Malware Analysis Report

2025-08-10 21:22

Sample ID 240527-ns13lshh9x
Target MoneyTransBillQSvc.dll
SHA256 39c7794117655deb84c2d6c5a761570715cdbc90973c1bac8d85f6bc5de66a3d
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

39c7794117655deb84c2d6c5a761570715cdbc90973c1bac8d85f6bc5de66a3d

Threat Level: No (potentially) malicious behavior was detected

The file MoneyTransBillQSvc.dll was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 11:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 11:40

Reported

2024-05-27 11:43

Platform

win7-20240221-en

Max time kernel

117s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\MoneyTransBillQSvc.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001b378757370728489b558c30f1c2c12b000000000200000000001066000000010000200000006e83d683f405f8dc88e30350cbabd67c408d0576fee95b12a6dba92f0f4674a6000000000e800000000200002000000015b8e2257c28076606faaf38aea8892db5e4f5d8cb393c6473e573b9fd4e8a4890000000e6762bbb57218ec6a6f883b92ec3bc6cfd07d94a1382518c1e5d7354c2ecc8f5b6f295190befcbc369092919445bc6c3c69acae1be5bf9b42cce014a884e36861bd5a10eed64a3ededc5e0a5015e2b15caafb800c419c81651ddf374deb218ab7e28564aa2d10b91b2e0c69dbb660acef669d54398e7efc95f2c4b49694a00c6189948a2d511189ddfc9e3b0e6fabf6340000000efd4d22766b5ebd78a0113f656e89bbe864d152206ef064dfc74a802bb1d333d3280f7866e140cd854eb8a8aae3e0b8216d77929a5be11a6bfb6aa7b93da0c08 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422971896" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001b378757370728489b558c30f1c2c12b000000000200000000001066000000010000200000005e45e0646f340bb2c2aee56b427b6fd6e3a94ab6a5d37432a5eb65223bf60302000000000e8000000002000020000000607f51101646ef186caac1ca9666147745c2c53314a28c861008ef443a0f038e200000004418af05697eb685d885e14e590457694d6889c9a857957318390e5d5187e42d40000000e7ddd0712008384c7930972a2b9352e23ce06e6cff7073dd0c6da7e01f5c0cd4df8c61f41b6630d55bda436ac0455e6e8cf32ee1e305bc5a27a36bc48e84c49e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E9B2DF91-1C1D-11EF-9201-6EAD7206CC74} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90edacbe2ab0da01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\MoneyTransBillQSvc.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1524 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab934B.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar95F3.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 323c271e28af518c03bf2ef968544043
SHA1 7c69d50d8e4214473acaf3d8e91b7145afe7e1f7
SHA256 ceb83569e834d0fd78c3123264c96ddd678604a05f4c60c91dd34370f33050bd
SHA512 e53b450192111b8c5f7994b9cb98af92437d53a6c30a6d71328c815dfabc49d6fdf3c88e9afeeb24f84dccf78709e7ea160b50eb64a3cd16d0d95160609977af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62cae1ae0aae2d00a5d4902495932eae
SHA1 f7c2846b6f426bc5861eb64d546b8c6459419760
SHA256 8b6679c59afdcd245f014d352316daac41337e90be30578d79f71826458fe69f
SHA512 4822a63958dfd087a9475e71910b7d84eca387b4d17cc54abc1e6441e8d95a457208df0770aa0edbfe0848eebc6281d3431a0214b9cbaebf49cc2798d65d140e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2935c74ed3fd3b5daf5de867ca331e62
SHA1 8bcf657da3962d408970e6cd918a8a5285a88782
SHA256 6879b4d10c0b63c7231df15706ef6a4efe4658b76be3bfa68156c335d8a9bbf6
SHA512 5b8b5d3a8a2c850487e4021431a4206256f6474f97aeb3b7157fc99eec0c4a3ba7d745389420361a188a0d1472d541e08e56f69d1f1dd2bb2db3e6bd58250ee8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f37b7aaa2a845dd6a8f078d3247f175b
SHA1 94821b493d123acb7da5895c7e8a53e06fc58e6a
SHA256 52697081b7300e2318a53ece84a059fae4effb106774a5bfdb71027775c69be7
SHA512 6604a49721ca0907d49e2a80c3525b17298b3908de6a2421ffc474c9e4036b748c13a5d5bfea3f8176b02018dabb05a47640fb2c79a0c143c8bc792362e72f5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41204d3220cabdc9a93fdb37fbd21e32
SHA1 f68e7dd06ec5af71a1f10fc5db7f29c785c38f70
SHA256 f773354eb7e3e57e7633e0430514978491cd4808a9faff786c9b574b29ccddec
SHA512 f9b8f20fc10e9b49149c1a172ec480453a216e2e6521b5acacff9a957999cb9be9e1e2cc0d81869e4dea56c1d4b84e3469f43f31bb949220e0ce74c4e31a289b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61b3635285200ca5237dddd1241481bb
SHA1 f08b3219877ef4d38a91a3a7ca3cdf7701845ddf
SHA256 a091e628789f6d79775481351ce8a538ec5cede89b9d5bd163907c8c82882146
SHA512 99f536530ceee37c8175c4071cb024fe2c4f0d08e42ea41a7d3052defeb64e0408041e9eaf9d453a15e79b4a2ff3dd83543dc74e9bd788d71234d64688452687

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2dcca746f81908d99c5aa63e1f86c63
SHA1 57a8294902069d5d01959540ffb021d5ebfec15e
SHA256 bfdadbf7a6328d4f7956bc4101f7cef080556aa04517d2b40c9c6516f9ee63a3
SHA512 6405442ace04cba7dffd3e493267f0a7823161ac83f8cf9765027d6c0a393c9abe4ce10d654ba6b011f080fcb9efb69e19b5ec0eb9f156b15da89d14ca34e16f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d4464f93a9c0e5053fbfe05fb89e352
SHA1 a20e1c43544e64443272c3344269fc310080d9a9
SHA256 386d192b59e8697f7dba1ade188598032df475f9377229f472ca021ad71d5a65
SHA512 56e43aebba02ea9eb1408e66ee70c235b85745f9d97729b61703d44513823c6f9be092ba64e27eb4d12dbce83300a0422fd966bad3086a8a7bc319cd4ae9d2a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76cd36c1e3cbbf521ff7951d747d9110
SHA1 08178c365f40d516c1392600aa31669ff16e7c51
SHA256 7ff2a29a0f14357af5f9d6a37fbf58486522de0ac0e032bba6b8744409c0fac2
SHA512 91def958b7d1ba038b1c0137221a961abd0d7aa483908e5bfa7c9a25d0d156f72fba17d3fff988fa00b93fd85c4656304ca1b7c1fece513a14dfcc4d270453a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5261d542dc7a3ef2d1fe2c9405c5e044
SHA1 f6962a13da9cf8244e6f2aef8ceada625a69d79a
SHA256 0ccf473ca5869c9276063238935a32cc63ee9d02026a23fa83052dbf6e9c1d45
SHA512 88a47dce2c88c3f7a4599b52fc2ce80e7c20243f8fa9c5f128c7bea18e6e4639cf8c23664b811c92916d485be5c871f33e0a49ae8aedb98774767cb7ea656cdd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af969bd174fe5918a47aa0ade7f9eed4
SHA1 a7b16b2adc9930a1dbe07109dbb30a1cc31f549c
SHA256 14058664ab96c26a5e9b2b57619cb8f4feca5e43b277a7d7991ab3a7bb46dcef
SHA512 cd7fb22c61cceb5d3a8986eecacb6041fb53ab74a3435a293d29af2c88a88ab784618657b6f7e892e4d777ea05482e765f922443978a91625ec7474517457816

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 235f91bce5d7eecd81aa93587e4057cc
SHA1 5300cfcc30500ea0d848be169fd6e4cd0d5bd0b8
SHA256 f6e20d1df7ef724dc8934d03f04cf5dd61c6e289cd3fadd638ba83ff9989eea1
SHA512 81e497e901059cb0d7993b51b31b3e165fc7bf676b0c5d66cc7aa49b76b2ef22d3121a1f06103aa20b08c773cbb551a883c7980544a1826e95a35da071e5bc71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a87ae9da652265459e3eca6c060d1cfd
SHA1 5517d81987bfe314774394c5f8d2c100fe3125f5
SHA256 0ec19f3c2ac12b57c29272a890f9516ea048bd03ef6da8d802be419a8b013e73
SHA512 42aaa3d3ffa8f146eb400a2cd66f522038ecf5052a2de2546311c3b13d90dde4c481a0b5472e6920230457f52cf51017790c11f667d7095b581b7963c2eaabf4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a87fd1e74046a7532d820f8914907004
SHA1 87d94e61e1d67e7c22fdc4d66cd2e4f57647f08f
SHA256 e03faed208fe57c6a50112edefa776e39ac9761b6a8c4e91124a0af7b2d02355
SHA512 eaf27a8982a3f6fd34dee5be134e345fb36fd0f854871c6b385852581e650489e2f20668065c7c666da3f676aaed6ba4648b6bab9ed8635d8fdea035ee091f20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c969e462530761a6d59bfdfabb76398
SHA1 fdbc36ae881aba8994cd2761444fa8eba4ba6b56
SHA256 dcd2f3bc6579ce4bfda5731c6647a86b748e2b8e9903c5bbd924c2d2145834da
SHA512 49d4ae0ac3d11ebbe7d378631a51604233c543faf9c6e5fd15b91989a124867fc0163645d350db86be7a54623598c627ea5bd0bb2d6271d7b93977527ba3ecf6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72add50fcb9148d4869c91aa7f5b3f20
SHA1 e92f805e94f7abaea534253e54c8537bf6f10b1a
SHA256 214572e918937757c7a7c1d27817eaf2712783e1d90d2a627f3462faca8da94b
SHA512 5942db073e63a2307ef1a81cbd9623165b28ef98f10ea431e7eabed70d629d42ae2b34565edcd91e8802c0c76328202ce7b5ec917ab245e90a311f42e1b9344b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df8812cf8122fb080181dd2aae5ec3e8
SHA1 7394b06022cf06eb16c2a0806fb15eed32c10506
SHA256 3ee6e49d955a884fbf3b3ec2f420459cc3e442eb363b788658ec03b9fd4dd655
SHA512 4ae5f861589436791c65d996770d6f46858d670628b076faa9be1b5b687a94648e9a9865d5b16b2b31bc619dc37977f98f487d0bd946e1ed3e087b5c59d92c3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d87282b388e46798bbf8921a99d5ad43
SHA1 946dd3d603def3fe67cd6313f2379981c5d3f701
SHA256 b6df8db62c55248df31cbf64ead1024b55b5d5be3742130725704bdb21c60d85
SHA512 29b80c94053bc617e63bcd34a88c1f9f65e09b1332d8bafd12aeae2be6fbf27eacec198fedc88c2ec4a831d8f3c99ebec56529e0301f441f3246744360d53b22

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 11:40

Reported

2024-05-27 11:43

Platform

win10v2004-20240226-en

Max time kernel

145s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\MoneyTransBillQSvc.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\MoneyTransBillQSvc.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5548 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4164 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5568 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5500 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5840 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 56.94.73.104.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 104.91.71.140:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 158.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 2.21.17.194:443 www.microsoft.com tcp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.22:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 22.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
FR 142.250.179.106:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 106.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.73.42.20.in-addr.arpa udp

Files

N/A