Analysis Overview
SHA256
41b8c59e506929c067d769782a59b4f1bfbe15a86e1153101f02ee9d66baaa57
Threat Level: No (potentially) malicious behavior was detected
The file sample was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:02
Reported
2024-06-03 13:03
Platform
win7-20240221-en
Max time kernel
32s
Max time network
31s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{839D0C81-21A9-11EF-8AAC-6EAD7206CC74} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f5fcbaf1faa73840a17ebbcd7d24f8d20000000002000000000010660000000100002000000082bc90544c3144ea9b8f79a712312420bbff4fff21c2b728d2594fc81b316ea3000000000e800000000200002000000037338322c8faaa2f5380a060305c1236ce3395f1841922ce18f03b23ed0ed55890000000a2bfdf733a1cfbd7028870083bfc7eb77ac07ba0da6b5c60513d103bcbcef6c5653e2f23a1ded827f6a33b4f7406e7b398f7f61815da950c7fcecad98229e688ba33e4ad2d0697abc543ad9116e268cc8752c31c0ff169b34e89cb5b66e6847eaad9381fbc6f5bc3ead210e46fe54abeabd6d054f3989e2a9a20d8711fd686e5ee8db3cf36f4f9721f8938bee2deeca040000000ee4e56b5666e412b6d7cbba6d4d7a291125080279ab921995c996c08f6e8449cc8d0187ef78764c0817e6679f274839d38efe7efddf3e3bf67d84271ee460ae1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 208fef4ab6b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f5fcbaf1faa73840a17ebbcd7d24f8d200000000020000000000106600000001000020000000437271bcd1806355b1b2c91147cba5ca334a30a3d078cba30e0c16fb4c3ea1c2000000000e8000000002000020000000a74bb7fa790780892730344bb2e770c3cc0b6c6192bd11bb47643db2d1a88d43200000005e487ece3825c6594e4631a291135c0ca29e8cc61f70a379efc6f89909b68f8340000000f4702d46de3dab06cfd6c08002ede742dc3627b84c17bda95622ac5de8f4e802a2488995baaa70bec5c1ecfda11091c1f0a9c37d67f263edd588c7ca774b1afe | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\msdt.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2340 CREDAT:275457 /prefetch:2
C:\Windows\SysWOW64\msdt.exe
-modal 393504 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\Admin\AppData\Local\Temp\NDF40B8.tmp -ep NetworkDiagnosticsWeb
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| NL | 23.62.61.138:80 | www.bing.com | tcp |
| NL | 23.62.61.138:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 23.62.61.192:80 | th.bing.com | tcp |
| NL | 23.62.61.192:80 | th.bing.com | tcp |
| NL | 23.62.61.138:80 | th.bing.com | tcp |
| NL | 23.62.61.138:80 | th.bing.com | tcp |
| NL | 23.62.61.138:80 | th.bing.com | tcp |
| NL | 23.62.61.138:80 | th.bing.com | tcp |
| NL | 23.62.61.192:443 | th.bing.com | tcp |
| NL | 23.62.61.192:443 | th.bing.com | tcp |
| NL | 23.62.61.138:80 | th.bing.com | tcp |
| NL | 23.62.61.138:80 | th.bing.com | tcp |
| NL | 23.62.61.138:80 | th.bing.com | tcp |
| NL | 23.62.61.138:80 | th.bing.com | tcp |
| NL | 23.62.61.138:80 | th.bing.com | tcp |
| NL | 23.62.61.138:80 | th.bing.com | tcp |
| NL | 23.62.61.138:80 | th.bing.com | tcp |
| NL | 23.62.61.138:80 | th.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | a4.bing.com | udp |
| IE | 40.126.31.73:443 | login.microsoftonline.com | tcp |
| IE | 40.126.31.73:443 | login.microsoftonline.com | tcp |
| NL | 23.62.61.56:80 | a4.bing.com | tcp |
| NL | 23.62.61.56:80 | a4.bing.com | tcp |
| NL | 23.62.61.138:443 | th.bing.com | tcp |
| NL | 23.62.61.192:443 | th.bing.com | tcp |
| NL | 23.62.61.138:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| NL | 23.62.61.192:443 | th.bing.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2EB0.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2FA2.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f16d56017ee293a48aae00b299c62d6 |
| SHA1 | 760755ad5589677029d0ec5d52cf8a225761e1a1 |
| SHA256 | 4d944616c3eed1b14a42cb340a33f70369ad4de98714e97e049608de85f5de22 |
| SHA512 | 6aefeac653a08f8ea0afcde42d60433d3b20b845621daa3ff10800e9b9b0b72cbdc95b7789e35ad1f2f4f34420f915d1d1edffb4f3ffe3b3e4d3097e4e30a8a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6409f4b5e6af02685aa9fd5ba2d48cc0 |
| SHA1 | 10adaa434cc589c92cd1e8105b9fd8f3d74278cd |
| SHA256 | fb95dbef20a3e7b060b94e977d126af30d85387a7247176b11d4a46ef7264145 |
| SHA512 | 8b0b08b93a228b120f20120dc0ffbdc425f58a2d26f5e8416a8920fb6da502a1912957a8cd8910dde06963d3af037e7fd76aa203379548d7336aaf4549983453 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 967380fcc25a28ec7fd03e353b0d6eae |
| SHA1 | f7d95f15e5ae71d49e8cd3a5938ee1293d1d823d |
| SHA256 | eadea62397cdf8d3aed286167214002d73f4285d4ca43e9e7703c76885aa6fce |
| SHA512 | 862c98e19b359bc621bd6fae1cd5f5bb0e29099db041041ed237b1dd9a0023e0845543d7d39d717ea7453ecab153f65c3223230e602a5d0ca8d3f7327b91823a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e68bd5eddadedb6d417de5d262a287cc |
| SHA1 | ea13b9c4722abee14e9a43c68fd2da927cd4ae22 |
| SHA256 | eb87453abcf24eaea1dd6e907f2e4f8e42285bbb9321029515285582a4a1b08c |
| SHA512 | 249b9b0c038632412f0ab810f2b6e67adf2f44e366bc69fc19f060b30930b3a8bc8242875b0c24b1488c9bb2be3da715a59b9307449e452c366a5d59ec058399 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46a045c51409bd12a6232f206d2d0d9f |
| SHA1 | b5c8b8588f8f5e9584e82eba8ae7497d7144ef1e |
| SHA256 | eb711becf213722d4bb4e6092721947cf36dfbe157fd5ca674e9b7a081f78890 |
| SHA512 | 15cfe4bce9911ae1361f2385d98216893b539b0156c5d6afc2f6b29da490119dc4307243a89b03779f0f0929fc1bf9e53cdef539b449cbd1a715394021b85771 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7094425b3781479dd2f6b6fa42d6cfda |
| SHA1 | 387f9531fcdddc978ee0c297938402e69b8a49dc |
| SHA256 | d413e8c70f9a65d2721f41606a36028f7e6cd4caf7581e4e0f73ad9814920cdf |
| SHA512 | 6dc5d0f82f38c89dc3e9d880b9b65ea5e38ce2c38966159a825a5dccdefb7fc32a9b28e52e0f922fd1fbba53ea6563c5798e8c0f0f0d1ef16fe450eafe8152fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64bffd5e90d4402e11d4ee3b4d4ae0fe |
| SHA1 | 776d239f91c6caac6467d1c64fc242e11e2b2db8 |
| SHA256 | 67c34efa9d74e3883f5de2132392fbc4af0f96a91d511308a4bb23feab1d3afa |
| SHA512 | b3e56c5d31b26812478935a8ee16562525bf27a831b6ca6672876fe363259e5090b6b86d237ce02954d327a1f9f5e3f5d431f5de28e1115689f834c1b56d2ee3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fee8ef629101dc7629e7f9cf654ed9a5 |
| SHA1 | 5fd51f5793ede9207a598446d077d73dafa791f3 |
| SHA256 | 3782397b66e4cb6f75b502e5534d453f216ef2d8f6edfedc5ef4a5a7e152e2c8 |
| SHA512 | 5a73edcc0fbeb4bbd4a3febb0429951a9b483f6f8f8b44ac39dd10221c4d14614140508338356892342efd9a99eb6d72a463c94e224af0b91dfe616cac27baee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7a9d36681af8886cec0492ad46831c2 |
| SHA1 | 735f2fe6f632bc1b3985410d3919dbd972356cd6 |
| SHA256 | d08e03d698e24d874388ff53382a51ba7124f5794df01fb72c286245d6695fe3 |
| SHA512 | c7d6d64909a011b5b64c97170e976738fbb7ee8f57b520cc1508858902026a25800da62925c8a239e4854e4fc7b2ed563c69050952738eed413db2a62a026f0d |
C:\Users\Admin\AppData\Local\Temp\NDF40B8.tmp
| MD5 | 24a83befd99ce6fd033a7ddc8cb530c7 |
| SHA1 | 86a17a9095bf9b485283fb334c62646666bba526 |
| SHA256 | 3aa196449c59d64a11fc8ee1c1847f25d1dadf8c0a137d97ffa4874834126dc6 |
| SHA512 | b930d85b4e49ee7adb1f30b6d3eb0b937069f883246aa0d5f2f6136dd66cf1dc3477285f7ef11a6b64e59f4eff1daf3c2508045a18cfdd570dcdd48b9752fa1f |
C:\Windows\Temp\SDIAG_b6a63c82-c8fe-45cc-a2a5-3bd83a463859\en-US\DiagPackage.dll.mui
| MD5 | 1ccc67c44ae56a3b45cc256374e75ee1 |
| SHA1 | bbfc04c4b0220ae38fa3f3e2ea52b7370436ed1f |
| SHA256 | 030191d10ffb98cecd3f09ebdc606c768aaf566872f718303592fff06ba51367 |
| SHA512 | b67241f4ad582e50a32f0ecf53c11796aef9e5b125c4be02511e310b85bdfa3796579bbf3f0c8fe5f106a5591ec85e66d89e062b792ea38ca29cb3b03802f6c6 |
C:\Windows\Temp\SDIAG_b6a63c82-c8fe-45cc-a2a5-3bd83a463859\DiagPackage.dll
| MD5 | 4dae3266ab0bdb38766836008bf2c408 |
| SHA1 | 1748737e777752491b2a147b7e5360eda4276364 |
| SHA256 | d2ff079b3f9a577f22856d1be0217376f140fcf156e3adf27ebe6149c9fd225a |
| SHA512 | 91fb8abd1832d785cd5a20da42c5143cd87a8ef49196c06cfb57a7a8de607f39543e8a36be9207842a992769b1c3c55d557519e59063f1f263b499f01887b01b |
memory/2700-834-0x0000000000270000-0x0000000000271000-memory.dmp
memory/2764-835-0x000000006F5E1000-0x000000006F5E2000-memory.dmp
memory/2764-836-0x000000006F5E0000-0x000000006FB8B000-memory.dmp
memory/2764-837-0x000000006F5E0000-0x000000006FB8B000-memory.dmp
C:\Windows\TEMP\SDIAG_b6a63c82-c8fe-45cc-a2a5-3bd83a463859\NetworkDiagnosticsTroubleshoot.ps1
| MD5 | 1d192ce36953dbb7dc7ee0d04c57ad8d |
| SHA1 | 7008e759cb47bf74a4ea4cd911de158ef00ace84 |
| SHA256 | 935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756 |
| SHA512 | e864ac74e9425a6c7f1be2bbc87df9423408e16429cb61fa1de8875356226293aa07558b2fafdd5d0597254474204f5ba181f4e96c2bc754f1f414748f80a129 |
C:\Windows\TEMP\SDIAG_b6a63c82-c8fe-45cc-a2a5-3bd83a463859\UtilityFunctions.ps1
| MD5 | 2f7c3db0c268cf1cf506fe6e8aecb8a0 |
| SHA1 | fb35af6b329d60b0ec92e24230eafc8e12b0a9f9 |
| SHA256 | 886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3 |
| SHA512 | 322f2b1404a59ee86c492b58d56b8a6ed6ebc9b844a8c38b7bb0b0675234a3d5cfc9f1d08c38c218070e60ce949aa5322de7a2f87f952e8e653d0ca34ff0de45 |
C:\Windows\TEMP\SDIAG_b6a63c82-c8fe-45cc-a2a5-3bd83a463859\en-US\LocalizationData.psd1
| MD5 | dc9be0fdf9a4e01693cfb7d8a0d49054 |
| SHA1 | 74730fd9c9bd4537fd9a353fe4eafce9fcc105e6 |
| SHA256 | 944186cd57d6adc23a9c28fc271ed92dd56efd6f3bb7c9826f7208ea1a1db440 |
| SHA512 | 92ad96fa6b221882a481b36ff2b7114539eb65be46ee9e3139e45b72da80aac49174155483cba6254b10fff31f0119f07cbc529b1b69c45234c7bb61766aad66 |
C:\Windows\TEMP\SDIAG_b6a63c82-c8fe-45cc-a2a5-3bd83a463859\UtilitySetConstants.ps1
| MD5 | 0c75ae5e75c3e181d13768909c8240ba |
| SHA1 | 288403fc4bedaacebccf4f74d3073f082ef70eb9 |
| SHA256 | de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f |
| SHA512 | 8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b |
C:\Windows\TEMP\SDIAG_b6a63c82-c8fe-45cc-a2a5-3bd83a463859\StartDPSService.ps1
| MD5 | a660422059d953c6d681b53a6977100e |
| SHA1 | 0c95dd05514d062354c0eecc9ae8d437123305bb |
| SHA256 | d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813 |
| SHA512 | 26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523 |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024060313.000\NetworkDiagnostics.0.debugreport.xml
| MD5 | ac2de9b01471760a7d001c6d3a734194 |
| SHA1 | 76d8b2db9d93f3d21911f115129c9c78a311cf74 |
| SHA256 | 5c908ed800671e76b937c2e7de5f151e0b0ac88dee038696d277d64e6d79bf16 |
| SHA512 | 03c3a073ad91f31553f4d0a3afc9d0cb3a1f3f55033ab72c4eea234d237092373a2cc4e3377178187ef1bef1f6d48a2347953bf049f60ef9d71b662dbe68aa8a |
C:\Windows\Temp\SDIAG_7ebb0828-65b7-45d7-84d2-1969e92fddb4\DiagPackage.diagpkg
| MD5 | c9fb87fa3460fae6d5d599236cfd77e2 |
| SHA1 | a5bf8241156e8a9d6f34d70d467a9b5055e087e7 |
| SHA256 | cde728c08a4e50a02fcff35c90ee2b3b33ab24c8b858f180b6a67bfa94def35f |
| SHA512 | f4f0cb1b1c823dcd91f6cfe8d473c41343ebf7ed0e43690eecc290e37cee10c20a03612440f1169eef08cc8059aaa23580aa76dd86c1704c4569e8139f9781b3 |
C:\Windows\Temp\SDIAG_7ebb0828-65b7-45d7-84d2-1969e92fddb4\result\results.xsl
| MD5 | 310e1da2344ba6ca96666fb639840ea9 |
| SHA1 | e8694edf9ee68782aa1de05470b884cc1a0e1ded |
| SHA256 | 67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c |
| SHA512 | 62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244 |
memory/2764-1239-0x000000006F5E0000-0x000000006FB8B000-memory.dmp
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024060313.000\NetworkDiagnostics.1.debugreport.xml
| MD5 | 8703a94234c4be4a272d526883e14b7d |
| SHA1 | efb84b1fce93e55ce4f3035de494ea56c374411c |
| SHA256 | fb132955972572068f353ede8a388f8b4556924ef312340e175c158a8df8b87b |
| SHA512 | e71e9eff1f58115e01abe247d9482d7fa1d51d1872c037e3a77cfb8305073b8b521bf30994bdd9cf3d0a2ae4a7ea554090b559d373662ca0da3f85586d3d4739 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\qsml[1].xml
| MD5 | 0ffe35c2b262c6077ad79457929a02d5 |
| SHA1 | 0e306490f6ea15cb1e7f9e1e1fb74ec055c9bab0 |
| SHA256 | 00ce06ea8bfbef00439d199293e083e2a3db12263a79fddd517593f1e3002aaf |
| SHA512 | cbb7ea297203db1affc0e055b85d0ffebf42de66df5805cbc1eb83e33d5ed0a8765fe50c4e4d8fe8742de0243d5e702aa63a202b67ea019500bb7d0866cb6852 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\qsml[2].xml
| MD5 | 8680c8319c6924ebaeb4c4755a30dd00 |
| SHA1 | 0f323f3dac2a758c35d0166756a9c063c2c0d403 |
| SHA256 | 1efb511b1dc3c3ff052fb319b394648287e7ec3bacb2fe106d063a4a32b29a75 |
| SHA512 | 5f196d89a2e8eab9c34e10375dabcb7b761bb80a11e6ddcec015a6141dbf368e4bd0c1157eb2259edc66848d45693d9599a53f67a08f746fb282b918020ba7b5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\qsml[3].xml
| MD5 | 7274cc7b902ad81351d8c1f3bc4cd1fc |
| SHA1 | e6be3c1524ef2a6104b8550a7470e8d4ca2d8f23 |
| SHA256 | 049ffe5ff398a42b74f8baa97fd78aaab23fda6e974fa98c4af8bb3369d1ee3b |
| SHA512 | 42ae9c93e687105aac766939355b8d2d2358945e41c010bc9394d39d3d6503a882d1d2a3aae48590a1cdb09805a00ea035828bdfea1122b2b728e9c1a53b0ce8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\favicon-trans-bg-blue-mg[1].ico
| MD5 | 30967b1b52cb6df18a8af8fcc04f83c9 |
| SHA1 | aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588 |
| SHA256 | 439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e |
| SHA512 | 7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\re26ad0\imagestore.dat
| MD5 | 1d2c65bef5b2bf4a5670eccd07ca9baf |
| SHA1 | 64434c4e694041ea9d8572c09c13c481eb22423d |
| SHA256 | dc42a562691884c8646b7060f12ab79648097915b3b983cb1de8f5e4d46efeb8 |
| SHA512 | 45e2a91900ee3bc3edc3c641d706b07e9f88da5f8b7f0a5fe9be07fdfb5585d66bec4e7a4d84a7e936765c309ff3faffac24a34c9b2c871c949dfa7c9fef4b7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a04b6c91294eb4c439a6c1820b417880 |
| SHA1 | 8aaa1ef6a397376124269c4302660745348ead84 |
| SHA256 | f4752bd237ddc1f5ee721c062d3220256a5ba47c9d7f9c9ebd0f2297273d7b2a |
| SHA512 | bd782af64356320abdf2c73d1b188803739f9bde74527a85be4660ed821a79d0d09634a286e08a082407e381139010611fee10f6e56642347d91f3b29e4f1e7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd75254b77b0cffc09ba056e32328305 |
| SHA1 | a3ad1d0ff9625f7ef49fde056504a1f0b8d8a79d |
| SHA256 | 098c41f62268fdad1440a7a87ee716cb149222aa1ca7c9a76a32c5bfe26df6a8 |
| SHA512 | ac08a2894ffaaf9f33a2e4d52d0c152aa1c4bf09fc058a4929679a6ae7fa16ac8cdb76ec26d51e7fb62e8623a2b7ec43a62a47a477e250189004676dde4186f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
| MD5 | f55da450a5fb287e1e0f0dcc965756ca |
| SHA1 | 7e04de896a3e666d00e687d33ffad93be83d349e |
| SHA256 | 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 |
| SHA512 | 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
| MD5 | bdd09eff5e440cd298cc39e347dc92b7 |
| SHA1 | 2301629a9f901882b80bcd5282f0b7b7970248ae |
| SHA256 | 40f7f5c5d1801da600e0bb8f3808347acb02c6787180fc230ba8803563b8036d |
| SHA512 | 5af0db18e72dded8183263b33984486de0734a6ae51e3ef08fccd0804cca932d000f31fd6ba2e2c42b40be1556205519a9d512de282a3eecca9f4482b94bb430 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01dd4221c188bcd9d680d63b2df8b623 |
| SHA1 | e96b23383b9aa77a090f664843a287f06fe9d0ac |
| SHA256 | 5b53f70bf1e0e39e3116b7232bead86d55bc621781d7d5f1fdf424b047344e09 |
| SHA512 | cd8f2ffef8adfa7724431251b62a6a770f3be9b40c4c4280a60ebf310bda6d827c905435f77a187687e0226a27576769836f3a36f68eaa85a65ae62a66738629 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f90439a8cc8d29a9f9efd29e9eb4ba3 |
| SHA1 | aa3721406766f1a8f4e726e2d678272906e37c0d |
| SHA256 | 62b2d7fd9e2fba32b755a3d3298c238cf7e06bba2a387ac6c58ba418947c9f0e |
| SHA512 | a0e17620d6f49690852cf7ad9e1693469fa1e60d867ad2dbe1c481a947cfc2725713b9f1e285ca59216ee452b74310b82aec454602585b1fb777154202cb84f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06cf903dda93ab52cd3969eaa245943b |
| SHA1 | d9dad6984324ee050db543ff68c36328e3332d08 |
| SHA256 | 7979cacf1060c92599cacb46d9c81cdd15236a6cc40d366b41ead5347cc8d00a |
| SHA512 | 801ac55da9e3ca6e0ac7f60354ff92aa253136f39771599f4cc6376d0ad7b4e8d9a9ddab402005f40a69776872eee6da258b0f2ace7b428e9e26aea939686372 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4aebbb9f2eec75641c56d90883f5dd65 |
| SHA1 | 4aafbc4481d696ab6b9a9f1b7944a09d5ee1b490 |
| SHA256 | e3133dbb80d2e2d7feb1d639ddd013dcacd67e60ba25a031397f3d275230cbba |
| SHA512 | 1a8c8dfebbee2437ae1134e9014993f2b28ff07c448db4788171f0fa29c2bece25a90628a3fe976a715b1da92b937f3b926d2f3e322c1a1dfc598fde2a650015 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23fa2cf94c532f9fc2f5fe96d7f990c8 |
| SHA1 | 5ccf1bffeea2b11f9e1f1b1e2024a9c071670cf6 |
| SHA256 | c433a19c2f200b9ebf07070ca80838d0e2d30a97887d2b4aaa7b273ed80584a3 |
| SHA512 | b0ebf8feaf929865bc9cda432b9ab32f480c0caa687485c9f0671af7fd0de000939864a3850a785c1ca1199caa56a21c0862268ce2ff021cae74887c02efebb2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 222e5ec84e0caeffb69cc44a9380a283 |
| SHA1 | df5c5139b66bc2c5c29210c293b1cafedc6fc009 |
| SHA256 | 395cff62b0400321392e00bbd7ae02d38d0b63f720d6d9900ad8fc6c86d19aa3 |
| SHA512 | d93f48eaae7c62a451a5c64cc96cd59950006253875368d604c5e5dd8d3212dcef445f73d7e438c491cebebdcacc22e16612321c3b50d12c9df55c7e3355ae9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1aaa554ad2fb9b7afb557485d060f10 |
| SHA1 | 06f9ff83bb496bf2ea9977fbfe2d2326aec526bb |
| SHA256 | cabe8c02d283cd08b35eb1ea38452cd148ce1157dc793ee083bcb859495317c8 |
| SHA512 | 2ce57d37739d113b76b54c5c1e941d73f0e520a7d4e63ead6d5421c925c1691d7dd599d035eaf6d850449909fea7b9feadb1daea8ef3906ea12261d71a75e5aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19103a87c3a72deb724ae037b1bb4679 |
| SHA1 | 36303ab1a993864c66d9fb842429198db594de17 |
| SHA256 | 00c26df50b578934c2dc133c4ad7e44bc983073516c13f0acd06e427933f0788 |
| SHA512 | 6af5d9096d6d9c0b75ff3df5b3e8e0beddea9a9978d6909b1ee12fbd54b56b8a54e5b8410e9b09e4572e52f96e6ea140ab61a469c5d84233739be79b4c6ce6e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78897895191ddee3d29f550998a2b844 |
| SHA1 | de14a58c798b051e6c41638a8a270e061fc2a89e |
| SHA256 | 56b92f1964ec28100b86d5b4af5c73cb3f2b37673a250e09c42819a9f0394a84 |
| SHA512 | d7621021f8dd0136fbd1d47a8667ce7723c39d39603dd83a2f42e433ba75f8c33d071c0a623aa8a89e4965d66f4fbe15b4677f3a7b552eee7329b559aad8e44c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25213a2b36fba46fe2c9a64da7541796 |
| SHA1 | 91e8097ee847c659750848e4b1417c10a90dc9e3 |
| SHA256 | 36501a1a7633add8c60dede8a22ec4d627dbaf6a16617458f7e6aaf7444f8b41 |
| SHA512 | e5faf821f8eb3aa843e82550c3e0d2d7016603aefacaa831f6fd26d4a683da3a25e858394d9261dc3f389f39e997924a20802e01572041646f4e328785c8a48f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec856720b046e170370ee77f51ecec30 |
| SHA1 | 8a2818a4d46c0320b0dae91f965d8bbcc0cc5b52 |
| SHA256 | a768d2968e53fb32a88fff9cf5bcb0831f7c6d4032a97e4a51327c2211590cd3 |
| SHA512 | 4a6b753b97c263c1207146df003366bee26f764f81cf551c97892102f4bb75dc8b3448fda79aaef3ce539fb98bbcfaf765d2b289d84471e2145b429afee8caf0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c19308b1efb43dcb3da2ae519daa4e08 |
| SHA1 | 2fa6274880b411ad2f59240f0ba6928beddb6683 |
| SHA256 | 28e5de0e90d0e8bbc31adf1a54ad32f860f283613af7ba2bf666df3c5759eb3e |
| SHA512 | c29d750bf01d050a4c8b6f68ff4ca3f2287aa85be2c7e06549e05433f0a165ca6e89669fa2ceb1975e87b32678f14a7a89092b34d555514b176dd8af4fbf7379 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4129030f598b3dcbd9f0d0519760127f |
| SHA1 | 31d22dc9ad47aa302d6a38019670116a23cc5b35 |
| SHA256 | fafee5c117efbafefabff0a930e7c3861e847859fd9abe949d683be4b15659a6 |
| SHA512 | e53bb0a064774f458f6fb921a570f4f5eaa0fe3d843a6506be62d33fd50c955ac7635d7e957a4fd5bbd9fad71211c0fcbcd84646d0d70ac8126c4236c02f50ff |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\favicon[1].ico
| MD5 | f2a495d85735b9a0ac65deb19c129985 |
| SHA1 | f2e22853e5da3e1017d5e1e319eeefe4f622e8c8 |
| SHA256 | 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d |
| SHA512 | 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\re26ad0\imagestore.dat
| MD5 | 4019579e6cb24d5850e033fe972498fb |
| SHA1 | dbad7a5aaa8793e425cc7424941a7244c7f199e1 |
| SHA256 | 189e36f9c737be84af8f942e6af939dbce3f9e04a78e1edc11cf076b145763e6 |
| SHA512 | 1af95ccd38812f67f7a6db8505fe858e64c7e619ec31a7ed26371396f20feccac0391eb15c300dc1c85c0b8d32bc4f7b3ded6a85c1f70b0010888ef441813d4a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:02
Reported
2024-06-03 13:03
Platform
win10v2004-20240508-en
Max time kernel
46s
Max time network
47s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86ae746f8,0x7ff86ae74708,0x7ff86ae74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.185:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 185.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| N/A | 204.79.197.203:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_1688_FFCYTNBFLFWHUYYC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fbbb3248cd01463b43d9d290b4c59424 |
| SHA1 | 896a31c8cd958765d57b5db4cdc181a6107e7d49 |
| SHA256 | 25a689252d5f258e604e22d36e27bc71508f79ab703a25b48c0afafade618158 |
| SHA512 | 0b901fbb55f0dad81399260d029393c83556f3c78e4f2bab0c76f2e786fbb7637fbe8dc464498780919e42bf099769575950a1f9cd424570244e9c20fe07ebce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 32b233c856de7d21bf401b6fcd287d1d |
| SHA1 | 73773ef3d232bc85a5c6d33d39a26230699f8666 |
| SHA256 | 2beb8e41dc348e66b55edbfdc2940987f8cb7477f025d4ff451ed2e064373f8a |
| SHA512 | 6d91959f0217bffba8a5aee8fdb10dfd132d91405ebc53aa3bdbb77989ce69311fc86bc6afc4e0275e0e3b6d85a1e9289709b2bc773ea33f895a9164fbb9ba31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3df7100684ac28b6c88a366b29091543 |
| SHA1 | eb29e8a8b7388041be7a52b9eb4d1bd80055e488 |
| SHA256 | fbd4f2522bf5112ac5369ab669c931f1e77ee7370be5e9d8d61d970e2d3d131a |
| SHA512 | f6933babcd653b145acc1776b7013029f150f1cc6d7133c85b2d8d544888e89a5c9cfc03a617d2851a5fd6536e033ef5324ee7c61d927ec5c62f7cab2d9b8e43 |