Analysis Overview
SHA256
556ad48c5af056e6d85408bcdff47a7ee72e5ed83e09cc8a297746fe67b5c653
Threat Level: Likely benign
The file 39c72f51a48d2e6ce090de9ed855e4c4_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Command and Scripting Interpreter: JavaScript
One or more HTTP URLs in qr code identified
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-12 11:06
Signatures
One or more HTTP URLs in qr code identified
Analysis: behavioral12
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Autoserver\daum\thankyou.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae1b446f8,0x7ffae1b44708,0x7ffae1b44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,3568830025207080673,1813021629523694038,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,3568830025207080673,1813021629523694038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,3568830025207080673,1813021629523694038,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3568830025207080673,1813021629523694038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3568830025207080673,1813021629523694038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3568830025207080673,1813021629523694038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3568830025207080673,1813021629523694038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,3568830025207080673,1813021629523694038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,3568830025207080673,1813021629523694038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3568830025207080673,1813021629523694038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3568830025207080673,1813021629523694038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3568830025207080673,1813021629523694038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3568830025207080673,1813021629523694038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,3568830025207080673,1813021629523694038,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | icon.daumcdn.net | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.hg-times.com | udp |
| KR | 121.125.77.189:80 | www.hg-times.com | tcp |
| KR | 121.125.77.189:80 | www.hg-times.com | tcp |
| KR | 121.53.85.3:80 | icon.daumcdn.net | tcp |
| KR | 121.53.85.3:80 | icon.daumcdn.net | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.77.125.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.85.53.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.57:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.57:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | logins.daum.net | udp |
| KR | 203.133.167.83:443 | logins.daum.net | tcp |
| KR | 203.133.167.83:443 | logins.daum.net | tcp |
| KR | 203.133.167.83:443 | logins.daum.net | tcp |
| US | 8.8.8.8:53 | 83.167.133.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.kakao.com | udp |
| KR | 110.76.142.110:443 | accounts.kakao.com | tcp |
| KR | 110.76.142.110:443 | accounts.kakao.com | tcp |
| US | 8.8.8.8:53 | 110.142.76.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.kakaocdn.net | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| KR | 211.231.100.79:443 | accounts.kakaocdn.net | tcp |
| KR | 211.231.100.79:443 | accounts.kakaocdn.net | tcp |
| KR | 211.231.100.79:443 | accounts.kakaocdn.net | tcp |
| KR | 211.231.100.79:443 | accounts.kakaocdn.net | tcp |
| US | 8.8.8.8:53 | 79.100.231.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t1.daumcdn.net | udp |
| NL | 2.18.121.142:443 | t1.daumcdn.net | tcp |
| KR | 211.231.100.79:443 | accounts.kakaocdn.net | tcp |
| KR | 211.231.100.79:443 | accounts.kakaocdn.net | tcp |
| US | 8.8.8.8:53 | webid.ad.daum.net | udp |
| KR | 121.53.105.246:443 | webid.ad.daum.net | tcp |
| US | 8.8.8.8:53 | 142.121.18.2.in-addr.arpa | udp |
| KR | 121.53.105.246:443 | webid.ad.daum.net | tcp |
| US | 8.8.8.8:53 | 246.105.53.121.in-addr.arpa | udp |
| KR | 211.231.100.79:443 | accounts.kakaocdn.net | tcp |
| KR | 211.231.100.79:443 | accounts.kakaocdn.net | tcp |
| US | 8.8.8.8:53 | stat.tiara.kakao.com | udp |
| KR | 211.231.100.79:443 | accounts.kakaocdn.net | tcp |
| KR | 211.249.220.83:443 | stat.tiara.kakao.com | tcp |
| KR | 211.249.220.83:443 | stat.tiara.kakao.com | tcp |
| US | 8.8.8.8:53 | 83.220.249.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecdc2754d7d2ae862272153aa9b9ca6e |
| SHA1 | c19bed1c6e1c998b9fa93298639ad7961339147d |
| SHA256 | a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7 |
| SHA512 | cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2 |
\??\pipe\LOCAL\crashpad_3616_FCPJTQPFINGAZXPK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2daa93382bba07cbc40af372d30ec576 |
| SHA1 | c5e709dc3e2e4df2ff841fbde3e30170e7428a94 |
| SHA256 | 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30 |
| SHA512 | 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 767b452428c70c6244c9856ae2c386f3 |
| SHA1 | 70a9c33b242f0956662e7a0a33b6ee3b6e5b7595 |
| SHA256 | 0a8e26af1ee8ada334ecf3ad2aee8ac71b2cb17fc41e246c57f93f5579f65be8 |
| SHA512 | 02802a4dc900cdb20c75b4ef399b685581171f06a474db027275066be7ae43268afceadd91922b04251e99ecccef1869e5db58b2648a448fe9014e52365e7111 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 66d9d491601fcfceace75c2a2f564eef |
| SHA1 | 1e84636c46bce4bda1ef739af9a9f0cc6a5756b0 |
| SHA256 | 38738ee137489aca7674ddd1813a23103f96f776fd0686297b319de5fd67f452 |
| SHA512 | 5cc1ccefeb8b7f6556d19e9d48375271b5dcc34f3c8784f3ea8f3f723e3a3e2f18f796fe815a9f1fc06583359ffbbc32e0724b18e5625778fca8741b28f1a6c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 280401c752fddd35e14fb75f4376f7b2 |
| SHA1 | 5b7f3c172b0064acb9a4aab2ef5fa56a83380646 |
| SHA256 | 0bf051520172d9a1b7901af69ad5ad8da26e6308a6cf4d6637a4dcb10cdedf78 |
| SHA512 | 199f7a1fe6b49e81b3bf73a8b77f8acc7b8e0872007a48cd04e6ea71ec217951e9bd324c5ead5e7f614ad6c8a0d0b7590676c62787667c481689f3602e4c3d13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1648b7ab55ad72876deedbdc90b88f3a |
| SHA1 | 2e9bbaf3083af371330459e7f08255e3b2daf637 |
| SHA256 | 414bb8bc007b38bb706200391ce3dbc648c3ed8a09386f310fd70928d9eebfa0 |
| SHA512 | 355222105f58257f7566d9f87ad3e2e620b77ab64a8018bc219a625fea5c85fbfd4db17d7367d7dff65e4e905ee7ebd9d41c846353bdf9d89496a3f53b030c52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3198b08f26fbb162dff876df3f4541a0 |
| SHA1 | 2ba32dc0dd372c789a9e1e983e190d9b7adf7a77 |
| SHA256 | 4f70ef9ea4dfb6be4619840a1b50eaddbf597ce28b554c860f121065f027b97d |
| SHA512 | a339bbf1d9df567a53c015f0bce1a69a05d2f693e016b9fc805da0d2d2d82aa455d7c1a9ecfa270d4b785b27b303e4951ce8c234aebaa352042bd563da335b68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | de29317f94749b66eb78b368342fa032 |
| SHA1 | 698c8dcb3f3dfb5f1e613fb281ad9f8b12d01522 |
| SHA256 | 9709d83701adff5b571032da62db750d4cf8f203f8eb74792783a3fec9604ff6 |
| SHA512 | 4739ee4ffd3d7cb144ab4a4895a9961593874277a1acc97fa7851506c9fbb78430befde4e29b22e71f879e68b3b93a0e8de0499e375dd9bf276eb17cbbf4c7c2 |
Analysis: behavioral17
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win7-20240220-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Autoserver\gmail\login.js
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Autoserver\gmail\thankyou.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8a7946f8,0x7ffd8a794708,0x7ffd8a794718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10022298730630000197,7924047030711444761,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,10022298730630000197,7924047030711444761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,10022298730630000197,7924047030711444761,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10022298730630000197,7924047030711444761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10022298730630000197,7924047030711444761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10022298730630000197,7924047030711444761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10022298730630000197,7924047030711444761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10022298730630000197,7924047030711444761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10022298730630000197,7924047030711444761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10022298730630000197,7924047030711444761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10022298730630000197,7924047030711444761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10022298730630000197,7924047030711444761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10022298730630000197,7924047030711444761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10022298730630000197,7924047030711444761,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1256 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | matemedia.com | udp |
| US | 8.8.8.8:53 | images.electricpig.co.uk | udp |
| US | 104.26.13.171:80 | matemedia.com | tcp |
| US | 104.26.13.171:443 | matemedia.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 2.18.190.80:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 171.13.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.190.18.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | gmail.com | udp |
| GB | 142.250.178.5:80 | gmail.com | tcp |
| GB | 142.250.178.5:80 | gmail.com | tcp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| GB | 172.217.16.229:443 | mail.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 5.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.69.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_2116_RAEIHWKORSBINIXT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 57c1a5c73a2ba7f11205ba82aa170b37 |
| SHA1 | 561d499986fbaf5f2b1a447960a125382b3791a6 |
| SHA256 | 1787ad3993f61dc4be2e21297d2dcf696d8a0acc5b89023c8fba212c80ddfcd6 |
| SHA512 | 39caf5da24aabbf242891bafcb0618d117d8cd39b754eb9a1f0fd7a401bf4b49a80350e8de886536762205d49c55ef1e0a046c1f9068952a34ec9b552c5d8d38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 64633d379e3268e3386c3ebd9746205f |
| SHA1 | c95f6b7827b4fd66d944da0d623dc9e411833306 |
| SHA256 | 2e6eb93374e5314847572fe31ecdc815b74e28e04c1ccf4c165d8b92edcbf840 |
| SHA512 | 2d4667ab5a55e04c1820efde6faaa47ba1a5fa0e8661dd6586d53a736edefd0181a60270151d3ca297977b39188c63aeb04404b476ddc01245a6acd92d3f803e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6ff9abce31d61b4dbd858f6cd3ebc31e |
| SHA1 | e442553b117e921313b7a6dc8a4c8ce18c075d1e |
| SHA256 | f67761b3003bf0f695ed8747c311d802f4d83749743b1900ed9c1ca255d8f24c |
| SHA512 | c0f9492c37d5e56302abc40a9c7d0140ece4071e00896564e9ab82015b178ab22dd665554844e383f7b1c9e957ac4a88baa8744e4a1e5edc727ba052e9e4ced1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 23a727c705936ba56877185de7fd2083 |
| SHA1 | 277d41c7ab8a797b5b4a688aa1ab8ce36317b75b |
| SHA256 | 2642841af7e6bebfec746b4c4ae3dfd3571fc6aa5378591b6f099fd9eb6b48cd |
| SHA512 | f295ac6ccd94b01df2961dc9f20b8f6cafa5fedf009f60c9953c8b1d42e1ed2aecdc94a96f04f6f69f0179ebc92b9dd305d278e2cd5c999f7201638816aa34a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c3cd68d9065a654aca6d2fd2ce022e9e |
| SHA1 | 57f1bf5ca95313bf91da0f5c528130d6dfe48765 |
| SHA256 | 78cb13e2317016082372feb9d2de3feb5b53c0b275188c8b7833a0b14f6f288d |
| SHA512 | 730b0f6497bf1b00560fd02bec1673d78f7ccb6de4f3f151759c0003ab2db92a5e256edfed2cd0b26ee781e62646f5eacd4dbb4a92964363b5323c08e99fdd7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587431.TMP
| MD5 | 985192debb8182027238cc122e6be4a2 |
| SHA1 | f64802fe15ed52527588e761d808b2b82fcf484f |
| SHA256 | 61bc382a5cb4552d67ba8ec74f20f521831045dc8d796d895965ce1433a3e320 |
| SHA512 | 7e90018398854aceb2cca2ca735ca4f155c885d767032f152086ec6929638863c52e120cb47767a2197c117e1abe561b43e6c6c3567165501ea0094a616149e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 193997a6c206f6aba81db457070902d6 |
| SHA1 | 5ab6f83b6042e7a0a38d95da833c91bbad9fc0cc |
| SHA256 | ac83fd438c8d7f48428aa69990c1052579057f9de3c1e87d12eb909958f0d242 |
| SHA512 | 555f816ef280bbd63d132cf6dabcd7c7ad0d5c178793f69c92c731e47a77da37877341931bc71d8ecf066b51a055b431d46eee391a5e2898a38a8f60cf95fe67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 34bc9928d140ca546b59ea09204ae5d0 |
| SHA1 | 1dcfaf7573fd69480666edef3550373ec4917092 |
| SHA256 | 0cadc67edd82308abc93747c7618a928b9af1715390df1d1836152d0bd3a5115 |
| SHA512 | c65214b7b30d883b12f0ed432c67b099f0e4eba01b4db91803b5d97224bc91b8edbf05ef634987be45b5f663367bec70ecc872e00b33b79faf57e7c125242575 |
Analysis: behavioral29
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win7-20240508-en
Max time kernel
138s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A32FC3A1-104F-11EF-AF3D-DA219DA76A91} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000075d94d62fda33c72a957f4c18095b3ef256d3c0879a839bd0a011c7a4a3b16de000000000e8000000002000020000000d1c6e83aa6b0c97f32e7bdd9edd4de39d85ff61743913e797a98a32c5ed67421900000004cb499cf1a1a8bc81d3ae209a39a4e41034c60b71479e09908202d3bcb6ac9467aa0c9249d50e76f93a253174b18905075c197905d5555c907595686f053e72e6d10eef6260c007e7d20956b2e7171382325f2636c45609237935d02407c75da32970051c43ff2f4871a0b99e51a25ecdc92b1ffd5fe5c92c9a8a827a89d26240d30c16d697cea8201a234086aab936040000000c5b7e27f08eb6ef74cb99cf2cd4c3d6240ff32d291afeecf6e277cdc126552716dbdfb4bc360fb69d16855e1e1a864537f12f42ffad6e07224431fcd0a0d277c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421673837" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000707306e92d1acdc0756775379660de4b8ce19871e8f3ca53009343f126d141b1000000000e80000000020000200000003703a8777a148a4db2edffdb5b6c41e1ad1198e23f138fcf968f0dd791fb15ea2000000089a568d9d88a84dfd09bc242fb487d5a535d159d5b7454416dbd91811126679e40000000cf74c64c44f7d6b093b823fb0a96b69d9d51694b020aeeb500faabfd314335d4b8daf6788d0b483a292c1c9a854ca356ad95e19a7fec0944126fbf7ed9d519b1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 002558785ca4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1716 wrote to memory of 3064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1716 wrote to memory of 3064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1716 wrote to memory of 3064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1716 wrote to memory of 3064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Autoserver\vip163\thankyou.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mujjo.com | udp |
| US | 8.8.8.8:53 | mimg.127.net | udp |
| HK | 103.129.252.89:80 | mimg.127.net | tcp |
| CA | 23.227.38.74:80 | www.mujjo.com | tcp |
| CA | 23.227.38.74:80 | www.mujjo.com | tcp |
| HK | 103.129.252.89:80 | mimg.127.net | tcp |
| CA | 23.227.38.74:443 | www.mujjo.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 163.com | udp |
| CN | 123.58.180.8:80 | 163.com | tcp |
| CN | 123.58.180.8:80 | 163.com | tcp |
| CN | 123.58.180.7:80 | 163.com | tcp |
| CN | 123.58.180.7:80 | 163.com | tcp |
| CN | 123.58.180.8:80 | 163.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 123.58.180.7:80 | 163.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3008.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar3059.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8555f1521387dc984a86f71a4ec038b3 |
| SHA1 | 315f97995a730863edec91695784d8700bab0b0d |
| SHA256 | c45c520b12867226f0cffd987bf93afc24a0e3e66f935a14076d075b415e8b76 |
| SHA512 | f2794df300ad286290faeb6e976d44e34f251476299bf64886c19d1a83d42c17e2175bd84d137a4520208f4a28dfd4087c645265cf740338f19801c6124ad0bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8263a4292d0885f0d11a7b9b62b10e9f |
| SHA1 | f767ae5e24773d87ce2569ce8ced0a38277c944a |
| SHA256 | f1923bfbbb7af0d4d2dca5d93f3c9d9e35801d61efc937a33814b84e2887fec3 |
| SHA512 | 42d7e8481b6abd664de6bf7d84ef00eab5302b53feb810cc4689b3094901fb9302703d090a1b3a599aa1088092254f40c2a20cd7221dac6943132aa0811b796d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dea2d8fba8ced5b3bee4ac42f9165edc |
| SHA1 | 328db97287dcf1c2da791feeb340a4c829fab68f |
| SHA256 | 00f30c0b7d89e9e23100945d9589f837679928876e09498f122c87f40fb93538 |
| SHA512 | 4d409b4997626ab67615652c74d6d701ca5b90131439c0ca55cd2f87b4c986578ed49951af2c2773632c476059e345718fb1fa3e04e6033ab73187f802c53819 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12be479b5b73caacbfa1492d8c9f610e |
| SHA1 | 02ef6e7fe682f93a50832e79ac93623d86b09880 |
| SHA256 | 184b11aba6f3b234190770009b20b9328cb83a15476f2cfa839126f766e38e18 |
| SHA512 | 25f4365a3acfad170914c45e68673fe23eeb98a7501bf89fa66535d22ef088f06e17b343708e4378915616e3cb323636fb22c85fc58f61a0fac63bb2e8551dc2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7efec305b7aafbee25e5040d379991cc |
| SHA1 | 83048131b5315054f69795b8c09d4aa46a368371 |
| SHA256 | a3d83da85ed7381fe1effaf4935c7d08cd4bcd4d5bf1c24f7e64d3086a5f47e8 |
| SHA512 | 6dba4ab8ef2aed8161c1f1e13dffc37726635fa10e81a929c5c7dc1205218cbd952caaf7a80e98a015253292ca8d188f2ea9ac6863da8c6927e800266cd3ff61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2577d31674dde5fa8e6392ee12263d0e |
| SHA1 | 7897972b20902cfcde17cae361b527cc80ce4485 |
| SHA256 | a89500cf8837146dfbd9b85d3f8c8af73c6bc6ed7e428c7245e37d269fce97f4 |
| SHA512 | 9f8d0c7078ccdca6016270f81c5aff8535525f29f95449efe3f9d1ffbe974f0d453f06b59a6df8016973590ae52abd77d71c35a4aa4810521f7387ec64dca6ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6726c6cc34192f7de5a2204395ade056 |
| SHA1 | fe9ccc70bb0fa6d805cd7453cd6eda71cee88ce8 |
| SHA256 | faa615e315ec246e622be71957cd4f07055fb4094eb06cbbc4925e76f8b91d91 |
| SHA512 | 9153c1b3f9d62f1a26816016a2e729e9aaee821350878768c83df86c870f09f2c25064699c5d64bf87d1ac9c26d81fb13082a2ebd1cfbdc5ecf23e58763beb69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3729287f5fcbb5a3147e66da13bb7c4 |
| SHA1 | 13932a2aae2784384c999eef6f2f93993dbb7e39 |
| SHA256 | 7b3d4ccb49e72885223076ac4151a64ec2be1efa2f72788f9301962c687c8763 |
| SHA512 | 8fb17905cebc2463985d957a250631d4c3855b8b4344a187f0781a21d1f25f244b77fd104a55e5fb25b66c3d107d7d52ee513f8c4e290fc19431377ddd154a01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 323a17f068f14b48f5230e763aa77110 |
| SHA1 | a3c757f3d69841d6258f3fd36cc746f05e784d11 |
| SHA256 | 43e2713e51d36f86d0fa930e6977d74db3ef0cb90c4fa61d038b91041dc3af93 |
| SHA512 | 02f043edb4f05c422436019b0033cbec73dccf8aa7185aeb75488d0140bd388e337f3d54acfc2a5a96d5167b1d884b5ef7206bac033c9a62562c0e010f86b61f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7eefd09bd65d48d8394c818fc91bc0ea |
| SHA1 | da5b0624e6c0a818eebe375b2455ccbbbbcd8869 |
| SHA256 | f0b6f79a6cc0771615d81aca219e5301753dcf046956e6f42f867cb149300e63 |
| SHA512 | a354b13545a6de67d709f698def16ca8833a32e72f5737a03ed0253862b39fadf8eaf25a5cf3a1bdc6667c29aa2e9789af7765c37f9bc4ad0a43ef83580b57a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc377b586139d3e555e0655c138b236d |
| SHA1 | 5067e22f3d74a251a3bbf72be0506a0a4787365a |
| SHA256 | d87ddd7af96b17da7cff486ec222562e52a9fd63659384fab4c1f54c153d7d74 |
| SHA512 | 675ad40ce6f5b65ee6d577714041e5ddff34fc640a4ad7047bf97b79c4999ee3140f136b9dc5fe4681553edeb5bce765f57cba46ed6cb50e231fe2236f778a2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ca2bcdf37d11a72bd641165a29794a8 |
| SHA1 | 5cb21099d1487b19bd405f9d6a0b2a692448b652 |
| SHA256 | aa2f5919b4e92dea4d19bea5510fc3f4e708e0760b0617babaf70bdc324839f9 |
| SHA512 | cf8397f9a6e8be9befc00f00bdcfeb95c41590e486e5453fe5474f66bd90511d69e000a84b724c2a60024febe50442753537568b9ebe586fa90d0f7db1652c9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | baccece3a3ebea9569b6ad28a1885a4f |
| SHA1 | 80c0e11a38b67a58551c5984ba494d0df2197241 |
| SHA256 | 4dd121ec6ac6e66a19ce1ba4438610c0dd9167ce6dd77f5ce42e1e1ebd34b04e |
| SHA512 | b124091fd7de800eb2453ffcf2f7a16c7b4add52f1b866af0cc31c9333419f5a690accc4485a3aabae84b4817fcb372f0206b1e39ea82eab92b8f07a4460c1c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66eff2516378aef32f3e22af8976aa76 |
| SHA1 | 383aed422cf34de1106d5ef5dd801536a41c5b4b |
| SHA256 | 50c49c0eb22c69bb3669878f51d4ba3f70d47a1bbc568825609591dc315c8d14 |
| SHA512 | 555a0a48701f914b8b5dd5cf90d89640529adbb8505d042482026e5e76faedc2004a8d3705a80b27c69feeff42c1e004871e58125ca2e0a092ccf171606ef9a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 577041509b64ede20177b6b1302ebeef |
| SHA1 | c0e6df6a456be6a0e9f9018494dabf39528051a0 |
| SHA256 | a6c5eaa55d63bf1a6fcab4923f81fc239b1b14e91987911c61729f706f67a8c4 |
| SHA512 | cf1984350c619718956422f86d1957dc0600e1fd2ffdbd7e9a5bb0a4445653ef3e17fcb07371cf32fdf128a11fb5cc5e935b1e4916573fb940a4c2161972c82f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8898789e47853265c16cd6519fdeb581 |
| SHA1 | 5c5a41d09c597b1b55e95bb7a2e11922ffb00ca6 |
| SHA256 | 48837874f35629a2eeedfa29412bfd30791c183cc1e802a4be23c78a69651be2 |
| SHA512 | 6f8b39d2a0e8a6a32a9dd304210fde15de83ee060b85753d8ecac569bae61a68fade5a10c7f5c0a024834e693fe642951f70cc063baddb6fa620dbc37457a652 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57d58965d53a5b560bcadae699526982 |
| SHA1 | ca558059205d1fd4bd579721c808d42860ccc429 |
| SHA256 | e04e8b733ad0e6283c33d1e92693389257353eaa2d45fb88a2ca51ec17a6817e |
| SHA512 | 95c72164905adc1fcb0ee614eb7481abc40ccdf16beb5ff1281507bc75ec12817d23ec92ede23f959278965400f8e42131047c9cc5a85249a4139606294dcb48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10f0ae2a483142fa7b42d920f405cb7d |
| SHA1 | b498da709db61b1f50db246d43f43614f64e25f3 |
| SHA256 | 9632ca30f544b4ccfcd07bfa85bcf6c58e16633c3c5754cee645646451913c57 |
| SHA512 | 74e69e1138591044fd2a51853500bbffa25f5a911775efaf653eee53aeba224b0ce36a8993059963e21fae082fa399eb60d8ca85ad6e871947092c16c14754de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f078c1742b02d511c41cd3971e8a95a9 |
| SHA1 | 56ffa0f57115b2caeb5c9ff2dff7c51b57eb918a |
| SHA256 | d900f61af99134a76a253cc134399f39e85a28c6ba79c39e97874048badeae53 |
| SHA512 | 0686d216cd80de0b9c3cb374ce663f76e6723382f69c3a989de89f078feb3703f1b915dc4f295fc39c6674058a4262051b129b23594981ba00c6a0bdc89584fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c85ef1c0d501f0bcc31593b7fd561036 |
| SHA1 | 755e2c6fee05703d1bba9c4aaa9c29e9fbef5f16 |
| SHA256 | a9d00df1806dccdc703a14dc75b8edf759ee2efd7bb94734152cbecc4cf89b1b |
| SHA512 | 99c418133477a1841ec49992d6a156387b7c98b66c7f8bc80734a5f7d2f663e212b1f04ec0dba1e79466eaf4cc52d330edb50828d9c7132fdacbbd171db07f9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1d5485fc5e3a6034bf6bcacfdb90f4f |
| SHA1 | e653e3a7d6560257d4f004ca01cad54459274f20 |
| SHA256 | 74ad3e06e104c80953915fb77e908f45881035f01f5160eee0849e57157465ad |
| SHA512 | a0d4363ba6a14e1fda11890bcab84445d127ac3d3eb65388879f3e7375e83a126642333a963315392cbc291aec4004b2268589a2750163996eda5da874741afa |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
144s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Autoserver\126\thankyou.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa45fe46f8,0x7ffa45fe4708,0x7ffa45fe4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8938174259882379041,16426789720927431010,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8938174259882379041,16426789720927431010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8938174259882379041,16426789720927431010,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8938174259882379041,16426789720927431010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8938174259882379041,16426789720927431010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8938174259882379041,16426789720927431010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8938174259882379041,16426789720927431010,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8938174259882379041,16426789720927431010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8938174259882379041,16426789720927431010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8938174259882379041,16426789720927431010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8938174259882379041,16426789720927431010,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8938174259882379041,16426789720927431010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8938174259882379041,16426789720927431010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8938174259882379041,16426789720927431010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8938174259882379041,16426789720927431010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8938174259882379041,16426789720927431010,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1948 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8938174259882379041,16426789720927431010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1080 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | images.macx.cn | udp |
| US | 8.8.8.8:53 | mimg.127.net | udp |
| US | 104.21.40.226:80 | images.macx.cn | tcp |
| HK | 103.129.252.61:80 | mimg.127.net | tcp |
| HK | 103.129.252.61:80 | mimg.127.net | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 104.21.40.226:443 | images.macx.cn | tcp |
| NL | 23.62.61.139:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 226.40.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.252.129.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.com | udp |
| CN | 111.124.200.204:80 | 126.com | tcp |
| CN | 111.124.200.204:80 | 126.com | tcp |
| CN | 111.124.200.204:80 | 126.com | tcp |
| CN | 111.124.200.204:80 | 126.com | tcp |
| CN | 111.124.200.204:80 | 126.com | tcp |
| CN | 111.124.200.204:80 | 126.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| CN | 111.124.200.204:80 | 126.com | tcp |
| CN | 111.124.200.204:80 | 126.com | tcp |
| CN | 111.124.200.204:80 | 126.com | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| CN | 111.124.200.204:80 | 126.com | tcp |
| CN | 111.124.200.204:80 | 126.com | tcp |
| CN | 111.124.200.204:80 | 126.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_4544_APLUFBPFUAPBBKZD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 98d43a1724d1ccbd18758f6935971fc9 |
| SHA1 | bd4aa077c3f56146e8f80fcc3cc053eafd21f5b8 |
| SHA256 | 823c357fb5ef05a5b9b79fb495ea82dc4c1c967a91865fcbc571b9bb34836d02 |
| SHA512 | 542e0f860ca71de6390626cd8cf65459d428d2f6cd737988e482265c9302043ead71c2a36e604b0068790630c633c46593a8bd06235a800b3937bd8913a39dec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3dfc8c55ab72dc154384ebc95b191aec |
| SHA1 | b6b9ec5d03408c8a5cab3f25f29cb2f7f8c18099 |
| SHA256 | cea280376889feebfb233fd74a4ff1340bcfb93e8d056b6ca30c1b7bb3de92a8 |
| SHA512 | 907d7b9da57cfa4e33ba5c325d3537cbec5e0aaacd6646c93ed2feaae5c1aa94f7f61c54183da1dfe1b51cdd30f03a51df81b05573e3174c73e9f23643ef57ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a6e5a713-787e-490d-ab65-738ed2534a89.tmp
| MD5 | 33cac2764bcfe68a920fb74fcd4638d6 |
| SHA1 | 96a0bd84586902cb6bd3641a989cd44c13941e1d |
| SHA256 | a35db469d74f9296076c6c4fa39733241dcd32d83408a4b9b177c0a3be87f307 |
| SHA512 | 8cf3510667d7b33d8c4c3ddc30190c1b577324d484f0f33405be3fdaed707dbcf10c2f704914f62f09d3926fdfb326d67762ed334e521a768f4440143c366014 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fe60dff406c69889fc054996dc369a36 |
| SHA1 | d7904a2973b10bbf37beedbc46b3c02ae477d44c |
| SHA256 | 8bfd2a0e96fb7a4be06b9df3d69df129404c3aa997b381f91e663572507a34f7 |
| SHA512 | ad4ac88a76602009c4079a626c816c5c540f75f29beae4ec621e91194af78317d722beb8cbb716ba23ff5c8367cf8ca9bb66bf77c0a24cbba1ab60087fc9301a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 411898ea2be607afac8569d2e9b95841 |
| SHA1 | 0f1f802a0da8167c8b14af2dde69bd9b453e3c08 |
| SHA256 | f7061a1cc9ee7173d6a6ba235617b02795c7245e93864c03732b9c630916a9fb |
| SHA512 | 37031d020bdbc31d4b07f56ae0f18b497864d2f573f141dc3efd1e32edcf670517075cb44d654ed883870ab8e2c69952580e6d63c56e6d17cd1835a18da05571 |
Analysis: behavioral7
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win7-20240221-en
Max time kernel
141s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A435F0D1-104F-11EF-9DC0-D20227E6D795} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421673840" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 506891795ca4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e0000000002000000000010660000000100002000000040c0beccb5dae62857b75a54fd1f0af4a10092437eecdcc8e481a8319bf9fc0a000000000e8000000002000020000000d8db58a6cc25d985e1dbbc5d2382ef9a939078403b8aa192c5829646a1ab4bf490000000d7c1f3c8415f9128d73b9e15c840cfe85c66db47d52d642193718a2b22223e4572d49cc4679f278b65087e1352c71ff14c1c06249fb6db35885802a0b2377a2bb2b17587ff83674f08edbf1bf82b2982e9671e53d33eea58f1b4bb79a9f1ffa31983a89211015f229ed8d89aa2db271cea417d91b1b8be407285ff118addc0ecf000f221dfadab779042c0ab27688c3f40000000f7ff3c1860c9864a06fdc7bfcb8b3e05cc135b7686b1f3d0946417fcd220a67e30436a3fa92d7cf3a618ed5494902ca179fb7961b0ce4d7774d4a3f75068c744 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000766f1bc46929f0bb4ae56534ac6963da9383f135eb73b6a180d00574ee87dd70000000000e8000000002000020000000cea18672940f37a1fb770906f635d12db410116c8eabba758028fbb89c3f582c2000000016cbb65cc505498fe3278c26d81fa4b9204f37fd88c2ffb0cd1feb368df31f6f4000000054ae95478fa98d63fa242630d13992c922ea52500a9ccb46b57496cc985f8aa45636e9253bdde8d18d8ed46024aaa7316fe558c33836e48215338d8558b3dae4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2196 wrote to memory of 2772 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2196 wrote to memory of 2772 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2196 wrote to memory of 2772 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2196 wrote to memory of 2772 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Autoserver\163\thankyou.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mimg.127.net | udp |
| US | 8.8.8.8:53 | www.mujjo.com | udp |
| CA | 23.227.38.74:80 | www.mujjo.com | tcp |
| CA | 23.227.38.74:80 | www.mujjo.com | tcp |
| HK | 103.129.252.89:80 | mimg.127.net | tcp |
| HK | 103.129.252.89:80 | mimg.127.net | tcp |
| CA | 23.227.38.74:443 | www.mujjo.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 2.18.190.80:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 163.com | udp |
| CN | 123.58.180.7:80 | 163.com | tcp |
| CN | 123.58.180.7:80 | 163.com | tcp |
| CN | 123.58.180.8:80 | 163.com | tcp |
| CN | 123.58.180.8:80 | 163.com | tcp |
| CN | 123.58.180.7:80 | 163.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 123.58.180.8:80 | 163.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3AC1.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar3BE1.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6e010fd7232bb25fd66717171367609 |
| SHA1 | 5101b3f04bcdb783cf2cd0cb6cb333b804dad7d3 |
| SHA256 | 8e602ca309fc1d06a3bee24f47007a512957c39326eb650829400dc4125203ae |
| SHA512 | e918ff4ca87fa6a777d654da4cf454ea69ae81510a8d653b780a95e359b5a977ae1cd7bca04418ebcc535352e9268ec7e3f07589dbfa0bf13f3b363634647939 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92219250085efba47c34feed28f6e49e |
| SHA1 | 2573e6c41cd08b674610e5ee5adcc4f9a99d44f3 |
| SHA256 | ae9d730504caf1d0f4ac1981a98b33fddde4122b196392bb87e8bb86ebe973be |
| SHA512 | 771fc41b88b5cdd5542362039e062f945f1a4d919dad363ebb87bf62b3b76f115a1308952dfca6f7cb5caafad48882cd47453a5b1b0f3722f14611de7ddbb4af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca357533a970d43d7dfc20dc0cd88e7f |
| SHA1 | 3d78093daea395fa4fda4ed5dff6ecffa13c5996 |
| SHA256 | 11813cbf535efc5d2571e23a3e87f8e4798d3a9af625d12cb20a93a858a0f3c9 |
| SHA512 | 91a8f6064076bc772ab3afcea0f6ee13bba14902742985d7edcc90870127cab1b9317befdf12de1677404e0aac040d2325b60fbb8487b4d059c141e75ab5de75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 014ff2b102ee8f253b22237218ef5ffe |
| SHA1 | 076ca01e8f7fd1450d07ebd8a4b098a340712176 |
| SHA256 | 264485f0e433371b2b8c671a9fe27ab8bf372f40f3819b0a1917ef2c19075470 |
| SHA512 | f5d0a2e0387de99e6c074fca4422b470b472105846232d4726f71216f81295a2ad7f969871c4bbb5b52ef5bdef85af989666bf8de320df2d617dc5371d45d281 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa583fc34884a9b2b6a4b39419a2a3bf |
| SHA1 | 1b3482efc5349c00180c714df33d8a51efc84c76 |
| SHA256 | 6f4db0072c9879c1db397569cd96df7f554e4f5add7e4a406dd51091a966f52a |
| SHA512 | 16e6aff771988a9a3e26c7be459c44c806c2edf701f9f8b9073e6817f25d7935a42a9562e58ff1534f3fba5b3d31fc0db50c1bd8d65cd42ab81ed84d03308fdd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 768a5fefb8ecfa76f4a90f0ef93dd764 |
| SHA1 | d74c1682edae5cec0740cd7fb8691a7f318bd0d3 |
| SHA256 | de0f08492209e05999b1580147c206954ee888915a1dbd3ce1fe38704a2e31fd |
| SHA512 | 31d1417c6b224d92265fd2df48558e102ab3c1fcb7ba72ceebd7a9923d6835d0c6b532a07b7727fdc3bfb9d278089eec928d8756befac80d600948d0dc85c7c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2b9fb7541189f9ebd17b6b2e11c98bd |
| SHA1 | 8de8de6fda4f0ac43f95a30ee913ab5fdf30f696 |
| SHA256 | bd57b8f616f8ffc53a8250fe84d7b268854283464747a33935deb2a33d7b0898 |
| SHA512 | 2e6d0261bd5f39c9a0e8f2b9cfb5874ac3b87cf20e31f06b519649cad741e2af4531eba4cc817ce38d02e4ae760a8454d4d0826af4cde9e2e784a17ce704c6ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eefd998e59b93995267d549b4c2e0996 |
| SHA1 | 912433953e81f87b126598633dd0c4fbbbf4d7f7 |
| SHA256 | 56dde316b9371b621fe08614faa5be33c2946a744e0287b2015339d48d4806b1 |
| SHA512 | e1f1a6b968d08f9cb3d5f052439b353c0610108ab1506e59aff31235ed6142b8d8adfad1e87d9b58c8bb5ace32eb9d87270a77e9ee7df5a43750d146978f3646 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eed79ac71f35dcae2bd89e885164740b |
| SHA1 | f1bd718c5ce8decb960cc4961920556aeeeff7d3 |
| SHA256 | 59e89e07f0326b29799d79804465752b40da258c55ec15a3b5b26ed5f33ea6a5 |
| SHA512 | f325c43ecfa9f1131e4760a738a902a06081090620e0d286989338265170e4139b0d78b98263328487d3b77c97bcd426f5e085d123e5baff7f366c6c76ee17ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f7082889287454c758ec7ba64fad436 |
| SHA1 | 45c816c12169bb7437120c089338a7673589bad2 |
| SHA256 | c64ff06093e0c23578e4b1157e1830112ddc79691082f4723fd36d7c5ed78acc |
| SHA512 | cf4a0922d6b57af01d90278ecc6eacafcec29ef472b3ada03a72d4aa0c329d2444730e80d3a1b97210247259df6b9d79bf2c835716ce7af04a2287e90ccf6d03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 204ed6dff44e7f9cdaa36857b2f87d11 |
| SHA1 | b1036fe7637bb04480e0fea409925a59300147ef |
| SHA256 | b6c1dcf0413552cd36011ba36d4f4e1f59c43bada53ad4382c52f8e57193a188 |
| SHA512 | f3c837316081a407b9485affee361c929cb11e235ad9207413eb7c10b4ac620ea1dca7e98acb03729b0f4453c73a5bfb7d32d6d4423efe0dfcdf1a526a0d2d32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a47d52f96e9b9bdac34ead909c496e2d |
| SHA1 | e0ab520062012856599be896c634a11277a2c9f1 |
| SHA256 | 77d8c5e6b302dc708f3183d504b1bc513a448ae14b5e922e743a525f6bbdb8fa |
| SHA512 | 308f704ace740f62268cabf4916813e4fb5d1b79a5294c1bd1a11e76282a687dc93167ac53bda73c3bbe7bc040944c8b79e0f5061c2553652c75e1930c704b1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6e5b3920a8ac566f9aab0a34059a99d |
| SHA1 | a2750b60b963efb5eda6b8fa1f777db2a3dec61d |
| SHA256 | 4ea1fcc6b60052b5f284171632e8736ce780c71be61b699c5a6111c21984d62c |
| SHA512 | 5acf4c7e28a6ed44cee7e8af646dc67b7aa9fdfa58fa8bfa88c6fbbf00951b39528a3f459e8652df8a6090cbcadffbb538c3b4115c11cc4654b773b6e9bbf1ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 3ef9a5da539447afc71192e41e0b0161 |
| SHA1 | f631b7efb571e5b8c852bd0313256312c16383a6 |
| SHA256 | 23e599638c5a0b10d17ba3473e310b1950d43583341c75dacdf801a6e8bb4341 |
| SHA512 | 9c5e02fdce5e3abf84e8a87f475dd99049ff1efc3e330ea5f9626611ef40f45f81ffbe8275b6bad20d8fbec76b637fc1d527d02c675ebf5dad8761b7df75ec80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 936b7139822182b98e82d6e6db173205 |
| SHA1 | bc10d7cec023346a4f116f376509d968722ecd4c |
| SHA256 | f0057a9e3bf0f7ab3fb83d66ea59f63cdefeb7a20aea032a969a8162271e9d4a |
| SHA512 | f77b95dcba976be5e2a46345d3ff3fb65f3021ac21b5556f415a6595dbf2185d8dade54234804b4f4e5ca17506b4f193d89565d44c54b6b51f08df3de7280be5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 106ed1daadd5d80880c82467b05829d6 |
| SHA1 | 36bc707298730de5afbd6592a159fc90b3c7d3ca |
| SHA256 | 1b01723a6295f55e255e64bc1c5519ad0ab39d953ef8be407d50a94a39c45e3e |
| SHA512 | d2972a440ae0b3c5c802b89af4ee73cb7d96e79e549582753e2df8249dd3d3b4bc128c18879569574c7bb612a3769da3914fbc7ad6bb878c20f391c0a4b12656 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 069524b086f79e8cd86fc6fde96a6aef |
| SHA1 | 26d8017373ee192a1307a7f4339e31b53ff19554 |
| SHA256 | fb3249a712defca8c66d730a00274be689b18c237e1c5917728337e1bf0d3f42 |
| SHA512 | ae2fc9a0dea539463af0153748d61393b0e3ae9285cf6a96c1d1db0a4b530fb9fb7e6128ecd214cb333c89cf6e5820e53f32df038eb8ad850fe8b2c21cf49c90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4d1360a5a61b4c9abfec1add9f1f48b |
| SHA1 | dd833f69b52095f4e0e73f5a090ddfdca3b8f25b |
| SHA256 | 9c607d12e24cdf5b5744717449e404e497f65e5dcfb2ea614858501e74d2be47 |
| SHA512 | f3a6fed6796b42dc934248105402384d9d7390353154923c36eab6f2ef49b433b3316a6f67f74da3e748918b0359c072eff43d2f9c411f5e2eb26b15fed3dfe9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd7dcb5dd0b1fb6aa1ad5f38d90c7ec8 |
| SHA1 | e5b00d2d020a15ca33fc9dc3897e753c04c7c5ee |
| SHA256 | 00dd058ff263998e5430a1dad5693fc90715d8b81c7aebef39901631008d8047 |
| SHA512 | 67d83195f6d22f4feffa759eaff75220860fa3edff9dba39b2db317991b2a9b42fdf13ffa7f2d51cf6916755c80f87e3c9284edd184d4cb13853ef388c6e0b44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e135674ee26b1d2d20685e8236179338 |
| SHA1 | 51db3adb98f7c185034ea2f4c0af8fbc3449438e |
| SHA256 | dbc8780c2557601c42ffe74bcde7f7a58bf0f36db674e8fe1aff549403fff127 |
| SHA512 | 3ae454320cd6829a7aedd9eb3963c378e48224d7580719657727795ae9d054edc50d440b43a6b7b24a7746777450c7278cf36246e413744bc21bda203ac7b7b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d44f68ed8e688937ad0cd09b78b1f5f |
| SHA1 | 6efbf61d770a86ca303757bce480a9bfe4fd8886 |
| SHA256 | c51c8eb0176e4aa5695eb639848867071a1f4f535c0ebf187987fd42f8bd5eb6 |
| SHA512 | 829408e0a56d92ac88a806db8bcbc9794fee9a2330a3a9f1465d46d537d48f63b249fa3d175669092f5a81b84daa83b4b01978ce3835a8a3c19ac4274af5f981 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f6bb5e45b6ca39f82925ceab6c8676f |
| SHA1 | dc0649fcac5f1d003c15d317924b33e25d562995 |
| SHA256 | aefa2cde58df86e87ea483f3fb3a42a9d8a143d01462e303a3c1e00d5bf89331 |
| SHA512 | 1d2412e793ec136165939d6daaaf820af9513cffab243d093aa2631e30692053aeae5c0bdf2b1a91f0d410283dc9e152b4486b042d99f9af3265cda462fa5a7a |
Analysis: behavioral16
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win10v2004-20240508-en
Max time kernel
120s
Max time network
152s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Autoserver\gmail\index.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win7-20240508-en
Max time kernel
139s
Max time network
146s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6030eb7e5ca4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A342BF01-104F-11EF-BB1E-6A387CD8C53E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000000234925786f05a994629efec01465a9acf23c0d41dedc6763eb0ef1afccfcfb2000000000e8000000002000020000000e1920600378580d7086038b9c6088f071caf2971f56424ff6848e6135cc0d8b7200000009ea383a13ab54786d9ce8be336735b998f8c7b45abb54f403c7b4c412919e2984000000091a031210300318e5e71cfab38659a914d2d595ac6d3f9de86d1fe819a457e52f864d1a6a9b4eea7f93f3049fc58393ee84621dd92d6f50df7d19609a25f9b41 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421673837" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000d92c1d9195bf52d186c7bf81bad5e512ba7e163eaebca832046c5cc36835a3ac000000000e8000000002000020000000bb71d0c3bd826081dade8d83fa8395225b928c36a1f9d70e9c5ddc2ea08426ea900000005b7d04d8c55a77860ea66a9356bf6930fb9b7f65dc596f9cbfc529e9fa4ae0d3e5310d1b48ddd512be0aa3fcf6801add59f19e982b101737412ed977df15f218f8c4b26544026e7da936432ff1ccb8a50e047d518c2b709436f0eaacc81b5ebfb8d7e8f07794c0697e18f13566de5300d59add16a0f3734d952f3e2b91804cb63bb096e277e8653bb693d11240e0a3dd400000007a4bbba012611ca191a50d64c6c1c3703abe24cb54a179ba3b655df252a273f1a711af7ca017080f3dcb6263016fd4e6f55d8d3e33cf2a8a3617c117355105b9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2264 wrote to memory of 1636 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2264 wrote to memory of 1636 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2264 wrote to memory of 1636 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2264 wrote to memory of 1636 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Autoserver\126\thankyou.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | images.macx.cn | udp |
| US | 8.8.8.8:53 | mimg.127.net | udp |
| US | 104.21.40.226:80 | images.macx.cn | tcp |
| US | 104.21.40.226:80 | images.macx.cn | tcp |
| HK | 103.129.252.61:80 | mimg.127.net | tcp |
| HK | 103.129.252.61:80 | mimg.127.net | tcp |
| US | 104.21.40.226:443 | images.macx.cn | tcp |
| US | 8.8.8.8:53 | 126.com | udp |
| CN | 111.124.200.204:80 | 126.com | tcp |
| CN | 111.124.200.204:80 | 126.com | tcp |
| CN | 111.124.200.204:80 | 126.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9e3253ee8c932ef8a267cef32df49b1 |
| SHA1 | 35f7792048beccb553f06b61438516c8dfe74e86 |
| SHA256 | 16210ab6405b9d9b8ef20f933c330804de907eab0570d1013ff8a5ee512250a1 |
| SHA512 | f9a2608319af0a3bf4fb0c616b4711f68cf2eccb169ee79f658017988f2bd9be8a526bb02f9fd90e0f5ee7a4483204c6a2a6bf214a5c7db640d44b1a02a3d960 |
C:\Users\Admin\AppData\Local\Temp\Cab5B3D.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar5B3E.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9f582fb708cf5312dfda42751c0e4e2 |
| SHA1 | a73264742629c1cb23da880dce951c06d38763a8 |
| SHA256 | 9731876445e4b746f4aa921b2bfc0c3016dfcf72d011eaffb5b45f2ab3c1b390 |
| SHA512 | 8a4647661b1083e1214f3154c740b368921625fbe949d89ee3ed2eb77d8a811d92b675cd95c4cd1ff247a5348b7e6be63b4af9e312a25d1302c5aedae9207c17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b1935d62e5dcf9a430c5dbec81e96de |
| SHA1 | 171a59b2785f907ac55878236d7f52f20b7a40e3 |
| SHA256 | a77e8fc52549384589edd19dba169c3bc939fbedafe3d72294b8d0393bb9bb51 |
| SHA512 | b34775c864636c19b1ddb854ffc26ce2aa65786a3679ccda0d29624bb980501ea7be5aa4134d9e90c305e1fbb1a8c1e3eb63452ecbf219fd0adf8a673e1bc035 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d99df3d007835808509e951a62e6067 |
| SHA1 | deb25da62ebaa9279268886bd64bfee0ac1d830b |
| SHA256 | b4136382c2151bbf316f08b612d2a6bfd9128eb76209f72c958b695d4f644d9e |
| SHA512 | 2dae4d32a044c17c4ef5fa17949ffba19d774552f33a994019f33c2c700f6dbaba27f666c12e8f9ac12297b2826a2de9efabfad27915bfcf1d04ef8a64cce629 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c58bf1773d59e34a17f718f998f6a21 |
| SHA1 | 797e050d856ab23360289ebf6f85def9ff4ca676 |
| SHA256 | 2867af83774ab8eab1cf5958c26b3968cf78d9ec5ce78b3986105271e5cfd8de |
| SHA512 | dc0c21a640748bf49f59bbc6aa9c73987034df25281537ed3ffb766d2c46ca7372fd863635086810749b6babfcd05c5af02e8837e072e61cd273e9649b67fcab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d398007cc0c6c5431f396d904268dd4 |
| SHA1 | cea12f9acd47d6148aae40281d06786b425a7f7f |
| SHA256 | 4ae6c905b97d5196464fe720f5c38229db4258c717792850ae1f9bab8215cc41 |
| SHA512 | e6873e0fbbdbb958e6f4c33c90eb26dbe25cf205764fdf18ab47b5f6ee30caa24a16b3e1544134e332891f2851da4c6f7f67ec369acde4a7d415dab6a444076f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ffc70efc307921d8120ac61e6d33036 |
| SHA1 | 49acef8e4f7d8c4bbc5243f22ed60fdd41b5d80c |
| SHA256 | 15a994809368402e72318faddf6727d51c44f4f6736e9645c950bca5c686001e |
| SHA512 | 74ab883f3b3ef705a5689bd1c5843fa78b02fdbee79c8c8737ab0d3d0cfc6e68c29ec62e3fbadcd6ab1b851790fbab771829975f63010e3fdda94c9dcecabf4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 152587005ccfecd1204d512d3e2423d7 |
| SHA1 | 8c20feb382e3f71b0d3d233bea610eb506b77c88 |
| SHA256 | 7b4320a24e4663fc368510992303f175f43fc9e2481b4b7882ee1c4c2202d975 |
| SHA512 | e5dce18b8625be62b0c891ffa80dc4e75c08582013788b498feb16352911df3ce0dd5a0ed7c412616d1889c7be546d51e8fd077db1b29ca91d4e59c0099e7643 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1c9c0256d67d10db6b0e83eb7037670 |
| SHA1 | ac236579933f7fda88ce90ffadf286c76ff9a628 |
| SHA256 | 7f24667abcf333c8c126190b355c339c93ec69ffcb82e56735c567a73e97c9e2 |
| SHA512 | 20ebc5e08dd763e79163a9ba9257b00488a48ffcb3df9f7f7c3a26887949867d78ad7f8eade260d3854307dffb9f65db526aadd3ede5a095af1c27fbf07ea1b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edc5d87208664a0de133e9f85547e6b9 |
| SHA1 | 92c0915056c6a0003a17c7cffb0b81435620a565 |
| SHA256 | 5a769a5a628d7d6bf696780adf5d96fea4feac38264b21cccbd1bb871dad85e2 |
| SHA512 | c04a9dc017e02334e5de46910469113b866098cf413aa3150020154af796447bb1cb5ed9d27fe86466d2308537c2b67ac6bd5e7eb0fe7a34a262139bbd3e30d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0c2d4fcf9a1ea1431be58ce9e8ce1a7 |
| SHA1 | 2b5ddff2860eca8bf2b749130641630d0201c29f |
| SHA256 | 3324212669d071d33c5871107e04eda69975eaaf896790bde97458ac094126b7 |
| SHA512 | 39a7b907462845239c162a51135528708113c67ec0b96ec6d55ea175ae26edf6a319f04a2074caace19f7f878dd159dc4387c5cec0c6ce799f7fd93be53461c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 001de6b001c3e54650358e0d2cacc00e |
| SHA1 | 75b0013cb652672df83868e5da9d478ea0dcbd47 |
| SHA256 | 1c5ae44ee4596f9dd7b2375cf86cfa6b2be3ab263e0251d97a428dbf93b4e8ea |
| SHA512 | dc468c802f367efbdbf26a7ff440486219fb232eed21bfa086caaa9bd3bcc875aecffafe2331a61ab545e7aeaf4e40f0900427fa5dc126b54dd15fb140f3418f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bcae45770d246b0ee93c19021d93b828 |
| SHA1 | cc6cbec23a164cf2461eeff8a4752dc860aea009 |
| SHA256 | a555473da5513a6b2226cd1218122cdc273f8eb0e3ceb193f0f1571200270aaf |
| SHA512 | dcec99a5cfbbb77de1f2cbc7604231629fff7c2a980d676b0081051879efccdcbb54d23cde85a8aa9a7c809091926aa06619d30126cf4c8321428cdeb10320fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6bea752ab15d021ef8198ec44e73c7b |
| SHA1 | a7848a8f24268bf72b969f01044bc55c0df75a33 |
| SHA256 | 6b4fd356368795e06464a414c17fd127999f21585c2bb1f2f776912983216a91 |
| SHA512 | 66dc66882057fb8c43ca1339954ffa324b555d122b8df2e14c2b18e7bd0063f26fb56cada8b6084a676c54b4a7829d527dcab5db2ae3a6404c4f6b54b2f49b5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 109fd51c3f2e56a638dff4a223d26578 |
| SHA1 | a7ee59bcb6adb721d662239aed50a7a987c3cc68 |
| SHA256 | 48e3bc42ca68418d1b36900afaa62e9e5a7ee76b846187eac5a563df78c548e1 |
| SHA512 | 1a2178cfa65a30d5666ac216fe8da0c25a9e6bce7b83db2b107a9063a17a0229e404de1cea73d52171c9abae154561256197b3b22b148866e03520db8c271a25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7f44c37ee7d389a55873a48b4dcff02 |
| SHA1 | 25a98588e3c550a8b544485efb9c267a754602ae |
| SHA256 | d68b283c0bc16b825dcb3d0d9ed1b0354033f13da3d459221490560cee0fb27f |
| SHA512 | c385a7b6514428e042bf90c7ae104a5d8d794c353f70b286a1fc231ffd803e45c608e895c9480d6b19abaaa477410d4fac114a992c1d624916d152e2e0573137 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a15b4959268c983e2fc5988220bdf920 |
| SHA1 | 65111f0be58363e9240c119ed910d8c22327381c |
| SHA256 | 08b567960889a3109c3efa3f513c902b4dcfc77130f622afc909ef92085914cc |
| SHA512 | 9ac527bdc00108e47b0d69248a45d2a83d9db7e2c24084e3f94c6fbaadd3f1fcac94e1249a3fcfb25546d72a487c77cf170a9cc8ba02a9cf631fed4e51d5ae58 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
135s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Autoserver\163\index.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffc028146f8,0x7ffc02814708,0x7ffc02814718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13198192106820640677,4237500090603262472,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,13198192106820640677,4237500090603262472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,13198192106820640677,4237500090603262472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13198192106820640677,4237500090603262472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13198192106820640677,4237500090603262472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13198192106820640677,4237500090603262472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13198192106820640677,4237500090603262472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13198192106820640677,4237500090603262472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13198192106820640677,4237500090603262472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13198192106820640677,4237500090603262472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13198192106820640677,4237500090603262472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13198192106820640677,4237500090603262472,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| NL | 23.62.61.106:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 106.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_3180_GZFLWIGYHYMGNEVO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0787087b41c95b73ba9d1e8fe4339570 |
| SHA1 | 9ccda2c2d52c1f19e154371c92450e33be552504 |
| SHA256 | 6a5c7baab448a6d4d4ab2468e6e569963d527dd6f587cf8626221f94db7491fa |
| SHA512 | 3ba13e6ab82e7fc995a2e734543bc50dd06174aa1184c194961179400e7c5dc63edf0760a61dac934c659e8fb6357b1b166f38d40cc1cc9c0fbd5ca846bbf39c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ea4ad6b773746c219be0ada188b2727b |
| SHA1 | bc486260ee08cb825b1024dcf4ad47652fdbe77c |
| SHA256 | f29e05e9497ecdae76bd2a3fffe67a2f9c9f2baeea5d0fe3805c84c627118660 |
| SHA512 | b6c02cfa74c8834966963b1a5992d8a927d0a6f5bd3f2e60db1996c9a6a91cef4b9e771f6f0f84b5d5489b28c33a33a6853cf45acecaf522e582c08bcb375b32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dd980fa29afa6d79d27f1877aa251b01 |
| SHA1 | 1ff3ec0062634223e92c2465ac4410d51e2c0446 |
| SHA256 | fdff4c7e15dbc4e76bfcf958cc11fcc790a144f818a4967d622436374d0fd0c5 |
| SHA512 | 7b4d773837540ab1d6afb7b7bdfa994962ce3cd0cc612e97b44588f17947e7dcef8a9da810a521aaeda725d43f3eb8a679e8156341ab78e006e660181528d68f |
Analysis: behavioral21
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win7-20240508-en
Max time kernel
119s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c02529785ca4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000004ecc4171143e4bea14c5b3d310a7e076a85a9d8f0f998c25c87ace2b942d731d000000000e8000000002000020000000776db5f0b6fa9ac39fb90f55baf72582f6a2e4755e70c12ac36a3b2d706eadcb90000000f41f756158b37e32f4e9bf33d0dbf5e478be852f57874a3635b63762865c1e74dfef11f86609b24e1acdac88ca5a1c1f20a7cf3cf52bd1736618f1c1c5c56834d44e13a562eb1782fc1126f60be23d26871e6f0e4ab45d578fa5a276197675108a016069a991896b71ab07ec56d9abd349486826f383a72867aa441a915b745589e8c02cb75995d51086780870f2087240000000c276866b3c319a631e452056415ad2255422aa79e55781f518cf5b9ab2ec1bda3c05c15fa27f36583e6a07579b44c8de5c1d0679f11240e32445a8a4c0fddbed | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A34FA7B1-104F-11EF-BA28-C2931B856BB4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421673837" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000006e00f7ecf32a85cf6a53dc3343f6727daf18e77a7acb526c6057ab971cb4a537000000000e800000000200002000000049e8a3a207eb94ffcc5194f3ffa07774498baddc3fac6a19f31a7e34c9a01e292000000027413f56313062490129224d63a1cd94918bb6eabb7d65b10243e0d57650419b4000000034d25d84c458dab8b47e78f37fc7037baae2737ee0ca8449dfd5439877e83c68fe250f9d4034871eb74d0ec5d37316a6d7af7915eab2b05743ad403cfc9f5f60 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1872 wrote to memory of 2880 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1872 wrote to memory of 2880 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1872 wrote to memory of 2880 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1872 wrote to memory of 2880 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Autoserver\gmail\ver.pdf.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1872 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | yui.yahooapis.com | udp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| GB | 87.248.114.12:80 | yui.yahooapis.com | tcp |
| US | 199.232.192.193:80 | i.imgur.com | tcp |
| US | 199.232.192.193:80 | i.imgur.com | tcp |
| GB | 87.248.114.12:80 | yui.yahooapis.com | tcp |
| US | 199.232.192.193:80 | i.imgur.com | tcp |
| US | 199.232.192.193:80 | i.imgur.com | tcp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar1D27.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Temp\Cab1D22.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e68bb95959d0b7036dab42937be4a3f9 |
| SHA1 | 622da6bc1117a4e506ef36a128ad8c1a0d9a8d70 |
| SHA256 | e79836c224d93917365aa660bcfd6e7181ba79320aec7289f3f3e6f8e2250da4 |
| SHA512 | 683e57a8f2a2188eb0daf111986a8aa1978a4233fb5353f032f4a96c307de01760ce1464c7f3bbd99bcbf357a0412d679bc5df835c0750742541616a72c5625b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94834290fee5bd5f15affd46a1c0ba39 |
| SHA1 | 7e86caa6446b937560ff7162ff030e7ebb844c23 |
| SHA256 | b2528eff706a30ae7a7fb6c976b9c218b4d36f9379d58663e6ab14819f0cc84a |
| SHA512 | 94ef794cdcafaf35fef4f2650ef4dd931c8494870b484f7aebcbd20fae66b042a606bdff0c656323a3ecf90ff647d33a819fe0a40aef65b80691ebcd81a79b0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e8db27d04ee3a28ef8b5b2b2f16aad2 |
| SHA1 | 0d22790d454eb339f475d2715f38573bb6efaef0 |
| SHA256 | af08a93652f6c541d407c89dbc55a99cb559abbae7abe768eca53f801f3a5396 |
| SHA512 | 530975b424cae261e5c348c66ac15f9182183fd9cb875f0edffddc22cb8155d1331fcc74f718a61d61388ad25b9111082819b39a31802a01954a8108ac20b805 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5ecf0b1a880e279ea2b16a7513b7eee |
| SHA1 | 2553caf6de53a582a5ad9a935ea53e6d0dbbe37b |
| SHA256 | c1dfc02a851c5683fcb30546baeb0c425bb802e45987b16c8ca468d0768653a5 |
| SHA512 | 61818271406db8a3669f196618152f3b50856bb1f14956ad524c9f2b96e0c463f9c2ff90e00546e1db833938a5f9be094f762fd51e96c16b1c4a5332a7d2f73d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a292bbaca32ee792068ef5d54b33ba2 |
| SHA1 | b1473f9e54d1fdd522b39cb7f1163ab7ed2265b4 |
| SHA256 | 1c5430ebee4660c718839eb8b971f39d3d6c7edcf3432692cf79d257d65dba29 |
| SHA512 | 7398c66f8eca35a6f4c7064e4f14087637274823d23cf45e8d14bf17a4d18367453d10f1eeb3977c5f8b14482cea7c91639af189f59a881da4f62d0a33debf10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e3b8fb697f7d91d14611b95f0202218 |
| SHA1 | c0c25fe851f82a65545a5658700397b0d47ae058 |
| SHA256 | 03d2127723e41058c087c46d2476a5a860173c67175784c72b974eebfd6665e5 |
| SHA512 | 31d8a49ace605397ead0d0662835ae405a960da48c2ad51360b186a3348082a70d7c88a3b9a4173cf3a7e683cd86beeb16402bd131cec98ed62e57eda749a5c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0c4b752e3b8748b47021c32c3797833 |
| SHA1 | 42093493b36edfa8da2dce26395037dc1197a9e7 |
| SHA256 | d35711284878f3d0c3a523c33f7067330c2ffaf96c42816efd7ce5a2cb358ede |
| SHA512 | 5905ef1adbaca0810b7166b41fb639a52296e7a6d4f2719120cb8d2711d81e4365b63169a7499b02031b2ece7fd5365a85d972505135071f9a9d557edcf0815e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d34d138ec20ce7aa35eed359eb5dcc72 |
| SHA1 | a71f11be3ddc6b22c83d5cb8e53f72ab60ca3a5d |
| SHA256 | 99fde8aabc56b513f006f4a13d1222a0efce1800b23ee44d8a9cd5b885299919 |
| SHA512 | 61a7e2b2cd3d9b7d9533b8479aa40905e0742fa592d2db805f6eb43849f9a3b73f5ce1ba300cfc5ceaacbdd95d0d5ae5ed752f640d2d6e576b391753f5c96e0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33452d9d5aa0505f854a129a3d8fe56d |
| SHA1 | a3ebd775084f721e2813116cce2f1c312482caa9 |
| SHA256 | c7aa4f12eccef862d0fc70934eb2b5e0976f0e54b19aa4a4feb0093d1f4bfb36 |
| SHA512 | 461422e76126a7173c927766a67d394c2c367f17a665a61b54d8bd2f49ce34dfe0aadc61675bdd987b2bed5038531a24d5400b234f2012cb156e0e6754fcba2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | deadb6914e46d8814920113602058485 |
| SHA1 | eba9ffa9e5d5a4a095d5ec61f783b65c3846e8c1 |
| SHA256 | b09bcd439117f5806751609bf9ee2393cce45aa7bd3e9eb2f6731e3632e461e0 |
| SHA512 | 446427bb399d3978f9d8b3a080455724e8a0f6811a925ddf86475d0a3be6491b4e137470c405675bb567a5e6a7d0fb21de3f2c6c145214b3424b7f5126bd4452 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7fb6eadf571f4c2c6320c9ee97a6b09 |
| SHA1 | 4e28ccfb21f2f9f41705f3f1c7e5f55254d1a17c |
| SHA256 | e463c7c116ffbd45c7fc4ba9c6141247f5f49e35eb0f6a4aacbc4e13ae701c14 |
| SHA512 | 306eb9710e98edd4042ab05eff53231a56b3443c07bb08308a866c602a51efad10684166a1a9c38d6e954315bb08b38a19558c91e928f1d80eff95d0cc2664e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94529927fcb409582baacf311f012ee5 |
| SHA1 | 5eaf3ec65441e9ebdb0123f418aba38bf2dc71f8 |
| SHA256 | 412098dfe784f950d95a845945ddc57f0e0e559087cfe9e6337af21a942e102a |
| SHA512 | 3f12ab6e4cae682698ea02cbd27919fa59e765c162a9c9f37c42f9c021190e8a64f715bc4f1c80c501986c56eb58ae6cc280264addbaac4f684760f03b8e4d95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1031c904d6480235fbcb3f2c1567790 |
| SHA1 | 81784bf52092c4c9816d7d1622871475e184e2e2 |
| SHA256 | f68c122954aa870c4455071df53184ac7f61e7c41c3627ca1b9bebce05756b30 |
| SHA512 | 20f74e629aef9ddb9bb41a7aeb41d7723745a7dd37c008614455481f8440154f32a7171a9e17ce32043aec49675d5243f7aa5ed84782bd2ce41cc18ed6d96171 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ad775963d0a7e959e98579f86717144 |
| SHA1 | 1d806f3459dca22e3850d304ddfa338e9f4bc3f8 |
| SHA256 | fc34791827ef3e8adeaba358fd8c06394531695df84e9aba78a83f60f3ee8586 |
| SHA512 | dfdfd650dcc7805a730f4b90dc270acbf7e6ae4acd3c1b58e94353b02dbf850cec274b614b80fea699ebd4b178633357898417c6d74da00c3719a9f067c28a0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d636146cbb608ada0fb7c10905dd3ccf |
| SHA1 | b3cfdbf480b2e857389d7c1a446c5cd9eea9bb22 |
| SHA256 | 375bfa3c6eb5d9f1cc2c325564b5dd644b6969214b8e6d967263480496218ed6 |
| SHA512 | c7746d9529731e906a2142403ec07200611f77bb9f6e25103668b6f443fccf50b828723ec54778b494b22006992e30ce18fa8f9e87fdd7285ea7d5fbb69d414a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a95127293485b20c348e23773f5074d |
| SHA1 | a299bf2abc7bd93dc59c00720fc3e911e84b3cc7 |
| SHA256 | c4adfb8ad316d589ac1186001aaa6f9b643c9943e3677dbf11fd036baa810bb3 |
| SHA512 | 01a40dbe3f14d7822bca2fab75aac9bcc2263d87f742280a42bfa134bf49c6171e69da27b0ebe1bcfbbcb83d228a40875c4a4dffb3a5d578271de6734af7ae91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88ee923490cde056ca8d8ea8a1786274 |
| SHA1 | 39a927b1c4384bd0ec5b1041ae25ae83da9c2481 |
| SHA256 | 12b06c3412fece8bd90f1db5fb26524eed418d2190524649b657467b60307e2d |
| SHA512 | 4c80bf888d26b37e1fdc8c42b335b2f4290dda1199f4726f5c6b2744ed10332b1e955898ade97624a6d12f1360b2bcd8f7ccc5cdb14c328a58afcdb7b48532df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c15a41b8daf55bf0ad19bd6fb7a1952 |
| SHA1 | d5f0647086b28d8cea3fba6a34044214428f735d |
| SHA256 | cbd61bd738640a43c2be59ca8fd2eb682a866ec3154dd149378ed3585ead8324 |
| SHA512 | fa6e1ddd411e694fce200c630bb7a3e7112593d6c15211cffdd45d33198213be16113c0cf4fb95ce3af21536b8a78771b03e694a08bb60214655438f75c38fe8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94c876c84cebe4db2df20ed32322016b |
| SHA1 | 5c4603bd3ab265bb2c1f36df9e59a856fce8d72f |
| SHA256 | 98d33eedbdd68acef28e6c8e3dd97947b759192f3e779042cd46c68042ab293b |
| SHA512 | 7cd080c6814609aa6f6780f425391649d0b81d511a35c8a17d3a4d6cfc4a14f2a1234b410f19369c436f4abfbe93eabc36a8d86c74e49eaa83868a7f9c0610c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a42ff328dbea3e090110074b54a515e2 |
| SHA1 | 64f1ea7a52799a52851e2dde19b21eb88fa86f91 |
| SHA256 | 1ff0f770d1128ab14e94e679a34be8e34b5fc383dc862b1149e00de4bab041b5 |
| SHA512 | 4ea4c9071b29b7f254a544e0f3013ac9fb8f451a32bcec99d416be758973055679fb56cd8d8dc8469398d6812c9c9574685b3550ae51b5b1dfbe32ee4f8959e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29b870b7a147221eb61f30dad880bd9f |
| SHA1 | 0963c467b6916a0c7ecc46ef0be7591e5a13a6b0 |
| SHA256 | f31a7ee15c0a08544b3c3debbadcebfc717872f75187e38dc77e39c5451c47d0 |
| SHA512 | 0afbee4c4425fb8f2010e29d012bfdfedb031b03971bff15784949e337afdd36fe1bc7e745faf94c2bb95c4db43ce12cd18a83a90c2a902ad41ba72cd13c2c02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1750fbb2f63aefabb8b9dd44be2f467 |
| SHA1 | 9e1edb98970e975930b3f3825de3d94c04a12b77 |
| SHA256 | 1d72826fcecd6f78d376b9b2715e3a54732fbdb432f0469d14b0b12f5fac6fdf |
| SHA512 | d7ebb5907c0651eba154ae5956e3ad2201ef2f343cee880cdf189028a62d489afe324fe0f9348a1f64e04bb9fe2c3dea8d90ba5a3b36236ede03626eed6630c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47831db01685500d434645ba6339586d |
| SHA1 | 078dface32f884b985485b6c1f5b4b1562dd593a |
| SHA256 | c3f453233e3f2e110b851dec7c3801ba9e314c177ad30bc12db14038c38bd53b |
| SHA512 | d0e759a672edbf9f9575edca67a5f683db715a6921e5cdc4cc826b0fe70f764de50b562af1cc0010ff50b31746b084ca887786b572acd9c346085674e170c723 |
Analysis: behavioral22
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Autoserver\gmail\ver.pdf.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f40f46f8,0x7ff8f40f4708,0x7ff8f40f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,13674827761372452752,7346508626684582237,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,13674827761372452752,7346508626684582237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,13674827761372452752,7346508626684582237,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13674827761372452752,7346508626684582237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13674827761372452752,7346508626684582237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,13674827761372452752,7346508626684582237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,13674827761372452752,7346508626684582237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13674827761372452752,7346508626684582237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13674827761372452752,7346508626684582237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13674827761372452752,7346508626684582237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13674827761372452752,7346508626684582237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,13674827761372452752,7346508626684582237,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4952 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | yui.yahooapis.com | udp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| GB | 87.248.114.12:80 | yui.yahooapis.com | tcp |
| US | 199.232.192.193:80 | i.imgur.com | tcp |
| US | 199.232.192.193:80 | i.imgur.com | tcp |
| US | 199.232.192.193:80 | i.imgur.com | tcp |
| US | 199.232.192.193:80 | i.imgur.com | tcp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.106:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 106.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_4852_NZMDODDEOKKKPTCN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 23ff71103831985de4a2e6332208190b |
| SHA1 | 2307e02b3f6f162612ff2ee506d0e109f5d1b228 |
| SHA256 | 96347dbb729df62d1b321da9313e05c76cbf828c27a34b9798ab6aebde6143bd |
| SHA512 | 0461507e9d16e848050ffc360ae02216c466bd49544a625adc4eb6209954b2b8b999198617cf9e314ae981994956ac4f18925adf1be0d891d8aebd258fd8d37a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 25d3f49d45119eddf173463975ac3635 |
| SHA1 | c850798452976badf4fe299ab141111c1b88e348 |
| SHA256 | 91c4b81d10e516bfc5f44d22a6351e8fe60142caffe1889e228332f9617c815e |
| SHA512 | c1e36f96a89d28d6a2578dc4dc7d731d1f77c4fb689886f98172055cde2aed75467537a2fab3b6941a1307f4621c3cd2f12abb6d748dda5fb40b00bd392d0cec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8fba1ae7b5f7478d6be44b85a075c002 |
| SHA1 | 674fe7b232ab0eff4ab49af40be1eb585b5b0c45 |
| SHA256 | d49994aa9c74ef7cda374685d0b4057eb0b931946c9bce4a1e26080fecd4648d |
| SHA512 | ec1e209079eb700821e7616ca23e07a77af5acd61f018fb15b9f61579cf5ec9a55f595cc9b4e3f58e5528c2e67878e4df253a2d14e73d660b9f239ef3208798e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | efc8e9bcdf38e0e974864b336b0ef08b |
| SHA1 | 2e1f719dd14cb231febf31e6d75316575318564d |
| SHA256 | 460e7df466ddcb5ee05c71000e25f4ec25a3767dea8c146bd2871a163cb1c8eb |
| SHA512 | 06964513a4af499233ae4d3296df92c841cb8f38d97838aef74026ffaa79841b20e1ba54d6a55d99acd7af2b5536c01b4f68f93b1cfb7badd040a7711c78131d |
Analysis: behavioral25
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win7-20240508-en
Max time kernel
146s
Max time network
152s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421673839" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\qq.com\Total = "44" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\qq.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\xui.ptlogin2.qq.com\ = "44" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000009840737f8508c346488c481bb24a46bfebadd145c9bc4842c425eac4e1edd6cc000000000e8000000002000020000000fa3de94ff562ea6c81ed774b24282ddeca5e29af8cd6f8e3002da66fd1ff06932000000069c70d7787478c136c4f95051155cf7077b1e89bf8ed62ddf742c1c6a86e0d304000000016b850095d86192b8619ec66106a7000fa249c0f49e4b760cab9ff5e63e2595aa58cf336e5ff197456b8e4f851cdd272813d20522b13039df250e5f4b7320059 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\xui.ptlogin2.qq.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b06066795ca4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "44" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A4728C71-104F-11EF-B97B-5630532AF2EE} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000a9819ae2121fd863918ebe4075142d5163f29a522e4ec64a52bf76f029ffda3b000000000e80000000020000200000001ec7695804cf3d20497206d95278243b951b1075016d83aad6fd680e2327e96490000000ecc34e0c361a4a26720b37723f16daf3b07cd5a1846ab68230eb3722adb127a0a9bf3aa3d4146e6b79dc7545e75710ad97a14460e1f06bedd3eb2dbe668937132a0394131411944fefd36f3dfd79d7b8d613ab968b54904d6e3178863223537e14958a77b6f072174dfd0d6c93270f4dd55d5ceef7c6db447db8701c0d6057f05ca4b65dc2f768c03cdae349cb4d32e44000000048e5d1d74d856e09848e049ffc49335f3ae0dfff3aabd18c970b31db4e30118fa6f35cc3f8f13e42d5191bc141d43471ea115f6658f0f4a1323d612ca634294f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\qq.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2208 wrote to memory of 2416 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2208 wrote to memory of 2416 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2208 wrote to memory of 2416 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2208 wrote to memory of 2416 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Autoserver\mailqq\thankyou.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.chinastor.org | udp |
| US | 8.8.8.8:53 | www.loveyouremails.com | udp |
| HK | 101.33.32.95:80 | www.chinastor.org | tcp |
| HK | 101.33.32.95:80 | www.chinastor.org | tcp |
| US | 8.8.8.8:53 | mail.qq.com | udp |
| HK | 43.129.2.108:443 | mail.qq.com | tcp |
| HK | 43.129.2.108:443 | mail.qq.com | tcp |
| US | 8.8.8.8:53 | ocsp.digicert.cn | udp |
| US | 8.8.8.8:53 | ocsp.digicert.cn | udp |
| US | 163.181.154.242:80 | ocsp.digicert.cn | tcp |
| US | 163.181.154.239:80 | ocsp.digicert.cn | tcp |
| US | 8.8.8.8:53 | en.mail.qq.com | udp |
| HK | 43.159.233.74:443 | en.mail.qq.com | tcp |
| HK | 43.159.233.74:443 | en.mail.qq.com | tcp |
| US | 8.8.8.8:53 | wx.mail.qq.com | udp |
| HK | 43.159.233.74:443 | wx.mail.qq.com | tcp |
| HK | 43.159.233.74:443 | wx.mail.qq.com | tcp |
| US | 8.8.8.8:53 | rescdn.qqmail.com | udp |
| US | 8.8.8.8:53 | res.wx.qq.com | udp |
| GB | 43.132.64.151:443 | res.wx.qq.com | tcp |
| GB | 43.132.64.151:443 | res.wx.qq.com | tcp |
| GB | 43.132.64.151:443 | res.wx.qq.com | tcp |
| GB | 43.132.64.151:443 | res.wx.qq.com | tcp |
| US | 163.181.154.242:80 | ocsp.digicert.cn | tcp |
| US | 163.181.154.242:80 | ocsp.digicert.cn | tcp |
| CN | 180.95.234.213:443 | rescdn.qqmail.com | tcp |
| CN | 180.95.234.213:443 | rescdn.qqmail.com | tcp |
| CN | 180.95.234.213:443 | rescdn.qqmail.com | tcp |
| CN | 180.95.234.213:443 | rescdn.qqmail.com | tcp |
| CN | 14.205.73.123:443 | rescdn.qqmail.com | tcp |
| CN | 14.205.73.123:443 | rescdn.qqmail.com | tcp |
| CN | 14.205.73.123:443 | rescdn.qqmail.com | tcp |
| CN | 14.205.73.123:443 | rescdn.qqmail.com | tcp |
| CN | 123.6.33.57:443 | rescdn.qqmail.com | tcp |
| CN | 123.6.33.57:443 | rescdn.qqmail.com | tcp |
| CN | 123.6.33.57:443 | rescdn.qqmail.com | tcp |
| CN | 123.6.33.57:443 | rescdn.qqmail.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 116.153.4.97:443 | rescdn.qqmail.com | tcp |
| CN | 116.153.4.97:443 | rescdn.qqmail.com | tcp |
| CN | 116.153.4.97:443 | rescdn.qqmail.com | tcp |
| CN | 116.153.4.97:443 | rescdn.qqmail.com | tcp |
| CN | 180.95.234.140:443 | rescdn.qqmail.com | tcp |
| CN | 180.95.234.140:443 | rescdn.qqmail.com | tcp |
| CN | 180.95.234.140:443 | rescdn.qqmail.com | tcp |
| CN | 180.95.234.140:443 | rescdn.qqmail.com | tcp |
| US | 8.8.8.8:53 | open.weixin.qq.com | udp |
| US | 8.8.8.8:53 | xui.ptlogin2.qq.com | udp |
| HK | 43.159.233.74:443 | wx.mail.qq.com | tcp |
| GB | 43.132.64.151:443 | res.wx.qq.com | tcp |
| GB | 43.132.64.151:443 | res.wx.qq.com | tcp |
| CN | 123.6.105.194:443 | rescdn.qqmail.com | tcp |
| CN | 123.6.105.194:443 | rescdn.qqmail.com | tcp |
| HK | 129.226.103.162:443 | xui.ptlogin2.qq.com | tcp |
| HK | 129.226.103.162:443 | xui.ptlogin2.qq.com | tcp |
| HK | 203.205.239.154:443 | open.weixin.qq.com | tcp |
| HK | 203.205.239.154:443 | open.weixin.qq.com | tcp |
| US | 8.8.8.8:53 | ocsp.digicert.cn | udp |
| US | 8.8.8.8:53 | ocsp.digicert.cn | udp |
| US | 163.181.154.242:80 | ocsp.digicert.cn | tcp |
| US | 163.181.154.241:80 | ocsp.digicert.cn | tcp |
| US | 8.8.8.8:53 | res.mail.qq.com | udp |
| US | 8.8.8.8:53 | aegis.qq.com | udp |
| GB | 43.132.64.151:443 | res.wx.qq.com | tcp |
| CN | 43.137.221.145:443 | aegis.qq.com | tcp |
| CN | 43.137.221.145:443 | aegis.qq.com | tcp |
| HK | 43.155.124.145:443 | res.mail.qq.com | tcp |
| HK | 43.155.124.145:443 | res.mail.qq.com | tcp |
| US | 8.8.8.8:53 | qq-web-legacy.cdn-go.cn | udp |
| US | 8.8.8.8:53 | lp.open.weixin.qq.com | udp |
| HK | 203.205.137.72:443 | qq-web-legacy.cdn-go.cn | tcp |
| HK | 203.205.137.72:443 | qq-web-legacy.cdn-go.cn | tcp |
| CN | 109.244.216.15:443 | lp.open.weixin.qq.com | tcp |
| CN | 109.244.216.15:443 | lp.open.weixin.qq.com | tcp |
| US | 8.8.8.8:53 | ui.ptlogin2.qq.com | udp |
| US | 8.8.8.8:53 | qq-web-other.cdn-go.cn | udp |
| US | 8.8.8.8:53 | report.qqweb.qq.com | udp |
| HK | 129.226.103.162:443 | ui.ptlogin2.qq.com | tcp |
| HK | 129.226.103.162:443 | ui.ptlogin2.qq.com | tcp |
| HK | 43.135.106.77:443 | report.qqweb.qq.com | tcp |
| HK | 43.135.106.77:443 | report.qqweb.qq.com | tcp |
| DE | 43.152.137.29:443 | qq-web-other.cdn-go.cn | tcp |
| DE | 43.152.137.29:443 | qq-web-other.cdn-go.cn | tcp |
| US | 8.8.8.8:53 | ssl.captcha.qq.com | udp |
| CN | 157.255.220.168:443 | ssl.captcha.qq.com | tcp |
| CN | 157.255.220.168:443 | ssl.captcha.qq.com | tcp |
| CN | 180.95.234.204:443 | rescdn.qqmail.com | tcp |
| CN | 180.95.234.204:443 | rescdn.qqmail.com | tcp |
| CN | 43.137.221.145:443 | aegis.qq.com | tcp |
| CN | 109.244.217.35:443 | lp.open.weixin.qq.com | tcp |
| CN | 109.244.217.35:443 | lp.open.weixin.qq.com | tcp |
| CN | 157.255.220.168:443 | ssl.captcha.qq.com | tcp |
| CN | 157.255.220.168:443 | ssl.captcha.qq.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4750.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar47A1.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8af3776406e49426b3e041b6dfd9011c |
| SHA1 | 37c1471b10490bdd9ee6dc6836abd50b951e5f76 |
| SHA256 | 00ec8e8216214932569060a9f16046037803470ccfb479b2e18a7dcc4efa988d |
| SHA512 | 0d6b42201caa1e0124f0c1da669b6d21783f8183d49c235c3dd0a68cad7cd8ff6f4e4edb85045fd5777c3ed262fb293d920a76013998c6d15c218775479eaaf2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 696da0c7a8c2b878600b9a923b723054 |
| SHA1 | b712fa3545cecb789523df6427dd9d2f2a3124ab |
| SHA256 | 96456e83ecdd7b19b4d3c585e72ea90a8782b6d15ecd546075f65ec59a68165b |
| SHA512 | 78d35bc220795400515c51e3d91a74b62a42c148da0fd2d76e680cb0b8f4c1c252a32aea2603a7b1f05d59295415d88e6a8d9433cd78b01f6b404fe016d05676 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df973c2ee5a9c1317de1a3b9d0627fed |
| SHA1 | 5d526c0fa35d94cc5954efa4433195d51d619c04 |
| SHA256 | a027460af24a42520fce30cdd9257d127c82f5f6633dd3a8e960596ee5ee3049 |
| SHA512 | 261f34eea3fb4aa5cb1fbef282ec2c241ac69f5e40bbcd0d496f925547b68868cc2b5e9fbbc48d891b98452a46115591b96385bf0c394a1fa1bfafd7335bfc1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b393e01380c15d31ff94c0254d9db7ee |
| SHA1 | 7805838c60937d456d44a8ccc76cdd1ed5e89537 |
| SHA256 | 2b8dc0c692400580f98a0636dc93ed9f9b5ebe9fed1913e601692e027ae6eea0 |
| SHA512 | 09cc093fbff8cd8f264325db556a7c3ad6358f0d26975f020fd008a1ee82e5151d8f76d7522b7cfb467783eb3098e9d50c683aa82c99656b84a536b8f973ba39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d059b5af29afa72096f8cff32e67039 |
| SHA1 | 4cefd909896d7c4792811e19724341a3943bbd12 |
| SHA256 | dfa09bc0223f9b157aec474e213ecf83061cd5708b8a39eb98625546cae9cf5d |
| SHA512 | c08bf1974525bae39badfda68af58f72e9e1cb07d4122b523a4cf86828a9a6dc9d3b64697b1d6893e6446a7ec50badb0f3c575b9dc83218e57878301fcebb852 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afe8cd86554034addbc5847e1f657360 |
| SHA1 | 87b2c93c6a7387c85e145e9e4f9470ea4595b65f |
| SHA256 | 11e272e21e80cab82790618b3f2b83e0cf9266a9703da532dd3be91d09e3dfc8 |
| SHA512 | d33e3f36730f6677d373eec25b813f80289728e23671d9ab9efe7e04bbdb02f709db467a9fbf53b7325448f9ddcf4d3f90a9166d967e01dafa21c3d3ab45eac6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b6a5af6a71c19f00ab1f91d1a57864b |
| SHA1 | 4a6d267950104437c540e92491cfd41acda440fe |
| SHA256 | d9336a4b4e4471420291c5af2492f7d0170d9524e6b043c2b229f4ac1acef3be |
| SHA512 | 4687ea9b567545e0fda71b2dcfa49acc78dd982378f593ab4cf46cf53492644c8fb677f8cb641474680b98443edb3bc4c6ffd0319c1355cb07b0009ea624b4e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6f8b13b0894dca6beafa589b3922059 |
| SHA1 | fbbbcba0b2a84cf55c3e855f1c124d50dddb6ae0 |
| SHA256 | 4c9229bda0cd0b17db22a5f050ce9aabdf009f05543f14de2eed7330705ac6bd |
| SHA512 | b59d47719643f72b5d465ea835a8ad19144f05e839790a18860485ca2df6aa6b5827f06147864b2b36bbc3de581942f7198bfc6fcfbb79fa2fe23e9b8bb8c154 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffa92ce52fdef2ebf5e63885072673e8 |
| SHA1 | 3c4b1d86e010e16b34370637145066146d93be0a |
| SHA256 | e856ba49cb2012cad0c518ff2bafee045fee4db4f26d31ad19cf1f7951bdc4b6 |
| SHA512 | 59addd202232e74f8a8a4e121e93d2c406b830ada71edaf23d725cdb621e63d23c0139d2d2a972f7a12c92d75e37ae819ad5dbbec2699b1f9a6cb797d59f50bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b925b336771505015a4d2b2e87b16535 |
| SHA1 | 541a0aa6c2bc791c298351548cefecbfe72cfe39 |
| SHA256 | dc224700c5c1ebd20f1dd19a73fb019a7d0a8219d6ffa1c941ff877449e2d0fe |
| SHA512 | bd68d7cfc23c3c4acf04f9c63f8d814f8730fad18cb2c3114c0c02e0489f5aad0a627867b1961ebf1ad441564dd83b7b51feb2185ff4410b003b27416511f232 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e1c4bfadf39799f251ac39997d1c1b1 |
| SHA1 | 133b08f66fa3d7c559209bd516ce39e31f90f231 |
| SHA256 | 5fa38b1f23830df37df94bbdadee906b320e192cc640cb9967e74b7da36b0008 |
| SHA512 | f288be1012f8e6494fd938bf4bbec2e557e47feb6900b4c6181dfa6d99b8ba98941d5e8fcf7599b7817b5b61d42a29f7b8eaa97d8ba9f0c3440b58d2a85e07b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f8f55e12d2c9f5b3a88fafd39083301 |
| SHA1 | b2091c8eeb063930dde7751e08f5ff85647d3d6a |
| SHA256 | 69fb813f1e1fe5b37c94b405dca8e0ef17d4dda34a027fde45c47c75dcd06964 |
| SHA512 | 305547b6afe5f1643e224bb7059eb30d0baf4f601d3fc7cc5b26cbfaa62c6d84ef3d5dc176b148a06c6627cff0d91f6d4f6a68d5b247239458003b8edc4df6a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d79143558ffed18c5955b4f033d2569 |
| SHA1 | 2dbe29037303e7331d23e7e5543644077dbe6dbb |
| SHA256 | caa0a1358b6123eaddcccd50da57c6cbef8088b0bd6b2cef4cf4c20e906f3ad7 |
| SHA512 | 23431b5cdf81151af1f101d82d79ecdab8d41101ea6747422da595ab5bf1e74ddca31b4da31e5b9ab005a4d88d1e023b401db80982a12037c08fda2180363ae1 |
Analysis: behavioral31
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win7-20231129-en
Max time kernel
118s
Max time network
120s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Autoserver\yahoo\index.js
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win10v2004-20240426-en
Max time kernel
135s
Max time network
151s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Autoserver\hotmail\step2.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win10v2004-20240426-en
Max time kernel
134s
Max time network
138s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Autoserver\yahoo\index.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.88:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.88:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win7-20240508-en
Max time kernel
141s
Max time network
143s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "133" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\xfinity.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A3509211-104F-11EF-BD9C-4E559C6B32B6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\xfinity.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\xfinity.com\Total = "98" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000ed8d0101195e8ccc5d18e57fadea37d74c77dcc8778c2c0c143312d19ce7d3b6000000000e8000000002000020000000138e89ac7796fcbcdf726034952e554678533bdd8ef345e7f022e5d4037db12320000000f7cb38be7b3009ec45d09d918de89c5b7e7ef285af23a651317d6a5380b1ccc1400000001785a9a562997103f364ba6eb3db3514ac4144e123b0cd1724db0b53b33bf1ebba6ffb045a4da3f9f98677f126e0250869135001fd0027832747cecf53b3c916 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000023b9ebfdc61c88edb7665cfc9dc158b48523718a4b8ebba47731eead84d4f9e4000000000e800000000200002000000031179317ef8297b6cfea7838ed789b86e29dd5a6b91c7dfdb0ad52635d099c3b900000003d009afef8a6c256cc9cd19a6e5c3543a65deea7b1e49d8f3891a3c460d4b7042d323bcf957aac0c0188f88f47a2791e226d871696506dc413cb7d8e6776aaf0666d3bf188a34a34e4bcca6aeb380f591baf84d9b5d193e0bb1f0554374511a5f2fb047eb28232540e55096ea985efb14e6f2db58f0b0b15b3efd94945d223c3699e907187e03bae986edeaa8a3f53d840000000e6db54ceaa92a898aab6967aee802b1c1edad578685c48157dbd6333adf47132588a14edc20811f109a16b0d4f350915b73a16bc4317718ba208acc354f350bd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\login.xfinity.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\login.xfinity.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421673837" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\xfinity.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "98" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\login.xfinity.com\ = "133" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\xfinity.com\Total = "133" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\login.xfinity.com\ = "98" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7012306b5ca4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2940 wrote to memory of 2084 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2940 wrote to memory of 2084 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2940 wrote to memory of 2084 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2940 wrote to memory of 2084 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Autoserver\comcast\thankyou.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.underconsideration.com | udp |
| US | 8.8.8.8:53 | www.perkspot.com | udp |
| US | 216.92.206.238:80 | www.underconsideration.com | tcp |
| US | 216.92.206.238:80 | www.underconsideration.com | tcp |
| US | 23.251.152.199:443 | www.perkspot.com | tcp |
| US | 23.251.152.199:443 | www.perkspot.com | tcp |
| US | 216.92.206.238:443 | www.underconsideration.com | tcp |
| US | 8.8.8.8:53 | login.comcast.net | udp |
| US | 68.87.82.237:443 | login.comcast.net | tcp |
| US | 68.87.82.237:443 | login.comcast.net | tcp |
| US | 8.8.8.8:53 | login.xfinity.com | udp |
| NL | 23.62.61.144:443 | login.xfinity.com | tcp |
| NL | 23.62.61.144:443 | login.xfinity.com | tcp |
| NL | 23.62.61.144:443 | login.xfinity.com | tcp |
| NL | 23.62.61.144:443 | login.xfinity.com | tcp |
| NL | 23.62.61.144:443 | login.xfinity.com | tcp |
| US | 8.8.8.8:53 | static.cimcontent.net | udp |
| US | 8.8.8.8:53 | cdn.comcast.com | udp |
| NL | 23.38.20.139:443 | cdn.comcast.com | tcp |
| NL | 23.38.20.139:443 | cdn.comcast.com | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| US | 8.8.8.8:53 | polaris.xfinity.com | udp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| US | 96.96.229.188:443 | polaris.xfinity.com | tcp |
| US | 96.96.229.188:443 | polaris.xfinity.com | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb90ea80df6be259aa4e01cfb38d5261 |
| SHA1 | 804453e95e4e0dede807c33284a2b36a30d8dcd2 |
| SHA256 | 45ab3176c1ac70482b17c7dc95dc260366e42673e3040e66bb4d577a86105fb3 |
| SHA512 | 0d15cd87cf5dc2d9263193d148fae47db70f156b1c437c1b62077cbc362142219e851b99ab72817e7a96330b65a210ef242ae0324b166fadcbc49816d17ac0c2 |
C:\Users\Admin\AppData\Local\Temp\Cab38B0.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar38AF.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8646c4db847e05dcc54c0a3f1feea8f |
| SHA1 | aba0cc65af89185011f1a51dd68855b22e3a3d89 |
| SHA256 | 9a86660ec86549d12d426e8f6b88b6e355cc0dfa4505762cb925db5365e2ac7b |
| SHA512 | 9349eb7742b5bad25cfb1730a06907e591fb2786f453bc4b1037c10f7c5034b50a0ffeadbe6560a73005c6ec3e823034ab55fb353e20062cf79d2587d08a7b1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f73a590bb85a5d6a582e16c4cc5c9ab |
| SHA1 | a250df4929c674233f35ac6860da3b814e78148f |
| SHA256 | f088ecd31fe2a289a2839e6f1b2d739261288afb05ec061a8367f4044f883308 |
| SHA512 | db4d35a9aae87a198a5a0885122b37f7810e0f4650260de8654d6f4e5c7e5fc83bf7cc52d91b4841f0de64391655b3be3d4baa74c907668a5927f3d7b3d4c1b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c18587f530c078ab30fc30e83a0a63e |
| SHA1 | 417da78fa5dcd576bd5f43b7c0e76185e4635d94 |
| SHA256 | 92e43ac96e7a183f1fde45ec2ac4999967d2fa29d219848fb248a544f924d93a |
| SHA512 | d0f227e9b181e12a232db6502c2bb65cd82202839e8cc1e252394ec38d580a415df93d412ec245f0d585f6f491b4b1f03f181bded653542025c917c1046803b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94b0b766eee023e719e4ede45ae0e9bd |
| SHA1 | df9b0715a1647c0773b2fe4a8c31914c4f5ece6c |
| SHA256 | 12566b45eeaeb92faa0eb0483e53a2663df2be145407a9c96d974f2c0548a604 |
| SHA512 | f7c988a097010da624a3df26b3eed10a94d4d25d3fe033ca10d274c1308c56a73cb0d460377e30ac85b3e72978bc516640fd025ed1aacf3bd659cfd4757749f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a31066db73d4193c0d78db4b98b3ea2a |
| SHA1 | a5b604f7c603824b34ab008843ef0fb1fd9fab0f |
| SHA256 | 3739d6139e9d73152478e6dd8fb633545156af35055fbe1bea2a63a808c4d51f |
| SHA512 | 976f29b11eb45b270c4f60e73b54ece1ec4e942014c6ebb2dcf9b6fe52a17ad1b9c675d7c8096a356d7cb82e911f14bf48f5864d6f955d84b3fe8d56d3da9f8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65b64b3cb1e8ad164a84f6c7680a1313 |
| SHA1 | 45ddb0f04b6a804dbe578a408601be0ba276c814 |
| SHA256 | d1a5101fc50984a74d53f19fe2606327a26841a53c1fa8e469964b6a7fc32a7c |
| SHA512 | 62e70fe878d77b6e9c22b43412bea1af77dd019b793bb14710f823f5a01365ed14a678e8d3b5448cfbaf2a3881f57530316df81841aab97402dc275de31af9c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59219e41f9116aec65959c506828186c |
| SHA1 | 038f8caff483bb3fc2dce424dea24964294bc93b |
| SHA256 | 2b01421f8b76d1a207d945f0c3a9dc5ad99b66f99cd5e208aae3fede37f2244f |
| SHA512 | 8d8c963122f6134522fb9c6dc9137b15ea7e8e13ac5f99fe56d009f85b5afdb107f43c058316514ab052fce5a98de5dcdb83728b045d609fa79cdf9d93c7aa8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91f1f8177d205cd2f4dc255ba3d67cd3 |
| SHA1 | aad27a48bff343ce680b7ade851e1f56368faad3 |
| SHA256 | bbf898053df4b2b19e26183b8d98fd4aa10f4ebd35532cbd360d133d699edd8f |
| SHA512 | bd229be97f864ce5abdcb88d1a383051481c409cb6c2086af86a05d567f803609fd9990043fc9e90ce4bb7758679f75165dd6cdd4d45a88e2f3272088eb2e56a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8838e7eeb52329c44f2cd68c40d8954f |
| SHA1 | d527d7401cdfec1002fd38f8911602af151b1516 |
| SHA256 | ed6f5b2cb49db28fd30095fc1a33e52871af4125d038d430e6beb46615e3b188 |
| SHA512 | ca93d3d820d0c09d46869b48523165b93d2fdc8fb19800804778cb636156ea7883615946f8e68ff54668fa40014bfc169081655411fa562e989691586486ec7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c42ac9ca921bbc7f5a57a1545e5d319 |
| SHA1 | c49b94c19366663f46376e56c0e4443dc4bbe0c3 |
| SHA256 | 32d1d420fffc7eb010d7960d10b0ca6fdefddd3e1e97f378fc2fa0fcaaecde03 |
| SHA512 | d5fa8fddd3c6f9817979ce1a553ba7ea8bee792cf459c05be037d9f1ce74b0df7cdb43c817857e1069b7e1977e9d712a1539b794c3857c71fd94c039ef394169 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3575ae621ff78172339d0010cfc14947 |
| SHA1 | 2d309402fadc289077bcc373cb9bcc7c36c55f48 |
| SHA256 | d54378e5264692a5100ebe868ba286af5d6d9d952061b53d89a381260864c26c |
| SHA512 | 975ced366eaae2cb10a176e7b8062de27b742851c890aa60f4bae5f124020f85af8cb9f2414cd3f59b6519f807434adafc70c872dfee0292c8ee0a5d384ecf84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35bc47e3c43bfef0cbcedb6b257444b2 |
| SHA1 | c33acf8516ead6c27508bba7c2434441f922f416 |
| SHA256 | a9b3013948a8bb577714504340f65baff8d88de9bd0848062b7312cddfb3131e |
| SHA512 | e27d1bcc48fcadf0c6a9d190ae7fb26a88f2d7040e64dd65943412c3fe68d6761ac4a0b46ef68d6f4703112675b8069f1f949e9b3c2190e4f3531437dded1180 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 670f12b7a75bffd3bea2b1dbbe9a5207 |
| SHA1 | 5b0223b354733adbf1f1da171474036e6a45f078 |
| SHA256 | ee177779c87b5d9515e4c59c6ffdec366daf913e3a6724c80ec3e3ad0ced7673 |
| SHA512 | 6aed4a9e66fc57e31b99098fef1853605052c4b91141590227fd60fc96a50494a7281cc50fa3342ae0799976441c9756f5b91bebe17998fcb2c4308cb4546374 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a7f615a67f3218d559974e8901d399b |
| SHA1 | 13f3fff5372a5cb0b54d418988e6e49f3b6bee65 |
| SHA256 | 103bba2c33c6f7dea25e7bf66fa6869e53580a7c3f303e4347ec90d3bb0e665b |
| SHA512 | daa5acde204eaa1dd90ffbfa17b449a7b3c86329fcc23d3b1f24e0ffed545a8b36299f77d1da0f0c78c2084760432ff10d3d9c5ef2d27bf05dda3214708a4b83 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UOGYCSHV\login.xfinity[1].xml
| MD5 | a9bdcea2567f8282899b546a0aca7add |
| SHA1 | 2b2aabe2d9ba384663fa4601e8db9ffa9057db35 |
| SHA256 | 0312072fb6b88c52af3537825c3c307889ead1f750f5af6976b4d7bde1c06b01 |
| SHA512 | 8e323d9c4aa5f69f5ea8ad76907c63862214ed7b569cc706a8172b8ec08274e5dd0c88016db2fda9c7320901a0235eddf8814b613e62bf7a5704c4b451efd52b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVBQZB4R\android-icon-192x192[1].png
| MD5 | 4d5a72cfafe8a0e67a3a4e3684ae379f |
| SHA1 | 2140780ff72470e5a9d63fdf950d7b816ce804be |
| SHA256 | b8bbda2990b5611317f747bf13de3a78e1de77fd7d864a27d845194988490375 |
| SHA512 | a2323abb4342312eeaf8cb9d5003287a64665dcc859424f84a80868fc9cc3d684464627e728ea9d688d9af50fea2d55a849ed753615667f4226bef751345776f |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q7my5tn\imagestore.dat
| MD5 | 3ba54c3aab1241230a193949ae44a040 |
| SHA1 | 75b6392c777e9095347a6e9ca95584ad3251b15d |
| SHA256 | 6342f8fdfc305a15d8112cc1c3e36de2f79358cc02ad22f4b309df34da4dedae |
| SHA512 | 6d9b00b76c6bf80042fec554f90f8a98a59e3f1ab2c90a5d2a434d1fc1fb354ea71ea9b764c44eba304d878a7782d2ce0d502c75072781fa60750b94ffe88dd0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5b4ab70a4fec67d30c4f158f1b8a4ad |
| SHA1 | d6aec77df48035f46eebeb4c9560633f2787144f |
| SHA256 | bf17afc3928387f34685b2931b6b78c3bbe539c9375427d895e5bb8a201579c0 |
| SHA512 | 7d24d20cd1cae1827feaba2802de5f5d0f1d4225a812eeff29f271a737ed6416e9e3e7f74e7d6be305e2d191860a58139cff6546c01a56d5fb7a874dab6e18f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4a1c0b2dda85e4421ead3a77f862a5c |
| SHA1 | a076bece6d2ae47057151e9677849100f20d8841 |
| SHA256 | 01132c8f4a7698249902c7d8b96b7b04a6f2b1daf8fc32f7908658cd057f41d7 |
| SHA512 | ca4c208a9ab4b670c2a034c53e1df2cf64077fcf0ba813ebbca65171ac7aca59048b57df4cf9fc3f72600e9682be721131c106d2bd296f210eb3ee438d4f27d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ea73301c3cab0d2b54a2dc403fae952 |
| SHA1 | 3762dc84c93beb33026fa951a9b61b1b8fb032f5 |
| SHA256 | a3fb21ec9d3cea634cb9a688aae044fcec6a36f0439f3f8522a1edc846108a34 |
| SHA512 | 5d17a3d7bf9b8d05a595c6fd36308800c6b3a48147aea6e93af77f6ab6686c107e33f1761bc0388d5df17f6cce3e63d6fafda5a8cfc5f1746adc0a6a60223ea4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e60400212358747151607e1181985ee |
| SHA1 | 067681c63ec2127d25bc35537e4d51ea3dea3f89 |
| SHA256 | b958be5906b131c30430e94b751f780ca84097bf064131f49fc38a9c7ee56917 |
| SHA512 | 9d433b0aaa8b1d11fb1e324785500e7f08de1f97308b02dbfd488732ae49dfd2c55363659337e20dbaa8d138032763bb6b7dbbd101e6d167f96464048cfed745 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cfca365e508529cc1b6a975d5a65ef3 |
| SHA1 | 2cc21372858de5bca33a27173adda5ebc9a83bdd |
| SHA256 | a0d06394ed1a14252a913930ba859f4f35cd2105d57785dc87e98aa817131d4f |
| SHA512 | 81e635e86b9f0c3064a0720734d0adba694b47fad320d645353ae19e5583027577ca15934a9340289ec1599d6cb83de61b01f85b72790ae26cae0058b4e8f930 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e0f7d4db147af2efd3ba7c44d899283 |
| SHA1 | b009dbebf540bf5b2d92700aade63f5068d3fa8b |
| SHA256 | 7cc34c11ce328d0baa089d93632a7d9ad7782333d9e497d092c91ca72d74229f |
| SHA512 | 788f1b4131f143ec2ca862f4e626fd3bcca7d570528776390a291ab4b32f3699b983b0b4d325a639664131307675f41f278ad6b45eb370e2181e10251a75c44c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 099c6460bdcc274a4031c7d2ce57812e |
| SHA1 | 2efb4ffc0f7a5a746e3703966e1e187215587b6b |
| SHA256 | 22c470352fa7dd5fd4ea6f512f4b74eec1969bb0b78af4ed6170fae843b53c06 |
| SHA512 | dad80d5a22b80323edb8c796f76509b9f9f54ff3bb7fb02b2e2e9c168e8e74ec1752fcf393acae44223e656de552e5aeb269e505a6e268e5ec4b4d746593ee9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28ea01bad91f0590bc12e510c3542210 |
| SHA1 | fa38c0881e46cff8e40734a3903c3c7baa5bbd95 |
| SHA256 | 3c85aad98869ad62405c58856d45b5171cc3a2ee64bfe19eab56d333f8df469e |
| SHA512 | 27f0bcd912c2deff76cc68243aa057e013062dc26fefe6212b5f59945089aa425bc2ff3df4fbd735bf8f6929964b5bcc446073abac65f5baf45302a576fc97f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b41f3fa69e9a5b26f396425b05e9bee0 |
| SHA1 | b4ff58576d9711e9950f9d8f57b7680b8cdf4951 |
| SHA256 | 542b45397fb4cdd8ec8060ba8fe61b565aa43632e7cac98a0a62fe02d0e8733f |
| SHA512 | 58184c797d7b6874707b70e6385a58d4aca9a1de9a5e2c21498673bc01ec1468636a6de0b7ea7c1d8e2135bcf25517a2f85d11f3a4e906e3475b4f09149ea8c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cf54457e104098e2a3f54b600e6b6c0 |
| SHA1 | 8ebcda5b7219b560d857fecf1b39384f23c1e1c7 |
| SHA256 | a80c4158e5595634514816dd03b22333dc355c61eeeebc15a1e36df1d4be205c |
| SHA512 | 23397790f28eceaca67042af860c295433c84a8d456f45b3afc6a3ebc7d4e323d6459dbbe47b79f9978ff437d6e53af454d04cd129c8c00868c4ef1b7afea739 |
Analysis: behavioral11
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win7-20240215-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c60000000002000000000010660000000100002000000057b4adf01b9b12621d8390c0ced126d63a5b2c3c66d7a07e28eb0702e96dc7b5000000000e8000000002000020000000cb950b8a819ad96ba1aa714ecbe54476444930aacd3ab09ea02717d23ee20b5220000000fc17a94b32701e7f663c6edac27ae010cb6555971ecb709afda6295779d2eed940000000858e6471c2493ee41b605c0551d99fd7d4cb472d7f8f1a288ffe97042250d2764e01694f1dc70bb89b9075bdc086e8898d4676ea536afe8135731ca4516cc2eb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 400bee6b5ca4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c600000000020000000000106600000001000020000000c3f6e08d0dee5916f4b9957f2d0f5cdf1a699febf7956cf02b9a4f3a75c45528000000000e8000000002000020000000ca3189dad62866031ee3bc64317602262c524b3b653b562cd441f832e3d732b5900000007e026bd3eab673f8c74eec6ddb6e0979670c7bc691cd7e3e1fc0a20373570be0a3d5e6f2722dfbaa892cbb2c3c21cd4b7e57a9bbe7c7b6860d67daf7026e2803cffacfb46119f6df5df4eb994aa70a345e424fdab325c6a87af7aa517e10995ef5f99e4669ed21cbcb51d13c368fd13ecca088b49234552c1ba4a8f15a31728fd98e85819c55c9574a97c15298c407b34000000001a9957103ce41ec7ed2861b3830278836044fdee3c92a2be1f20c9e78e398ecea01164f46ff23f8dc250a77760a9253e332336c853509421ce8e632b8ed9ecd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A3E16831-104F-11EF-ADBF-FA30248A334C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421673838" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2416 wrote to memory of 2756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2416 wrote to memory of 2756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2416 wrote to memory of 2756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2416 wrote to memory of 2756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Autoserver\daum\thankyou.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.hg-times.com | udp |
| US | 8.8.8.8:53 | icon.daumcdn.net | udp |
| KR | 121.125.77.189:80 | www.hg-times.com | tcp |
| KR | 121.125.77.189:80 | www.hg-times.com | tcp |
| KR | 211.231.99.68:80 | icon.daumcdn.net | tcp |
| KR | 211.231.99.68:80 | icon.daumcdn.net | tcp |
| US | 8.8.8.8:53 | logins.daum.net | udp |
| KR | 203.133.167.18:443 | logins.daum.net | tcp |
| KR | 203.133.167.18:443 | logins.daum.net | tcp |
| KR | 203.133.167.18:443 | logins.daum.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2A7D.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar2B5E.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bba3ee02afd0a823f5c91d2c5afc4b2c |
| SHA1 | 8aa8c740e87ff8ff2effea7477b8d9097af1578f |
| SHA256 | ac8940f7ed7fb83c684ad76f3a5cb8054743ec40f611ae889bfac3205c6b74cc |
| SHA512 | 5502df0643c3abb21be5085e0773d9c456149505d24a313257bca4970db4f817e815968fd108b04f65dc1459b351be854a4bee6ae2c10292fed2b10d2f7deb38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94a2a92780e9a17b1f04afab27c7b1e7 |
| SHA1 | b0346bef442d65e35d3dafc7bcadbe114b96cd48 |
| SHA256 | 52ef04158ff9e4cb033a18df9df5c8dfa67d99e14d39d2c165a14a945049fc91 |
| SHA512 | 8a5c51ef0ff27b0982c050711a79e5a8874d7f2380011dc9eb900dd7df280351b0f547099f86d8e6aabcc288c05c706ecb5d925a766a3e6020a80cf591eb7f00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 556560e1bca9dc126d0919ff6e837ce7 |
| SHA1 | 1b956eea4f475b96a07ee7c5edc2b1b7c1cae6ed |
| SHA256 | 3bfc11c41cc56faa8ed4c1ac59ddba2bf46c5b4a247024d0ff7d1082ea28f7d6 |
| SHA512 | 0c76e9d7d4d0facc39e632ded67ff80a4d406aeb5b2dfa35330402c059338af636e511a2d21a4e0a04616542574c6ee0d4d854878680a917e9759808adba8a77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99dd6547e8c25945498e9ad7ee654846 |
| SHA1 | 888754fff1bed125c9e51f94767c4d318a7e4e4e |
| SHA256 | 0a48f42ae55ea26335fe9a725fb2d8a3f90d130e096f05c9b4640767318c0801 |
| SHA512 | ef889a11b971460d9f8bb3e76ba135281a22e7362d2b7bf62fda75430f3837583b192ee033efafbdf9ec289667d9499d18ad274107397f53d11da389597f01fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6452eef8a20fbc5e19d1b866e4eac9a |
| SHA1 | 86207b399c08fcb84f67ff9bc83373ac506d9cb2 |
| SHA256 | bfcca12e7bdcd68093ef87e234232a94451fbf5529886dc7dbfbd4c9251ec596 |
| SHA512 | cbdbdac7f7c00a92ea82d2fac1cf6c59338fb7dc9bed8485b6e7b3321833a36a5a2c2f5fe6f3cdbf8e2a94a33f02381d813375f644eecabac6f4f1e3fa0717f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8b28e390531d898c6283037ba1c9650 |
| SHA1 | 8f57b9492fcb1c44fccc4c4ad758c890ff14f29d |
| SHA256 | 5507f4de5b447f4e6ecf9f5c772e5cf97a5e392974934de79400d5a30ae10dbe |
| SHA512 | d0def7927700e58c0205b609b59724838577b29534e5e54109384c8791162af22572e5dfeb9282bcb98dbcec8dfb5ec082b732fb9f6485900aefcc07e5df9b7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19e841aecaf972a919b5640843b3d6f0 |
| SHA1 | 89015c15c317b8e5b4a387814902167523931d1b |
| SHA256 | 6ec3a1889f65dbde980ceccf97de2250ec9d90c58a1d201b1b6500a8660ad5f4 |
| SHA512 | 572cc52f21186804a4fd6dd8c3e1cce422bb22abef034cec73a05893c541724397db2cf5ebd043abfd22db566ab72398b0c904b9837862c6ce47dfa1a684f0d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 340256739fcf641d7b4e63d248efbc24 |
| SHA1 | 10bfd33e21d11096410661a4bf0e470a2c94be0e |
| SHA256 | 6fbb44eedc7d12f56207b454eeeee646d38b7da9d0462f65b6949ae16b6d6466 |
| SHA512 | c1db780767d27b565e5c2b8ddd9c3d2f9915ea8bc29370b4995f6e6d34d277f4118b3b5a3bb66249f56cdcab96364e4f120bb49885dc0b30e6d5e9f8f25267cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2efbd9ebcc5f7e53ce9dbea3d5001dab |
| SHA1 | 56682b9670e3a888140dc3d5bbc6265b4a91937b |
| SHA256 | c4fc1b4574429a1c0c40fde6aa0ae7abe178f1f28f4dfc452485b087b23e155e |
| SHA512 | bb6a7822b338b113238ac0036622d0968948cda129a027a98e6ac58183abf2e2f858aa1a4ed9616dd915616dd98630968da31a0ceb13ab8e56005ccf93ac202b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e32c289efea956513000d29e0f7b955 |
| SHA1 | fbe5c9e164070b184b3e4491e57c065bfa416e82 |
| SHA256 | f36b2eebef132b66dd5b416498d57285b1ac4bc3bec75c3428941da7157c2172 |
| SHA512 | 97b146cb5e2e2e1740a066b0fd52478ddc3db8d43eaa6e599c6101fff9e1d367303d716ebb880bb304396cfddcb47cb6ce23a8bc8e7db81968e1739fc27e891c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4de5f255f7c2ac1cb81e4585dbd7af11 |
| SHA1 | b6308315f8b3a549c1fa93596be3f08511a02f43 |
| SHA256 | a9191df4c7a37031c17fdbbe31ef777b9dedc3201d0778ae89fec6402eb6ffc5 |
| SHA512 | 48919965c2f4bc46daf5abe130ca533d6966e745054f70ccb362f6e37dcd040309e3b59ec9bc3a3a5bacb3d2e0fa4b6cf7f373500060369f5c84b80f13b4e11b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f22317c6092b88fa31fbe92031f2e2dd |
| SHA1 | 39a85635bb9ded4acd7c95aac2212f3b39e7b10a |
| SHA256 | 44b64c522aad4f06cdf3cea0a53d19d8d29f92fda29d9bd0d6126cfc593bc5f7 |
| SHA512 | 70b17549be4eb2375fa3dfd7358419cb2c46892b6932b020467769cd04628212e5a623e6a1a99e8e9f96badf19f938d1e31ba927bd3c7511125cf9ff80a236b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 783dd51787519cb76accbfc8b561d19f |
| SHA1 | c26c7be41e14b2f958cb9a0b6d797850854cb46d |
| SHA256 | c3fd290385db92410aaec0888b096c93e1e81215b4fb8e2ebfecaa9c6dc08ec8 |
| SHA512 | cd77fd01b543b8affdd7075dab3846c79cb9a8c216b02ee557ec3ce00e592255c4afe430762df5843f512b0dbc8f9b1375c211a0bc052356bdbe78be6dfba95d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06205845f6d88ae3d45bf5ace869e7f1 |
| SHA1 | a6e88f094606d6f973805d74f18076685d8ebbfd |
| SHA256 | 33813ad6a18634876ff115e0dc3bc149f7646c19069757a9ca570b953dd5e1a0 |
| SHA512 | 392567c5ff3fda1bb351454bdb0fb5ec43dd96f313d5801370862aac1b81dc1c98e97ba9e6dba35bf845805510a79b8f9acb5f381e6b33d81735ab43652d7764 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 837c50e870e2fe2e7124c801f4d40c4e |
| SHA1 | 9ac7c78d93cddf37a433fca2a421293178ae3877 |
| SHA256 | eabb619e7a5ee45712cc442b70305244c608bc52d4ef0b29782cb53e28cd060b |
| SHA512 | 37f230b763b042cb0a6af216d4eee3d59ae703b62f2a634900c7e4458b62fb768844f2200df687c960a3fe5404536ec3a9c0a9fe49292f6a757be461b29937b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5954cca03f94124e070a16d01393bb0 |
| SHA1 | 2bf5de2cd99f8b620997e379700946b961e91c3d |
| SHA256 | f35d57a720ee0f0dd071f4aeb54aabae95746d9820569ab0129071b0c12b3e1d |
| SHA512 | 8d69757be57ee152f3560e230af2cf184d4daea0a2f0f9c07c2e407d1db0077addaac1caf8cd32360e37309f12a42d3770892aefe5baf88b92de6d1c36f1dff0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f79c24e43d764511bf31391b14dc68ea |
| SHA1 | fb15904eee80a8174a8fd737bb034989fa068d0b |
| SHA256 | d6f4b55d02e2940592706081162621b094ec98d3e88d048cb8d80206daa1ff5d |
| SHA512 | 284d57168264bae78a91f7e952d30a69dd08c1d4d61017ef98db1a56303973b103a418a96d7909e9bae4c465cae419a63a9ca7e0cafd22609b74f6fcf72f45f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d0029360ecb7fd3992b7730dc6f3b2e |
| SHA1 | d9efbb5a35e4993a1b81605114cdddb704e71b7f |
| SHA256 | 9e85fd043e8f39a1759167b409ca2f1679342ea8a70578d9656a7dce2a6ddaa0 |
| SHA512 | 4a1cb398fbc71cad2aed7706d5a8c6317aa07891113e6c9a05fc1b7a550f2f82e26fa4e2bee9cbc46dc35bf77e3306f3a4e711ec4f372f206888613ff3e2c73e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa0795456df75a1097dfa60e82c0b607 |
| SHA1 | 4c76e001fa2eac96b63d8c8766f06d9fa33fbc43 |
| SHA256 | 51b1148191d84d6bac607ddd67441d021d4802aa62fae2b9b75895694b3ba541 |
| SHA512 | 7d2022b4dca16fca081b2b5212902569dbc1400e631d6ec986e58db3ff7c775fce52ad4dda5e64bd1dc6d7b3984ba477295e626d4d8866c58b41de4dc6237756 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 075c4e4cd8d451408758842346cb2e14 |
| SHA1 | 669be84bd4484ff0dd7a0d5b3e76db2bdccbd25f |
| SHA256 | 12fae6962b728480504f1ead26f56d5d261035d495895035c8f08ec4387973c9 |
| SHA512 | d048acadd78952f8ecdfbf3b017e3bbabc89b87e4fbb100e4b8b55e7d2fd2ffd21edc5361fc52187de68e33cc911ff453bd21a38c1e0d2cece0157aa08268655 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c5f807a31f0b60b331a4310d5352498 |
| SHA1 | d65dfd9edbff45fc70e7ca9d28cfd9d338965f10 |
| SHA256 | bba50aa3e7b495c3a7a98c6cf4559b54c942145dbfacd03a233cf5445612ee9f |
| SHA512 | 7f193505c9f51ade6e75901f91b96a38e5fed4c1f88b5f7e2541641da722805d9f6950d7f05a38b5b7bb7769cb90d009af06fc84c2c99e57535773c0f05ab3be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f04757a4e7ac4fa62ae64be4fd58af8 |
| SHA1 | cfa388b571192bd775ba367d24df2571f3da01b9 |
| SHA256 | 79011076664c88c61524156bbf951d8894ed461e21a0ad05af78351238cb82ac |
| SHA512 | 92123c81293a98e4df9e7350afc2118d5c4dcf6b0371d3cbe237478eef445363db16ce744962ec736a9f1846f509bf3c02402fd4d4e5ab7f530e04b417839eb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eea0b4b14c08ba8a6d28093a25797235 |
| SHA1 | 54cc742501119a776b7ca58ea94d9d674e50f08b |
| SHA256 | 7b3c73d0b8a25ff3d96b0df486548f059a99a84d5a9491a327328a1bf218327d |
| SHA512 | ed321dc45309e982f601598739f4c97305b229f4d19b9f25fa1e987af1f5f16e0a2e25adda743b1bdfdce540834affa0db61de99fec9b5de3d27756785d1eb8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39ac115a7286c16308828644db16b61f |
| SHA1 | 30b53e7bb7b5e1c42a163c75173622793fca459d |
| SHA256 | a9b78cdf04997cf75c0a9afd665b97f284434884fc3cf44cf1bbd5c3c482b599 |
| SHA512 | 5073c0136558e4e57dafba6e897ec69509f3a240e926f816e3504ce58ba06dad553f6b531e9f4ed9b2b2937e63bbda0af5790effcbcfa8cba936d9356ef7a23c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e190b898cb4843f6517d80b3757cbae |
| SHA1 | 6307f74406bdfac628502828acc79bd3277136be |
| SHA256 | 840def72975dbffc6aceb5d08184b4aa503157442644ce69d071e3a3caf3c2c3 |
| SHA512 | 43eef39468e90eea8baf802798cb833f3e359e81acd2ed9046727cab69fd82f9065ab8746d08ca64303e8bb779d4097675eda31a21898025594f670cd044919a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb439b9ef76adcac018f24f867d2d010 |
| SHA1 | 11217fa8b922a806b88646300bf43a1055152caf |
| SHA256 | 169b7df0a83e128d084e90e4b6e5665b7921a873f9b0a432f48a33230daf11c2 |
| SHA512 | b8d08eb8db111bc481298ed325b3848f5c1072e3588d9f5a800de1f3e05062d3b567167496c2372addc6450b94c91f385d5493515697488360f0dc8a58afabe8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63b9824c5b85277dab9742021685c62c |
| SHA1 | 8f219e697e4d2b32c5cb86c192b3abea8f0a3a60 |
| SHA256 | 4a819941beec4e65e56e67789dc36520e4e0ebb50b78ba279851300cf318e1ad |
| SHA512 | 03a406f6a78711891d42b1dce4fb0792aebd83857ae3de3989fc1bcad4496670e1d898aa91a035d23ad09bc7aedd5dc707f9da33f262a89d5c6295cef9e53950 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03b5f91d2c0d9d3177d10344c93201be |
| SHA1 | 6b5fc5804ae256dacef07ad5e25a8d58a95d0831 |
| SHA256 | dc596b2dad1914f036cd9e394f989e79f85eb884226248d9509a45e869b38d91 |
| SHA512 | 14df2248d1c9cf6932dbda2d6c7381d9c45ed1f4f733811d9d544563eaeab2f998476fe97ef91ff07fb1bff459dc1d872946be8d8a44bc6666f96b078f3a332b |
Analysis: behavioral18
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win10v2004-20240508-en
Max time kernel
124s
Max time network
127s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Autoserver\gmail\login.js
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=2668,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=3684 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| NL | 23.62.61.56:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 56.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win7-20240215-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Autoserver\hotmail\step2.js
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Autoserver\mailqq\thankyou.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86a5b46f8,0x7ff86a5b4708,0x7ff86a5b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,15307748499424894173,7749933013286809468,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,15307748499424894173,7749933013286809468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,15307748499424894173,7749933013286809468,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15307748499424894173,7749933013286809468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15307748499424894173,7749933013286809468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,15307748499424894173,7749933013286809468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,15307748499424894173,7749933013286809468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15307748499424894173,7749933013286809468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15307748499424894173,7749933013286809468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15307748499424894173,7749933013286809468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15307748499424894173,7749933013286809468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15307748499424894173,7749933013286809468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,15307748499424894173,7749933013286809468,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3156 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.loveyouremails.com | udp |
| US | 8.8.8.8:53 | www.chinastor.org | udp |
| HK | 101.33.32.95:80 | www.chinastor.org | tcp |
| HK | 101.33.32.95:80 | www.chinastor.org | tcp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.32.33.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mail.qq.com | udp |
| HK | 43.129.2.108:443 | mail.qq.com | tcp |
| HK | 43.129.2.108:443 | mail.qq.com | tcp |
| HK | 43.129.2.108:443 | mail.qq.com | tcp |
| US | 8.8.8.8:53 | 108.2.129.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | res.wx.qq.com | udp |
| US | 8.8.8.8:53 | rescdn.qqmail.com | udp |
| CN | 42.236.6.191:443 | rescdn.qqmail.com | tcp |
| CN | 42.236.6.191:443 | rescdn.qqmail.com | tcp |
| CN | 42.236.6.191:443 | rescdn.qqmail.com | tcp |
| NL | 43.152.42.192:443 | res.wx.qq.com | tcp |
| NL | 43.152.42.192:443 | res.wx.qq.com | tcp |
| CN | 42.236.6.191:443 | rescdn.qqmail.com | tcp |
| US | 8.8.8.8:53 | 192.42.152.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| CN | 123.6.33.57:443 | rescdn.qqmail.com | tcp |
| CN | 123.6.33.57:443 | rescdn.qqmail.com | tcp |
| CN | 123.6.33.57:443 | rescdn.qqmail.com | tcp |
| CN | 123.6.33.57:443 | rescdn.qqmail.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| CN | 180.95.234.140:443 | rescdn.qqmail.com | tcp |
| CN | 180.95.234.140:443 | rescdn.qqmail.com | tcp |
| CN | 180.95.234.140:443 | rescdn.qqmail.com | tcp |
| CN | 180.95.234.140:443 | rescdn.qqmail.com | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| CN | 123.6.105.194:443 | rescdn.qqmail.com | tcp |
| CN | 123.6.105.194:443 | rescdn.qqmail.com | tcp |
| CN | 123.6.105.194:443 | rescdn.qqmail.com | tcp |
| CN | 123.6.105.194:443 | rescdn.qqmail.com | tcp |
| CN | 123.6.105.199:443 | rescdn.qqmail.com | tcp |
| CN | 123.6.105.199:443 | rescdn.qqmail.com | tcp |
| CN | 123.6.105.199:443 | rescdn.qqmail.com | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| CN | 123.6.105.199:443 | rescdn.qqmail.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| CN | 180.95.234.213:443 | rescdn.qqmail.com | tcp |
| CN | 180.95.234.213:443 | rescdn.qqmail.com | tcp |
| CN | 180.95.234.213:443 | rescdn.qqmail.com | tcp |
| CN | 180.95.234.213:443 | rescdn.qqmail.com | tcp |
| CN | 119.36.226.236:443 | rescdn.qqmail.com | tcp |
| CN | 119.36.226.236:443 | rescdn.qqmail.com | tcp |
| CN | 119.36.226.236:443 | rescdn.qqmail.com | tcp |
| CN | 119.36.226.236:443 | rescdn.qqmail.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecdc2754d7d2ae862272153aa9b9ca6e |
| SHA1 | c19bed1c6e1c998b9fa93298639ad7961339147d |
| SHA256 | a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7 |
| SHA512 | cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2 |
\??\pipe\LOCAL\crashpad_4716_FLIWYWHDUNQJLZVK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2daa93382bba07cbc40af372d30ec576 |
| SHA1 | c5e709dc3e2e4df2ff841fbde3e30170e7428a94 |
| SHA256 | 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30 |
| SHA512 | 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c87b6bc82a4739605514f7f70e1a0e83 |
| SHA1 | 1d65b4e99d27c3da16e7ea04528a1f1e7b4f29fd |
| SHA256 | 482933156c3147de9d8df2f15573327cc60d9e429cb8d406bf19fe47f34c9aa0 |
| SHA512 | 355b29ce17e068018454f7b93625f3237f60e10b9f985cb4e4713927c67491c571c84c88fb40cfe019348dd915829c01822756f5bf78aded78f593c6bdac20e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8d93419d41d83305b039801395dfda37 |
| SHA1 | be7fe6592b0bb2f17d8bc51c5a07c790cf5f3bcf |
| SHA256 | fc5c7eef11d41f9a0419fc5c2ee1b01ab4a461ba045bfd1cf895f2ec8ece6485 |
| SHA512 | a9a92d3624604eba21dac1134fa7a4308ac8558e5178494e9b11b576e27ecfe6edba14ff868d0d30bcd654c688c8857af38262ba5733607ea0e3b709909ce9b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 962a8cea5f0814a697c134042576313e |
| SHA1 | 57cc44fa61383deee5840c5ec91891a25f603baa |
| SHA256 | 4d3469e013705c9b6cbe7007bba5538fa1c2dd6e8efe9178f22ed98fd8f20143 |
| SHA512 | b652dd48e7ccc885e923586d3ded23dc08f543d5079470ae1bb64f7c6dde2d85229c57c74454c659bbff3cb5e58d3feb7b409ccade0c937efc2068c7f5ddd23d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 717ece5a19c1b51ddf14d2bb2a0aae3f |
| SHA1 | 77ab82d223537b2a56474857c046063b36dcac46 |
| SHA256 | 16980b86c27840c2bfaca6017c4c88f09ad0da14785f38bac9af40a5c397a35a |
| SHA512 | dcb22eba260b9af55f2e235907cdd1c58ea1742c2b237febb4747544f505f62e375733ae433b3312caf0e4a958b0b6254f1aefc79d024d07d754939c940fd149 |
Analysis: behavioral30
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win10v2004-20240226-en
Max time kernel
134s
Max time network
155s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Autoserver\vip163\thankyou.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3952 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3904 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5236 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4832 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5524 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6000 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4580 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=5412 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=4840 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=5860 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | mimg.127.net | udp |
| US | 8.8.8.8:53 | mimg.127.net | udp |
| US | 8.8.8.8:53 | www.mujjo.com | udp |
| US | 8.8.8.8:53 | www.mujjo.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| HK | 103.129.252.61:80 | mimg.127.net | tcp |
| CA | 23.227.38.74:80 | www.mujjo.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| NL | 2.18.121.23:443 | bzib.nelreports.net | tcp |
| HK | 103.129.252.61:80 | mimg.127.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.38.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.252.129.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mujjo.com | udp |
| US | 8.8.8.8:53 | www.mujjo.com | udp |
| CA | 23.227.38.74:443 | www.mujjo.com | tcp |
| GB | 216.58.201.106:443 | tcp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.168.117.173:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 173.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.com | udp |
| US | 8.8.8.8:53 | 163.com | udp |
| US | 8.8.8.8:53 | 163.com | udp |
| US | 8.8.8.8:53 | 163.com | udp |
| CN | 123.58.180.8:80 | 163.com | tcp |
| CN | 123.58.180.8:80 | 163.com | tcp |
| US | 8.8.8.8:53 | 163.com | udp |
| US | 8.8.8.8:53 | 163.com | udp |
| CN | 123.58.180.8:443 | 163.com | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| CN | 123.58.180.8:443 | 163.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 163.com | udp |
| NL | 23.62.61.56:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 56.61.62.23.in-addr.arpa | udp |
| CN | 123.58.180.7:80 | 163.com | tcp |
| CN | 123.58.180.7:80 | 163.com | tcp |
| CN | 123.58.180.7:443 | 163.com | tcp |
| CN | 123.58.180.7:443 | 163.com | tcp |
| CN | 123.58.180.8:80 | 163.com | tcp |
| US | 8.8.8.8:53 | 163.com | udp |
| CN | 123.58.180.8:80 | 163.com | tcp |
| CN | 123.58.180.8:80 | 163.com | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| CN | 123.58.180.7:80 | 163.com | tcp |
| CN | 123.58.180.7:80 | 163.com | tcp |
| CN | 123.58.180.7:80 | 163.com | tcp |
| NL | 23.62.61.88:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.61.62.23.in-addr.arpa | udp |
| CN | 123.58.180.8:80 | 163.com | tcp |
| US | 8.8.8.8:53 | 163.com | udp |
| CN | 123.58.180.8:80 | 163.com | tcp |
| CN | 123.58.180.8:80 | 163.com | tcp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win7-20240508-en
Max time kernel
133s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000b9827a86e6cbf6fa1f58abd88b0d09e24cb820ce5dfdbd1082148f1df3c34d27000000000e80000000020000200000007b31641b1b7920712d43e1a93da1a1f35fbd3f253dd4f444784daf3c830acb8290000000b2c01a60281fd7a1bfcc69a0d9a0f91bed18ac82d435b7be035db942aa128729b1d3f9655f606cd182ffd8469e14454a1bb9ea60be775c245715a53546e705476c33fb61c548ba2f8d6ea195a3f4c3ed3721c7fd6ddeeb962f158f635741764d31fba3aa55cb45ec64b14c7dde16d3e8e02a69e7e3558b55cf55e35266b11c2812e16d03c20f42106b09d09bab08d548400000002af54a867903eed3c29370ea76e4d1fb63afd799b2834de714cc430349b146b79141327dcbd2ec1326eb91f673b4fba87c068e47101df2d56bb21ad3867c2a09 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421673838" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000f0a7d2e6da5d6a1a91d0d8169dd60cdbbf826501b866c98f8d6d671d9b556d7f000000000e80000000020000200000002221232af8bfda5db66ca6cae2d71553d52845e2edee59b13a426ca0d1000b9a200000009bd4f85dedc446843f68d19363768df7d6b7db8b3df1f0e512a1b733d608f12840000000fbd6469c20a1ce4cecdd4a08767f06adffe1f6cd408e554f47f57d0fd9e777fe02296b28089c9a9ab34cc2878ab4b8823895405b1fbb2852a3b0b0bab3568840 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A3CF7671-104F-11EF-91D8-D6B84878A518} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d05c50785ca4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2008 wrote to memory of 2720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2008 wrote to memory of 2720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2008 wrote to memory of 2720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2008 wrote to memory of 2720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Autoserver\163\login.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2EFD.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar2F50.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1581fd12488ced7a5c16287bebb5a639 |
| SHA1 | 1b7254562dfb9280e154036c338859135bbc12c2 |
| SHA256 | 6b3aac18fd57f36c0ce59853a9763939f16d6e9466fc1fb0e4719bbc88a6153b |
| SHA512 | b7e0f6ccc5e4b1e6a7e5ebb529d946c13a548c1ec54736c593bcc64560f93ffab6e71078d4b52420ff83121d45c1fcffcc848cf1676c4cabcc395a2c2965f1ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fbbc1fde5062705ca7cc2a248c07084 |
| SHA1 | 7438ebdc8fb8aa610f3879df46f92cbd5ccf409f |
| SHA256 | d41443d4df316ce9bed9bcedb879d0850ebb01cb25d6f45bd8fd43fd1d882ba1 |
| SHA512 | f6531c98d1bb1db3d2ed8a1a6097dbfcda070d625ba8c9d78b55da944c860e8daff70b99a1fcb0ec5863e72c945853f694df288fc14d646e6d0a41df2a6ba1b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6658f30e496da50d8019b45c6d14acec |
| SHA1 | b5acccfe408a8758d8cccee35cdce0c1c9f2f333 |
| SHA256 | 4bebc13e976fccb4d6da2677af9fbd3a822041e50750012b80f5d451220e2668 |
| SHA512 | a3ecc124a560fa0d335fea459f127ed22e71fd3bbf0f7b1f59267af313b131765e51b646e41358f7a6936bd8942ca883896ae6a0a3e0e10a8f6c8a20ff18bb22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8f7f04ac22a0ed1c50f984b01f83af4 |
| SHA1 | 599e6610b5f5567e0eacd21e2f27deeb475f02fb |
| SHA256 | a2d02ad065358973bd7e09974b2e35697156ba1dabe48cbbf77b4c011a1f486d |
| SHA512 | 2b9a3223638f1e326731658416775b8f501fba4edd1be2299950fd4abb1b6984c541d68816548fda8e5c6309378d25270de0dec4f1980d4f1c949af4ba0aa38d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68b9257040ee639aaa0a5697aa48df46 |
| SHA1 | b420d755c27f31a799a33cb9500e31ddc0554f32 |
| SHA256 | 28c575404ec70c3b99179a42ba3741d45904ee5beee16a05d86130ccfbff0afb |
| SHA512 | c4bb0a5cef8b2622f59eee7dbe0f5ef2d3b37aab7a1b97be296c0f44f8b7e318fba94b3c474c07183a78a793c0f448b17b2da197476bfe780bd116341f0ee1b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 428963f8627eb9ae92c883cdf64f844f |
| SHA1 | f73c90864a49ea7205a086cff803e36e496e0524 |
| SHA256 | 46722dd8aacf83b96ef1774167e83409cdb7885cc5835a7ce3569e7c7dd922bd |
| SHA512 | 2b9cdbdebb64dc49d6d5b7a7503ee42f6b802fc179b4cc060e753c812fc1b9bee7d6db5c53a0df1fe06a2cf637431b2f9051b363f7fcaffbe9023c83574f7124 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1148bbe9776ea278add69e308fade0a4 |
| SHA1 | 5180bf29468d7db7f1845283ec8b8f1f25c3103e |
| SHA256 | 076db9d02597ea2d73b198c6724cf407318e11e19b79f80f201bc393272f2bca |
| SHA512 | c1dd48730e01990ba77d3145eb9f466bd2bf1c3a70428777e6fa094c9c0a0060bf88b07522a3de0ff428c58cc98588876a2281dd944dd774cd0d796a6bfbf5d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bcd5ae342401bcf36780ef16567913ae |
| SHA1 | dd82217394d137416bfaec6f902ad17aa6dfc0df |
| SHA256 | 90acfe1341812d637593c4e847338bd63c86493d6cca814e0794aefb98fbc33c |
| SHA512 | a1a092099c68316330d768d58b26d376253e69271a1d677a437dbe70be31c952dba13826a7ef5d51aeb4827f710f7d0f00994a7f48c06dcfc20ae947ae9d4031 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ba590c473c532955ef1544e02603ec4 |
| SHA1 | 2665abbb4dc3e8bb99916977faa6627864414d4b |
| SHA256 | e86ab53da233b6e692a5341630c82abed66c460745daefe8cdafe7d776fac583 |
| SHA512 | dd66004195004a1872775eecc3b2c8034abdd03bb7e7d20418d362cdea29654893bbb62c2f88a6dd2021a1875e78c6eb7b65124beef33608779c52cbaba74010 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b19b589dfe249e7a2aae5a6275da24a2 |
| SHA1 | 1275d1af8eb44ddf27e6f502738e94ba1e86bf21 |
| SHA256 | 6263a191ca0c9ca7c2dbe684badb77fd4319b289ba7e41005af5952d2ec9d529 |
| SHA512 | 97162938277458698f56de22b0432e3b15054eea1d11eed451491e221822315ae02091dfefb774b8f0829730097a48ef79ad3e026af811341db15a6e537b9fc4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d9de13d1f307faba696bafc8ccaf13d |
| SHA1 | c2327e3f3e31789322da8b2a03114612043d5788 |
| SHA256 | ed17e0089779d1aaabda502d533e15d00b25f87826c9b947f1729d07154c97d0 |
| SHA512 | ec7a8432c98228a0438d82cc2d99cf691167095a48b0052df27b9100e619298b090be9af5f1453931e4b2c9d04aa55164ff065758b6c66a2206a2e0abf06d94d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bf668c3500ebdcfce0a44df2fb44d64 |
| SHA1 | b2d30864cd2009465bca7a4a672cfa93581ab5a8 |
| SHA256 | ca43caf185739861f518a80a1d3fda4cbcca96f91e735ce5bd43173dd03d1b92 |
| SHA512 | b3ecefcb8ad7e2b30fede4071cc638fb99a4469b14f4cd7021ddb42528052e390bc1a49f51e6c211dd163aead617153f79ccf7dc068b3a85f760b2b2df570295 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a26f67daa35f62142f249e2e9f24d2bd |
| SHA1 | 6d3b387ae8dcc89873864217db3c53d3869a081b |
| SHA256 | 6bce724f45c12b60cc10778517aa3f0bc82e890087b1e485d2f4eb5b6ba882fd |
| SHA512 | 9ca69a78334c2b491b97cc97fec4f2e31fe35db475287af5c9f5baa99e5ae313548b9bd828314e943f84868890f8a1a8b2a654b4152729ed4a9f7694b8111cf2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bbc20eee30faa8d0301737e297ae60e4 |
| SHA1 | c9c131e1b91d9356cd6f7c290cd00d1f4edba7f0 |
| SHA256 | 046a7aaaa33b6f5b406d5a666cd0c480a24266ecdb131e0bc834dcf44f8d0f78 |
| SHA512 | 0b40ffb3a0430bfc60eb14ffb0833ec4bdb5a44b678dd29bc0129afd2cf685b269044f1a3534d91e00fa39420f87c046508dc18e171bdfc2f36c7e794a1877ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92e883768e218f89418c789316127288 |
| SHA1 | 289308e087a38075d65c064ecf26568abd27b6b9 |
| SHA256 | 939a30ae69520325c57e80804db8b95583a42ce96dcdf897248b23bb88058128 |
| SHA512 | 6ff8bd172cdce1936ee4c056d34932ffe723a8a2a812d2168bcd6904edf2d55ecf43c08dcaed0f9b7c3962073d63bf8fab4f226d0e5c47b669c798745b95ca1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f35b34de8a41874f09ab0094df5ac4a |
| SHA1 | 4c6453f7192f5f8deeafddf82e658e03e7eb8837 |
| SHA256 | 4938db99e80a1bfe7234e30ff4cc0981745925dea9b1103dac33a35504334421 |
| SHA512 | f7dfff8b9696f14fb07d012a23a9a61a3e762070030bfd434a4c076c5ba0436908738696a75e1c2ea95391bc72ccc5e39c8c7530fd113f52cfaca77f375e208e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | daf9bac0d2248e80092e58f3a03d6ba3 |
| SHA1 | 8f66c6a421d8ffffa8f4571db9ac20bc475d89f5 |
| SHA256 | 72a911c48898f3f159fc675c137bee7403d84c3cce5a5aab23d5e894bb037a23 |
| SHA512 | 6b8063b27dda7b0d88fb98ade13c3c2dc00d81418301a33db6bb65c86abaf97939d726730ba66ef0b9b766f953338d37451776d7e6f0d45bfe02c3318c86429e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f1b80cd06b3a8ad0a5ca6afb960a741 |
| SHA1 | e3c287bd9ca87bbf597b3c26375534dcc12a11e7 |
| SHA256 | ba10fc0306cbb2aa4348efb8297bb73137f02520c8145401ee49aac38abd3f5d |
| SHA512 | 4efcc43b6ada7553e399ebec8badc14ffccc018024d0a2927faf085920e12f18c7cc911a46749f2f20f246e8da86f0e47c6da90dfc5bb48c83fb835070430637 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5555fafe96375a81e094ef3a8833985d |
| SHA1 | d0c8eb89fcd3e185002aa566050b5661d5012378 |
| SHA256 | 52c92ce5d583b8b493994f641b62de15364d0328b04b5a683ba0b10298b961d2 |
| SHA512 | ed2e826a4afb72a0b82d5c1a8d28768196c8fed51e67c05ab75a1bd03917c1fabd575372addeecfdda0a905319c0da09f53e361ef74167426d0782374a4ec9e8 |
Analysis: behavioral8
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
140s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Autoserver\163\thankyou.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb576846f8,0x7ffb57684708,0x7ffb57684718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10293612671498278088,4796157761208919830,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10293612671498278088,4796157761208919830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,10293612671498278088,4796157761208919830,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10293612671498278088,4796157761208919830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10293612671498278088,4796157761208919830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10293612671498278088,4796157761208919830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10293612671498278088,4796157761208919830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10293612671498278088,4796157761208919830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10293612671498278088,4796157761208919830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10293612671498278088,4796157761208919830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10293612671498278088,4796157761208919830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10293612671498278088,4796157761208919830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10293612671498278088,4796157761208919830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10293612671498278088,4796157761208919830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10293612671498278088,4796157761208919830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10293612671498278088,4796157761208919830,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3380 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mujjo.com | udp |
| US | 8.8.8.8:53 | mimg.127.net | udp |
| CA | 23.227.38.74:80 | www.mujjo.com | tcp |
| HK | 103.129.252.89:80 | mimg.127.net | tcp |
| CA | 23.227.38.74:443 | www.mujjo.com | tcp |
| HK | 103.129.252.89:80 | mimg.127.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.38.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.252.129.103.in-addr.arpa | udp |
| NL | 23.62.61.88:443 | www.bing.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| NL | 23.62.61.88:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 163.com | udp |
| CN | 123.58.180.7:80 | 163.com | tcp |
| CN | 123.58.180.7:80 | 163.com | tcp |
| CN | 123.58.180.7:80 | 163.com | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| CN | 123.58.180.8:80 | 163.com | tcp |
| CN | 123.58.180.8:80 | 163.com | tcp |
| CN | 123.58.180.8:80 | 163.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.121.18.2.in-addr.arpa | udp |
| CN | 123.58.180.7:80 | 163.com | tcp |
| CN | 123.58.180.7:80 | 163.com | tcp |
| CN | 123.58.180.7:80 | 163.com | tcp |
| CN | 123.58.180.8:80 | 163.com | tcp |
| CN | 123.58.180.8:80 | 163.com | tcp |
| CN | 123.58.180.8:80 | 163.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| CN | 123.58.180.7:80 | 163.com | tcp |
| CN | 123.58.180.7:80 | 163.com | tcp |
| CN | 123.58.180.7:80 | 163.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| CN | 123.58.180.8:80 | 163.com | tcp |
| CN | 123.58.180.8:80 | 163.com | tcp |
| CN | 123.58.180.8:80 | 163.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_3104_FPNHWSIWFRYPDWNJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 94f6ab762070937c8ec442876348fd73 |
| SHA1 | 1946e222cce7f7526dbeed8d1669364aa4489961 |
| SHA256 | f2ef2eada7eb72f90f37d4f20979f685f1284f32e6b7c78c3408dfee9a5cacec |
| SHA512 | 2a06e749c1c529f342c1224b84362aa3eb72f99222537c589e9161fdbc2e5b9d049035b2604c7dc999a8b194b4f7a58fae6d7d0a3ba09bfd26348a5135aace6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\24551e57-baa2-454f-a4e5-fe7bdefff95b.tmp
| MD5 | 8484b8a65b8ea79b4ec2d3c6dd1d0ee8 |
| SHA1 | 81612f1adf54db56673e519cf716fbfc65c7ec84 |
| SHA256 | de1c59c01533538113d87c669ba145796c1af76c47b0f93e8938ad1b75c6e2c3 |
| SHA512 | 826310d4e2ce55639148d2fff12f72e72de923cac9fb6f52f305984e3904e4b8116b84f86ec0e331aa77ef92a94e8841c963ce4f45bd3a468a750662a50278e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3b08003ac3b44817e46f7ddaa6c2684d |
| SHA1 | 536c5e55c6cdc41a55e1cc355d8d1d8d1d31b208 |
| SHA256 | 4d5af0acf585e32cb54ae9d80cf6041aa2a42c3f9c7533144a77b11ff23508a0 |
| SHA512 | 43e804b0e0127ce7c07dcf29369fe3f7bac146d5b7c68bc6964377be7dbf9dbb0f2d2fd4c13e2caaaac8aa925946ac325a5722d8bb08e8eb9c088fd6e2876799 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 908ab30323b7916eb431c2f4992a1bae |
| SHA1 | e87ad43edf505a34c2079afb892500981b4cd893 |
| SHA256 | 73cdf18e39530b6e2c1a6c4b9d73e0e7050160020eacd1d5aedff25090a59973 |
| SHA512 | 95da9eb95eed2a27fc5aeba372f58de1792cea84e24d2c6055f7f2b247f837f3abddefd27d37317e5f3e365945224c7dadfc4d3068bde74b7bf5960593753a8b |
Analysis: behavioral15
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win7-20240221-en
Max time kernel
121s
Max time network
128s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Autoserver\gmail\index.js
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win7-20240419-en
Max time kernel
118s
Max time network
120s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Autoserver\gmail\geoplugin.class.js
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Autoserver\nv\thankyou.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5eb246f8,0x7ffd5eb24708,0x7ffd5eb24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,8644690250419678917,2761952780648983514,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,8644690250419678917,2761952780648983514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,8644690250419678917,2761952780648983514,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,8644690250419678917,2761952780648983514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,8644690250419678917,2761952780648983514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,8644690250419678917,2761952780648983514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,8644690250419678917,2761952780648983514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,8644690250419678917,2761952780648983514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,8644690250419678917,2761952780648983514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,8644690250419678917,2761952780648983514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,8644690250419678917,2761952780648983514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,8644690250419678917,2761952780648983514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,8644690250419678917,2761952780648983514,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1320 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | markezine.jp | udp |
| US | 8.8.8.8:53 | www.ipnomics.net | udp |
| US | 172.67.137.77:80 | www.ipnomics.net | tcp |
| JP | 114.31.94.142:80 | markezine.jp | tcp |
| US | 172.67.137.77:443 | www.ipnomics.net | tcp |
| JP | 114.31.94.142:80 | markezine.jp | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| JP | 114.31.94.142:443 | markezine.jp | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 77.137.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.94.31.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | nid.naver.com | udp |
| DE | 203.104.163.42:443 | nid.naver.com | tcp |
| DE | 203.104.163.42:443 | nid.naver.com | tcp |
| US | 8.8.8.8:53 | 42.163.104.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.pstatic.net | udp |
| NL | 23.48.132.65:443 | ssl.pstatic.net | tcp |
| NL | 23.48.132.65:443 | ssl.pstatic.net | tcp |
| US | 8.8.8.8:53 | 65.132.48.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lcs.naver.com | udp |
| DE | 203.104.162.225:443 | lcs.naver.com | tcp |
| DE | 203.104.162.225:443 | lcs.naver.com | tcp |
| US | 8.8.8.8:53 | 225.162.104.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.112.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_3608_PFZLBJTDNCRUUTKP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 02d4e8d66b7802aa0e7f36ba220d90cf |
| SHA1 | b3cd6bc73fa958f3c990835dc7c70839d8839868 |
| SHA256 | 7aa816ab1e89f12304599f509e0870f45f458082fad9fb71cb8214bf855e301f |
| SHA512 | 3ce2a1771bb657f4fdc750949bdc21300298fe21f5225e0ae1e117cb88320b1760396f9484041d7b7d039989d954b8612084855d58a2facde6c09ccda3fd3e91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 23800f26ff6b8f0eca4fdd55df0a817b |
| SHA1 | 10bbda8a63e96bb16d2cea2e9f5f27635ab44ac3 |
| SHA256 | 072d5eb262f83e93d7f6a45bbd6a72ca5c3f4fe4882a3af1c384594557ec7f9c |
| SHA512 | 7c9fd7b32ca70d4b99d73f495529bcc5bc7affd9a194c63bc0ecb17dca2ec250d4554701705a40bf796abfb0aec106e3b2af7883f55a56e715dcdf32243a7fff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 045847719277234f6f4e04732a94532e |
| SHA1 | 36dd703bca654c95907265c35f17ec799c405619 |
| SHA256 | 9ef460326589ecdb0dc67001868c805b2a4fd038bd9d8bf097763e2da0431570 |
| SHA512 | 7842fb4a6af001e95db8b7b76ed1005e2e96c65eac983d10601b6f772392667fe91ba7f7d0a19fcbdb07c8af40d2f29be23e38f0c1c44e2b9fa124cdd72410ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f901c3f1e2eeea1963152e48a4a168c2 |
| SHA1 | 78fac6102ed0f85ca59ff6783c151105ea975dd2 |
| SHA256 | c3133ec1dc529bab5e81864ccc2c9102e0c3b0e49e666f72dfbc5cadb6816afb |
| SHA512 | f4bfc807c6d3673c79ab545ea9013d77b6d173998abd1f68fa668f3f52b4bb8e322d0365c69db9156bd4cbdd8cef23878b76299059efd0d489013e5deb6410ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bcdf349a0cfda1a5d399f63f7da3423d |
| SHA1 | 859b8348a4109c60b042e31377950d196e1da722 |
| SHA256 | 75b717eaa5cad99897da02606fd6978241dff52ba57f15756e8c18d342185b65 |
| SHA512 | d92b752a830eed15e2519c3a0d411e608bd6ca4320f62d51cdee00e5aac5ed09e2ba5c28b6e2cdeafd44a29cdb413bb2c63cd2fd413c96c0d0b40611f80e5069 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win7-20231129-en
Max time kernel
120s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008d07583d8b717443905914e402374ed50000000002000000000010660000000100002000000087d189527fc83029fc1fe30e653a94007ba629cb5f9c807708032df579e494e5000000000e8000000002000020000000fdfa12dda549c57ede83bdc02fd81becad6a628bb1e59ed4b4c2ab8a84cd52e420000000333c991e86b73d496b9957031e7d67c9089a40d81230c881b63b2b05f672d12f4000000033e0a6fafa0ad6e947360e3de2a93a2ce8756c3eef1a44ea28ae9bebaa1aaa06b7a6f155f9d3b1c27b139fe30f8aca50e8272cdb8ae374f8b747024d880af7b5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50ca5d785ca4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A3B96601-104F-11EF-9E06-5628A0CAC84B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008d07583d8b717443905914e402374ed5000000000200000000001066000000010000200000003a160f8e18d667473e574a4c7b40f3ba799c04f458d4f5c73647ad549ba4d311000000000e80000000020000200000003a5cc527daebaee7357d7c37304eca8736e02df022035254197da097b0895b2490000000468b52f9697c1ad280b4f84b78807b5604fcfcaebcd673cedc0ea2e360aa779907e82002ccf404e4203a8ff9145b3e1256c42aaa6dae34d2496c86e1ef6f2ce326a32a27ff677d3c7dbf4ba6afb3d8cbabcd10ee44a7bec8c17162bdbd013648970e5b10e329b347e82da43a721c1656d9a9b0fff440724865f48f9d669ece932335392cfa899c6de38b1eb1f895e9d34000000098d1babc5f962f978552822249559b03b9c20c79aff7a2945c4a7a287f99430b865b2e26b9d7e0d674a6544c681454862729eace3e5c92192f2dd5f474b13903 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421673838" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2380 wrote to memory of 3000 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2380 wrote to memory of 3000 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2380 wrote to memory of 3000 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2380 wrote to memory of 3000 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Autoserver\163\index.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.88:80 | www.bing.com | tcp |
| NL | 23.62.61.88:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar21D9.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1db2e75c02ec4b0fc691526513149d7 |
| SHA1 | 7cc2dd5599ec0443c55a4bcdae6339fee6e58e65 |
| SHA256 | d7acab8f989ba74ab89f6fb72a67e5b9639d57625751a15dae1a44e9a1a34352 |
| SHA512 | c7c74b952fef68a361f197e8a6119ba9a906b45042f85a673cfa8af7a0d8c9807708018fa319000e7f44fd4b4f53f7ea40beffe8aca5097579b4e7832763fd32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | ca5215184563750d32cd35544bec0a2b |
| SHA1 | 2e70926fb626042cd8947355bc62955423f218a5 |
| SHA256 | a5f0e7e200f4812c5d10f54214ef0e4aa72131080b3f1355712745ffa22be759 |
| SHA512 | 3695d2ddffda3189dd77c26c7e3c1c75cf81cdeb196388d3e94c578a80faaedb74715ef99f5b16e640e19c9169cb2a9ef0a062366dfb5166ef4bcfcc11aec97f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28a8733dab95ec3b3920a62d664c706a |
| SHA1 | 47881921e770c29a5934f8b65a9e9b6e7ebea30c |
| SHA256 | f4bb41a2a9f6764627bfcf86a4544ce4e7c163d320576470bb55d853f4ec2fa3 |
| SHA512 | d32ebe5eee2aa40ec4e9823bbc720c5b073c6dbffd2bebdbb70244f1472b665c58166360998bf4118ab9df9093f81cba24234d0f8b88aa95c6f90ca514485aa8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f2fd39ba969192e9b718507a3175a1f |
| SHA1 | 17d3ca8dc86833941b1f778196bdec6df7179307 |
| SHA256 | 36658a3b9407a34ae8ce68ae0ac9f51adec26a9fb000bffe7e7b93755dee25dd |
| SHA512 | fc1c8e6bdbe814f59b18bb3023c3539a44715a8d6b3d7960494dee96b0ad2c94972a507cda4743e0d722f2c0d860282f7749f2ffaf68c481a6046f945c082f69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b99fa5b58eefaec1c9ea02c0bb0467b7 |
| SHA1 | 48de16a05d2ae05641c2381cee416cec11a87d1a |
| SHA256 | aa7df79df9e462d5e65a7c6ac2e836f6e5e2f82628ce36151b902e21965e9ea0 |
| SHA512 | e2beabbe0ab6889abfee09e853c531fb2117219f2fa3efa1fff99aa891c8b17aec5e1fbfdb6c5575ba417f237055da1b12d792f3bd518931d7cc0aaf9fad61df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff84e10ef9a34d86ed7f4503b5e59627 |
| SHA1 | 2c015ca7aeab76a6753c8d8b644dbf47ab10344c |
| SHA256 | 909be8873d9fd434950c111f72944973e3df2887b7b3060c22bb6a1038668b0e |
| SHA512 | ecf9d23bced6ac0b717d36ff1455aed0b150bf95ceff0df0466edd9eb837e0d8a4b511faf4c8717934c594482897095f2a44aaa37ed119672a6f27dc813beea5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e49dfb480b3e3d3fbc16870f39d528c |
| SHA1 | 12bddda9d914a7caed70f7490a3e0decb6a3d88e |
| SHA256 | 6f9f6a396937af4a5cb21f1337d2005be88f8b4fd75c4233636bdd32ebfa41ed |
| SHA512 | b64250345a8a34646112a4b85c155fb39e0e925f80bb2bfe12e5e8e8b2e0ab2d28c10ffbdefa8e357ab22c9e4a43e2da4d355274eda85c71d2c73a8ebb76b9ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 1f499e30bf9e49f8c6112ddf2efe6646 |
| SHA1 | 12242391a49b910d1864051217ceeda55321c1de |
| SHA256 | 5915c2bf0940c9e1ebb62677ea08bdf97b214cca2f50f5e1733006363d6f6550 |
| SHA512 | 6287ab15cfc500e9ca852cd33bdc2f2c47f99cd6123957fe91a48a70f855c33f0961161987cbd9a41530634e898d3dbaf7fe7e864ea8e09ede7226ea9f5f28c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a8baa52ad48726b7b280bfc9755e212 |
| SHA1 | f04898aff8768d0874234b607c020b9e6561f3e1 |
| SHA256 | acb1a56f3245369febc00f5051ca69cf325a58d68af693654309721e3ede09e3 |
| SHA512 | fc9499d48639506585a95725534dd7b81ebc5fb2a3a8dbcf3754bec886c7e53f5de958bf18fc6c9aaf54e83a6946282173ea4cdc964822ccfdf34286330483fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd71e6a06fbe9972a989c25b88ab56f4 |
| SHA1 | add30ad1268e7d8d71025199923718509ca41d5d |
| SHA256 | 6a9665cb7fc03567226ba6cb7ffc9f503ce78c5ac753afbc5043c6aa52e909b0 |
| SHA512 | 5fef73e918a08aee8a4a5d704c8756a505b6dda407ca79b2760e8dbbff3c1706331baae52931e6ecc4e7c01d23c17983603b05d79bcebab507232d7f8a6cc70e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b22a584b7f961ef434e4327039ee474a |
| SHA1 | 7b999be9ad0c8db72cb0f098b528836db32b0804 |
| SHA256 | ecdf6be9f3ad6ab4dfe6a1b9b30531a7e81c5c28aaa105728ea05c8b028e4eb8 |
| SHA512 | dd794d99c8eb806d81cc91053fa6900180913813a23d1713bbdcb32450d5f5d0f6dee5aebe119161726e6ece6e913cf0100010af0af5993c236a2832980e06aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a9e80214cffe6b8299ad8c8153a08fd |
| SHA1 | c40bde5000b780a96451bec4a13fb89e30c08d34 |
| SHA256 | be89c7a8de73db9f771ed710503a0e1bba6121d1e334aef2080ade641989a05a |
| SHA512 | f9e5d314b8d60cdce5c7efa5d074c667411eaa53c41763f7af39543de944216ed6142127abbbeb834bb65b221c826b721799e4133d21cc1d4ab726c9f3b7ccda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc256412b0b012d78db39fb2154e890f |
| SHA1 | a2ee3446b4716f182f5f645e183fa8451b803a21 |
| SHA256 | 79ef54bcb6236f1c261538e59ac46b6ba617c4a1e3c342325c6cd7fda341c68a |
| SHA512 | 7790b14a6e65a11fffa40d92477c392f3bc2186cad95825d0fdd49bce3e34b84abe09e4d3ceb9171f428ba61be80dbd5a292c6a12d7c866c54483bafbe0916d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32de030834b35e0ab40879a866bd2cb8 |
| SHA1 | 2ad0fd57baf52073c329132cc1cd01a3ea2aaf2d |
| SHA256 | da2248640ef565d2ce48f48c4cc796b6346bd2d2c71406d095a9db1a97a25ce2 |
| SHA512 | 2f99417450e9ac60de0338aa2bd091a5e01de8777dca102f1c1ae6db4a2d55963c7c4562d4c22742fb2dce7380a0d092bc1f05e180c95aaa99bd2e8001f0576c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd5d2f075a15f7a07c271222140216bf |
| SHA1 | a8b3a7cdc8ba6af1b5fe057a26097b52f2749d66 |
| SHA256 | 8f112746ce20b7a62a08b0928dc85078fc3dac87a847a5774d2103c7b6aee2b2 |
| SHA512 | ba99b20dd2782bed4b69ad7a8cd1dd3f25ef8de0152ca3d5fe3126c1f12001072a7e1859f5026650fd637d5c19816d02e45e2dd8e90af132726e932ff4a4ddaa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8bccf7f7568ed7749bc0f2aebb0148b |
| SHA1 | c520d740e60fba7c80585836217f1a2eb110d800 |
| SHA256 | bcda6a1faece05baada0e095e714a532866fe1016dcc35e4d08e274be468b13a |
| SHA512 | c8588f03de7d5907858e6f8af7bf528d13ab03abf801498055c00cd01f869b8c53deb53a7169d0f0c1a8b8505fa4f727c7c4dd270692cd8f94632ca9005a320b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2ce5816e81f173cb40f66932b5245d2 |
| SHA1 | 1e58089138bd74863e625368f553867aa2da099e |
| SHA256 | f728b50202396d902c6dfc19cc2a7035c8e07d282321148ea282d6a639747fde |
| SHA512 | b281e55cbd6907c72018905c9c3b0f8b7c188a11eb44dec699cdd0fc6be6285ad1e4f1f93641c3ebc83dfabc37014e7d18322ce5e4d5451a19be0793577e4dec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2baf3d8ef05461a2dfed78a8a734c5b5 |
| SHA1 | 455f1f6179fd0d1947a6c504781eeb0809973257 |
| SHA256 | 3c29c9fe11c0f6ef5bdeadc25fab52bd8dee4e4d367279619ad7ec716ffc9c27 |
| SHA512 | eb62dd1223b35d74dd17bcbf4f50171c5a0f292d7fc933136864f5e02ae190673fe82b96258f39268204fbf8ba147d1643ea5f1f91552d1dfbc00f50b9de2771 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47b27b08067b0170d320bdd4ac6c9927 |
| SHA1 | bcafe45ab5dd7eb223eb1e385fd0b93c9eb81e3f |
| SHA256 | a138541d2e1bd051d37899399b47a5be29f6c7722cea8e2dbceda8cc50c84d15 |
| SHA512 | e50cf12602012629a8175f1f181367fc6e0a962cf640fab4ee95554b121d7c35943da09af45f81cdf2a8f2214a471b9568d2034d67a9de27aad91a9f22f6674f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee9dc5a3c53d0e2d265bf3c1a71d1af3 |
| SHA1 | 461cd27f5a70623cd12f85814be2208c912cfdb6 |
| SHA256 | b2fcb863f260ffe7d3f91825724872ef2b1d0a15b2ef9be9761b3e029b3c7763 |
| SHA512 | 7eac5c9d82d09208be856493bbfe06a5d2998b701859068fc825334b94d7e040da8ef464e510387ad53e45b75339b006b111b5afd5ef0cc80087f18791dfd839 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Autoserver\163\login.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff89e4846f8,0x7ff89e484708,0x7ff89e484718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1869330076789536680,14497737189873145937,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,1869330076789536680,14497737189873145937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,1869330076789536680,14497737189873145937,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1869330076789536680,14497737189873145937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1869330076789536680,14497737189873145937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1869330076789536680,14497737189873145937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1869330076789536680,14497737189873145937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1869330076789536680,14497737189873145937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1869330076789536680,14497737189873145937,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1869330076789536680,14497737189873145937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1869330076789536680,14497737189873145937,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1869330076789536680,14497737189873145937,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.57:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 57.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_3448_GKOLJSMXRLIDSVPN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 02f70a9ed91236f11b5f2ff2dad61dac |
| SHA1 | 53c7ffe7d226ebadddaa3afb4c415b5dfd00d6cd |
| SHA256 | 7f74227300571abc6a04dc7076958a8fd4017eb4b4364ce0db38566b55e2a5a0 |
| SHA512 | ef6a4046469b6f21d0b7f0ce94170a2ab065ef12cedca151701ff10cfb615bd184fca6fdd289c8515671705eec1391372a3efacbd1f6b5a8135e9735e30a3d5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8beed1d0dcd4e74308c6c2f3c0e76ebf |
| SHA1 | de64b519ac47c97ff8234f73caf65a6c275732c0 |
| SHA256 | 0cf399bc2610b3e54bf64cc3c95d67805f60c0afb40f2ae914ca022b6ce45bfc |
| SHA512 | 60ba197ec5c8d1c9646ef3b6bf6fc75d750e679e213e5461e3e3485ecd5c73c3af328e0a012698c6481b110f943aecdbb15d3e1609dad8cce8b16eea6e8ed779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e5379343b42485e9d20b43100a4e6683 |
| SHA1 | 9e9a53554acf06fc5408e30612628f4bc43ad59f |
| SHA256 | ab09b81bffcaa362f8edf8502ce45e177c3ae6e1dad1bc121efff851931c6408 |
| SHA512 | 886639cda9913c71266a66c0544e893dbc05710e5a01ead5514670f12cf0b1e7b01ec1e53f7267d7fb8ef46bb20fa1054ed11530d27aa2f6067c93964984a1f3 |
Analysis: behavioral10
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Autoserver\comcast\thankyou.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfb8946f8,0x7ffdfb894708,0x7ffdfb894718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11623005029760142131,7418579564745940559,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11623005029760142131,7418579564745940559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,11623005029760142131,7418579564745940559,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11623005029760142131,7418579564745940559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11623005029760142131,7418579564745940559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11623005029760142131,7418579564745940559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11623005029760142131,7418579564745940559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11623005029760142131,7418579564745940559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11623005029760142131,7418579564745940559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11623005029760142131,7418579564745940559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11623005029760142131,7418579564745940559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11623005029760142131,7418579564745940559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11623005029760142131,7418579564745940559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11623005029760142131,7418579564745940559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11623005029760142131,7418579564745940559,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3096 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.perkspot.com | udp |
| US | 23.251.152.199:443 | www.perkspot.com | tcp |
| US | 8.8.8.8:53 | www.underconsideration.com | udp |
| US | 216.92.206.238:80 | www.underconsideration.com | tcp |
| US | 216.92.206.238:443 | www.underconsideration.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.152.251.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.206.92.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.139:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.139:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | login.comcast.net | udp |
| US | 68.87.82.237:443 | login.comcast.net | tcp |
| US | 68.87.82.237:443 | login.comcast.net | tcp |
| US | 8.8.8.8:53 | 237.82.87.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.xfinity.com | udp |
| NL | 23.62.61.144:443 | login.xfinity.com | tcp |
| US | 8.8.8.8:53 | static.cimcontent.net | udp |
| US | 8.8.8.8:53 | cdn.comcast.com | udp |
| NL | 23.38.20.139:443 | cdn.comcast.com | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| US | 8.8.8.8:53 | 144.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.20.38.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.17.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | polaris.xfinity.com | udp |
| US | 8.8.8.8:53 | assets.xfinity.com | udp |
| NO | 104.110.30.208:443 | assets.xfinity.com | tcp |
| NO | 104.110.17.90:443 | static.cimcontent.net | tcp |
| US | 8.8.8.8:53 | dl.cws.xfinity.com | udp |
| US | 8.8.8.8:53 | www.xfinity.com | udp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| NO | 104.110.19.25:443 | www.xfinity.com | tcp |
| US | 96.96.229.169:443 | polaris.xfinity.com | tcp |
| US | 23.53.113.19:443 | assets.adobedtm.com | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| NL | 23.38.22.233:443 | dl.cws.xfinity.com | tcp |
| NL | 23.38.22.233:443 | dl.cws.xfinity.com | tcp |
| NL | 23.38.22.233:443 | dl.cws.xfinity.com | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | 208.30.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.19.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.178.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.229.96.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.22.38.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| IE | 52.212.88.72:443 | dpm.demdex.net | tcp |
| US | 8.8.8.8:53 | comcast.demdex.net | udp |
| IE | 52.19.228.126:443 | comcast.demdex.net | tcp |
| US | 8.8.8.8:53 | comcastcom.d1.sc.omtrdc.net | udp |
| IE | 66.235.152.156:443 | comcastcom.d1.sc.omtrdc.net | tcp |
| NL | 23.62.61.144:443 | login.xfinity.com | tcp |
| US | 8.8.8.8:53 | 72.88.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.228.19.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metrics.xfinity.com | udp |
| IE | 66.235.152.156:443 | metrics.xfinity.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_2332_ICNEHEFJSIVEVBUC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6e405e8a871c2ad01ee4ca10d2022f05 |
| SHA1 | 26078f3971721ea8d6eb57d63d864edac9ca12d6 |
| SHA256 | 72bf9addefaa9d8bf48937c4d82094850549d0f2cdbe373ebb2638178e63b150 |
| SHA512 | 90c14ed6a732f5f8b2ce05a391b29f24fe7feb419f343aff628dfb13e626e308e63992abf073a82662f33f57a33643fc904b0d5b5177b3a10b1e06eb620ed44c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dd6e106b0628295ec71f8751b8fe4c73 |
| SHA1 | c3b583a15bc42b3f50b1a911d5a96ffcf539f78b |
| SHA256 | 9d2600a5ece34721a517e14d6bd73dff3902a86170e0603e0961799cca295511 |
| SHA512 | 1f0dcb075d35c7d549a4c72ad90fd3c56e7a04dd4a2bd52847ac959b4b525d964f91353fd2ba5d9b3d6520561de94979f9cf921e1b50051cec9fa704a62e68b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f4f2fe44524d683eaf069a6c5e986866 |
| SHA1 | f0be10ff6b33898cfa93ab97cedef8cadd392c54 |
| SHA256 | 135befa4301d151fd7c941dc18ab496482b52ff2a9fc940bdeeb96f4fbfa5602 |
| SHA512 | bb137e2ca790b66e19d919b1100bd34743acb79fe08378ac4ea63e32b37bc9d5e9e98cd22fb6193481e9e66e0b0f4360b76896c7375c83a5dbc4f5a039f9ea13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fea028caa0eb3c7cfaddf0edcfad5e0f |
| SHA1 | 546470dd3dc7d5d36d07d6cdc7b9a1010f8e0a18 |
| SHA256 | 40da90701808fbf60ceea6df6ca525e785336898b4793df7259188b309abc0ac |
| SHA512 | c2ac1128a92ad78fa747f0c596af2cb2d98582347ff9d65fa5f3cd37859dc6955bc44e356a51487ea69d310a10d80e6543c3acbc03622b50d8559b73e2184935 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a393.TMP
| MD5 | ea47ebd04cb37b4d3c79b63e0ef1fc2e |
| SHA1 | a4d141b32b75b58d55e4187bf6101182e5309504 |
| SHA256 | 3529c76712cd81b689027037558d68bcfe9d547ec6f84adb4d6b8412e6089e69 |
| SHA512 | eb16695d7748a9d2cf1cdf569a7dda0b19e12390b50902a3c983b661a14560adcb2d55dc7817977b181fbbb7436ce597131d6b6b1de47efb76036f5717ceb3f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c99a8c7a69401b5dc455473b77968cd4 |
| SHA1 | 5dd3b89585c48d91192ab096f10f97ddb9342ab1 |
| SHA256 | bfa3b5a2a4ebf3ac494bcc36f80df64ada276ef2785f92952872b4db22b48ac0 |
| SHA512 | 2b510f4bcd08321bf06cfb17e7c0dd5ad2589c923445752175dae6c8b1de6d264373e244f514833532f069180e6022e9616ffe38510628be5b6436efe8327f95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d033d5cb3738a3663ac041ee9542fc44 |
| SHA1 | 368c1d0d58d8b6b39a910f6f6bf9610bfd9e9e9f |
| SHA256 | 8d00cc5a811c12d8bd7eaf9ea3ba8cb5ff372a9c2c2298f3222e96d5d3bfd776 |
| SHA512 | 97a5ee1c18835c1a3362b9d67699b6a5995baa4a5e20f4670c90a89ad4b9db2a7384f80cb9d618bd1e06058090b1cf46525ab00c6e716253b781f69518503e2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4f549140444cab7cd2a7dcf4c0b1463d |
| SHA1 | 273b6ca368476c18bc5cdd4a24fb06b1a5d34112 |
| SHA256 | b548577db0b4c93f9b75b668d5a2b61652bb3ed631b98967e7cb81f991aa1943 |
| SHA512 | bd13e1b855546a6cdf65e0e2f6232729f0dbb85c63850f40b9381de43daf848bdb6ccc7502b48fab0345a1f86f4ac6faac25e07809e728d0dbbeab122f22539c |
Analysis: behavioral14
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win10v2004-20240226-en
Max time kernel
139s
Max time network
159s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Autoserver\gmail\geoplugin.class.js
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4052 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win7-20240221-en
Max time kernel
143s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A340E271-104F-11EF-9988-CEEE273A2359} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000ed6ad4a74b58b895ef8ef864a905d9ae63361b42eb9c51b22dccdd549acd50a7000000000e80000000020000200000004d37f59529b66de4d78e5006fedd2c3146712dba7b1d5b30d3d2ff829f82585e200000009610df72a27c20ed151cf05ef69f477b026390b0866fc774859aa8c7c069a6a7400000004f344a1102bf937c3a1328b599f8c5264a38480bef3093a269e7e207f9598bc4c635b74e7dafc99a829c0aa296e2e13f618021f6c29f94e5f9b030cacacc4322 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000805f5f36df07ed7bdb4fb58d1fe2ec8f209504d7e93b4e5d4b27b61943289bd2000000000e80000000020000200000003d9f8ce98ab67755e503d6b815d59b20a2d44377382366882f991e3f60902d8b900000009073067da91b88547abeea67a50e36a001fb0a32c9dc2df685d448e014f6edd7c0fc101e7bf21a5899161c3d5a61fde691f33c9e467d6888c2d770ef482fd82df2438016db21c4f96eabaf29c5df37adc0fb50adb8fd6dda6fd52b8061026cc050a5ca5ec672c3d02854ea40fd6b98e17298c0e2c1cc453555648e9703022af3c56a6210edf6c92a7a420c43346c35a94000000070b7adf1359dd9e4eafa61e9cf3bab749c3afbef19a745a26f5b4d97671241ab1653aeecc4e0aecda54139fb1ef83ca35d14396e03f1d99bdc77c929964a949b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80d16a6b5ca4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421673838" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1888 wrote to memory of 2592 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1888 wrote to memory of 2592 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1888 wrote to memory of 2592 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1888 wrote to memory of 2592 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Autoserver\gmail\thankyou.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1888 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | images.electricpig.co.uk | udp |
| US | 8.8.8.8:53 | matemedia.com | udp |
| US | 104.26.12.171:80 | matemedia.com | tcp |
| US | 104.26.12.171:80 | matemedia.com | tcp |
| US | 104.26.12.171:443 | matemedia.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | gmail.com | udp |
| GB | 142.250.178.5:80 | gmail.com | tcp |
| GB | 142.250.178.5:80 | gmail.com | tcp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| GB | 172.217.16.229:443 | mail.google.com | tcp |
| GB | 172.217.16.229:443 | mail.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| GB | 172.217.16.238:443 | accounts.youtube.com | tcp |
| GB | 172.217.16.238:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab30D2.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar3211.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d0571c7df6e1c919315b1682d12484e |
| SHA1 | 3ce5b17a43a214f9b59ee1012c1b71029854c557 |
| SHA256 | 0ac4d9e40973d35f588d614e18de159d8813bccaf946e3ce0c2860d7f6135b6c |
| SHA512 | 334219a9f0d872983c343b6021625adbdb0dd8da216add1ee79ff4e0e2efa0572d85d40d06132047a68d7a442b89cb622b97402c6287c0e362855e7f8baa21b0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\Google-Logo-transparent-300x150[1].htm
| MD5 | 161e5b14165fe16c2e474eedf418d836 |
| SHA1 | b5332786d8e0cc1e06612005becd65bd18a74568 |
| SHA256 | 01733c7aca372597166480aca8f889695a946baaabab484a440c17d060e36128 |
| SHA512 | 1f4a6ad36b63b8a4dfecf7e1f80c5184a7b76f635d638c7a0fb39219c88f953c2060b5d27be521af06b90ba651a45f6c0e47b1f80b49f56a95fa6c5ec5dbe1b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b23f63fe33b1e3f062921e8f4c5918d1 |
| SHA1 | 8be5133e0c0f34ffc9d3c116163a6ecb601f58da |
| SHA256 | e96f88c8602463013d03bc0640826426c0e8a109387494ec4ea1cecbe85e6b25 |
| SHA512 | 2c077878c5de1c409c2d3f89453864e3daf450e54f4ce4e0b36d888cf40b0500d6a4af56e6dc4a19558b7080ea5e34be0ed5a734aaa0014391bcfddedac26cd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb9bd0542c4e3dbfa3b20ccca201b32d |
| SHA1 | 4e0df9726e7a4ed96b81c0d281c54e08bf7f21c4 |
| SHA256 | 08c9099296f32c5592e342e2a09f6e8ae93feb817f66b4dd6a5b4ead897260ed |
| SHA512 | cf976c94aa98ebadcc7dd053468c2c54a2f1b68cbbc7096b3f30482133f41a4a23bf7feb10945a0fd5f849058b635223e39b36527b38f94ee0af685c44b86bd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79fa0b2e39249f21a0f401b8d2c4f709 |
| SHA1 | 47ac098c6fa34c733edcef82b78694085282cb98 |
| SHA256 | 541a8e23017eaa7af6ebc930cf1acbf4f0efac2b6a17e775108daae9f7e32cba |
| SHA512 | 2fb808fa5051bb5ad6c1571bd4eced004f77847f6cf6862bd0a3a991b8c0e8cbe84e04a0e7a8fdc22efb1cb92370c1db0af0738b670aca7fec26629c3e1786f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d79c6a0ab617059047c09bdf0913279e |
| SHA1 | ccf41ca547844ae8cf2e14c9b5885ffd17d8818d |
| SHA256 | 7701efe1e3e66d4f5165e6a12bade3f627affd58eefe95175103e5b4d71239e2 |
| SHA512 | d1a8445fa633fc4a6ea2b2878bc3aa868a0c9559238aaf388543b6ef128695492f113a1516103ca82829bcf7d493f0c817d5349ace1798a8c3197d157032ccce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73b5371041b735c6a7d50a05f4242f4a |
| SHA1 | 6a5345b40e020437b9c2f964ff9bd9ef73d0bbd9 |
| SHA256 | a38b6d5ec2e5dcbcdd218c3971e836d7d813ca5f59c49c6dc40f7cd86c8556ab |
| SHA512 | 8f5db31dd54021cc32ca92830708124215deb0e6290b6afe782b4fc71d2156472227a1a7891f00ddd9c23566c956196a6f7dc1cc070791e6a6f9ac9636fb1cd7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b394de2ae75555782e1ebd75eb91f46c |
| SHA1 | 814069c7f5e9e625208bf76924fa52d7907ebb5b |
| SHA256 | 34da9060bffffb256a0beeb30a6606ad5f2509172f6c94b29e175c1dc6cc6e63 |
| SHA512 | 0b6cf57fdb87ea4caa8ef469add55fa6339ba9860e7ad987b83ee648ce8ea5de4e068e22b946be1c83ec9e0d10ece5baf3aca130848adfa2dc84bd36fc292289 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5acb4e3305f07f458030b4cae4419a3 |
| SHA1 | b5f12d6dab27df06f9af97ae1d81dbbb033c768f |
| SHA256 | 9ed17b7115ed1215cb986a7b44e6aaf9f0c2c8692fd075fe6770ca09dd730a94 |
| SHA512 | ed1121e1b678091a1205d399484d50d5efb84bd8d37b73e790cee2076fc3b8c6233fb32be24421d7cc426462efede53d254174e1c07d3ddc0870d8c650beadcb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ffaeeb750bdd8ee245409132dd319e6 |
| SHA1 | 89949ec7d9269dc8ee2b13ca86d01510735064be |
| SHA256 | 911aeb8790bf9729a65fe3d78d39ce3bcffb78e85dce40499ba6881010132393 |
| SHA512 | ae141d4cadc35917db423ede0998736c7749f7a413d386730f536f4db5376cedc2e45484e918833767e2e15d30f27130ee59b09083fc5b6aeb5b1004a88f58c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62c2c54e7ff142141f6a67c7bd90b15a |
| SHA1 | fca3c1706c763476ef28eaa3eac74ab852b9637b |
| SHA256 | a68d03b6370263c48e41f40ee5b863334708f56bb3e773b81c2357ed8fdf315d |
| SHA512 | b103db9c24f0633b60ef2f3b542a5a499f47b873c5daca92fff94ccca2c0757fc5fcde5e1001d9c958d8d7340ae93159739ef1b3f82ca0f7d953af254f9af897 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7db1b54f887fc6bc170702590d869f0a |
| SHA1 | 835fac8f3230cdf206b4e0eea8d649c6ef2c52c5 |
| SHA256 | abd2f915b7710149b18e46b24e681a36684fb1cf5bf920fc3475c3d301446c85 |
| SHA512 | efd79bd59065f7d182e6efdf32204903f5f733de0c26e87ab833255f1d444df352076a6eece993e5e53e42965cb2b0db75516f1e46487519d38c37ae1ab977b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_527BC5AE70FADE67FCC98047A960E62C
| MD5 | 85edcb3e4151ac275454d7ffbc72edd1 |
| SHA1 | 07be59c921bb8e0542c68d11e208d5d63c6f3b63 |
| SHA256 | fe3162188766db53c495384a32b2606e3ac7a39ad7386276b24558b1070e9ded |
| SHA512 | 62e5d5fb7137a2174a08b07aa965fb241afcc908a9cf3fe6a76cfc705de1555bf157cacaba226e03eec35a6092affc42659c98acd41ab4c7e4e673ebf4b21bb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_527BC5AE70FADE67FCC98047A960E62C
| MD5 | ca5e7315fb19c9335e18df42fbda54e4 |
| SHA1 | 3c4883f52989bbe6d3d25be5c8499da545fa0e32 |
| SHA256 | 98078ba4e6103d094feb85e3656acf66130e94406d01cc8bee20b8be2c2dd1e3 |
| SHA512 | c28687bd4c0cd943f16a4b6ea3660e8712dfa663e87b4f63610b5afd70a6bfec7a318d7cdc8a3c6a482c823733ba924df60c70e2ab9fb6111e11bf28f864b198 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\3pl5scb\imagestore.dat
| MD5 | 8987458bf0595531ab30beb402109edc |
| SHA1 | a6a3906a37d02414d7170051d6c27e764efb320a |
| SHA256 | eec0f83ed40ae52bc6ba69bd5b8ccf352c3d0b75f2fb80a5418dd27541c82974 |
| SHA512 | 19e2b49b6372d01b76ffcb54ce8eab7338119cac50f4716d285abcad3d3268651485941a3b847ee2a48e01d7b89c2aed6797520db82eeda3a39163fd23112607 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\favicon[1].ico
| MD5 | f3418a443e7d841097c714d69ec4bcb8 |
| SHA1 | 49263695f6b0cdd72f45cf1b775e660fdc36c606 |
| SHA256 | 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 |
| SHA512 | 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f360e954ad1c3e8c7fbf7025a4efd496 |
| SHA1 | f1f3a44c890ab3de002addb8ea926582230f1891 |
| SHA256 | dcd8c8e484bde4299722a53d82cad3cf52f4a851a6c73d6c292b2168e0bcfb87 |
| SHA512 | cc417e210adeb8a2b9c2f94c997b1b94240cb5340103b1f0ba7105ee79678c84c2fa5bcc69ac4bc8f42789a9be7066fee00df2a81c21479297247cfe5d887269 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 1d726d5ac037feca28e417642b9c0dd0 |
| SHA1 | 6170bd8fb373f563ebcfcd9887aaf8a22a511e64 |
| SHA256 | f833dd605ae2328f03fab354e9eb8fe9009a47009375c584398c7515c90914d8 |
| SHA512 | 2452662435f31c72aecdf2768ed63b6671ff2fdb3e048a338ce9e45ff40517a29bc33ea4021c8e6c64e9ea266a4003f081731e0446bf33d68d2a9490812dc049 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04194323b3d634dca84325531ed6f1e6 |
| SHA1 | b60cf321c693529e2a122f7702ed9b6530ad18fd |
| SHA256 | 6a709847d2078dd2a9be60ded33bf798499759d33dbfb0d5cb66b0cb0938bc0a |
| SHA512 | 5ce639f9d76ea8265c8f3ecb1ee36bd32140d9a9f97f6db55bf473bc6912b54b0f8f790b45c29f7bfc8ac247b072aca7e814952870b6d6e1ac73362926fe69f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 5131f1856728861d93e863a1ecf46c09 |
| SHA1 | 0ef5c6200dcde7a490093f7003b71cdf3355be5b |
| SHA256 | 3946618a2d009969c284c8b9b3a2ec9b46d8a4df00a974189a4e378d7207b702 |
| SHA512 | b29652c8208467b696186cb8a2c6297c13ef115ef0a9239fb693772c102af84644fe1caaf756fb0eb38ecd15303fa28b6b37d6dbde70f2b9ba1d7223a2ebabc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38526d462e15e9e7671fd7ef21085032 |
| SHA1 | a21a757b0d16c300710c8fd363f7cef06ecd49eb |
| SHA256 | 8310da96fa388a5db31aa44f357af8a143e7cb053ab694a482544e5e2bf31315 |
| SHA512 | 50859700a9868cd82afbb81e10fbac525c697d17c95f5cfdc4ff5c8aa2f79a80e3e1938ae5c7bccd68aadf2a1a091932467884c214efbe5c25432b32c9f2cdcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea4d540f5f1faac100d97c74490e078d |
| SHA1 | c53fb19d328ed3f45d8774bfd11b6e375b3f7b93 |
| SHA256 | 543b941ef798fb30c1f6ffadcb592e62d473ab681f3f334ab515499852d64334 |
| SHA512 | b29ad5bde2f97913f02e9467d92a3bd054dca92588d9b8e36bae384a494c080ff63f094997b22d2a96543742063dd8aaac4b81a21a45c4b80c9d5cdc4279dffc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | be644ecee32c3564c4794913b900de78 |
| SHA1 | 6dbdbebe34a535b9b34c052f88816cf876a8e1cf |
| SHA256 | 6e056182a40ca6671a51aae117d03beecf66d34e2a84b81a7f696dc0881f80ca |
| SHA512 | 99e2cd9310d823f919da358451af544018e646fda08da3d3bf3bae4829c52ad9ffbb2e57c70bde921b3618239cbaa076b3e3dfecb270d5dc6c4177d0b131d573 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64941c9f3bc34bf2b791890e78f1f6fe |
| SHA1 | 4aa37ad2e84ef880f5099eff5f43ee0afd13c70b |
| SHA256 | fc9b9c6de29e9d1d58ca6c95b7a65919e94d8961a03f0019ad41c94db4135e85 |
| SHA512 | 70cc9c4316a8e619d0d3013334fb6afdd7c3027cd070043ebd8505d4f1961aef10455de73184c6ab3239b8fba9fcf94834a02c5f3eb0df555895b0eb5da512ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc6ada362342acbbccb95692e43a3b43 |
| SHA1 | 1be3cd0bd007ee861cf362543b379b45d44d580f |
| SHA256 | 9651589123226e10edfa7ca8d51f88daec5df9dc523b8e6f1a06570c0300b0fc |
| SHA512 | ab30151223fca28ed226a9e00872112549955cd14543134e7fad040bcdca188abe3c00a7015cf6fda0a9bebf388e14da2cc4544ecc8a96cedbb95ee58b3636e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e24b16b12e9ad3898975d4a884427783 |
| SHA1 | f615837aa8c785fc358a3619f9c2e12cfbf7b841 |
| SHA256 | 1f880057d9c36c883b0472a60ab352d83b42aa6864d5cf400d1a053842bc575c |
| SHA512 | 9098819ecaac0b22d392c10e5593dc23146f33e8a5ba567944559f069a9037dbe412134b960cc7c22a5b5c041228af87f6e2926cf99ab1f4b1579e9bb1256cad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43f20613f6038a13715b69eb06b2a2e5 |
| SHA1 | 1bceb4f68fe63a4f785d9e688625998a8b9817b5 |
| SHA256 | 738c6551a40526e238ff0555f3a07954315447762dc79bdcb6ea3a223ae35ced |
| SHA512 | c3e02a139482696a9236e5146d4b187f81b86004097241ef763b590e948b7a8421930b1f3ed34982aad564a592d13a2e42933a2b0275e9240f82a69b116053bd |
Analysis: behavioral27
Detonation Overview
Submitted
2024-05-12 11:05
Reported
2024-05-12 11:08
Platform
win7-20240221-en
Max time kernel
148s
Max time network
156s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000009eb30503917bb32d34e7696764f419cfe3dc59c379be5e1a38eb74f6537d2461000000000e8000000002000020000000e3f192185ee4f7c33a9127ee84d743e433f01359d5f6671e4cb08beabe4376fb20000000f95dd2f2b3480ab30b7f61807e3ed0758e7fb71497224824e0d956f705af58a640000000ebefa801581d7caee5c3cd4f768a151388b7ac084ac4d902b822795561b0fb335da0a2979255bd9e10791984630ce42d004a2dd570d6585fd19a6fee94cdb181 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421673851" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4003d7765ca4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000012b68ded426390241fdd8180a05355f2389798d6ce3b1f150a030860cf2319d5000000000e8000000002000020000000f3021dec6cc3c3dcccfc625fb5430b2ff8f6b7ebbb6d1b1be0f2594f98b6072d90000000906f6b3d7224198417dce5544950c551e24f7b23328a2ba0ee7b800f39c0a7dd6444ca02afb226b2ef6dd851339ee0cf38a66987d19090c88e79dc34a9c40e4828f9afb9775b76d316c4370cd82545bbd11b1931d86ac9ed5baa7d5c62c2b43b10b167bb53081851d03b0b47fc3849e22fc6bc6da5aa6ee8ac5117f1d6a632183100c28d43626ea56001ed6e0ee92a6e400000000e0e14b305b68cfe375fc9dbf2d629ca62e687a89d89faed466b2cc4b24c67d88d435fea145a3703810af95383d6d4fbbf3a8ee93bd365ab95768f769e74b81b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A9DFA5D1-104F-11EF-BF06-56D57A935C49} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1728 wrote to memory of 1720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1728 wrote to memory of 1720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1728 wrote to memory of 1720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1728 wrote to memory of 1720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Autoserver\nv\thankyou.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.ipnomics.net | udp |
| US | 8.8.8.8:53 | markezine.jp | udp |
| JP | 114.31.94.142:80 | markezine.jp | tcp |
| US | 172.67.137.77:80 | www.ipnomics.net | tcp |
| US | 172.67.137.77:80 | www.ipnomics.net | tcp |
| JP | 114.31.94.142:80 | markezine.jp | tcp |
| US | 172.67.137.77:443 | www.ipnomics.net | tcp |
| JP | 114.31.94.142:443 | markezine.jp | tcp |
| JP | 114.31.94.142:443 | markezine.jp | tcp |
| US | 8.8.8.8:53 | nid.naver.com | udp |
| DE | 203.104.163.42:443 | nid.naver.com | tcp |
| DE | 203.104.163.42:443 | nid.naver.com | tcp |
| DE | 203.104.163.42:443 | nid.naver.com | tcp |
| US | 8.8.8.8:53 | ssl.pstatic.net | udp |
| NL | 23.48.132.65:443 | ssl.pstatic.net | tcp |
| NL | 23.48.132.65:443 | ssl.pstatic.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabA305.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\TarA4B1.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e5c714eb13f3493ceb96a52d279229f |
| SHA1 | 30e80d464184b8517e07f76a28da5073e034217c |
| SHA256 | 8bd581de5acf18fba432080f54fa552d6995f8fde9f5be37229f84b051f9d79b |
| SHA512 | bc32c1f7de90f09d6cc053ba61fc405559b85fc9626eecf92fac8ae7c802bb615da11233004b17b5f02e3b7fd600cdf158aa5835197b6b03e569d612404088f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10e6784cd5e122101909d94a8454d6f2 |
| SHA1 | af2dbfa018e861e95da73ae639d2475f2b4cbeee |
| SHA256 | 487f62bbccd0e270d40b671da26c433f612d76c6c39981a4797999592f69c111 |
| SHA512 | c7e7e3c52560ee801ebcc95a224fd3ef242f689cd8d1e5d40b8664424f9a661e5323581deafb7dc3503a0ec4862819f0d4ff498701c27f5e87356fc1ce53983c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 510e21c64e61266ba95f22f27cc5df9b |
| SHA1 | ed614130c0875f342d1abdb87f9c1d03e5a0578e |
| SHA256 | f2911661eff176a1a73394eb1a8352b01b7ef1d6df60e86c7e51fb09b926af30 |
| SHA512 | 409e0109c070eb837ef6668b09b2862b9f2f4c89c8a04894a725ff07827cbf5a81fa3917ea51c336d11d818bef4abe6501fd2e7467e20d7d2250dcdd72724531 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a67c813a98daf0fae439fe4118c25ffd |
| SHA1 | d3f35c3032cedaee566a597ea9dc9bc899d761e5 |
| SHA256 | 349e16adc56d4b27f486b42e12f863e591ea62409091e8bc47cb2693bb69004f |
| SHA512 | 497c373d1e25826ec356e3c241dbe82bfd44305ae6613ffe9198ec8203b59d6ab3ef535d29d86b31250a9cc32b995cc68694dd2d050cad1273c9288a4dfa6151 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2122decfbaec2a3ccd52bcdd9d14f92 |
| SHA1 | eab58fdd561d35c8df9eeaf8580d1528fa3931b0 |
| SHA256 | c5636db4393f40003b1bd6be9d228fe3e2e253e7d7d9984b576ee962adc76607 |
| SHA512 | f3165b372855edf44386c2fc91a5fedf398d10d169722eef34fe7b9775fd0856b8f6a4bcc1caa7e34d0d06e0644afc768feae099f551dbc9e13dcb71bf3f05a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8738c105ee81e2c3ee92623287acea63 |
| SHA1 | ee06a75902ba90bd0bc5c9c7c41f72579ecb1e6a |
| SHA256 | 1736085b1d686eeb6eeeb833443ce0c42b47d2fa48038973614eee3255401159 |
| SHA512 | 14e7f630c3b6e7a251eb6072b849fb3b7df81cd928740c8bcec492ff0b055911e1d23ea70500573308a5f8ed8500eb7e19a672183f93eb712c1a203fa364e51a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c81262799e5f9c4b902220f7f294bc6 |
| SHA1 | 56c8acc8fd723621049bc470839d73e388b128a4 |
| SHA256 | 49f5887eedf8196bca727fb583edd85dc552051ab1043dff7e4f81236a9fc21f |
| SHA512 | 760be5ee078ba6d0e46db71a10c341d15d6ee35b35a541525731e69aee2ce1040951fd56a8c8b0d7c9e447c945c115082ea64f9802bd5b14e2a862cb2d2ec943 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 979d137e14c9c20372c783caa5aa9d34 |
| SHA1 | 9163d33c12bf6d943d7757879742b8dda7e8f2c7 |
| SHA256 | e3f38634465400033b0057ec73e77ca42199ef467ad4bc50421af2932daa5d69 |
| SHA512 | ce19b7d7bd78dfb1c341433838075eee456efd46c5e0ed3320e0d00be34362ad6ac41dd846b327d4f6c22990e4dba4ac042660ce7216936daa29e5d7dc059307 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 249d9cad18dae28eda958e016e848bbc |
| SHA1 | 7b517db53a7e9df44b0e378803ae796ced033295 |
| SHA256 | 5a35a8fe6ff6b4c7f47950dd5d78616762c3d227c94087ce7f6b2cae85ec19b8 |
| SHA512 | ec784ddad9f99d43282fec70bde7782f250e6fdeaf0bc45a4ae53ad40272fd435e96c8d9eb29ec5b22d58974f00c2c024c5e42db72fdfaa73ef394d7713902d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84a45094add9f13b0c663bf557a94ef1 |
| SHA1 | ef71fe933925985403a4debdea1067d736961508 |
| SHA256 | df7c0a7e2eda0f5add46f1abd46996ba559b91cb680450e00d925d289bc6720f |
| SHA512 | 89c82ef1a411e290ae6975a1464439299d1b30d0ae6542c72f7c8713c66d11ba0b1a74d4c87a9fea72717be6a0d1ea978bcf155aa8d02ac522352ed6f8c6fb20 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\favicon[1].ico
| MD5 | b707378e4db3fcca990f228c4d865f86 |
| SHA1 | 8feaa55c2973a7e40fb1d09d65ab762c5d6bdcc4 |
| SHA256 | 4059be15d3943507390a124da698cf6f46da07582d846d30eb46e51f1000974c |
| SHA512 | e4945fd998c8c678238edbca7de4374a04e2faf6cbf1a083411bc9c186f757bb3139b39150de5ede47a8d55a20820004bce0cc2c4b19fbe238b6b1a71ca5e94b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q905y6j\imagestore.dat
| MD5 | 5ede45f15977c12227715b6a902719cc |
| SHA1 | dda48a86a704f18f9c6ef8facc824b2a206ed497 |
| SHA256 | f3807b4889087d4e693514d70ad0095bac8bb8525978f4be90f18784c9015dea |
| SHA512 | 322a552f0ca64892e01e3a6115a721848c874f73e5ae5264090f4646fac2494bfb0273a1b618114a11793bd79f7c1cb9ce3b217d1dab787aef40130f570964da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4f50ed5daba88e211c00755ad173a48 |
| SHA1 | d028ec48031d9d9294b6d4b88c14dc06e2bbe386 |
| SHA256 | 598f9294d92858491647526aaa1444fb15e0300c5997c7332a9f7714fb4f2ea2 |
| SHA512 | a8a468b2a2931e3a2bda831146e47a74ab0b7205f4c0802557c6e4ad308953e545fad5f386aa2efd19b026ae700eb9e553c06434f17a0fb8cfef16410c3869d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f286c104094d87c32ba3c754b974867c |
| SHA1 | 1b8f36b59ff7c2c186b020086223423a5f7e534e |
| SHA256 | 3df340483ae612c12db8eee74704ca30c54011c61b4bc32582c0094ebf0179a3 |
| SHA512 | fed9268c0822a9c83e211725a71485005991a7d89d8115ec7bb614a950ed2232c0c7f440ccabb1d557b51887e70ae6c50c8f2d758fc1a9b984f8cdd18dd74e12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 2468010d9b11592ed0a89912fb07a630 |
| SHA1 | 7a2cfd13383ef5fb5836262c90b5a4a833c24fd4 |
| SHA256 | f62fd3b5c6107769fbf0952a7ae642e9c0f9ae1240a63376332f03ada939b832 |
| SHA512 | e2f61dd2d4708311ce31fbd7ee0adb128ed1731362d1cfe4b7cf81de600653e8dc388f74be7cbdf8b72953da8d2c1465bb7a85775100b772f3435e2a5570b395 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1535623b3d2f4083d8766811ca139e4 |
| SHA1 | 06d2aacc6639e2621bafc9d1f7c256b1df70e5f4 |
| SHA256 | 2a9f8b5eb83daa769ffff60a854f7e691f5c918814b7d1ee376defabcd332f2f |
| SHA512 | b84be9d9e2650e1f5e16aac6a83f255b6104d20c2e8deca9a903041c6d0f010ef5e864b1f71a07c0b0c6e2913269a4a2024a1aa3a4cc52fe76a56971c8376e5d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c6a1e39913b3793efd6e19baeb1747d |
| SHA1 | a8f2b76f88f9fe02ef3e6ec4e7b5463c4b440815 |
| SHA256 | e6ac0943a9fe432052330a16c2b91867e7096099d0973d50ba0c7f26e788beb7 |
| SHA512 | 022ef5f4962f54a4b63d01fddb147364da1e49831825389aa9fcad9bba02e669001f1bfd9dbadcbbb8889e93542727b63fa49e5d12cebb241bad32494f0d562e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6a11fe88be3a0012eecad1e583ae601 |
| SHA1 | 084f7f4902e23f9d94e935b7e8f9684f5713f557 |
| SHA256 | 46e5530d3179c5195f919a7940a1143e1b173f98d81310c98fe0ad39f12ff740 |
| SHA512 | cb81b1caf72889b1e862237946c9a9383a4fa92abe8ef547410985c18200b1c27b492379f8880158d7f33ef740f3caff0ac3ba4c9eaa57a400b6df028f44468b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a16bcd7d1e8ca3f79a30866aa956d860 |
| SHA1 | cc6a65b7a4e5c744b7366cb9af72eaec7ff8915b |
| SHA256 | a0e49620fac9e7b3fd8b943621920c8c2e0d6b7f3732128a3f86abb195e718ea |
| SHA512 | 523d469715366096462416e4698033330086855fadb80bebf4430a1a00b7c5f3b354fe29dfe4e446466ad2f5991429bcf52ab3df32e586334bb846468fc5f612 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fed384ada781ce33f8eb0ee31861c035 |
| SHA1 | cadb33bcb0e82ce8b8e1c430d06c061101699908 |
| SHA256 | 9ab78e67c9e101b087853a0d6ef4791f1c24864fe08c80340dedfcfc1969dfa0 |
| SHA512 | 5d4f801f71576b73300db6b0e20fbcc8b5b0f3470708818ef5e8b9d969dec54c69bc3e692fec4e3fa01f0a78b2ed31e3a0f8d757f561d1d66c069bf45277511f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 10bd8c966694a886e348995f95d88712 |
| SHA1 | 21069424145a94d89867070b4e58ac63bb3f1a7c |
| SHA256 | 972c59b79b701d1a25638ff09847bc4d5ca6ef6d245f7fc71dec79fe4cc18877 |
| SHA512 | a2ce6a6805d4a965dd4b8749c8fefb65a076f5530e90a419b2e4a8b329a884ef50d013615105d4baaf660c65dbffe9502362181358da102206aefea9b43bb454 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06e4f871d6053ea8d53b196ecc2544de |
| SHA1 | e59b281e352d65af9171d29681fabfc6a9e86fc3 |
| SHA256 | 1d4731df1448fc96ce74c8b180fffeb9a9702bf68bb25a5ffff14cf91d3d26a3 |
| SHA512 | d173780b998df206d2dee19c38d97576831f6fb21d61aa690f61a201f58c2a4d8178e8bf34364f0cd262c774892c23063eba57194c7a52b7bd3a8a7c7078df21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e24bc30fc5760d6416049536db77f289 |
| SHA1 | dd8b47cb5da7b0092acdb6d6c2616d7242cb10e1 |
| SHA256 | db3622364a83be95a5ad4a3a3ea93d40bbb6a5e446fc679a0ce22abc6c4b03c6 |
| SHA512 | e9aaf3ea90851e4fe5fe3a5553ec715692269bae45d5213b533aaccfdc0ae810f6bc575e0242337d76df35ff828547bf7fd5170f58689f27fb28a2bb164d96bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4fa59988e6d3f0c24f4e4bb8e4fadfc |
| SHA1 | f4a1841f4d3cbae148cbedbae83f3197fd62f1d1 |
| SHA256 | 3520471d8d0162e1e9aa2787f35c123f001733613f4ccee0107e861046357554 |
| SHA512 | e6646bfbc14477e4b6ce332d898bc8a4c23a3599cbce9f2f5a4a315c4dc9556dbe727b44f41ef4bd13a33548d0190526fbfc3bfc9e55aebe29d890c8eda9bd5b |