Malware Analysis Report

2025-04-14 02:03

Sample ID 240603-mqxrqsch63
Target Court Order78314mal.html
SHA256 b5887396c08299cc39ce1c55860f5f27850b62d0269e2ffeff54b29fdd03e52d
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

b5887396c08299cc39ce1c55860f5f27850b62d0269e2ffeff54b29fdd03e52d

Threat Level: No (potentially) malicious behavior was detected

The file Court Order78314mal.html was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 10:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 10:40

Reported

2024-06-03 10:43

Platform

win7-20240508-en

Max time kernel

120s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Court Order78314mal.html"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423573118" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000001ddcfb22f20d2805ff3543baa206ec705af8b6bf62ce35e493890343fea53b4d000000000e80000000020000200000005a56ee83cdf59312ca548b11797f8d98767fe1f32abae8e9fa971445321bdb229000000079a1a5bd6e7d456ed513332405f8f1c771f88a555867058505802a1610248e02eb774a74239e5acca65cb0d17828edf97345c3f76050f6c1b4b72a393d0a8b1f91dbbec92ffee2f1226eb8a16f640330b1b5203e7a2ed7bc4e4fce51bc233d0e4e8edfa54b1a030031c0cc899310bc16273ada9bdf96fc14deafbcacb9d5dd730a4a305383bfdd337f8a8c13b8453a44400000007e7edf343aeb2326a54771a67ee2fe575c9a06a1e8740b27424af4de792c9d431c218072e8d9679c278003589cb952d2d599d96899c719e173973ff4000b620f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 906ec593a2b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BF354DC1-2195-11EF-BA8B-4EB079F7C2BA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000007c9ec900453f555adedd0815bad4182ce955521c24c1b1fd01c7361f3b300e6000000000e80000000020000200000003172c74c901ad281051cb7beb08325bc208b45386692e8bb782ee920d884c64c20000000707d694c9945dadca792ba1824528cd113414ee8c3d7d1a51b0145223cb2af15400000004c16b6a3b839f44af256147b8b7754b00b786d45ad3b0fe7a7421a27e3fa8709549b183d3ce3495b1d54d4d17d2513530ef828b9795bde507d7764313d8393de C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Court Order78314mal.html"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:848 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 5cb.rinhap.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab3630.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3702.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7459a194dc3ef7ab78214482c1852f58
SHA1 42e9a5c7ce338c2e6874cf3858de11ddec05541f
SHA256 f40b9530c7e3e22312708bcd3748fef5e97578200a427fa90146849131f452b9
SHA512 91fd0d951f4793cd3f401b137b44b615cd95f7478714585e269bc49828c59cd2980f88814463642e8d827a28f503d7c6973df73caac79f2e2abeb9f13fcfb0c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec7afa31428d81bcb29a6bcced4a02e5
SHA1 4309691dee77a3e533bb0a260064903554c140e4
SHA256 95adac75b05e1cfbbe95725a98e0d43407a2d5177fbc84016bc5b01960a34f34
SHA512 80d9683c9601c7ae69f23d3d98888472d554cd43e0cb4e738de3c8c63c3d8d90385c74479c257b5687c475ed72f05de075955ea1e7476c1379d58c09f6f1e762

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31423137baaab4f9fcc913a074016862
SHA1 069d877821166c06d46911b1e994f5120da5635e
SHA256 3699db1320d35c544de5f8d30dc3301d684cf16f614d9001349f96a3f5f29cb9
SHA512 e424d4bd267392df7b8dc9637a06b6218cba68828574f36e511d020ec1b42531dedcd929c28efdf2f1f9160ad4960cca3062d554f31c71dfbbecfc18ea74bc9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a6fc7239e4263cf22ccd1e5054c2c73
SHA1 d074da0e94acd10b30eaa0a581fefb2c9cba21a4
SHA256 97d99896d5f469de5fb537b9f7bcbb79ed74c9a6d540e7ddb4a5d99b57c56cd5
SHA512 14267a44eb4d47e8e44dbd7d3db47f7384f82680cfa448149edc4b384497921812726ce41bf253804f3a512f986c777c3a26ce65a4d45f416e0e55d999abc028

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abc52f19516a665c14aa8a5eade576b4
SHA1 a3205e0b304c9b857ad3ef11856d91bdaee290fb
SHA256 aabdfc94a398887952c56d5bfeee7bd7456b9b25d71b840029f477369ad66d78
SHA512 5b70c78974346eb43e605df592adf2649e8c7e4a905d8d208da5f8bd92426b78576edf6111a3085824a38ea64b7740efcab2b7f75f1e1fa7385cafac5192c48c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 757acc67ac44257e2be88fbef381c016
SHA1 e11a889ed426f09782021be1ddc1d94c35a7682e
SHA256 4ab669f2bd912ee2b3e10ad78a279caaea62348414eb78917d1d73f94bedcb8c
SHA512 9a60381ee0c851951ffdeb3158705adbbf8686b65fa22d52e69e7e1222c60b5eafd21b54a8886420d2cb61eaab5720bfaa85b328286baef084d1c9ecacbde3a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0dad51b4ea86e1365458d0cc3f77bb5
SHA1 d0894fe47a463ee0eeb0187945b8ceeb0fc804ed
SHA256 cc1c4b1a981c32f4346d0f75fa5abf3d6a9bc6d6557ea2a798333d2929b21e76
SHA512 f170eb97a72205d9c67b88e0f5743f913f57d4075c460802b8d2e3f97ff521724817e0de59f4d42cebd2e2717c17c559b507316221d21ad0145e1f3e02dc1d96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5393c2a8651da542c3f69803d5667a8b
SHA1 4d182b7342fb3a507bc641c01a116c497101c036
SHA256 2496c7907eb1573b56032edab4d36e1e7c6919207e754a5c33eca3d2ae1e700e
SHA512 8ff99f090910ef82bde412f9eac402e6821ceaa06c60515753ffa8624a4cca03ed0671ed44f1d34d533a6c7e079ff7b29ccb0331d90374f46b1101cbc6c11af8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 214a42818f002538175957468b708e89
SHA1 0de858b321e14129bcfc16328f341d4c5598b5d4
SHA256 450c6214de9f75658c76acda9d12eaee2421b0f987e0e6164ee7de8ccc222162
SHA512 72e6d914988b8fd179f1dbe93ffc369d790a9951ca043523738d3153efc1fa866c7295e035711c988511584b557d5c2040d1ec2a956188e0e419a5a0c2f9eb33

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7429c99512a0ad1eafe0c877c6a4d93a
SHA1 ab022bf0431369561f6e7bfe86cf0bc117878bc7
SHA256 3c723da3bbaee04396f4dedf22a0fca8ebe0bc06e494b4410c9a931674240334
SHA512 afc6d9eb1929fda818fbfe7ea2abc80cb969d5a5af64ed086c77b1652d0f63a2c77f7708d577882514866e42880754e13d29924bb42259c07fe0a1c5b48427c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72b92eda95435304f023410c81885a9e
SHA1 565a0b294ef0bdcceefdc8cb18fc3558a4986e40
SHA256 8831b545dde33f846e1c87bec48879fd993f89d98df75bbddbb59be2184772b5
SHA512 2028554e7a8c1c24de7e0028e5c72fe484d70c9222ac7d54527fbb669c3df329f37b0a2a16aee934aa2a749b83351345af4f4aae42ff715f1022ca744cfd9ed8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20f213a0bc5677e348eb7e3d512ac512
SHA1 b13c68db4e70258ee150b1799dca7f331fd4db37
SHA256 07f02114ecb3e10acea30b7b0526a7391f473fcd323e7c8dd2ac37c0546fc8ce
SHA512 7e79f0c01140a2b16d2b70748a0e67818c584e05afcf6c515b8df20e68f1bb885df694c9b2cc8ff686c1f2a0b7367df291c5980ed442b344fee8e338363a9dae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f8bb1ae485390467526047bc3e00775
SHA1 f4ca539fddddbbb335ff0ab470343c4347237cdc
SHA256 9140331557aab35f6beb7b69c148190cd42c245218c7c820061c00167d2f9db0
SHA512 59252a5c07e9a4623d33b0fcffed9ea1d3666d8ed2cbc0e6439cb2b5b1463cd4e0daa6ad238a2fa439531e10853feaf072dbd9d33e70c622ad7ebfba1b89ccdf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2bb933a707efa6258c1bd02b8c80cc6
SHA1 557ea576227ee12ce4286e2fdf1a551319c51d2c
SHA256 bb3fb05faf2575893af385c5e6c4949ea75780ccf06bae6f2c63aaf5d6820a3a
SHA512 8c2ea8df452b989ddf474bb7d97871ec94ebc1c1cad2931d4d5a594a25b3ad4a6ac6e3227760583dd3b328867f90dc8bdf8a9e0b0f5e8105b29ab50e2095aeee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51b1d3110e5c31db01e7f938be1268c9
SHA1 a3b5180a924a43145fd70a5a023ace006d95ef72
SHA256 ed77c3612e294aafa94807f2fffc41056a04643db249d900253201973bde8604
SHA512 42091a050991605c80d87c254e4f6e6edbc4feb2ae41caf400a38a9afc50fe6c246f114a65888c769f7e9639039dda413d3e0b59967510ea3aa3625cf93de577

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c24581a451b2ea8db2f288ad57058895
SHA1 ce0e631199b250fecee6803b671d85672b1f94c4
SHA256 04672761d1aa49c26acf67bdf8d84fdc7c7bded1311789167e11f4888f434629
SHA512 5df434f9302c48d51647a7865f40335d2bf645a47512cf7837c06a51e31eecccf3e3d2147b4220af0b7df1f5c20a5b1d6e771df268ca470a7ef0391e9b94a5b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6f47ee51463491e2de24f1b54381ba6
SHA1 d18b119a4f159ad4e6a2206d61769d423e6d798d
SHA256 176fee298bc8d1be6a54c7dc50cb9586ae4b9a75617c9fae7b6b590884e091e1
SHA512 bafedabe8b6c941b0256c891fc8c229d31ac1b97d4c24dda382e74480710b35f8ae9f6135895da466d839e655509556501f3b875d5411cbc8f5de2fc2f7f3d0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 244c25d5b3cf598fda00d017593a31ca
SHA1 a8802b273ddf49222760668486ff97a3056ed838
SHA256 9177c741d9a319b91c3b3d0755e4ac6f71c98c41b875627bb773d8a148b3aa2b
SHA512 c4d3e2a25f9040d6681d697a0c2c6928a9f3182ce395fbda59f83ed9b3f514638993bcfda12b678497e15a74cf698cd45e41ed3f8511e19bcaadf20e43bdc55c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 450da6a56a3ea8c9297bbe3d573fb5eb
SHA1 bb038d05fec81e806591c0961fa57ce381c0129f
SHA256 033e80178b146f787a2fbb77de789c6976c7088d69cf18be4be2da09b3971c6f
SHA512 17edaabb525a4a2321876533cb202814d39ccae40ab54963a7fa81d4b65383ac3b43a7f4f5d04ea10e3d224d3e63d50436dd53a0dad5395031156a65eb69b4f6

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 10:40

Reported

2024-06-03 10:43

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Court Order78314mal.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Court Order78314mal.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3900 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4220 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1892 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5564 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5764 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6024 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.9.158:443 business.bing.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.9.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 104.91.71.134:443 bzib.nelreports.net tcp
US 8.8.8.8:53 158.9.107.13.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 5cb.rinhap.com udp
US 8.8.8.8:53 5cb.rinhap.com udp
US 8.8.8.8:53 5cb.rinhap.com udp
US 8.8.8.8:53 5cb.rinhap.com udp
US 8.8.8.8:53 5cb.rinhap.com udp
US 8.8.8.8:53 5cb.rinhap.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.65.92:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 5cb.rinhap.com udp
US 8.8.8.8:53 5cb.rinhap.com udp
US 8.8.8.8:53 5cb.rinhap.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 13.107.253.64:443 tcp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
NL 23.62.61.106:443 www.bing.com tcp
US 8.8.8.8:53 106.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp

Files

N/A