Malware Analysis Report

2025-01-22 12:32

Sample ID 240518-sax1fsha26
Target 554d784872d27f18c12fcc962fdbe66d_JaffaCakes118
SHA256 2059a607be3dc66a3f412d3a3b717c2af9af0024e45ef750c6915b2c8c17dda8
Tags
upx aspackv2
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

2059a607be3dc66a3f412d3a3b717c2af9af0024e45ef750c6915b2c8c17dda8

Threat Level: Shows suspicious behavior

The file 554d784872d27f18c12fcc962fdbe66d_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx aspackv2

UPX packed file

Loads dropped DLL

ASPack v2.12-2.42

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-18 14:55

Signatures

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-18 14:55

Reported

2024-05-18 14:58

Platform

win10v2004-20240426-en

Max time kernel

134s

Max time network

105s

Command Line

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\软件专题下载.url

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\软件专题下载.url

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 22.89.16.2.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 16.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-18 14:55

Reported

2024-05-18 14:58

Platform

win7-20240419-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\造梦西游5水果辅助V1.0.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\造梦西游5水果辅助V1.0.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000006e0345886c6538d62b818c2f4ba5fb713b9f4e89e094f6fdfeb63c472957562a000000000e800000000200002000000001c0942d443379d44122f068f37be72f3b4092eeb80af6621cff0f10aa3e226320000000581bed7d4b413f31008561f715d5086cfff86d237f991be6ffff4dc5844c0eff40000000234d52deca2e5c80269703c80c764080811224c4ffb4610bd9d5e467c3ad1a3342a5385a51ca985e1ea6537a581b798e53a8b2d3408a758dbb60ae571dfd4afa C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000cf135eb0c48260408b8f9fce34b6e7c7cdfad1b8a26deffe545f75e071510370000000000e800000000200002000000037e05083068a7bd1dbb435eb5c871e7522131fe753b89fa0d26f6376b8f1f4e29000000074d1c1adbbefdc41ed3e7d40d512d05e9a61782d6311e0c055650acb237a13943821c37465fdb0306241d80f6a3a188c269df06ed3bcea62f9e438039ba9489199ace46356c75b33763a1492a9a1fbb5bfc9a757d2c5771160b334838631eb5e419695fb717d1ddcd2f814d11899609fa3969f6ed2fbfbba00f0fe4e8217016f5df3c826dc68a04f303cd7f028868638400000000e6053d722fd1b5c76060b6a5e345f884b2b3223cc91aa2906844860d68774928f973519e1e73edceeb7689803a43fd6281e0b7e9ee52583d5ee9e711415443f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422206028" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BE1674D1-1526-11EF-91AC-F2A35BA0AE8D} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0b7559533a9da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\造梦西游5水果辅助V1.0.exe

"C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\造梦西游5水果辅助V1.0.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.ku122.com/index.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1852 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 down.ku122.com udp
US 8.8.8.8:53 www.ku122.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/2748-0-0x0000000000400000-0x0000000000636000-memory.dmp

memory/2748-1-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-2-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-23-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-45-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-17-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-51-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-50-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-47-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-44-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-43-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-39-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-37-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-35-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-33-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-30-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-27-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-25-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-19-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-14-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-15-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-11-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-9-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-8-0x0000000010000000-0x000000001003E000-memory.dmp

memory/2748-3-0x0000000010000000-0x000000001003E000-memory.dmp

\Users\Admin\AppData\Local\hao123\hao123.exe

MD5 a4df5aa48eaa0eaca060773f8ce1949e
SHA1 bbb106eca82d30403873087278e7b85869fee8d1
SHA256 11472eb20a08bd913b19b676deaecb840a2f5b8c415a2b349043e800eb79b95f
SHA512 c34303477399fa37aede2bac941f53d740663058d78da37e2f46e49d2dd6edc56a2b430281f15520017efaad4d0b3c5a169bd2d183abd9622292805b597eefc1

memory/2748-62-0x0000000000400000-0x0000000000636000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab5025.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

memory/2748-77-0x0000000000400000-0x0000000000636000-memory.dmp

memory/2748-78-0x0000000010000000-0x000000001003E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Tar5096.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 875ac02b6236ecdb2b27aba1d84c75e9
SHA1 6f679e15f272c953ef271e4d8ff27a09dc52a83a
SHA256 52df6f9eb1d431279a60ba95a81773e67fa272dd2cff56c157a78b025cdf06d4
SHA512 248060f39910d1049c351799e8416e2be14e39dcd8cf7acc29c7de8694bb96ff9501359b48e183ff4014296bad7e246f731bfbbb67a5c7606038f882766ebe37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06716a0ad7bb7874eb8a0b4f44432e5e
SHA1 c6ee61f87f8024105e4fda74b2d12b36e1202310
SHA256 487dacf947410a2cb6ea96d69a6804f10144e1cfb5a0fab2dcf665fee178c648
SHA512 f81016652c08c92ad210198da2654a3e2d117ded421153544f78ba8058654acda5e1e6eb226e7df4ee4a40c1d00d4ba01c25bf3964ae9fa07cca9e8e485c611a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c80c170790d153b73423300afb26a7eb
SHA1 43a0768b8a336c02d7bf03a6f7999d98a859b9ec
SHA256 b8c596537f718b9d49c9ce1084e56cef011a202afb0da44cc0957d7432a2e647
SHA512 b7ce34b83034e876830a334fba6aa6bc40f49cb6f0707680ed03026ac6495c3a4bf7c92826fbc792a1222738e9d9227d9f5262372bd99b58f7077f64b19531bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f598dc4deed426fe32a9c64ad91472d8
SHA1 2dec4e0b981aa039845bfbadb457bbf02a1cf65a
SHA256 6a6b0dd055fb9f8bebb91e32fa165c106dcdac4a3dc9bab3b3a220b70338c6ec
SHA512 d586b1cc20a17944b7e47e94221a2f221ce6ed6a6b413ff4065c86f5a7d71867ed0c240e7a196961b9455f3e59d93c4ecb2af4203d25941cab7587f840cded5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c7bf4d3bb09f44199674c254476ead8
SHA1 68dc21e02de69e5835f55cb69870d3c5a5a563bf
SHA256 f6e788413b2df1bac17a57cd3f33bc1d5e4e2ab72fc792c08a67c7eba65a0421
SHA512 5d496952c12f8eda4effcff43f605637878a81f584e9a0d0a4373a258061ca8ca09c2c9021465020da8a99e183be5f8f4d2fad50f4eb89c5893b77cad010b2e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3629c3ddf0a1dc0a98a8890f3304dd9e
SHA1 893760828708f70de2cc732d6e8d4df4190f4392
SHA256 58b06f43107b44e3c83a0a221b80e5cefd3b5860cb3fdcde4bc834fd9f57e94f
SHA512 c508f9553f2727b8caee846f215cd2340499f36f45d7d7f794bf619da2a7d6ada60f23ae26d6ebfe4a597e94ea036c2e7f2f7d32bd7cfa176956724eee219f21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be5bbdbd5696a60b059b336cf5fbb2f9
SHA1 85b8799de26217d2b680935853c6118dc1dc0701
SHA256 20e45becfdb5764f724dd9f3823d8abeec28d963c3b71f55f4808308ba309daf
SHA512 7523ff4044634e2678d76a7d97aa87fb76194c22c331e4e70a56037c5752362e188c7d92b3fe79d15ca199b6ca1a80d727d6724f5e8630bf66c2345b27dda4eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be7497e19d78dd3ab977212cc61814fd
SHA1 2618740f78889dbd390520584545da8269b3cb63
SHA256 4ac31e5a522f77da2de4e3d75853f5c466e6c059af0f2c4bf9375d890249588f
SHA512 3cf1ef735d16c7b7f1d4b263f3ede11d4100e6051ea3d634d9c484cca29c7c36d21e3ed47c261487aaf0e56f3f151eaf4e4075dfb189725cd4001089c4c7a73c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae5374043a5b1bf1282b5d3707ce5c00
SHA1 bd73dc52022f39fe6aca64819e240c332b8d10ce
SHA256 ef36d37ca463fc9196cd85c9174db141f062abc00fba9d3c85ef4351e678168f
SHA512 19cc3517f0e366f3236189ff6d48a0afa1ec21dddadfc8489cb14c351b61e264462907c718a0142cf8a76364518cadf1dfc263d55eab426a55f4f5965da8718b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4249ffd1c187fcd8c411b0de8a10e43
SHA1 be691492316b4905beb5c889dfe7cd0c9e1ff4a2
SHA256 461cbaf0e9e3d3ecdaa826093ebea5be51b5b036f3997645039f2c6ab90a944b
SHA512 de5a04fa409a9a4602464ec90017c536f06b57463cc417fe42f3473809981b5dbb9d34776d8e030ee48769d77a262a6b1ee19dc37a60ed4172f960ab25bb3142

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fc8eba5ca006aea7cf10c7bbe4b20f8
SHA1 6bcaff60bd7ad1b3f61ef7b183c121ab0213ab2d
SHA256 31e21e52a0b93e96596fed662b63e411fb4af19e4d3d72d7172bba2cb7d98ae9
SHA512 da6662b92abdd9ab1213d57dcc387270dbdff9d48e7486f0f015296fc318a8711df9d035ffbd4adbec4a2dad07df16d0afd03692b89068413dc7dcb2171f6f20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa6c75ada1a4ef7cda1977b07029659a
SHA1 115329a233d59d3b2f24a2057ba8966b1f5d47d0
SHA256 2570b2a1b61cbedfc3bbe3cb9873fd60076b2f49886fc605fdf73440eeb56a21
SHA512 5419ad915477159b6d6fa0c53369cc1d3a88e796249435e7b4b0774cafd8d8ed7cf2b4082076b317774e34e5e2dd2a065ba717c900151984c12dd1e0cd1aa0e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 deb6db1b1dbda8c45b3b543a5b1bbfff
SHA1 4b4a81f64bd748459ab2a1dcdfdc01c2e10915d1
SHA256 d9f43a5aa00a43d6dab0fa9d67b285aa96427694728c77c5494cd4028ffda3c4
SHA512 1e7a52b36abfde922cb2c124b8e700663a93f5d1c592f8537c196fb84f8bfd566cfaf7fa0a20c165c6281efa18de14e993dda929abb4d23849e10f6a5ce991ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9846c46b22dc69c94ecc058eca22b94e
SHA1 4ac121b21e9251b2357c0ee554b2bbec97929dfb
SHA256 c407802fcb7bc42fcc075d7c30606234ef33ea0ef5d2a48eb0da49efeb1114c6
SHA512 e3155c866d96a382cba4626a3909ee41b4063abe87d81e4ccf0a1e5a45fecfa986d36964b2e193a7eb45cb9fb6785c9aa25991cc8d5dee2d98227d0555826795

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01eba032f940d857c485b316cd0d0a6a
SHA1 0dda9c160a4da86db2fd9a12a1ff5a02e70810c9
SHA256 2aa85a9b9b78e2c47f20ae9aaeb36ccebaef1fa73ac41321d3b39ac9329d84ac
SHA512 7b16db86e5a2877a150234cbf0c062f7d438531ea6bb49dcabfd41bb992a9bdc93cbd87bde28ded25bc3f0e10e6e7b2feeeefc6a9ed4b4306ae37eec1b819f0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77dd69194823106e19cb727b54249166
SHA1 b787dc5941b622e2d295f2e929958c55a0bb4394
SHA256 3fceec71a5842712d2a6b2b818be9800a5817e1f83e816169ac356f76c5b17d5
SHA512 81eaf79e8156beafb597fe446590abcc53d2c394e73802f36172a80a3d1ea9b70b2abbeb348dbb8964b058d6a28347dd121c4006bdbaaaf760ee93f0d4772166

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f05e89254e1c609e29d29529a1f968a
SHA1 0bc2d99644d00ba05b190c92c96a53b49b47a08f
SHA256 b3ebe2e02a21acd0133a97255e9d6a7093a29f1b234d2d8f936b8d608277a017
SHA512 ceb79ef1a2c5c3f652f10a3b66d7d83edc9f916e93cbeecdf329abc0800994c716da485bbb3f2ac61f4ccb7d2b3ca221442cd345b0c4de2cfacdc5fd10a26eee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b679ffa8ca17d12e1aef9af5e54f268
SHA1 88d4e6e7887dda3e2d407df9a3a80db042c8b641
SHA256 3e52c3b18a1f756a76e120f482080dc7ef57e3c00063f4a5e84f22d9598f4abb
SHA512 124be208b65d4abc9a969fd0d318fbe022b3fdc3858daf9306ab1d84cac1a41da477bb4426013413912377b6ac12b5aa510c458c2212d41285cd17b6d44bf79e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb9e887f07ae8593a8b77360ac15804c
SHA1 23bc2fa0b23ec84886bee122e50daac582f96224
SHA256 6e28f94312e944d3a309fbe5da042217f13336e041f155d1ff5ebafd23e1ec8a
SHA512 6c588151c027c4e5bccea878648135e365ca2c06d4ed0ccd194df34bd3b3895243711c8af42dde1211ab1556c5a9a46a65b4a23b8ffcd6eca6ea2f26895736cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5f9878df7a6fe01be144a52a4f07459
SHA1 a1166c729f5f8ba09a0d20941e8003f2a6dce991
SHA256 ea6aa4d1f3c4ca2dfee68b8050ffa191651817089255c5a1262f9cad52fdb76b
SHA512 f5024aa6e74fc2d20d90b45f829697c57a39a2fbe2a756339ac902bf3cd2ba89e8c1eb1a2f5e2b20a18aa96dbbfc451c902e13e5d3b4953e3757c613ef1b67c2

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-18 14:55

Reported

2024-05-18 14:58

Platform

win10v2004-20240426-en

Max time kernel

146s

Max time network

133s

Command Line

"C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\造梦西游5水果辅助V1.0.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5348 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\造梦西游5水果辅助V1.0.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5348 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\造梦西游5水果辅助V1.0.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 4060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 4060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 4060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 4060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 4060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 4060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 4060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 4060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 4060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 4060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 4060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 4060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 4060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 4060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 4060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 4060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 4060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2232 wrote to memory of 4060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\造梦西游5水果辅助V1.0.exe

"C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\造梦西游5水果辅助V1.0.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.ku122.com/index.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1ec946f8,0x7ffa1ec94708,0x7ffa1ec94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4308 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4308 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 down.ku122.com udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.ku122.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
N/A 224.0.0.251:5353 udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 www.ku122.com udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 www.ku122.com udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.ku122.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/5348-0-0x0000000000400000-0x0000000000636000-memory.dmp

memory/5348-25-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-34-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-43-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-44-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-39-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-37-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-31-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-29-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-27-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-23-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-21-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-20-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-18-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-15-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-13-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-11-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-9-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-7-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-5-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-3-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-2-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-1-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-41-0x0000000010000000-0x000000001003E000-memory.dmp

memory/5348-35-0x0000000010000000-0x000000001003E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8b167567021ccb1a9fdf073fa9112ef0
SHA1 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA256 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

\??\pipe\LOCAL\crashpad_2232_RMWILJPFVTSMAMBN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 537815e7cc5c694912ac0308147852e4
SHA1 2ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256 b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA512 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b39228d5217e9b9bc8aa304497c952ff
SHA1 dd85ddd61e68b9ed540bccc9c7e37750a7ec818d
SHA256 54cfdb3d9ab6412e6f8b991150d081a22edf438a703dd93960b81c0860ca0e3f
SHA512 ca6dcbea4bfdfaad127740b7b6a047a4d7fb526054e37ff960834ea87a61d8637ee68dcf9bf694e5bdcf2817911cb0038fd3555f88bd39b742ca488f23f70f36

C:\Users\Admin\Desktop\hao123µ¼º½.lnk

MD5 1edd289b5677c09e637a4300f6073e89
SHA1 dd29f7920b4cdc2909a9335442b8e188433b3013
SHA256 10fb9d59921f5650d4df1151520bfff7eb8258487621e98d554fde6ae4668439
SHA512 54882defaba11699d9c87bf67d42dffc6fb6862c5f8baaf177f701b14580ff6174aa66dc25218482ea5fbc58b98d6b5afb941c5ed5265ba3a1e1028768c60368

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

memory/5348-104-0x0000000000400000-0x0000000000636000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5aedfb465d1a6d41125a77a7ca2c2d70
SHA1 7f722e861193b3095b318858a35c45b58c38fb09
SHA256 9ad4227b8c26d6873d7a6e6bfd66b2ac5214cc15bdf46c9f860e71447f8440f6
SHA512 c868394c284eef9a9c606c78027b9e2fccf7cc08fe21bcff0e8ef885044525222d03533f1770c3bb645282bc959f778ef7c842a3f2bc9ede953022311e1aa5b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a0490b1e48571dbb64e4f730942217fc
SHA1 adde6d1e48ed993cbd29d3e2654b994cb9dc7666
SHA256 8c281e58d4afbf448626a3970bb6b7b185e6fa7cb6721ffc6381aac0ff0f8555
SHA512 a74e057656bc867fcf56560b67ac65e6b6662a3b202640749a0b9e3a62449ff9eef1cc8138574b20787a7fde901cbe30c673923dce0f9de106ed22725541b5a5

memory/5348-119-0x0000000000400000-0x0000000000636000-memory.dmp

memory/5348-120-0x0000000010000000-0x000000001003E000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-18 14:55

Reported

2024-05-18 14:58

Platform

win7-20240508-en

Max time kernel

117s

Max time network

121s

Command Line

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\987网址导航.url

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\987网址导航.url

Network

N/A

Files

memory/1704-0-0x0000000001E60000-0x0000000001E61000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-18 14:55

Reported

2024-05-18 14:58

Platform

win10v2004-20240426-en

Max time kernel

130s

Max time network

138s

Command Line

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\987网址导航.url

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\987网址导航.url

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-18 14:55

Reported

2024-05-18 14:58

Platform

win7-20240221-en

Max time kernel

122s

Max time network

123s

Command Line

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\软件专题下载.url

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\软件专题下载.url

Network

N/A

Files

memory/3024-0-0x00000000002E0000-0x00000000002E1000-memory.dmp