a377d1c375ca18dfae9a35a3165d0 |
| SHA512 | d506dd61b994e365f9e827e22b8ed1b1fe21a8acf7fb7ca17bd34d6672c05c2e9ad9ec82c6769f8ddc8e3ff00aac7ad2b2bf707c0de662b92da48d95e25a3d2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26b52dbd392e297314a8d79da5ea1de2 |
| SHA1 | 7df2ee0e05c709fd37978c7f41356eaa7c3b0bbe |
| SHA256 | 8452ae46915488dcc4218547f4a9ac414f6a05f1772f9bc812ad2d554b3f89ca |
| SHA512 | daf10d16045b4c5930c0238735d03fac1b9be3a222c900f1e67f2c366a8947282221f3419fa478ea4876e521073ff839b47ce678d1781a7d293c983556bceec1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc884131aea41ba8273b1e5d346e8d18 |
| SHA1 | 0a8a557a44a94556eca7594dfe190fe2c9f039a0 |
| SHA256 | c49ed9c492155d764977e6017b148fa2e99b251feaafbff8c186795affaa6eb7 |
| SHA512 | d8f0ad3190734428ee242dd39906081484fb071357aec8d92d97be006c2c0a78971ec8bd85cd24244a707df5c83941405d6ee840acb50308ca8bc45bd5fbc3be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b533f6182078bb6ffbccde9429ec50dd |
| SHA1 | 15f351bc4c7c09624ff9b1dfcdd3fbe5aba26f48 |
| SHA256 | 8fbbc069207ff20e7015e03b641ac11a6c23944d6fee8a368c56e7a1ab62282e |
| SHA512 | 0673e24e0d56ca75ef723a00e9f6f460ef57d5ee8e24870ace2904481a88ab5cad164d0afd91d79feb03c9680b9a1abfad7f4ef3172b1aabe016f211016f3e2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2ea34013276d0cbf2880de9bb2b240f |
| SHA1 | b6a7f88d3f84648098ba4af403d788ea1c64b669 |
| SHA256 | cc1a2aab0b5b89455838ad093492d9f419f972b63e3caa66d1580cfaea581649 |
| SHA512 | 79004be40a6c3b8421ca0604fe74446e386277bcdac9e9dd99865234446abdef73ef00c8904096b80b1c2c2493884c691934c0cb17a8489574c07e92feea0b5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 366f1e107eb8ef99438036bccd679f61 |
| SHA1 | 6b9db549756c80a6817c4ecab48f648caf4db792 |
| SHA256 | 4d14eb8cb55af45091c1a4a74260d8264469a1f1821921dc1ffbba2df3099e86 |
| SHA512 | 2933ee51c8f4f8a65f809501a4a3b66871c5fdf23d8ebb514f25115724c56ede2984d2c143f1cc9ef1bd05b4370ebdddec819337891862f97bd7f999fa4a46c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 962ba4820a751b521b1d3443073cfb1d |
| SHA1 | a66fe3d64bd359f915b896bba3a391b44796b58b |
| SHA256 | 52a737bc9dce8f4391996580f286223ae1d7da7eb31ab246cfb1748343437151 |
| SHA512 | 0e2ae11771c4bd505682e4da707e993498ed6c9eb2d89904a9bbdfe585c26b2e8772f1da83b7da920d1507d04205a0978d0f2e69d6cd5d1e3e6dc99d400eeeb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ff01bbf4c0db1255c145296f3dd3513 |
| SHA1 | bad49fc74a08a5d3116d4bfe0861b77e8cb3ac52 |
| SHA256 | 42e345b5b9ee4a874798f656ad7398575747ebb003efd378a62f34e4a11641d4 |
| SHA512 | 5a5febd22aac95be040ef362c7f9d564e85fe513310203dca765ecc6fefc037cdbe0ae11449e859b9bae8eabf5f85ac3aef517d661c2a76780c2fe59628ef6f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40e9a41a9754bf30f6fe87b11813bec3 |
| SHA1 | a90875da59423efabeabf7270c6a17eabaab603b |
| SHA256 | 8033cbda362ba71f49c68e28eef78154cbdbf0d85c9046106a5d9f89a77659d8 |
| SHA512 | 9df0b928900f97c1ffca361676bb065b27b40ae369595ba54aaf51ce447e156b9e22319db88812043e75ad93cf6ec3ac329d8db8012976c233e42f0ec4107fd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b0be09be07000cb4d4f290db2b55e45 |
| SHA1 | 8e67229da076ce2c95086071363688747d0a3684 |
| SHA256 | 0cec032f21b0cf1be9b4385c7c49209622e5d40393bcc5ea302084a4f4c4b14f |
| SHA512 | a86f6b665a2443d2f8c70294e677a43d470a54bd4aca3097f7e434b15a6df41dad777747399026dbfcde76a9635abc3a247d9037cdc2748f64cb869e18ceda87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc40f7748921ce4e56dffc323ef30cf7 |
| SHA1 | e48eb59596b935d87dbd0ac1b64007097d864bb5 |
| SHA256 | 67aa58aa8940471b1608c8557449763ba3b521662e7dec563b09bccd7025ea10 |
| SHA512 | 7b11eea28d15820eb825a06de054a69f5653bdaee8afe96c6012d55ce877266d938b312b415b94142d400dec19412b8cbb033a17dc4a3325865ccf2bab95592d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3a5d86df3cbb42f671d57e7dcdd6845 |
| SHA1 | 10b2fd8e78666118824d8722fcc24067a83ace38 |
| SHA256 | 685ff5c6554e7939febc86b19f49f0d003a9c454358501657f4339ed1d8cb60f |
| SHA512 | 1ea74ba5e41d68ca45705a3e2d5a3dd0cb5376beed25c84e7e560718a934509ad6b725ad425df0f6a86f162ab759d5986aa268e4a0fe9b52a48fb09af2cbabb2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 806ec79ebfc257f6c4935511be264e61 |
| SHA1 | 1c5cf35026f180ae7dce0da0c3b4e559e339cac7 |
| SHA256 | 4877969f93ee0e31463e97dd90b76fa226436694ca69fb29969d3dd020bbbe23 |
| SHA512 | b763d66143c48f71c453e6fdb00fb13a86a97098c52f863fac1373cfbceb75c1d467efd20d0b422192e1ac84d20494d20024443315f4c422da877998d84522fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db41a2e1f9fe0e8f5510baa2d192fc75 |
| SHA1 | c63716fbb898ac56396aa581293a2726eba5ad8f |
| SHA256 | 4106ecdd90cd500d6b53372b42d5c48425f93fd0947c5f7f0cdfcbec0e76bdf3 |
| SHA512 | cb9474b03a5dd287d4c4d7ec27d3b0ce97aa72b55348b6599f21a155e4eadfa1d0091169eaeef0c73f2fdf067b572d0bf8db45a487bffe6a563236b0c39ee180 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68e0c54312a5b05afa6cfb4f85d7e9b1 |
| SHA1 | 7664c8e1869d25b79f2273eaf41dd7b37e170c96 |
| SHA256 | 72baff57451cf4c3009299c087bee7b438ba66b4ffb570f5e887329871476fd8 |
| SHA512 | 9934ad155c21124139c610ee3112054c4b65a7da3b2c528c1823bbd644f3b656d26222ce6ee063c51039b7a0f22430e45140eb3142b1e9ed8d220e67b752bb45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c823036c46246a05bce958d4a0748d9 |
| SHA1 | cfbf97446a3987b9193cd184873182008c35a84f |
| SHA256 | cec4f90994b18288d4135893b02e21e78fc2e78252dc4ceac851f702a7c57d06 |
| SHA512 | 90300a5927a5df18fb4b4b71e51e1ef5d57bc79bd6f89ebdd4554afa003522525ce8ef5ad0e743f445f27787d5a24ded9210a07c970be7ebf2c1bb1267596e9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49802127b9e914545abd2e8deed07370 |
| SHA1 | ba65cc31d13238508d0f748a03ca14c7922806bf |
| SHA256 | 25e949ce057521aa96a8b8812cc0ee4ddcac7f82b93bc73fa247a0ed02cf64b1 |
| SHA512 | 2c78fe91e7756f0a88b630015594be6a5ed195260622cb44f848cffdfeb6d996b8d4def468a6c08cfae5b9baff513d4322324a5e72adc90b13798d0bb09d9dad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c9e4f28f46bf4120491c65abdeb579d |
| SHA1 | a51555aa20ce60884ca2401ea9f47c06807fb490 |
| SHA256 | d5bcbdecc0682422c2054c06e2a109d852aa9b626d2cd70bbec1bb5b1587eef6 |
| SHA512 | b5a2965008658ba203d9e567291c7c25233ab3681f8447ff513b1a73d0242567b4fdd29cc86d92c9453df597b63ae12b4de3f06ffb874ad59c7fc1611960a196 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc7d94d5dd5d3fd4b72e7ec5537ef229 |
| SHA1 | 2a709bfabb0e378bbe63f6afdf1b65545e3658dc |
| SHA256 | cede6d8cf787a7d7563e1e2de8e8fab4b82dac0cbe60c8a4c4e9e6b21bcba95e |
| SHA512 | 4ca045ffbb3a0997df2ae1331a77af4b1b87af43a82b8d8f99c983b6084e03e1db5c000190783e3ad80866f31a98e7c0eeff1056594819a431cd779040dc2964 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fbc7a2862797b37282b318ca7370617 |
| SHA1 | 7ea5a91af76a9c667dc69d5d59c66d79ed1f1219 |
| SHA256 | 29ecd938d7b245562509aefb4e34f337634de733541ecb2e2e61da1a451ba80d |
| SHA512 | 340f1de5da96d3ae688becacd0c9464305200477debcb26e470988fca4d90dadfa715414454f4b09b5e955d0bb1c25fa27bfa7d4f5650f9b34776b2391eef1e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 2afdb885e81e92198b5abd2ccee45547 |
| SHA1 | 8323f597c279812a0c6d774d6fdabf55ceb9b880 |
| SHA256 | ea2a0a0b34c84504d4bd23f73b6350beae1f2ef80b63baf85992eb340433568b |
| SHA512 | 95a53fa188733509e569f01deb0674ef5525ac71a8e0887717bf3741f488e87861931fc5512e6f56771a4ef2a892bfa4232a74ee843b2d0ad7ecc7026ba402ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | c6191a04b78a61fd53d9e3024a5ed0d7 |
| SHA1 | c15f1a0b767ac08e1943edd5450aeb89cb1ab671 |
| SHA256 | e6df165fe282d5c9b589e1c9b7b71ac9131a24bc8cbbf530f1a87a86a804e475 |
| SHA512 | 478aaa3ad95c8dbb122f333ee9b0ecaf7ad8b45220339108a0b322755db6631ea1c2bfb8d35e8f0285b2cb7fbe155b6211856a3e7fdafc5ef17afa516407e103 |
Analysis: behavioral29
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win7-20240419-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\o1\main_files\convergedlogin_pcore.min.js
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win10v2004-20240419-en
Max time kernel
145s
Max time network
137s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\a2\index_files\saved_resource.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf4fa46f8,0x7ffbf4fa4708,0x7ffbf4fa4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6235694149142555187,3572481144656475180,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6235694149142555187,3572481144656475180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,6235694149142555187,3572481144656475180,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6235694149142555187,3572481144656475180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6235694149142555187,3572481144656475180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6235694149142555187,3572481144656475180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6235694149142555187,3572481144656475180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6235694149142555187,3572481144656475180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6235694149142555187,3572481144656475180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6235694149142555187,3572481144656475180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6235694149142555187,3572481144656475180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6235694149142555187,3572481144656475180,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | o.aolcdn.com | udp |
| SE | 192.229.221.24:443 | o.aolcdn.com | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1cbd0e9a14155b7f5d4f542d09a83153 |
| SHA1 | 27a442a921921d69743a8e4b76ff0b66016c4b76 |
| SHA256 | 243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c |
| SHA512 | 17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d |
\??\pipe\LOCAL\crashpad_2184_GGYTUEJADWURGKXD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4e96ed67859d0bafd47d805a71041f49 |
| SHA1 | 7806c54ae29a6c8d01dcbc78e5525ddde321b16b |
| SHA256 | bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d |
| SHA512 | 432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ff4fd0115d8ac4a8bcd262266fa34e20 |
| SHA1 | c9bfe109e685a9f3f901263b7b76e0d4ad56908f |
| SHA256 | 6c55153d273098f4fbc344e1e6e468aeef467afb00a065c671fc18d6e2468750 |
| SHA512 | 3daa2f46dfdf19b4c2d4627472552dc0ca8f77fc8e3511afb988b6d009437449ee1f71855bb10939a9a77b5770bf8fd2cd707266260001c57845093b033706ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8af4cc1f8373cacfe83775ed749d3a64 |
| SHA1 | e2e67c00b735658e7f48190b98d6416774e4263e |
| SHA256 | 9c1ab89d3a1b5f7032f3d2b800f906fd55a8ba8440aad5f19c9281c4143dabab |
| SHA512 | 5238f98f15fb4ad2c5aac0edf18d3253cf101093ffa4c2b3be9cf234c6c4a87298704246f74aae3460ed7c4fbbd2e7d01e23611d7633fee18d0002933312bef2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ed6c30bf610033cb71301d72cd611ffa |
| SHA1 | 3632e416ea8ca224594339aeb2a2868c7e60bebb |
| SHA256 | baa7d4475c85e6a41d9b68036d0366ca279adf77e05ded991339fecdea3d63fe |
| SHA512 | 9dbd0fcc14e65d589bc10c4edbbba06757b0af0d6cb41d24324add9e431486ddad4068fd5f3fae0d477a6a5ed6745465f2e974596409a3bda44fc774344b9c03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 81fec74f7145192c17d977933fd5b81c |
| SHA1 | a9d1a6e9cf78f84aa650eb7634d965a16b85732b |
| SHA256 | 84890cc65296bd9e5eb969aba358dd3a97be761ae07cb4b405c75997ae531888 |
| SHA512 | 25a39b2b5d6116aa4b8c7bb50ca97be0ddd2c8242fd19b0ce1a8ec84d582e240371fe9dbf43bb6e291c00ca2b3e7ada9c71a49c3241c79575e4a566a47ecd54c |
Analysis: behavioral14
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
138s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\a2\main.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffceba246f8,0x7ffceba24708,0x7ffceba24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,8685390916470053984,10221970003544661446,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,8685390916470053984,10221970003544661446,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,8685390916470053984,10221970003544661446,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8685390916470053984,10221970003544661446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8685390916470053984,10221970003544661446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,8685390916470053984,10221970003544661446,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,8685390916470053984,10221970003544661446,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8685390916470053984,10221970003544661446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8685390916470053984,10221970003544661446,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8685390916470053984,10221970003544661446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8685390916470053984,10221970003544661446,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,8685390916470053984,10221970003544661446,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3764 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 172.217.16.234:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | o.aolcdn.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| SE | 192.229.221.24:443 | o.aolcdn.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 24.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f53207a5ca2ef5c7e976cbb3cb26d870 |
| SHA1 | 49a8cc44f53da77bb3dfb36fc7676ed54675db43 |
| SHA256 | 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23 |
| SHA512 | be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499 |
\??\pipe\LOCAL\crashpad_3348_JDMHXMTJBOLQNNLX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae54e9db2e89f2c54da8cc0bfcbd26bd |
| SHA1 | a88af6c673609ecbc51a1a60dfbc8577830d2b5d |
| SHA256 | 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af |
| SHA512 | e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7e68bc21894f3419d0b375898cf3e50c |
| SHA1 | b51dc597413bf666c5e0d9cae51bee4ac78f31f0 |
| SHA256 | 0a3a75a527e67602190870537b338f7b06ec86f089f8c808812710a72976705d |
| SHA512 | 2bf30a261fcc3e667c673256bb0b16112a092a6d073aba8733695cb79ebb4ef032fa1a92e83afe54be830c1ab055b8d70b601db49e5bba0f77f364cc9f89d262 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2e05f705a68cc46f05dea9e371854cd6 |
| SHA1 | b57842c3e893e9c9deac8467d3bc4a63f2d29026 |
| SHA256 | f4c7f11eb396fb90c98d9d3b15064547a6bcc9308cb3c4963a202736e54eb401 |
| SHA512 | 9b20269acd88006349c8a4cb19b94721147fe5c31207d16467ce7c03531aa92be761dfb4b36640535cea4cf3a314ede9ab3bb709a9800bdfcf4577910849e689 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 756e6bcc4864d71968716820981c1d62 |
| SHA1 | c6686921141c567105e8742731ab32a0e5f893da |
| SHA256 | 2469d74167584f2c28c2100880f6b54707b71ee458f2bb5f5fead9bb45b2e347 |
| SHA512 | 360b0dde202f445f1f50f69f01babd85af76ae9f38e18540637a68945df8efb9ff408cdf81cb38fd469f9a5d35b931b58c157aebafd19866a87ece4928a35911 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 98c4480fa00fc06922b204eaf68f845f |
| SHA1 | afd37f237aaa121b6460d196b33816a4232871ba |
| SHA256 | e1a1745525c1af6be24086c032f7ce890ab07c720cff289e8b4b59f896b649e0 |
| SHA512 | adf753838ca8300a8374ac8b838333eb646f3c08d675c334962e3657cf64ff8a9bbd059e0691f373b4de93966d8ddf5bded11610feab9822795fccaa3b0fbbef |
Analysis: behavioral20
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win10v2004-20240419-en
Max time kernel
145s
Max time network
137s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\o1\main.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a24346f8,0x7ff8a2434708,0x7ff8a2434718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16717082548110248902,15199248635441272945,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,16717082548110248902,15199248635441272945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,16717082548110248902,15199248635441272945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16717082548110248902,15199248635441272945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16717082548110248902,15199248635441272945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16717082548110248902,15199248635441272945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16717082548110248902,15199248635441272945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16717082548110248902,15199248635441272945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16717082548110248902,15199248635441272945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16717082548110248902,15199248635441272945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16717082548110248902,15199248635441272945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16717082548110248902,15199248635441272945,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | secure.aadcdn.microsoftonline-p.com | udp |
| GB | 172.217.16.234:443 | ajax.googleapis.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1cbd0e9a14155b7f5d4f542d09a83153 |
| SHA1 | 27a442a921921d69743a8e4b76ff0b66016c4b76 |
| SHA256 | 243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c |
| SHA512 | 17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4e96ed67859d0bafd47d805a71041f49 |
| SHA1 | 7806c54ae29a6c8d01dcbc78e5525ddde321b16b |
| SHA256 | bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d |
| SHA512 | 432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7 |
\??\pipe\LOCAL\crashpad_2108_WORPWCLYYJMXHKVD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 92f8f3d8ee7a1a9862d9907c6b4c5fe4 |
| SHA1 | 3aa0e99911fb51d5d7166f1acbf4fca214c05896 |
| SHA256 | 7e9ac4bea72cdbe5f97454209accb62b7c86f04eb98c43db76fa6134f1944c70 |
| SHA512 | 26bce48e3623521799114980c06a83814663b694ba15b8744ff1535a4e7c184163c92d33a3b20e2045df20f3ae53ef6b9cad61ce79a6fbff4c6d250818942c35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ddebb5f1379fd60827b1264b76e74267 |
| SHA1 | 63ef1c4f5472a9ac567c5c0189e4a1941def00d7 |
| SHA256 | 6929f079dfc1b4a998a79fc20c1c0c49d668a164f0e799efc9132e776f6540f8 |
| SHA512 | 6efcc8d019dd69f477f2326dbc70b82e812609b685f7f2a68d57e90d19b86b82198d9fb4ec126b80b55fb98f9f56714c6e46d7e9f7d650e11ed551b4e0e91b4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 32488ebf7de739f45f6662afa085e26c |
| SHA1 | 017dd5d018064d12941b158b90858814da282b73 |
| SHA256 | 1a88d051db3c83c1c21416c0b4b4b0ed5c30665b20d977821a691e79f58271e0 |
| SHA512 | 9ead94892ee17dab1e20fc947a98b71afb454a0c3beeb732911815c5e3d213b9fabab945ab3b4320ef2eddb5e2d46bcc5c1ce9ffd4edffc77b5a51e912358903 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ef4eed51b86b04f5c252e2879aeb7f6e |
| SHA1 | 81bdfffbd6663842726eeccd444df6f9a1e240cb |
| SHA256 | 51ac3d41ade838f91f2452f7076cd4bdc1438ceeebbbcf7e9f5dfb0050271d09 |
| SHA512 | b80981f9938e44ac67e026782cf621c450a8e2443823e7ad14d0486bad0a7c25c080dd814f8b1ac53efd8df3bd6f4787099092c72d86498c1fc49cad61322a04 |
Analysis: behavioral25
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win7-20240220-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\o1\main_files\boot.worldwide.2.mouse.js
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win10v2004-20240226-en
Max time kernel
141s
Max time network
157s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\o1\main_files\boot.worldwide.3.mouse.js
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4008 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 13.107.253.67:443 | tcp | |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.143.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win10v2004-20240419-en
Max time kernel
141s
Max time network
111s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\o1\main_files\convergedloginpaginatedstrings-en.min.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win10v2004-20240419-en
Max time kernel
141s
Max time network
149s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\a2\index_files\saved_resource.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win7-20240221-en
Max time kernel
135s
Max time network
130s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0d99ea4f79cda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000fa9e6781b3b7fe4aa75f939b6d34446da8d87422a615a2ba16665af31f017f24000000000e80000000020000200000002727ff473ec7636400e9cdf61caf3fe3ac277e3e6477b998b0562240c9f17f33200000004e87f9caee91f422834466e0ee6cdb7c8b02f2c9f919289f14f69db23cd837b9400000001c50728c1d0941e4301027cc0ece236545922d6122d3d4af8446bda98e8e2e310cedf615c9a47302f7fd83866e863c700e741c8b844be13451315ef645d4acc7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CEBFF9C1-08EA-11EF-8178-52C7B7C5B073} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420860874" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000ff48e46fac7c1d1a521118966ca414f13f857c5f1b9f2714d27d872b00cdb97a000000000e8000000002000020000000da77ae7607cf232b4400e4b75f6ce90b63ec2fbd2bd7dbbd79917496d0b152829000000033bb21ec67db86eeb52bcb74742abc0ac739aa4b8424b62f9cb8650d02d20002bc543a6b795fa851fa09826ed5f5bfa82676f08b1041f0780551f8a6f60f21e389b533e5a7c8781ecac75bdc6c4cab963c63e32f737a51a4b50f6caf0b4d5cdfa6336769ca1d314d519c1422ace6057e7bd8127ec2226a99390860f2be25eda216f73bfdf4f20b692d396ed15c71134e400000001fde4fe0000b3dbed16398b698c681ea8d24c89edd2860a36678bca72a6ffda6f5eff297a020b163d9ca42d6c12cb4b5d2bf053f5f7556b32d655b712b6f8f34 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2956 wrote to memory of 2652 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2956 wrote to memory of 2652 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2956 wrote to memory of 2652 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2956 wrote to memory of 2652 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\a2\index_files\saved_resource.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | o.aolcdn.com | udp |
| SE | 192.229.221.24:443 | o.aolcdn.com | tcp |
| SE | 192.229.221.24:443 | o.aolcdn.com | tcp |
| SE | 192.229.221.24:443 | o.aolcdn.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabFF8.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar11B6.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b549d4fbca1f52a22c5344fde641b26 |
| SHA1 | 65148d3f0473d9df58803b0359dfe324e80b838f |
| SHA256 | 8a6c7ea30a835ec7a8d136b51ca289324dc4552ee578b9832a17541434e77cba |
| SHA512 | 2f92f3fc45846fe31827154db8509d3748dd0a1785f5b97c83d701350d76bec43da9c94af24956e44aacc42883a785683e5789964b024e091c416b6de4b10faf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20821d37a73df941dfd5bbf5c23edc29 |
| SHA1 | a3d34f4ee3361ec6f3dd5d5d19a3676433f7f3c0 |
| SHA256 | fe45cc094ac2aab9b6f6f71132e26b6578bb3aef1bdaba4a176216979696bb78 |
| SHA512 | 682cbc006b406fcc6190dbc845fe8f6e98f4794dac8c35cc9f53adc105f0a3e4e0b9876666acf4cdcf41040ec72eb7f441e2908db6fc30293e45998453597d01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d430399a4acf0f0fa481c9c8a6168b5a |
| SHA1 | e1a4fa2d92df1fd3c543ca5eea1fbebf99144d86 |
| SHA256 | e935f6acdfc83a232c4ee3ce921734b8fb2fa2e3e82a46b0a54e032a83115625 |
| SHA512 | 66564147fb8817ab9cf8bfd8f424b89364e0c7e67df1bdaff4f88b2619fa1da348ef9b87e864b3f958b850d2e84b3bd79f6c4f9e005e60efcaf2e2964ee2602f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4392cef929905a059d187faf9245b0a4 |
| SHA1 | 9e172496797174a4d0510d9e7cdb9c16d4a86aee |
| SHA256 | 963d17e35b23739a90d3c3f624ced4faacb06ea736982b56b68ef0eb79f489d2 |
| SHA512 | 36828703bbecb805f6875bd58ac2b85c426dbe48d92e59a0ab091364b65674f0eee5699f4ce91c78c4853260f5b1c1afa42efbf42def9cdba5131446c32068f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbd114190da93b4d15ceeec5ad719470 |
| SHA1 | 92196d84465691f0fec0cd1e123f8f50aacb54ce |
| SHA256 | be042d27169ce023df3ae9011bc897072de0dea59a404503203d8913bb376d1e |
| SHA512 | 9c3f2877e1ba92b6dd24b9599edfb6667cca8d6deb3993855a70ddf369f20911defa118a69cbd8e922fc9a64b48f613fc2bc50b9d848bb4915e6b3ecf08383b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfb4f4abbf77355e018d66cf204c5e08 |
| SHA1 | a47fb8d4cbfb96aea4811809586c585453e8763a |
| SHA256 | 71f277dc7019bbc8b54131635740a5d130a6dafdba9c87d037435b78d0adc8b2 |
| SHA512 | 32790b4c88739a5ae63fbbf159178c8669693cb4409af731eda4bc476bfd73220cc06d6154a527d2b508bc8cd8f8b99faf3cd12d5723bb987faab898f66a3566 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99577964057900353033d78470ae8430 |
| SHA1 | e7c477130dd3830106ddefe0a9cf9927f57143d3 |
| SHA256 | ff8180310e749b970d6594692cb7081a3739f059d4e18c3f7adcd6e7a2d1d9e5 |
| SHA512 | 1ed1e1f1026a5b8c0112610c62217e561bb5f2de436cb88acb446ed7af369631977f2e0875a8694ee7a0c896ea177fcb87e94316c2da0f234a33819f20492a6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43b91266ee68fa46a3e34fe7d5e9c011 |
| SHA1 | 4750a7664c24c3d2f3b836114015d89ab65ca314 |
| SHA256 | 5dc6686666f1de5eb5195e5ff070229ac2fa69572efc961a85e30de6198751eb |
| SHA512 | 3e3cbfa7aec6f8fb64f74f147938a833ee99ddc096aea63bd3c509e71399db1bfd907c9b12024bd4e4b7074fd2bbc694f19826fef5f7ec31c7127e8b89c9f8af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67373efbd8374de6f7cc52a3169b83b8 |
| SHA1 | 01c129dc4dc8efe51e3c41fcb8cd7e67d577cd9a |
| SHA256 | df6bce0de72f247e1aa5a4dc9afdad47f0fdf2f6b644d9154942cae8aac12ae5 |
| SHA512 | 3fe4f73e0323c82bba0827814b013dabaad6b2e2457968c3b863907f91b6bf310b1c71f3b0bf0f6b01994a5a1bcb9ba5964ba6671778bd7ba666499bae27b33a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 347ac3cf35e0053f6547385fbd1ed599 |
| SHA1 | c00211323f2362dd58e7e4fb248e3dd8ae3da435 |
| SHA256 | a34c75b3266c6f18366afa3b11d5b3117c030d23ec17bf23ed99c6b6b945183a |
| SHA512 | f3db33893fcfa87151918c2cd8cca18a5ce0c07c5aaf210d41316568a5f18f1227fa580ac6694188b1fb869e538c0c66ff10c559f4331426b60fb8b6d0b94d0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1750093b486cf1b13c3570b67891bd4 |
| SHA1 | d00f8f54b51d3189b6f14fb0414e798c4c43d59b |
| SHA256 | c08ec76011e9fbe4a6b95587b82c8d2e97396c47f87730d32aa7c832c1253e4f |
| SHA512 | 1a484a1e5d8604cc0136ecc46ef8589e3ddd951f7ce236f11cdeda74c9950039541d9d3b795354de29e85ab78f43b18ee9043e21449c9243a12bc8b8f33ee246 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f251107508d99c3c203fc049acc14419 |
| SHA1 | ad2efb052d20839e50e76bdd17159b74154f14e4 |
| SHA256 | 20b35513ac33b6ea7f867086d267d830865a32a5010e97c1a0cc7203b71d420a |
| SHA512 | 56adfde085f9de9d6e8bcf27f54b64dc446396c838736c7a7600003f335074580e5d77d46f2dc69f9eb881cbc099cf72978a641b74128f065b5c542e1b93d2f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76402ae49337bdcf4acaf9adb030fc43 |
| SHA1 | 8607ab6e242e04a04f1ee7e8f39e4a2490a07fc5 |
| SHA256 | eddee64c7fff631983a037ac18c3e812d2497db0873bbc06071d8e069a36bf78 |
| SHA512 | 5252c161e17e28f009c10966019bdf6d97f83727fca16bf1015f1e7a04b49b4ef1a7b19b4aa2b234769579e081f095633230faa6fa1d0ac23bb5fc0d5be0a0ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba0cd1c062629ec6e5293b8011329f11 |
| SHA1 | 2b170a79f036b16243abf31ad3096c56fe806d23 |
| SHA256 | ca9fde74e997518220dd2682528b78b0fa6781afe4b4a60ee44568f8ebfbd320 |
| SHA512 | e5b45326490a8f0e1cda434c9cb6c005249c0b95cfcec9be22738108c7457eca25d65be86ec9f09351a2db542a3f80b4b95471cd93f89404616800de6fbd3055 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9622c750c07a98e2aece6a6db53bd055 |
| SHA1 | 85d633b3073ad06a0feed9b5e8f774aac5ee8962 |
| SHA256 | 70d1c302931e6cecbac1952f83cbae209eb250079c0f9efc5a8bc54454b78366 |
| SHA512 | 4e77536c9f2f3734e10f95a9bde18e4bb93f36150a264683c29c4912be7aaa0e3ef61a26cec915d4dc3b047afc6b01941a9b5961dafd2e2f0f849f643dc0f6e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39db3ab16fc3c4075f7dfdf06cff9573 |
| SHA1 | 96ae2f8c130f166c70347cd0605d513a2e8f2c8d |
| SHA256 | dbd92a32f06d6b798983bdcf3d6530a9a4d036cb51d32f3d753b0697f394a131 |
| SHA512 | 05d0ed06135252d7f37e4f45d48657c65cd6875335d127841a033c2ff23cd29ef9c2fc4b09b3ed541ab58164a90dd21b6d2ead83627276934c0fa54fb6b77b11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba7ce039d5bf0c24f326f7de67e7ad52 |
| SHA1 | d9e4e6cb5acdbef85a83693891366529e48cf083 |
| SHA256 | 10ee04990eb3454ade95dd46b3e0d018770bf50d117d5787d9523942eff336fe |
| SHA512 | fd9e49725278ae7ac068a02ccae66063f38e55c3557ef8f0ac5bfd3422faf3a1b1e07e0d757db9b7d98838d51b6960119b30fefe0aa51a3561b9133af1d26306 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de5e9291885e46a61a1c66447db60696 |
| SHA1 | 7419e0176586dc218af83eb8fdd01a898b5ac9fc |
| SHA256 | f0e6980ab21d2e23558b3d21cdf14b6768cf03804d4bcd7c5742381fa45beb1c |
| SHA512 | eedea9b2210a53009e90b33fe4188f6ef5e65094d8bd6a4435375236d178ac2b065c782b3ccd32c66d8150688db11cf653603b700a318bbbf91ae5e8cb7a1430 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51cddc19b5e18d8871c4da9d6ade46bb |
| SHA1 | c54ec11ea1b443067a7f2d45c88652b1019110e6 |
| SHA256 | b9ef409233fda43b059a73c697d1b91dc13e7465c835e66481c461c0f2d2205a |
| SHA512 | bf125ea5e3ff5841ab16764a03f984c9e617bae73ee0d3821d40bebf5c6a3eed8e733c5184bec64810c2a6078ebf78ff7964cc56ac5146492c902017f111d9e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b83480980b8ab06e7b99aa1a352fc29 |
| SHA1 | 8845b15998d8340cd77fcfb47567cc40fbc0d794 |
| SHA256 | a442d20dcc6c9c9aac42ac887f1be307c7df6219090c992d057028873976245b |
| SHA512 | 57dcbd307b0601e1070b5e48efa3e04ce4439a38673c6e5d1b697356dc3050ce858512a396294a2a480d0351ed2502afa037bc4eb3a42a2ba81451e56c114b6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02e2ecd3c2f87e7f06867eedea1c7920 |
| SHA1 | 2249c901fa2d07400223d488db7e882f84c17601 |
| SHA256 | 8db61a3ea00c585bd4484179d5c4912f10fab78bd5e01a0dd07df6fb03e68610 |
| SHA512 | f411c4a2a6b984d3deec9bdfa8445ccc9b07a9d7e4c0623c78cd3899a016d427d79e025cbc0e0fbda849809020d4630c698c8c4a604219386e2e27dbf2015ceb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | daaf5bd270a2fd089c821726b1fa5e74 |
| SHA1 | 67cd66bc00950f8457bdc298251cf2c74e01d54c |
| SHA256 | 76c2676e25cebb449d3d93481949fcdb232bfaae9325dbb3e1430e5862bd43dc |
| SHA512 | 632d36d50073d27a149b7a347badd4642e25896631fae5f43b9b8d5830774716d76a8dc315ca0ab460076b7cd7336132a9bd2382b519caa8912ad1d83632ff30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c58abebb34a67cd551a56876394a6c2 |
| SHA1 | 2a1bbc5856a68e6754ff10bc4475332adfc94cdb |
| SHA256 | f9b9e4ba4c59a4c033d244cbb1fdebb0d07cf9af9bc66aa780de64f4691607df |
| SHA512 | 2a7ef87cd28ba2d82bd50c924f6be1accdc002d494335b8928b3ed00111eaa49fc8b2a84e6462860f6bf33075e0052b750a3368af6afe15af91aeb0b728bb690 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e10afb8cc0529f7e480067e24a378de |
| SHA1 | 41bbd7a3a610350c5c314e9b349a5483875026ff |
| SHA256 | 8faa06cc0d4bb5eab36d0bb10db340195538ab19dadd821037dc4b8cb2ef23b4 |
| SHA512 | b9cc3f97f6708e71505721245059096bb47c5c97f68f6184f90b92ee6aac864164d9743fdfa2b3ecc7f0ea07d636b47e1614dfb9fd1dedaaf2486436e1f6f563 |
Analysis: behavioral21
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win7-20240221-en
Max time kernel
121s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\o1\main_files\boot.worldwide.0.mouse.js
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win10v2004-20240419-en
Max time kernel
140s
Max time network
127s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\o1\main_files\boot.worldwide.2.mouse.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win10v2004-20240419-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\a2\index_files\saved_resource(1).js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win7-20240220-en
Max time kernel
134s
Max time network
129s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420860873" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc2330000000002000000000010660000000100002000000026b15361cf5f0812d061418a36d039458beb42dbb3585f28ba5b3d4aaf5d2f76000000000e8000000002000020000000ab8a0621845153559abaad16b9b46895dc3b24126cae1db57c30816a508d6ef02000000069da2cd201563368864a381d5c568e77c0627d741c7dadd742941e077034895d40000000afd7a720f1fcd4599c0c78c906111b0cb805382ed478fd2a515368a8e6ae807ddae144c2fd501a6749ba50cfcf2281629e7779ede4265db2d486813cd8dcd138 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CE436721-08EA-11EF-8B56-EE69C2CE6029} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e06cd1a2f79cda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc2330000000002000000000010660000000100002000000015100fa0015b82d2e45154a78b7eac1c1462c84c9c367a5d09c320a19f350e32000000000e80000000020000200000001c47e0b48d365977ea39e8866f2200bfaa6c719ee93dca1c23e2fd949020385b90000000d84cd853162ba623dd3ee74403e4c75eb4e1064d4250644a9d372b1801b031c7d024ad80a49e34f52d497efaa05c24d082e51b7689f6df12ed7a0e82d1e1c8a978403df1691698a91f8887e72a07ce1e965dc37fec027cd4e6fd91d583a8d0aff5be9e3cf8efafbc38009200c397b5737aa5a3d2c4fc3591a3b7543b9e78b4edae8f8a4c557bbee0562ece054b970aff400000004e758759988646d67ac42618cde171e46892bd4ed5233f4c63d4bdd28c8cc5cd8931b63d9f8ef1318809236e7f631ff566a85e6d7454264334af27c4b832d698 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2244 wrote to memory of 3052 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2244 wrote to memory of 3052 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2244 wrote to memory of 3052 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2244 wrote to memory of 3052 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\a2\index_files\tcode3.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2244 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2742.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar2881.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 591152b4bb6bb6811d4130ca913b7298 |
| SHA1 | 1731abbfddb7a35b88c5567f8be26d98c2e8b781 |
| SHA256 | d515118278c1c7e672964a5d27ac5b26940eef8d55e644719591fe49a32c9356 |
| SHA512 | cda015de78ee0bb929b5ee478bfdecfe0d1523358a61f45174798fe7a2daa803bb84e30ae2870caf502af92e3cd5ed157200d072fca5edadf347101134ba452b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b87c5d0ce98923064934df378353921 |
| SHA1 | 40d44d10a347bb863f1dabfe323c1f3513f94ac0 |
| SHA256 | 3cbb4da5aa771e97bd9e1e544260ea7ec0053867060ec0c9b9897f90b70f7fed |
| SHA512 | cb1d9b67028c27a57533486a9153118411c572f1856c265d2b6f495da4c0eb8887494cd083f3a3f718eabfcc0e3b107836fb050b14f9e65a7e8611639b7334c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11bbc9386aec0a0b1368ab6b9afb5b96 |
| SHA1 | 2d74fcb37bea0f9cb8d50663daf3ed5bedde68e0 |
| SHA256 | 4df885b6a0fac4d8e648ec30d891914597d2c58023fee6fd160fdad708cf20f9 |
| SHA512 | a127864c5843909f056fc6d3ad94b3e3d27fdab494651bdc507c23719b0aae22c168f148ad2c3983c43ac51b528f9165ceb9b4e371492190ef670513ac570ccb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15557277706412fee5ecec04f781390a |
| SHA1 | a5e33e56c47bf70117cd755f02066fc408a61010 |
| SHA256 | 4d38de74feb34454767c400699d03b237f2b0c4308add4bdd9e61b67ffc55655 |
| SHA512 | e2f196f8bef6399d8fc39d1a84621988f2a732cddc3729ee4be9aed040e5357d6e2ba67de2e04de7cc0493f6da8077e1fcb1e87c8eb1fcc627a8b3ef74522e20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0842e3a8691914eabdadfa301c580ee |
| SHA1 | 13cf9d60864cddf33ff1bfc11be12904dfb73003 |
| SHA256 | 067ef3f3f0dd95490ac7bd3380bb0c518ad6c0c7de5afc652ef42b441803ed43 |
| SHA512 | 1f4dfb91f4dcc4b725b4c5d3017c1b3a0752ef1079391b72037ecbd139b26ccb34e42e0b55091b292bd36ca2163e29c3079cd64324ebeb2c94c9cb1f4f04d66d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a9d18b9a8cc3fe70bf95f2ae844a30b |
| SHA1 | 9960e929af90952b026a33e5027f567acecc97db |
| SHA256 | 131c1e83ce50afb2a85d020e17f31885ce4e41964574e5766a50215c53b663a9 |
| SHA512 | f9ba9775190ed7e376a13690a6fbfd1f753479bad06e714fbe626045242b4df1f61bc7d5079d24a1366c603674bad64d552fda158301b0b0f2856ed770d27e3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04cbd3ff4ce5641087af1f8b6a650230 |
| SHA1 | 2e3c31d8197a8b0780f190cdef21443f4f9e5336 |
| SHA256 | 9b8e2c28b2892c41af218c7a8e063746427c1fd5a71f30f3a8c8cf60a1d212c8 |
| SHA512 | 5db5bcbde9da9a8fa80c1f1f9761ab2677a40469703fd7e6cadf308a0f089c5449f755a86fdceecf281d29efcd8a5a8235c02db01d0bb003262591049b6031d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05728edae815aa1325f757c1f4499daf |
| SHA1 | 99c97f3a052dccf93c09ead0ac150c4178ae163f |
| SHA256 | a39b370e45936d6a814c9486a13a44b425307a45618dfc1a034a0a82caf24b10 |
| SHA512 | 8abd473d6dd3e83ec4c34fd6fcdfe4c0f9f577982abeec10a9bb7d8727737a43069b2bb32d6df6b13d8dafb548db5578e68abf7cbe8eac3e8332131c8052477a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3225cb374b99c9a993265639022c9256 |
| SHA1 | 6358b55df079c34aa3cf01975b19d864d03143d6 |
| SHA256 | 73f82bd45c67981f5efb294faf6690388289b008667040a0b7c1da6afdaeeece |
| SHA512 | 905ad62efcc35c54dbe67a2a91b6e2e84cc021915f0779154be9bfaf9d2df67a9693a1fc98e8095e550c5dbaaec94c8c3160a5af4c6e23d2fa45251a68478155 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62c199a04952304acaeb2583c91d997e |
| SHA1 | 9c3db371c7d6edae57f6e08392f3ca51a081240a |
| SHA256 | 7ea6d1cb748bde3a5b3477de040f72ad9be690bad3900f8938d32ca102c1bf46 |
| SHA512 | 4f6d94cea7db02f019c8529cc4f6b502ae03ed61d4246a159cc65bcca49b9d7cdc8ed57a99a9d542c3be8e1cd833218113cc7ac600cdb88783adcb40182e405d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7bf2751fbb8dbb78edb201faf76ce418 |
| SHA1 | 9406a9e645d7ade5c0a1ebb00e3449bb8b9aa0c8 |
| SHA256 | 7a61fcddf4bc5724502d4eb1a4082d43ea3f162ee3c6b419986dd48cc5259fa0 |
| SHA512 | ee50aed00beb2d1b8124d03d87bd83c6ad9a9ea03756e231a84363858fb9a5c3f3f0acfa3fc9215e5c9ea387ddc97681fef9a5d76922a2de151245de462945ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57b2c2584c0c124acd38cfd1caa1889e |
| SHA1 | 6f7f0fb306fb830f770ffa28a49faba17d255acb |
| SHA256 | a5d129ebdf47cabe8f30c8d7bdf3b8dbadbe72d7b2be8911602940bc63ae0081 |
| SHA512 | 5c22e638dddcfa0936f30aa39e0ca8cff0f11a8b36f4688c60c48da1039dc61a3397a1cbb5f5626a6fabdb1a1af42612cd7cf16c3f34c7e6b580d93666f2f931 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88e05668ae701151d1d09d463add3e8c |
| SHA1 | 27370454964cfbab31045bff4a3638bdf5ae096a |
| SHA256 | 46f443f0dea7019a160577573811b0fc7fa5ad3abbcd290d584b1a870288ecec |
| SHA512 | ac3c84fd2d36b7f6bde496b9f944619fe973203aadf74a7513ad679483e4cad2aa1f7213b4b61225af978eb1fe32463d8a0b44413da6b1aa5e22d40fbed74362 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91f0ad18f7e505481a9a8fb8399853f5 |
| SHA1 | 8b425450e883f841f80cf02ec0944745e72ba639 |
| SHA256 | 2c4d8d805069285d1cb4530884c39581f527d0a60bca956d724c3f81033b14a5 |
| SHA512 | eff0dc6e260550bcddfdcda3b2bcab95a6462b62f23eef081c8b58e873ef107107481cc2ef9a2d4880ae09c397aa6d8d0e229cee318c07ddbb777a6ae299a9ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f203db07e2981b914cfca9e8845ee05f |
| SHA1 | 99a18452b87185222d452765896d0f738d5c62dd |
| SHA256 | 07874e3e841d67d85365609fc0448f0b347023ef8f6c29c788398aa5faf955f1 |
| SHA512 | d90206da0010521bd0ebad0372e7f18fbdf6fbdf1ed6919fd1a2c36068a888108cd214e29cb9b17f9b583985097924af92d293756aa331be386f2d8bae0a4ca4 |
Analysis: behavioral24
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win10v2004-20240419-en
Max time kernel
147s
Max time network
110s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\o1\main_files\boot.worldwide.1.mouse.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win7-20240419-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\o1\geoplugin.class.js
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win7-20240221-en
Max time kernel
121s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\o1\main_files\boot.worldwide.1.mouse.js
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-05-03 01:16
Reported
2024-05-03 01:19
Platform
win7-20240215-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\o1\main_files\boot.worldwide.3.mouse.js