Analysis Overview
SHA256
2059a607be3dc66a3f412d3a3b717c2af9af0024e45ef750c6915b2c8c17dda8
Threat Level: Shows suspicious behavior
The file 554d784872d27f18c12fcc962fdbe66d_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Loads dropped DLL
ASPack v2.12-2.42
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-18 14:55
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-18 14:55
Reported
2024-05-18 14:58
Platform
win10v2004-20240426-en
Max time kernel
134s
Max time network
105s
Command Line
Signatures
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\软件专题下载.url
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 22.89.16.2.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-18 14:55
Reported
2024-05-18 14:58
Platform
win7-20240419-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\造梦西游5水果辅助V1.0.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000006e0345886c6538d62b818c2f4ba5fb713b9f4e89e094f6fdfeb63c472957562a000000000e800000000200002000000001c0942d443379d44122f068f37be72f3b4092eeb80af6621cff0f10aa3e226320000000581bed7d4b413f31008561f715d5086cfff86d237f991be6ffff4dc5844c0eff40000000234d52deca2e5c80269703c80c764080811224c4ffb4610bd9d5e467c3ad1a3342a5385a51ca985e1ea6537a581b798e53a8b2d3408a758dbb60ae571dfd4afa | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000cf135eb0c48260408b8f9fce34b6e7c7cdfad1b8a26deffe545f75e071510370000000000e800000000200002000000037e05083068a7bd1dbb435eb5c871e7522131fe753b89fa0d26f6376b8f1f4e29000000074d1c1adbbefdc41ed3e7d40d512d05e9a61782d6311e0c055650acb237a13943821c37465fdb0306241d80f6a3a188c269df06ed3bcea62f9e438039ba9489199ace46356c75b33763a1492a9a1fbb5bfc9a757d2c5771160b334838631eb5e419695fb717d1ddcd2f814d11899609fa3969f6ed2fbfbba00f0fe4e8217016f5df3c826dc68a04f303cd7f028868638400000000e6053d722fd1b5c76060b6a5e345f884b2b3223cc91aa2906844860d68774928f973519e1e73edceeb7689803a43fd6281e0b7e9ee52583d5ee9e711415443f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422206028" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BE1674D1-1526-11EF-91AC-F2A35BA0AE8D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0b7559533a9da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\造梦西游5水果辅助V1.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\造梦西游5水果辅助V1.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\造梦西游5水果辅助V1.0.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\造梦西游5水果辅助V1.0.exe
"C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\造梦西游5水果辅助V1.0.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.ku122.com/index.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1852 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | down.ku122.com | udp |
| US | 8.8.8.8:53 | www.ku122.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2748-0-0x0000000000400000-0x0000000000636000-memory.dmp
memory/2748-1-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-2-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-23-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-45-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-17-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-51-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-50-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-47-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-44-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-43-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-39-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-37-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-35-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-33-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-30-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-27-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-25-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-19-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-14-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-15-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-11-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-9-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-8-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2748-3-0x0000000010000000-0x000000001003E000-memory.dmp
\Users\Admin\AppData\Local\hao123\hao123.exe
| MD5 | a4df5aa48eaa0eaca060773f8ce1949e |
| SHA1 | bbb106eca82d30403873087278e7b85869fee8d1 |
| SHA256 | 11472eb20a08bd913b19b676deaecb840a2f5b8c415a2b349043e800eb79b95f |
| SHA512 | c34303477399fa37aede2bac941f53d740663058d78da37e2f46e49d2dd6edc56a2b430281f15520017efaad4d0b3c5a169bd2d183abd9622292805b597eefc1 |
memory/2748-62-0x0000000000400000-0x0000000000636000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab5025.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
memory/2748-77-0x0000000000400000-0x0000000000636000-memory.dmp
memory/2748-78-0x0000000010000000-0x000000001003E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Tar5096.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 875ac02b6236ecdb2b27aba1d84c75e9 |
| SHA1 | 6f679e15f272c953ef271e4d8ff27a09dc52a83a |
| SHA256 | 52df6f9eb1d431279a60ba95a81773e67fa272dd2cff56c157a78b025cdf06d4 |
| SHA512 | 248060f39910d1049c351799e8416e2be14e39dcd8cf7acc29c7de8694bb96ff9501359b48e183ff4014296bad7e246f731bfbbb67a5c7606038f882766ebe37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06716a0ad7bb7874eb8a0b4f44432e5e |
| SHA1 | c6ee61f87f8024105e4fda74b2d12b36e1202310 |
| SHA256 | 487dacf947410a2cb6ea96d69a6804f10144e1cfb5a0fab2dcf665fee178c648 |
| SHA512 | f81016652c08c92ad210198da2654a3e2d117ded421153544f78ba8058654acda5e1e6eb226e7df4ee4a40c1d00d4ba01c25bf3964ae9fa07cca9e8e485c611a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c80c170790d153b73423300afb26a7eb |
| SHA1 | 43a0768b8a336c02d7bf03a6f7999d98a859b9ec |
| SHA256 | b8c596537f718b9d49c9ce1084e56cef011a202afb0da44cc0957d7432a2e647 |
| SHA512 | b7ce34b83034e876830a334fba6aa6bc40f49cb6f0707680ed03026ac6495c3a4bf7c92826fbc792a1222738e9d9227d9f5262372bd99b58f7077f64b19531bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f598dc4deed426fe32a9c64ad91472d8 |
| SHA1 | 2dec4e0b981aa039845bfbadb457bbf02a1cf65a |
| SHA256 | 6a6b0dd055fb9f8bebb91e32fa165c106dcdac4a3dc9bab3b3a220b70338c6ec |
| SHA512 | d586b1cc20a17944b7e47e94221a2f221ce6ed6a6b413ff4065c86f5a7d71867ed0c240e7a196961b9455f3e59d93c4ecb2af4203d25941cab7587f840cded5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c7bf4d3bb09f44199674c254476ead8 |
| SHA1 | 68dc21e02de69e5835f55cb69870d3c5a5a563bf |
| SHA256 | f6e788413b2df1bac17a57cd3f33bc1d5e4e2ab72fc792c08a67c7eba65a0421 |
| SHA512 | 5d496952c12f8eda4effcff43f605637878a81f584e9a0d0a4373a258061ca8ca09c2c9021465020da8a99e183be5f8f4d2fad50f4eb89c5893b77cad010b2e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3629c3ddf0a1dc0a98a8890f3304dd9e |
| SHA1 | 893760828708f70de2cc732d6e8d4df4190f4392 |
| SHA256 | 58b06f43107b44e3c83a0a221b80e5cefd3b5860cb3fdcde4bc834fd9f57e94f |
| SHA512 | c508f9553f2727b8caee846f215cd2340499f36f45d7d7f794bf619da2a7d6ada60f23ae26d6ebfe4a597e94ea036c2e7f2f7d32bd7cfa176956724eee219f21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be5bbdbd5696a60b059b336cf5fbb2f9 |
| SHA1 | 85b8799de26217d2b680935853c6118dc1dc0701 |
| SHA256 | 20e45becfdb5764f724dd9f3823d8abeec28d963c3b71f55f4808308ba309daf |
| SHA512 | 7523ff4044634e2678d76a7d97aa87fb76194c22c331e4e70a56037c5752362e188c7d92b3fe79d15ca199b6ca1a80d727d6724f5e8630bf66c2345b27dda4eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be7497e19d78dd3ab977212cc61814fd |
| SHA1 | 2618740f78889dbd390520584545da8269b3cb63 |
| SHA256 | 4ac31e5a522f77da2de4e3d75853f5c466e6c059af0f2c4bf9375d890249588f |
| SHA512 | 3cf1ef735d16c7b7f1d4b263f3ede11d4100e6051ea3d634d9c484cca29c7c36d21e3ed47c261487aaf0e56f3f151eaf4e4075dfb189725cd4001089c4c7a73c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae5374043a5b1bf1282b5d3707ce5c00 |
| SHA1 | bd73dc52022f39fe6aca64819e240c332b8d10ce |
| SHA256 | ef36d37ca463fc9196cd85c9174db141f062abc00fba9d3c85ef4351e678168f |
| SHA512 | 19cc3517f0e366f3236189ff6d48a0afa1ec21dddadfc8489cb14c351b61e264462907c718a0142cf8a76364518cadf1dfc263d55eab426a55f4f5965da8718b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4249ffd1c187fcd8c411b0de8a10e43 |
| SHA1 | be691492316b4905beb5c889dfe7cd0c9e1ff4a2 |
| SHA256 | 461cbaf0e9e3d3ecdaa826093ebea5be51b5b036f3997645039f2c6ab90a944b |
| SHA512 | de5a04fa409a9a4602464ec90017c536f06b57463cc417fe42f3473809981b5dbb9d34776d8e030ee48769d77a262a6b1ee19dc37a60ed4172f960ab25bb3142 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fc8eba5ca006aea7cf10c7bbe4b20f8 |
| SHA1 | 6bcaff60bd7ad1b3f61ef7b183c121ab0213ab2d |
| SHA256 | 31e21e52a0b93e96596fed662b63e411fb4af19e4d3d72d7172bba2cb7d98ae9 |
| SHA512 | da6662b92abdd9ab1213d57dcc387270dbdff9d48e7486f0f015296fc318a8711df9d035ffbd4adbec4a2dad07df16d0afd03692b89068413dc7dcb2171f6f20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa6c75ada1a4ef7cda1977b07029659a |
| SHA1 | 115329a233d59d3b2f24a2057ba8966b1f5d47d0 |
| SHA256 | 2570b2a1b61cbedfc3bbe3cb9873fd60076b2f49886fc605fdf73440eeb56a21 |
| SHA512 | 5419ad915477159b6d6fa0c53369cc1d3a88e796249435e7b4b0774cafd8d8ed7cf2b4082076b317774e34e5e2dd2a065ba717c900151984c12dd1e0cd1aa0e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | deb6db1b1dbda8c45b3b543a5b1bbfff |
| SHA1 | 4b4a81f64bd748459ab2a1dcdfdc01c2e10915d1 |
| SHA256 | d9f43a5aa00a43d6dab0fa9d67b285aa96427694728c77c5494cd4028ffda3c4 |
| SHA512 | 1e7a52b36abfde922cb2c124b8e700663a93f5d1c592f8537c196fb84f8bfd566cfaf7fa0a20c165c6281efa18de14e993dda929abb4d23849e10f6a5ce991ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9846c46b22dc69c94ecc058eca22b94e |
| SHA1 | 4ac121b21e9251b2357c0ee554b2bbec97929dfb |
| SHA256 | c407802fcb7bc42fcc075d7c30606234ef33ea0ef5d2a48eb0da49efeb1114c6 |
| SHA512 | e3155c866d96a382cba4626a3909ee41b4063abe87d81e4ccf0a1e5a45fecfa986d36964b2e193a7eb45cb9fb6785c9aa25991cc8d5dee2d98227d0555826795 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01eba032f940d857c485b316cd0d0a6a |
| SHA1 | 0dda9c160a4da86db2fd9a12a1ff5a02e70810c9 |
| SHA256 | 2aa85a9b9b78e2c47f20ae9aaeb36ccebaef1fa73ac41321d3b39ac9329d84ac |
| SHA512 | 7b16db86e5a2877a150234cbf0c062f7d438531ea6bb49dcabfd41bb992a9bdc93cbd87bde28ded25bc3f0e10e6e7b2feeeefc6a9ed4b4306ae37eec1b819f0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77dd69194823106e19cb727b54249166 |
| SHA1 | b787dc5941b622e2d295f2e929958c55a0bb4394 |
| SHA256 | 3fceec71a5842712d2a6b2b818be9800a5817e1f83e816169ac356f76c5b17d5 |
| SHA512 | 81eaf79e8156beafb597fe446590abcc53d2c394e73802f36172a80a3d1ea9b70b2abbeb348dbb8964b058d6a28347dd121c4006bdbaaaf760ee93f0d4772166 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f05e89254e1c609e29d29529a1f968a |
| SHA1 | 0bc2d99644d00ba05b190c92c96a53b49b47a08f |
| SHA256 | b3ebe2e02a21acd0133a97255e9d6a7093a29f1b234d2d8f936b8d608277a017 |
| SHA512 | ceb79ef1a2c5c3f652f10a3b66d7d83edc9f916e93cbeecdf329abc0800994c716da485bbb3f2ac61f4ccb7d2b3ca221442cd345b0c4de2cfacdc5fd10a26eee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b679ffa8ca17d12e1aef9af5e54f268 |
| SHA1 | 88d4e6e7887dda3e2d407df9a3a80db042c8b641 |
| SHA256 | 3e52c3b18a1f756a76e120f482080dc7ef57e3c00063f4a5e84f22d9598f4abb |
| SHA512 | 124be208b65d4abc9a969fd0d318fbe022b3fdc3858daf9306ab1d84cac1a41da477bb4426013413912377b6ac12b5aa510c458c2212d41285cd17b6d44bf79e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb9e887f07ae8593a8b77360ac15804c |
| SHA1 | 23bc2fa0b23ec84886bee122e50daac582f96224 |
| SHA256 | 6e28f94312e944d3a309fbe5da042217f13336e041f155d1ff5ebafd23e1ec8a |
| SHA512 | 6c588151c027c4e5bccea878648135e365ca2c06d4ed0ccd194df34bd3b3895243711c8af42dde1211ab1556c5a9a46a65b4a23b8ffcd6eca6ea2f26895736cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5f9878df7a6fe01be144a52a4f07459 |
| SHA1 | a1166c729f5f8ba09a0d20941e8003f2a6dce991 |
| SHA256 | ea6aa4d1f3c4ca2dfee68b8050ffa191651817089255c5a1262f9cad52fdb76b |
| SHA512 | f5024aa6e74fc2d20d90b45f829697c57a39a2fbe2a756339ac902bf3cd2ba89e8c1eb1a2f5e2b20a18aa96dbbfc451c902e13e5d3b4953e3757c613ef1b67c2 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-18 14:55
Reported
2024-05-18 14:58
Platform
win10v2004-20240426-en
Max time kernel
146s
Max time network
133s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\造梦西游5水果辅助V1.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\造梦西游5水果辅助V1.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\造梦西游5水果辅助V1.0.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\造梦西游5水果辅助V1.0.exe
"C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\造梦西游5水果辅助V1.0.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.ku122.com/index.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1ec946f8,0x7ffa1ec94708,0x7ffa1ec94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,17796786649731284524,10096907554929690606,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | down.ku122.com | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.ku122.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.ku122.com | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.ku122.com | udp |
| US | 8.8.8.8:53 | 18.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.ku122.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
memory/5348-0-0x0000000000400000-0x0000000000636000-memory.dmp
memory/5348-25-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-34-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-43-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-44-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-39-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-37-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-31-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-29-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-27-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-23-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-21-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-20-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-18-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-15-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-13-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-11-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-9-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-7-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-5-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-3-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-2-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-1-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-41-0x0000000010000000-0x000000001003E000-memory.dmp
memory/5348-35-0x0000000010000000-0x000000001003E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b167567021ccb1a9fdf073fa9112ef0 |
| SHA1 | 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898 |
| SHA256 | 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513 |
| SHA512 | 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54 |
\??\pipe\LOCAL\crashpad_2232_RMWILJPFVTSMAMBN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 537815e7cc5c694912ac0308147852e4 |
| SHA1 | 2ccdd9d9dc637db5462fe8119c0df261146c363c |
| SHA256 | b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f |
| SHA512 | 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b39228d5217e9b9bc8aa304497c952ff |
| SHA1 | dd85ddd61e68b9ed540bccc9c7e37750a7ec818d |
| SHA256 | 54cfdb3d9ab6412e6f8b991150d081a22edf438a703dd93960b81c0860ca0e3f |
| SHA512 | ca6dcbea4bfdfaad127740b7b6a047a4d7fb526054e37ff960834ea87a61d8637ee68dcf9bf694e5bdcf2817911cb0038fd3555f88bd39b742ca488f23f70f36 |
C:\Users\Admin\Desktop\hao123µ¼º½.lnk
| MD5 | 1edd289b5677c09e637a4300f6073e89 |
| SHA1 | dd29f7920b4cdc2909a9335442b8e188433b3013 |
| SHA256 | 10fb9d59921f5650d4df1151520bfff7eb8258487621e98d554fde6ae4668439 |
| SHA512 | 54882defaba11699d9c87bf67d42dffc6fb6862c5f8baaf177f701b14580ff6174aa66dc25218482ea5fbc58b98d6b5afb941c5ed5265ba3a1e1028768c60368 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
memory/5348-104-0x0000000000400000-0x0000000000636000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5aedfb465d1a6d41125a77a7ca2c2d70 |
| SHA1 | 7f722e861193b3095b318858a35c45b58c38fb09 |
| SHA256 | 9ad4227b8c26d6873d7a6e6bfd66b2ac5214cc15bdf46c9f860e71447f8440f6 |
| SHA512 | c868394c284eef9a9c606c78027b9e2fccf7cc08fe21bcff0e8ef885044525222d03533f1770c3bb645282bc959f778ef7c842a3f2bc9ede953022311e1aa5b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a0490b1e48571dbb64e4f730942217fc |
| SHA1 | adde6d1e48ed993cbd29d3e2654b994cb9dc7666 |
| SHA256 | 8c281e58d4afbf448626a3970bb6b7b185e6fa7cb6721ffc6381aac0ff0f8555 |
| SHA512 | a74e057656bc867fcf56560b67ac65e6b6662a3b202640749a0b9e3a62449ff9eef1cc8138574b20787a7fde901cbe30c673923dce0f9de106ed22725541b5a5 |
memory/5348-119-0x0000000000400000-0x0000000000636000-memory.dmp
memory/5348-120-0x0000000010000000-0x000000001003E000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-18 14:55
Reported
2024-05-18 14:58
Platform
win7-20240508-en
Max time kernel
117s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\987网址导航.url
Network
Files
memory/1704-0-0x0000000001E60000-0x0000000001E61000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-18 14:55
Reported
2024-05-18 14:58
Platform
win10v2004-20240426-en
Max time kernel
130s
Max time network
138s
Command Line
Signatures
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\987网址导航.url
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-18 14:55
Reported
2024-05-18 14:58
Platform
win7-20240221-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\zmxy5cbftawqghn_3987.com\软件专题下载.url
Network
Files
memory/3024-0-0x00000000002E0000-0x00000000002E1000-memory.dmp