Malware Analysis Report

2025-01-17 21:19

Sample ID 240603-n6erjadg2w
Target NedBank Statement.html
SHA256 3597f8e0c8b101bed83ed89fb397c65bda14f09576e5481d8918a4bb26aedc27
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

3597f8e0c8b101bed83ed89fb397c65bda14f09576e5481d8918a4bb26aedc27

Threat Level: Shows suspicious behavior

The file NedBank Statement.html was found to be: Shows suspicious behavior.

Malicious Activity Summary


Looks up external IP address via web service

Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 12:00

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 12:00

Reported

2024-06-03 12:02

Platform

win7-20240508-en

Max time kernel

121s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\NedBank Statement.html"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000008495d2dbe26b0f7812fa347c1dbfd4dbf194fa5b77cb2cc6cf73c8a9b7a3ef4e000000000e800000000200002000000008357cc8f871dfac9aeb2cf68f4b92eb5f738656b75d9e48e88c7513ef1a1929200000006d6384431f332578fcbc7d338594bb5161748541d884761c05a597957488428b4000000099343eb7690bbd9db482fd1251a30ef53e235cbd08b74f611a7776e801c351b55f93110fc2cb0cc4ba467a09e930def26240f475ea123812e57cf386747804b3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423577886" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D88F2B01-21A0-11EF-9DB4-7A4B76010719} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d06c22b6adb5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000006e3c809a173c70a459f7392649f92e156029d25baf8ed666e6596b5fc819c567000000000e8000000002000020000000a2c595bd615e4d4557dbb284c2f040188aa21b6c1df41066db0d2c9f3df5232e90000000a51bd41749231d9601b44f705cec5f355e42ffaa2c5da9e27886a0f7bc953227c530cf7d5f88c9da25a9f408d73c93963d93e42e99eadb227465bfed1948b7567b234b25662d6d6f5530845bd2ed755cb790c36797bd67a233dfbcb04cd73bd9470d5b26dcf3fbd5bb1e9808c58946385e6e79464739f6d460b396a50474eae46abf60a3a6e8933287c17bad986737ab40000000e34a70516ec9ae201d0e0e83d416a04e47b5aca9b659f263e410c8035347f5bdcfa69a8aa119bc3e97e6d2c3abc123c4a1de30ebeaf70b9affd566c3dbc279bf C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\NedBank Statement.html"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1192 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 websdk.appsflyer.com udp
US 8.8.8.8:53 d140zf541n5jhi.cloudfront.net udp
US 8.8.8.8:53 secured.nedbank.co.za udp
GB 104.91.71.139:443 websdk.appsflyer.com tcp
GB 104.91.71.139:443 websdk.appsflyer.com tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
GB 18.165.158.71:443 d140zf541n5jhi.cloudfront.net tcp
GB 18.165.158.71:443 d140zf541n5jhi.cloudfront.net tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
US 8.8.8.8:53 www.nedbank.co.za udp
ZA 168.142.204.15:443 www.nedbank.co.za tcp
ZA 168.142.204.15:443 www.nedbank.co.za tcp
ZA 168.142.204.15:443 www.nedbank.co.za tcp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 172.217.169.74:443 ajax.googleapis.com tcp
GB 172.217.169.74:443 ajax.googleapis.com tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab3554.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar3587.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Temp\Tar3619.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c61d1708db615b25875d4700f72ff75
SHA1 5d935e2e3d1a540aab8e87553c92d846bc70ca3c
SHA256 82d142a7201bae3dc1fa8c8a156b602e84ab4dd807964e39c3ae536152cac51d
SHA512 675cc07fb16b13398528c10fa02f9fb5c5a386a6cf53ab8af2cc707e77ee7c3c79b92e516839970b84792545f725762f84ee1c3a1e7076748c6d25cc18640d91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f12d2822be2ad515f2777a0aa83e3ea9
SHA1 c661e395e03b439ed753a8f0935ba438c666f027
SHA256 b520b31e6accaa97f9617036d09f246319f28d1a2c839da22e1b69f8202aa58b
SHA512 bac05cead2be54b3f5fb56644a8b3a53914fde2aec814d31cb1517d956b4f9719ecee2274f67f6efc54a97f3fef4b9a1c401199e1e5ac3761bca6ccbab9f3525

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 1529a5ef7c121d822bbd35422203483e
SHA1 db3f84e477e3e5e2e4d3aed079d3d7a7fd496b68
SHA256 30f96577a4dcf33b80bab2b3c5324688a78d61a3889ac01a3dd85b39430a2c6e
SHA512 eb40a185455da927f4501fd6c11fac9571e2008e493e66faab9e3b058476b8bc21e76b87d6f9578114e06178a7d3296dc0588ab41c7fede84cbb5532d93fa2a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1739a9c5512849c31ff56b9c5e0e589
SHA1 c2704cce76cd8325a23a389c74109fea95a9c861
SHA256 e615d108bff44cca5e8b7dae9fde2818d557e481b5c68720367df363649197fb
SHA512 6813a84b9f78f8e57408256c8d871ec571fda783b2b566d9d25e4a5b0b1c727f0298051aa22139bbc21986e19368fceaa99489cb5b7880b54e2e96436638470c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8865aeb9d01d03d4de596f266a52d119
SHA1 6f5930e6594399dab7ba2c04edcc68a1e86b6cf2
SHA256 8937599a5ac7a36bbe1eabe8e37553c57455d8924fb3f403669f112810ff77e4
SHA512 d62b767c3c35059f78c0abcd152cbf034184697c82d8ab5e1cb6bfcb5b573763f6b8d1cb7ee16ee703c9aa3860a49128a8bf6e5191d4385343c1199766dc9f6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b822211e7029c1ea25a63bce6bd20a3
SHA1 df86778688a230e6d7f07bc1153ed668a3913bb9
SHA256 caf715547da89e21a4622d4e29bbff3f694365c22b67108972a5c26d577fc85c
SHA512 04ab0ce7a95d7f83df976a5784df47222dfe8ff90d52619fe274b206d5845f1073c1663fdd00c30be9d49a6a0d416cda3ff48e3abeb56d66db39676ff5f1794d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d2ea89ea5846867beabe6e5fdfa9add
SHA1 e9bc74292269d33309aa359942e4ae05bcd1dd4f
SHA256 bbc42de0c134fdd7cfe4d84b31f672590aa6e7cc5b4d889e9ea412a537bf3a82
SHA512 5fc28b85bc52cc2dc69b6e389a37273c185f2c14bb077b33eb8082d7edeb4562326b6c19a203dfd770d8addddff03fdc2c2d09d23607675b64efb6a5e79c0c8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4cf6379b1a229ec04fad10783e01929e
SHA1 eafd469fd5dc0f86898746dc0c24bee8ce859aae
SHA256 d0f0e74395213170e7067abfb6fc7dd89e92fc710241ad15031baab008974ae1
SHA512 ba3cb0a384c2a580eb6613ad15c30b89685f1dded8999db92ece1eca14fe08f9ea2ac89bcc90e878dd19a10e4a647d8be620f7cee9084facf870b6ad06061b44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 033ae9a979341b23098c8620a71601ab
SHA1 57894173af147dcfae65e30fd5bb7cc6170219f9
SHA256 6017ea03d11eec27152df7024415388cddb3f4d5bd5c9bc81899e040b529c9cb
SHA512 00e642cdfd9dbfc1f4ca66d3e912aed94a9ebd63a79ce6524f319130f41eb7d6fbdec8694c07addaf81536ab5fd43b3500a2c54ba52ff15086bbdb6af9d0baf5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef238538d3a3bc12ddb4192512be6bab
SHA1 99368c5f145a984a38d05e5ca75dccb6d03876a5
SHA256 638ef6a5a35cb26f975a51ec487d758e90056c8a633977f1f0b507dc2fbbd3e5
SHA512 ffc87c92bbe659c7debeab074589cc1756a18555d40b8d7fbdccd4fc444f61628babec384de51b76d319a98bb8512ab43c1aff25d620225b52faac4486a05563

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b26a9e7122bb380ffc5f77da7c2ebfc2
SHA1 789cc1c5baa5fff29ef266d7829f39ebfcbc6488
SHA256 b748ef181fe31f33014d2157eb20df7ba6a4028e49762298038ad676a4e4ee55
SHA512 fb9f232a7264f6376eb122ce33a7e6d6c0c2dbc3b1dc653f669b0cd791846386adf71974479f03aff4fa7270425725a132f8bb80dc75953a66bb14a8046408a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34138367a9ebb6039a50fac841a8f92a
SHA1 c813c60e827bbdd74431bedf794220164e82012d
SHA256 a350515b59a46aedfbe9d6e2c6dfc80efe246edd0c3b21358fd062b5543791f0
SHA512 2df5dd43c9c579f5f28910f92dc7b63f1a0b7bed8f39cc3d448b3ac46905b2d98cadca8f5922893bd236d141137d5ab33c9de93a8c2ed53b70886f181c95d933

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ee66e527e8256b7410e914649b3827d
SHA1 d4b482f43d08a9939566967d4e8709b778ce33ed
SHA256 bd673437d517862414766f488f76699dd88b418712053b81373377d45b5097c1
SHA512 f6d14e57237df82ac0607e951ce9fed13c3978a6276785bbf15ad41aace60f939783a1cb3491bb8ea4530b9cbf613c0c1e6609757d685b080ff8bf9972944cf6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38bf2a89645134ecc251a0ee77c55a6c
SHA1 f9a4b81e158dd44317d5bc967ef76f4fd2fe17c0
SHA256 a1d8b171872825e5754fbb6a1af91ad427e0e20fb4f1546493de62c46ebdd1cc
SHA512 dd509ca587f7189a3088012f314a5d634a92a58e90eefced4438972851da9a7d93aa7ae8c0c0378c29a1fb4df5982db3de4f28fede888d834541e9988f60e1f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c216c4fa5f4aaf94584808b9b71ca92
SHA1 5d4986c101928e039c78e3cb4aa076a20083f27d
SHA256 28477cd4c15f3a0cb361274648deb2322be1ca758e3d8eb91a3a042bda04ee02
SHA512 a66e25c077819b7717039800505ef2de7db13c17e815019527fda31638eb7a220673f21482d9340a8afb183948b9794ed2114ce44011d208399bd4c6bfbc8aef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 088627db73f9baacf13164724476057d
SHA1 e0e8b50a58304737962c9c08ffcbbe5aaf094a9f
SHA256 8d6037a91f1f2df3f2f5d79585581f3dbc37af8005173cb942b70d49ca558ef2
SHA512 1c1843e8e7835ecf0f0e81c6ab52cdac9d9786ade2e2171e0eb09b45b394af7e0e0c566665249279a7472953231d3d46d358e556f1c2640937ca0fd6fdeb0438

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d9ed8af19e6ab7e6cf46d633624f379
SHA1 267816f65793d0c6d7031325d057ae284f262403
SHA256 bc69f24431c614269fc3ebfe853de7045485406c22059c4a59bd64d91d743105
SHA512 92fc4116ab88dc309e4a0f6cae49a3a032a514d212c14ffc1448d052aebb2b415b95802cf57a17650838e74ce60194cfa4490b84e5c0c66e0d7505f299cc1a58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6efa901881a4142db05ff6d53576dcc
SHA1 a9ed717b5dfb84d087af0d1d2d43e9316f773a72
SHA256 8518f42cbd9dc32b7cba919cd31e96dc1562611d08bdec87ce9409aa1e6aa60e
SHA512 dd136164cf83adb5c7504e26e3178c904ca38a9d16976ace48c080ac3eae0827d295b02a167f8c46b53012bcea290312103b6c654f1d3da48274a9bf7897f50d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f74c257680a4690c6a3da1bc8bfc64f
SHA1 6ec6076cdf198e2190944a6d825ad58e46909dbb
SHA256 07fe74a1af0c87a660f7313fe3f4434a0effc9cd1f6391ab0afef8c28ba5a65f
SHA512 52c20d6bbb64ee6501c2f139028e8b22c432441d9952648abb3186ea574e3866ee4b008bf4a36e7152502c86a63dc2804baba7b4199d01a4b40fb9170aaf0f86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56ffc3a3edbb7ba2910a1d61cdb3436c
SHA1 fc2f7f6cbd17e557c9e2e7c3fcd90d69374607f8
SHA256 89d27a81a5ae4ac805e981802c2dd0ce63aeec82645736562688c26ff7378071
SHA512 4e2b74bd283136a035ed99d2d5adaa07180d40c4ee137ccd745f456262001ce5a7ff5f904b75d0d24802709063410d1f3623982e0568078131750d9a6a194f02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5283f1868f02ee715797830a7bc097f2
SHA1 70f59f5a7a9fd30ecffea7e8dd2a2a029cf38869
SHA256 cf87c1c8b13f250a741659c656508cd2abe552c22fe93cdff914fc1af1c08989
SHA512 25fbd337fd22bb5b30abf5fa3ed537233924522bf776ffd18088645a75703cebf66426b451617dbf070991375528b8531db20ed276f371ce4b6a84a363bb878f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34efed43e7145c5558d42dfd252984d3
SHA1 6d6b5d3492d7b7278e15308754f221cb472e75c6
SHA256 c81d65691753b78e591f8112b004d6ffd6df39105a2712bd8b660828ed2367c3
SHA512 1383ee41ca63ca3a282ce48b519d3ed78ea0010167907afe047a0fc270c92fae539b2e76e33c9eea49583ca3ad781d60e55f718e85afa4404743b167dfe2602c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc755464d1c15442b5b90179c9b70aed
SHA1 3a3c63987a8aab21fffd7bd09dca4ceeea6fc79e
SHA256 d11f45245280e7f5f694415417ccb884ecc2022880124f507b581eedac803a3a
SHA512 036c1efe395f18078cb3e73a9b8b61941a61b14229d338f9ba70c856713a7704ec55d40f7370d6aa9e28d1cadd57862bc26a2e918a8db833d889bc0188dc54a2

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 12:00

Reported

2024-06-03 12:02

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

145s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\NedBank Statement.html

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3328 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\NedBank Statement.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea93746f8,0x7ffea9374708,0x7ffea9374718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,14589110053678135018,527511888974267642,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,14589110053678135018,527511888974267642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,14589110053678135018,527511888974267642,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14589110053678135018,527511888974267642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14589110053678135018,527511888974267642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,14589110053678135018,527511888974267642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,14589110053678135018,527511888974267642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14589110053678135018,527511888974267642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14589110053678135018,527511888974267642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14589110053678135018,527511888974267642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14589110053678135018,527511888974267642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,14589110053678135018,527511888974267642,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 d140zf541n5jhi.cloudfront.net udp
US 8.8.8.8:53 secured.nedbank.co.za udp
US 8.8.8.8:53 www.nedbank.co.za udp
US 8.8.8.8:53 ajax.googleapis.com udp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
GB 18.165.158.13:443 d140zf541n5jhi.cloudfront.net tcp
GB 18.165.158.13:443 d140zf541n5jhi.cloudfront.net tcp
ZA 168.142.204.15:443 www.nedbank.co.za tcp
ZA 168.142.204.15:443 www.nedbank.co.za tcp
GB 142.250.180.10:443 ajax.googleapis.com tcp
ZA 168.142.204.15:443 www.nedbank.co.za tcp
US 8.8.8.8:53 websdk.appsflyer.com udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.158.165.18.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 82.204.142.168.in-addr.arpa udp
US 8.8.8.8:53 115.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 15.204.142.168.in-addr.arpa udp
GB 104.91.71.139:443 websdk.appsflyer.com tcp
US 8.8.8.8:53 139.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 188.98.55.23.in-addr.arpa udp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.12.205:443 api.ipify.org tcp
US 8.8.8.8:53 wa.onelink.me udp
GB 18.172.89.77:443 wa.onelink.me tcp
GB 18.172.89.77:443 wa.onelink.me tcp
US 8.8.8.8:53 wa.appsflyer.com udp
FR 18.155.129.3:443 wa.appsflyer.com tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
US 8.8.8.8:53 77.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 205.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 3.129.155.18.in-addr.arpa udp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
N/A 224.0.0.251:5353 udp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
ZA 168.142.204.82:443 secured.nedbank.co.za tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ea98e583ad99df195d29aa066204ab56
SHA1 f89398664af0179641aa0138b337097b617cb2db
SHA256 a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512 e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

\??\pipe\LOCAL\crashpad_3328_PZIQIEMFVVRYXSWI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4f7152bc5a1a715ef481e37d1c791959
SHA1 c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA512 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b2e8a578-ebe5-4ef9-adc4-c4ea38b84d73.tmp

MD5 bcce9e4035328d43d745992c7589a1b5
SHA1 203dab1d7d62302022e59bc31dec307c5ba05064
SHA256 3481f2a9469e745589b0fa76e8025f6094e922340ea191ac37d41267979b3342
SHA512 a70aa3d1f27853db0eebf3cd88dfbc6de259f4ab76e7043464ff192abb0ac9587e1bd8933033de3071132b28f28c785bfa750af90338c08b2eca598d4e5497fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8ca8871dc9560f14d85d0e002e19bfef
SHA1 2828767899d9e94594c6ea75bdac8c27b18f400e
SHA256 266ab5c9f513c6ef6afb850dfe1167457004680fe2e37051ef5cd7d46c87e785
SHA512 a3c6f2e21621958099217018b1e574516c5b2ffe3b5b13b5e0f7ff1ae9333aca83dfe89beede5c5516823d59c114e470d5722917fd56bb3572a4a4fd17b3b17e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a0d9e371cc6e41d638faf3e7f2a6ba24
SHA1 0bb120e5e6884c50d5c08726f313c36c7feafa40
SHA256 195c9948345cc6292e0fc81f5d1d26e3734d0b9a09852689cb55ddaf37033f62
SHA512 7bdf25e7a854494feb1932f971b169921264063dd16ff488096da0071f8385cecf9df527002c3f437495f47bd81ff50ca88e8b287ad539325f652892b2f43398

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 59af315605f2a4b3d680c732bcecf01b
SHA1 d1b96dfd7ba2b71984cbc3e6dd989d6837722992
SHA256 a83da4c28be4ff3439bf993e3dca7ee8d6a174b93acf21c66a928f0d8604c7d2
SHA512 9a19eee01ccacd07f79a137f45ff708e73f0bd6a29bd3f68b326aa568ccc2c15ec11b5a81312a3275b02247880570630e977acb60858e4d0f2b51a286ef42168

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578201.TMP

MD5 eeda1369be22c9755109371a6a398c92
SHA1 c8c62a5ac4edb4a32dfc1e5d053d35267533bce1
SHA256 92626420a094e6d56b462433d3804668d73d22a2daa657ad4a0bfad3a560eeee
SHA512 c928f851084d3cbaed96e1a95f9481b9bf64c542e5cb8027d941819fcef6f539e15b397e095651666af613449be0312dd399ac3fa6018816bdb1fafec44765b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 31438b88e5a72b2f798109a50d0720bf
SHA1 ba68704a3e6e88fa860cdba05b627f9d5d0bfd2d
SHA256 db4eaccdede8a372d2e6e4d2bb18024196c3719d2560bcad43c08281da822605
SHA512 6bbf9b273468cc871c6a50e30122b4900301bf28d29a9071e0e98ad0a8b2437f40c8fb73692e435bd648bb1287acf4bf60d4d54014814e4641921765f2d38797

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6c33aa60933af3655d82a4b17af0221c
SHA1 0df8163963fe297d80ee8db54c24852d7522d6c4
SHA256 cfaf924ab555b6596752911bae3f85d3e36312e77bf7e1dc4d0caacaccfacb5a
SHA512 7ceb489178ab4e89dbf4ed7e85c26f85e2fd0fd1aa2323aa158d9f4fb636f036acc3e72bc186ba85eb6f359bbe0485569accbe10d8dead1c1ba1c33bf6b53a36