Analysis Overview
SHA256
39c7794117655deb84c2d6c5a761570715cdbc90973c1bac8d85f6bc5de66a3d
Threat Level: No (potentially) malicious behavior was detected
The file MoneyTransBillQSvc.dll was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 11:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 11:40
Reported
2024-05-27 11:43
Platform
win7-20240221-en
Max time kernel
117s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001b378757370728489b558c30f1c2c12b000000000200000000001066000000010000200000006e83d683f405f8dc88e30350cbabd67c408d0576fee95b12a6dba92f0f4674a6000000000e800000000200002000000015b8e2257c28076606faaf38aea8892db5e4f5d8cb393c6473e573b9fd4e8a4890000000e6762bbb57218ec6a6f883b92ec3bc6cfd07d94a1382518c1e5d7354c2ecc8f5b6f295190befcbc369092919445bc6c3c69acae1be5bf9b42cce014a884e36861bd5a10eed64a3ededc5e0a5015e2b15caafb800c419c81651ddf374deb218ab7e28564aa2d10b91b2e0c69dbb660acef669d54398e7efc95f2c4b49694a00c6189948a2d511189ddfc9e3b0e6fabf6340000000efd4d22766b5ebd78a0113f656e89bbe864d152206ef064dfc74a802bb1d333d3280f7866e140cd854eb8a8aae3e0b8216d77929a5be11a6bfb6aa7b93da0c08 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422971896" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001b378757370728489b558c30f1c2c12b000000000200000000001066000000010000200000005e45e0646f340bb2c2aee56b427b6fd6e3a94ab6a5d37432a5eb65223bf60302000000000e8000000002000020000000607f51101646ef186caac1ca9666147745c2c53314a28c861008ef443a0f038e200000004418af05697eb685d885e14e590457694d6889c9a857957318390e5d5187e42d40000000e7ddd0712008384c7930972a2b9352e23ce06e6cff7073dd0c6da7e01f5c0cd4df8c61f41b6630d55bda436ac0455e6e8cf32ee1e305bc5a27a36bc48e84c49e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E9B2DF91-1C1D-11EF-9201-6EAD7206CC74} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90edacbe2ab0da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1524 wrote to memory of 2144 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1524 wrote to memory of 2144 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1524 wrote to memory of 2144 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1524 wrote to memory of 2144 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\MoneyTransBillQSvc.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1524 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab934B.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar95F3.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 323c271e28af518c03bf2ef968544043 |
| SHA1 | 7c69d50d8e4214473acaf3d8e91b7145afe7e1f7 |
| SHA256 | ceb83569e834d0fd78c3123264c96ddd678604a05f4c60c91dd34370f33050bd |
| SHA512 | e53b450192111b8c5f7994b9cb98af92437d53a6c30a6d71328c815dfabc49d6fdf3c88e9afeeb24f84dccf78709e7ea160b50eb64a3cd16d0d95160609977af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62cae1ae0aae2d00a5d4902495932eae |
| SHA1 | f7c2846b6f426bc5861eb64d546b8c6459419760 |
| SHA256 | 8b6679c59afdcd245f014d352316daac41337e90be30578d79f71826458fe69f |
| SHA512 | 4822a63958dfd087a9475e71910b7d84eca387b4d17cc54abc1e6441e8d95a457208df0770aa0edbfe0848eebc6281d3431a0214b9cbaebf49cc2798d65d140e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2935c74ed3fd3b5daf5de867ca331e62 |
| SHA1 | 8bcf657da3962d408970e6cd918a8a5285a88782 |
| SHA256 | 6879b4d10c0b63c7231df15706ef6a4efe4658b76be3bfa68156c335d8a9bbf6 |
| SHA512 | 5b8b5d3a8a2c850487e4021431a4206256f6474f97aeb3b7157fc99eec0c4a3ba7d745389420361a188a0d1472d541e08e56f69d1f1dd2bb2db3e6bd58250ee8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f37b7aaa2a845dd6a8f078d3247f175b |
| SHA1 | 94821b493d123acb7da5895c7e8a53e06fc58e6a |
| SHA256 | 52697081b7300e2318a53ece84a059fae4effb106774a5bfdb71027775c69be7 |
| SHA512 | 6604a49721ca0907d49e2a80c3525b17298b3908de6a2421ffc474c9e4036b748c13a5d5bfea3f8176b02018dabb05a47640fb2c79a0c143c8bc792362e72f5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41204d3220cabdc9a93fdb37fbd21e32 |
| SHA1 | f68e7dd06ec5af71a1f10fc5db7f29c785c38f70 |
| SHA256 | f773354eb7e3e57e7633e0430514978491cd4808a9faff786c9b574b29ccddec |
| SHA512 | f9b8f20fc10e9b49149c1a172ec480453a216e2e6521b5acacff9a957999cb9be9e1e2cc0d81869e4dea56c1d4b84e3469f43f31bb949220e0ce74c4e31a289b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61b3635285200ca5237dddd1241481bb |
| SHA1 | f08b3219877ef4d38a91a3a7ca3cdf7701845ddf |
| SHA256 | a091e628789f6d79775481351ce8a538ec5cede89b9d5bd163907c8c82882146 |
| SHA512 | 99f536530ceee37c8175c4071cb024fe2c4f0d08e42ea41a7d3052defeb64e0408041e9eaf9d453a15e79b4a2ff3dd83543dc74e9bd788d71234d64688452687 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2dcca746f81908d99c5aa63e1f86c63 |
| SHA1 | 57a8294902069d5d01959540ffb021d5ebfec15e |
| SHA256 | bfdadbf7a6328d4f7956bc4101f7cef080556aa04517d2b40c9c6516f9ee63a3 |
| SHA512 | 6405442ace04cba7dffd3e493267f0a7823161ac83f8cf9765027d6c0a393c9abe4ce10d654ba6b011f080fcb9efb69e19b5ec0eb9f156b15da89d14ca34e16f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d4464f93a9c0e5053fbfe05fb89e352 |
| SHA1 | a20e1c43544e64443272c3344269fc310080d9a9 |
| SHA256 | 386d192b59e8697f7dba1ade188598032df475f9377229f472ca021ad71d5a65 |
| SHA512 | 56e43aebba02ea9eb1408e66ee70c235b85745f9d97729b61703d44513823c6f9be092ba64e27eb4d12dbce83300a0422fd966bad3086a8a7bc319cd4ae9d2a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76cd36c1e3cbbf521ff7951d747d9110 |
| SHA1 | 08178c365f40d516c1392600aa31669ff16e7c51 |
| SHA256 | 7ff2a29a0f14357af5f9d6a37fbf58486522de0ac0e032bba6b8744409c0fac2 |
| SHA512 | 91def958b7d1ba038b1c0137221a961abd0d7aa483908e5bfa7c9a25d0d156f72fba17d3fff988fa00b93fd85c4656304ca1b7c1fece513a14dfcc4d270453a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5261d542dc7a3ef2d1fe2c9405c5e044 |
| SHA1 | f6962a13da9cf8244e6f2aef8ceada625a69d79a |
| SHA256 | 0ccf473ca5869c9276063238935a32cc63ee9d02026a23fa83052dbf6e9c1d45 |
| SHA512 | 88a47dce2c88c3f7a4599b52fc2ce80e7c20243f8fa9c5f128c7bea18e6e4639cf8c23664b811c92916d485be5c871f33e0a49ae8aedb98774767cb7ea656cdd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af969bd174fe5918a47aa0ade7f9eed4 |
| SHA1 | a7b16b2adc9930a1dbe07109dbb30a1cc31f549c |
| SHA256 | 14058664ab96c26a5e9b2b57619cb8f4feca5e43b277a7d7991ab3a7bb46dcef |
| SHA512 | cd7fb22c61cceb5d3a8986eecacb6041fb53ab74a3435a293d29af2c88a88ab784618657b6f7e892e4d777ea05482e765f922443978a91625ec7474517457816 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 235f91bce5d7eecd81aa93587e4057cc |
| SHA1 | 5300cfcc30500ea0d848be169fd6e4cd0d5bd0b8 |
| SHA256 | f6e20d1df7ef724dc8934d03f04cf5dd61c6e289cd3fadd638ba83ff9989eea1 |
| SHA512 | 81e497e901059cb0d7993b51b31b3e165fc7bf676b0c5d66cc7aa49b76b2ef22d3121a1f06103aa20b08c773cbb551a883c7980544a1826e95a35da071e5bc71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a87ae9da652265459e3eca6c060d1cfd |
| SHA1 | 5517d81987bfe314774394c5f8d2c100fe3125f5 |
| SHA256 | 0ec19f3c2ac12b57c29272a890f9516ea048bd03ef6da8d802be419a8b013e73 |
| SHA512 | 42aaa3d3ffa8f146eb400a2cd66f522038ecf5052a2de2546311c3b13d90dde4c481a0b5472e6920230457f52cf51017790c11f667d7095b581b7963c2eaabf4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a87fd1e74046a7532d820f8914907004 |
| SHA1 | 87d94e61e1d67e7c22fdc4d66cd2e4f57647f08f |
| SHA256 | e03faed208fe57c6a50112edefa776e39ac9761b6a8c4e91124a0af7b2d02355 |
| SHA512 | eaf27a8982a3f6fd34dee5be134e345fb36fd0f854871c6b385852581e650489e2f20668065c7c666da3f676aaed6ba4648b6bab9ed8635d8fdea035ee091f20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c969e462530761a6d59bfdfabb76398 |
| SHA1 | fdbc36ae881aba8994cd2761444fa8eba4ba6b56 |
| SHA256 | dcd2f3bc6579ce4bfda5731c6647a86b748e2b8e9903c5bbd924c2d2145834da |
| SHA512 | 49d4ae0ac3d11ebbe7d378631a51604233c543faf9c6e5fd15b91989a124867fc0163645d350db86be7a54623598c627ea5bd0bb2d6271d7b93977527ba3ecf6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72add50fcb9148d4869c91aa7f5b3f20 |
| SHA1 | e92f805e94f7abaea534253e54c8537bf6f10b1a |
| SHA256 | 214572e918937757c7a7c1d27817eaf2712783e1d90d2a627f3462faca8da94b |
| SHA512 | 5942db073e63a2307ef1a81cbd9623165b28ef98f10ea431e7eabed70d629d42ae2b34565edcd91e8802c0c76328202ce7b5ec917ab245e90a311f42e1b9344b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df8812cf8122fb080181dd2aae5ec3e8 |
| SHA1 | 7394b06022cf06eb16c2a0806fb15eed32c10506 |
| SHA256 | 3ee6e49d955a884fbf3b3ec2f420459cc3e442eb363b788658ec03b9fd4dd655 |
| SHA512 | 4ae5f861589436791c65d996770d6f46858d670628b076faa9be1b5b687a94648e9a9865d5b16b2b31bc619dc37977f98f487d0bd946e1ed3e087b5c59d92c3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d87282b388e46798bbf8921a99d5ad43 |
| SHA1 | 946dd3d603def3fe67cd6313f2379981c5d3f701 |
| SHA256 | b6df8db62c55248df31cbf64ead1024b55b5d5be3742130725704bdb21c60d85 |
| SHA512 | 29b80c94053bc617e63bcd34a88c1f9f65e09b1332d8bafd12aeae2be6fbf27eacec198fedc88c2ec4a831d8f3c99ebec56529e0301f441f3246744360d53b22 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 11:40
Reported
2024-05-27 11:43
Platform
win10v2004-20240226-en
Max time kernel
145s
Max time network
153s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\MoneyTransBillQSvc.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5548 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4164 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5568 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5500 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5840 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 56.94.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 104.91.71.140:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.22:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 22.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| FR | 142.250.179.106:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 106.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.73.42.20.in-addr.arpa | udp |