Malware Analysis Report

2025-08-11 06:08

Sample ID 240527-wtp1qsdh33
Target 01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931
SHA256 01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931

Threat Level: Shows suspicious behavior

The file 01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Modifies file permissions

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 18:13

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 18:13

Reported

2024-05-27 18:15

Platform

win7-20231129-en

Max time kernel

141s

Max time network

134s

Command Line

"C:\Users\Admin\AppData\Local\Temp\01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931.exe"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "209" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003bbc9162257cc9479a8fef903d1075f00000000002000000000010660000000100002000000049d2c5a0438ff56cea564d70b5bed1599b508152d70b6e0bffed9dcb05ddcee7000000000e8000000002000020000000ae434962d501d08e8b4890d8585eb1087f52ddf6690345968454eebb0faae85220000000a7cb3c8978c9d24b0958c6c62f6d43b1e2a52f6c26b9d569561a1f7d5b2551d440000000d672166d346e804db6159b42ab40e2b243d6c584e1d55053837cf232f2e1dd679842eb0f87f22ebdc4abdbc6efcc9cab406d091e5b00d76868cbc5a1eaec0aff C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "122" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "224" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "229" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "276" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C6819391-1C54-11EF-8857-46361BFF2467} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "42" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "224" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1064609c61b0da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "42" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422995458" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "42" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003bbc9162257cc9479a8fef903d1075f000000000020000000000106600000001000020000000ba959a19eb847098b7deca3abab9422b6f46365ffae15e8b6a9a5aeecbd93054000000000e800000000200002000000015d7eacc99c901ac068e84efb35f5de892d0363736e4527d610afe8bb2ab2e1d400100008f8ec81fc9d64b5cac7dffbcb2a34104435e821fdeaf9c3bad961d2746e056ad55a68db6fac4afaaf4a21ddcb22d8840ad9c212110ddd754c14b9dd25d15597da78d74300b437b71a024d2ff72ccc4ea65442e524ee37f8a32cdaa2fe4a6494e120da1383e334fd7f0fa53cdaa12b55a7e8e638968e3f9808a9dd5e9f5d2ca454c74a5ef6f604fa1658d9de989357403fdd6b9833d7f2895ffa60256817b3abd19f449d187db1bca52a0fee520706fe00814a1f293a3d86d5a1e14b9389808cc423f8cc856b001b90da207b97db964cff34fd997e6c51e4c5c697b84194fbcd68fb363eb706491b222dde3eebb91cec5e2e05ff22f770157c4c6613b336e1a4ee4073d12d64b291740f79dbeca820ade95fe3b1e135473ad036bca0d4ee93cc8119e654fd53073c6052ed184f5bf469b2307f045386bf636bebf6662cfc74dbf40000000ba2fb5d1893fd7de2543ab4180b0431c0d8693bab099fabb5f7dd28323b81a47edbff15bc8d4864fd22443c9e7bb7a865d2e1e3400aa78344c3f860c682de5cd C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "22" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "224" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "209" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "22" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "122" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "122" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "209" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "229" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "276" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931.exe

"C:\Users\Admin\AppData\Local\Temp\01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://java.com/download

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2768 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 java.com udp
US 8.8.8.8:53 java.com udp
NL 23.62.61.163:80 java.com tcp
NL 23.62.61.163:80 java.com tcp
US 8.8.8.8:53 www.java.com udp
NL 23.62.61.137:80 www.java.com tcp
NL 23.62.61.137:80 www.java.com tcp
NL 23.62.61.137:443 www.java.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 static.ocecdn.oraclecloud.com udp
GB 104.103.246.175:443 static.ocecdn.oraclecloud.com tcp
GB 104.103.246.175:443 static.ocecdn.oraclecloud.com tcp
US 8.8.8.8:53 s.go-mpulse.net udp
BE 23.55.96.141:443 s.go-mpulse.net tcp
BE 23.55.96.141:443 s.go-mpulse.net tcp
NL 23.62.61.137:443 www.java.com tcp
NL 23.62.61.137:443 www.java.com tcp
NL 23.62.61.137:443 www.java.com tcp
US 8.8.8.8:53 c.oracleinfinity.io udp
US 8.8.8.8:53 www.oracle.com udp
NL 23.62.61.162:443 c.oracleinfinity.io tcp
NL 23.62.61.162:443 c.oracleinfinity.io tcp
BE 23.55.97.240:443 www.oracle.com tcp
BE 23.55.97.240:443 www.oracle.com tcp
US 8.8.8.8:53 dc.oracleinfinity.io udp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
NL 23.62.61.194:80 www.bing.com tcp
NL 23.62.61.194:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/2888-0-0x0000000000400000-0x0000000000422000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EWWASWHN\www.java[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PWU92FQD\favicon[1].ico

MD5 8e39f067cc4f41898ef342843171d58a
SHA1 ab19e81ce8ccb35b81bf2600d85c659e78e5c880
SHA256 872bad18b566b0833d6b496477daab46763cf8bdec342d34ac310c3ac045cefd
SHA512 47cd7f4ce8fcf0fc56b6ffe50450c8c5f71e3c379ecfcfd488d904d85ed90b4a8dafa335d0e9ca92e85b02b7111c9d75205d12073253eed681868e2a46c64890

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 d05180c245e0a96c9333852dddc854b2
SHA1 466ff99b6c9adeee22555b871eb5dfb38b524d19
SHA256 ca7d609e05a69b9dfc6ad28f6faf24a027c848dc50b70aa3a286d0f1016a48cf
SHA512 1ffa2e0856e0794cf08c7d57aba0ec4f8176c0510bb4fc19c9ecde2be8b52c91a5344dd09c5df139d63112bbafb47ac663ba042024b5c612bbf11288024b2dc3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EWWASWHN\www.java[1].xml

MD5 43ca916c3b2b40bef0bcaf2b422e72b6
SHA1 524f84d38e162ed61b7b24d0f88789293fdbc505
SHA256 98adeb0acb223ac4930658447ff17536dc143cc3e272f713b1253e67e34def64
SHA512 57591f590964a8e195653c3ce8a8068359e2dbb8093ef75672974d1070f84734ebd45a18b38f82b77acfbde89fe4783188e890109ddd50c220d9bcb31fb227e9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EWWASWHN\www.java[1].xml

MD5 f0db8f5a00b0b6023afdbd6e9984dbcf
SHA1 2ff325a7d56074b9b5394dc07f20b2707ade8791
SHA256 ab408a158a30f6f3ea032e7f13b89d06a78abf60f7a561a234ee3913ccabbaa6
SHA512 c39a3d80f63e9a031d19ca46a183d664f30ce0c6ffe61c154b0d6af479e7dbcd9fbaeb66f72e66b4373f030a851cec5316c1f1aa4e85d6ea79781518539a7049

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EWWASWHN\www.java[1].xml

MD5 e55c5a903e1d10c11126241f08e89781
SHA1 7d9053aba66e88fe172599ba3f34bc7ab168807f
SHA256 daf5ee943fc94bf41639d7e69629b0725b894d57352f43eac7db46c1f831276e
SHA512 ff3b87d8af334ada5ad01f0a0467d6ee5a5821f651f00cf48c2510517f2b7084f05f3f6dbb18b1565c6d8d5b9546a1ccd5181e33d1d725ff3980e662ce6e4e93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0d09239f4a00f5147feaf8104689a1e
SHA1 18f6ff08c689102bfe918185c7125686b5235cd7
SHA256 453899b53a3ff75eef7f9da94483d852fee112ad8b117c71eeff969e48aff603
SHA512 af0c7f80d7a6cb1f2b8e2323495d31db5daf29fd4c97e15e7939fafe28fe2000e3bdbc81628b72fb85d21e8677107cf6b2ca382635a9f93a7a668c6be0d06d3f

C:\Users\Admin\AppData\Local\Temp\Tar4655.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 fb1494b6094dc1319befa6ef9ac26d5f
SHA1 4db7bf83143670c04962bc943b05bed0f1bfc985
SHA256 3f7b823f8c34ab6bc8f047be8a1e26bcf7c9dbd8bebce972214a01037db8efa3
SHA512 e6c4c759934447d0253e0cd106860308e0d2fad3b19d8836c22c30c6097baf6c916ed34932b69c5697b982af85b6cb47edce78cc1a6cf721ea9231a47ae0fc91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1205ffb2de411b62ce13c2ae0431219f
SHA1 608adceb1e019de54b7052b88e0911d9435503bb
SHA256 a7a4b9d536c35d160d421d787f455d91563b08133dbc90d4b8e6cdffc156a449
SHA512 bb3a679fed7a9d813f3b9cb7b61b19fa85a2919698841241becec5e1fa030211998c233d30b45b5651209b4d378b3b46ee43d99f79414765e5bcbbbd16159b16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70a95b99993a69d25a8753d77fab313a
SHA1 3906065097322e788d50646eab07cdc354e90d68
SHA256 5280dd0cd059e6a897b71f508c0f1013bb3cccc54a96e9b4f191c5ef87268edc
SHA512 a7f3c6200026d66b5dc5938577832afa317c591b0915f5faa38e907904f82383bf892b456473019ce1090e7dc35c1247e7e630ad3c310826e4890a0e506327fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c84111909caa124e353fd555deea25a6
SHA1 9678786850bb3f9e983abbad28c289e2e770f942
SHA256 d900087721ea4a63aba838e836d5254847ee39b9d594948e0ff874389840e45c
SHA512 abd0530c1dd823695d66799ca3c14b4aa40393bca8c70c27018a542dea7b25a92cd5411b24a9c119f551b29464f77608d23ad769c6e9ff72e8f3389b83901343

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c73275c1f202154385606bfb898c6c1
SHA1 520c2c7ca2663bacc9ad8600f148562ebdb96459
SHA256 3af39b994e1ea51a299d2a23db9d8019cfa8286ff06ba4aa15319377ad004972
SHA512 1fcf560c324bcad2cfc92026c32e285d8fb21043c2460d997c148d551c84836a2a92c2dc7eef050a3eea32a1df37bfd4be04de826e51a261ce990119cbadb066

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70c5ca480b881bd41a212699791991fe
SHA1 a26feb7f18ba5748c068d5c0806d4fe0600d6aa6
SHA256 78068144056c002f849e1df68f069b3049e0ee312e859ff067571e9cc5a987c0
SHA512 5c230645ab3fdfe41d5437accccbda30c21cee74aa6ab8157b831d7e9c04224b6798b8264c2765f0fc6028e9880ff45977833f4f6a0471ecaa374ca288403f6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 033f3ec1180aa965afa99a688dc273f9
SHA1 1134aa0341ea0ec0933418ce03d5730aacf36836
SHA256 886f6457169a5878a07ca24fa75ac57d902c578c6ecb8aa76068b61ca259eefa
SHA512 716404d3482864e317aab78502c75565a89b083b2321bf2a03ab8825853d41760eeaee791a84213e0dca58591011813b4745fa8e3ca8de7bf8afb791bd249554

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58d8abf0e72f405ea79d02348e21a32a
SHA1 35eb23e1e67b950b1d7b5cf9b9605f182c13c685
SHA256 323fb8ed54cc7bd7f4715a0a17a2792b8c508d3cfe6ea824d4a4af914870f895
SHA512 d47ebcd3d61f3686261c92f4e078ce817848f1f2706da56d35f50c4edeaab3dc6fb0897e87ea077a4143026402adf26cfdaacdac3d9992dca41b9f0e6af6bf3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bae2ce35e7e11b3387eb925193b881c
SHA1 d9e979746a542bf739b60c674d66571ea728b883
SHA256 2485c969d78939aea89f18e28548578c6122b8271a6d57af48099cc746ec3ab0
SHA512 6012133289ec24d6a3d058bdacd507deee6bffaacd252f6b63420012fde00d3c0bea4d3e1e579a942d04bbd33a09e5df796a0a526d683b3fa03a312425fc4372

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fc2f0f7d5fae4683721942c4d91f77a
SHA1 816ac5256864f0ac21e778dd5a39f2930d0bb9e0
SHA256 0bfcc37f71277b8b2151e33bcac864bbea5df6220d135984a6626473e0479bc7
SHA512 e1ed39a34d626f368d76e4adf57a721423c396886ebf9a95da1bfdffacb3bd4ecfe0eff29d677c97da9a98a75d962f9c450755f3c0efa80bd75a49e3572ba03a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e123843f80526c837364cd1a00341ad
SHA1 4d2a02142af6ed9bb40801b0ca08a47f4caabb20
SHA256 8d306c9689866302009db68c06fd4b6505ac7e2926f2cbf8bb08f8faa97a7212
SHA512 c0e07e0ddf5e1355c5d6b14fce0664e07cc216c582a2d04a3268a619e7394a58e111eb204c2c468ab74f044d69e8f1a3235822cb2c85b8094f05ec96cbbaa219

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0218f365ebc878c72f3d234345e9da7
SHA1 cebc5604350e1bbc646cca3c5254876c1af33dfb
SHA256 48c10148d14b6dad09014e48af61016f0ec11ca82c5203adea24cba4059d3b56
SHA512 4e86c4beb5923203da45476bd6dc608c216f28e49b50657a3954fda70987e1a2236b2e216f5a6baa19b5229cba5736bc396ae638b6dfa85ba34ef01354cc5bfd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34731f4a5efdd5dfa507220bb956a65b
SHA1 6bec204fe5777aeb3c6d688797318b559a76313d
SHA256 20932783deafe45f2b626c6c1fcd3299188a53edb20c30d209542d63bc72aeef
SHA512 f8f6a4f3bd616f4f2a3dc7a2a71547c08bd4e808e677063ecfdac6c8c4f181ecc4d150dac588f3f77803444a056a7af86e96afabb59c236f9499163ff140ff2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da59ee287ffc4598c2a2e44db76f852c
SHA1 174278956f8c27f2ea4b5a55296b25fefdc897d3
SHA256 bc6f64e70a13df423cd7200c2c494ebe5718fb35d5191c63525b359533b35544
SHA512 4a117c7bb92489b8ee6ba846f4832aa4d6e75b241a4d2df91fe5e26e9fee6e495cbccab9b28f7688ae9285af7b27ed0cf37ad8cf77e9827509716bda89aa1349

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c51b328f1a0d427430a245f2f48ad48
SHA1 0e27475e8c0cba3ab6e88ad9808878b0406a6e1d
SHA256 7aef7f40a12b34cba1fb0f353120257a060181fa9fc38b6f0c34cc2487a8a11e
SHA512 61cd9254649f67caf5302f7181d7885d9c048286032341ecb718293959261a78c7fd533616fcff6dcbc82978e4f321386b90cb02257a443e2668a899f1678fa2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00a043e93ae3bc0c4ab29e782287ec54
SHA1 4c3d1d6b78d6c6c51fdda25aae80fbd3e4b0b3e3
SHA256 1a93f9bd97176624a57619dafd7d3f25fde0440ab51bc045d2e07be87af52e51
SHA512 7e2f8030f0f6780e764d7b53d3078397a2e2f40ced4d169d679dca7ff3e475b13c11df385e973a00397872db773d22b8477fa53f063007b164913fdef5f4a923

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81dd22d0d641d96b4411d3e4f07102da
SHA1 ab99bf37047be56b7253a518edd9bd47abdc4944
SHA256 57b8210947d72d64cc67691f57bdf98509dacbb9decc22bc81aa08b68e778491
SHA512 e36035468875ec21ce945a79ff8fee68f274fd91b546caa2f6f7f2e954e6db91d744cb6739b90d375681a4b32c61b3b659a2c4fb8148a867594fc1134029ee3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0483178ae92bab67a998b732146d9ce
SHA1 a63174dd0d7cec91992a18549251510d7f948a74
SHA256 7229f140a6dfb09d12eb3ebbc441370f101bb02b56797ff4f1095208e5f79053
SHA512 371b2561092b19df788e89059ee8611c705ca981176d9b581bd9af67d460058e5af52c1567b1df78e35d5dda6e04aa1689a1ff0a1073511ca992edee160537fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c46057f37d45e26a878955e4d61666c1
SHA1 915bf525ada1f28a35b86516509ae7c8787c179b
SHA256 74cc91945803b68704f27eca8205e21f6884572475e2affd548d9b86e20bef50
SHA512 1fd666c7c6525c5033f57446d413438ab471306aec7a622131498c3bd4b38d7beb0e8db66766de7b41f375658014d80f9d99dc4b341bfeab0538f9918501fc21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40d0bc7af116ad289129f1c33be2ca86
SHA1 da6a4ed34c386277a02420f00a802731ee0102ee
SHA256 713a8530c785168d4e69174560160150fa22c192096b362832dcd3f5c4229ca1
SHA512 2d2cd5b90cfc827ea61df2ec08e6e6e074660d26907f20c843461b0cd0142f4b1206311264f5ce352cf6f93139ec67902ce25e83a811f6a89107fa49e479503e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74ef85d92919e9f50a0efda1557598fa
SHA1 3449c14ae4e470a3e26777c520217d72df6c49e7
SHA256 2f0135d3f6f27540dbf2b73e992dab6e69ba3752bd99b82beefd90b64e2bdf8f
SHA512 1d6978817c7f72470c8d8739003271319735fc79eb95ff3824b605308fac69d6212d402f0721ddd917b285d774c54b8e6ee373a5c5a4b5c135d31a068432f414

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 18:13

Reported

2024-05-27 18:15

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931.exe

"C:\Users\Admin\AppData\Local\Temp\01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931.exe"

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Djna.nosys=true -Djava.library.path="C:\Users\Admin\AppData\Local\Temp\lib" -classpath "lib\Aerollel.jar;lib\core.jar;lib\jogl-all.jar;lib\gluegen-rt.jar;lib\jogl-all-natives-windows-amd64.jar;lib\gluegen-rt-natives-windows-amd64.jar;lib\jl1.0.1.jar;lib\jsminim.jar;lib\minim.jar;lib\mp3spi1.9.5.jar;lib\tritonus_aos.jar;lib\tritonus_share.jar;lib\net.jar" Aerollel

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4104 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 56.94.73.104.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 89.65.42.20.in-addr.arpa udp

Files

memory/4752-0-0x0000000000400000-0x0000000000422000-memory.dmp

memory/3800-3-0x000001A69D850000-0x000001A69DAC0000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 f74d5a59e502fb56e0df22047093df0d
SHA1 6eeb66d42393317c77629cb11faae581ef1759f8
SHA256 3bf7b9d829ebcceb334ba821c01be7cf7c77ec329bf64ee106a71900052644bc
SHA512 e83f9ea4e2e72933a3485f1743f5081623a355ea2daad8b79c16b748192738602621b0c35bfb5b7d30b0eeb0b394c886d619459016889c88b36594617bdc3460

memory/3800-13-0x000001A69C000000-0x000001A69C001000-memory.dmp

memory/3800-15-0x000001A69D850000-0x000001A69DAC0000-memory.dmp