Analysis Overview
SHA256
4b88602a9ac49d54d1fe02472fcc7b97be13950c49eef4fe3a54293e3d265085
Threat Level: No (potentially) malicious behavior was detected
The file a3c692ac20875662695895a24326a9c0_NeikiAnalytics was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 12:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 12:41
Reported
2024-06-03 12:43
Platform
win7-20240215-en
Max time kernel
134s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423580342" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cb6ff69caf8fcc458b18a476b235bc82000000000200000000001066000000010000200000006216c1964cd1d9dcdea2278752ec7f40b30465f578764edf21289021a8ff212b000000000e8000000002000020000000cff2f32d95c7f2a003a27a751acb62ed8941b8ffcb27189a11b647c87fcc3771900000003f77c3aacaacc791d75cc1db56cbdc80b26046d12efcfc79a55d4ba73f02af76b76e8bda62c95f647a9351113830b90be2290bfaaf56fa5d52ab6c85808dd4af3a88c223fa640014f513000a83702be9909d26337293eb1759d8d47b5f23265dc09fffaee1067a22a8e37fc8b7e7fdcd0645da856c8c91c72b327fbf88790087fb25011eac627e12210a1cd02bdcb0bf40000000525142ab4a3ee9f32ef1a3b3e7621bad1228a97f6bd9f008e87c4197eaf7c3ce22207ca7eb8644bc338ecf82564792ab8743051865e6d449d15be7007c33e064 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{906C4871-21A6-11EF-A1A5-568B85A61596} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80990e65b3b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cb6ff69caf8fcc458b18a476b235bc82000000000200000000001066000000010000200000008b097a404b22920d0ed6873f9304baa1cca94a3e1d3ea46c995fc8453f281808000000000e800000000200002000000097da6e83633538943eeea1a67a85a9c7277e6936f8f3ca967de64040571f728d200000009368d554da75024b6844a2fc0b2e6b0c1979ebe18c7a901080956a50560bf87c40000000a0dd58fd24fa9eb23b03e1f791473ecbb8c091f300f33dcc79adb575ef38e3461d5a69e543dd0f79876f2d57bf4ac59eb1dea947dc903b59a4a271c9529b289d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2356 wrote to memory of 2508 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2356 wrote to memory of 2508 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2356 wrote to memory of 2508 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2356 wrote to memory of 2508 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3c692ac20875662695895a24326a9c0_NeikiAnalytics.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | man-world.info | udp |
| UA | 185.104.45.75:443 | man-world.info | tcp |
| UA | 185.104.45.75:443 | man-world.info | tcp |
| UA | 185.104.45.75:443 | man-world.info | tcp |
| UA | 185.104.45.75:443 | man-world.info | tcp |
| UA | 185.104.45.75:443 | man-world.info | tcp |
| UA | 185.104.45.75:443 | man-world.info | tcp |
| UA | 185.104.45.75:443 | man-world.info | tcp |
| UA | 185.104.45.75:443 | man-world.info | tcp |
| UA | 185.104.45.75:443 | man-world.info | tcp |
| UA | 185.104.45.75:443 | man-world.info | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 475fcccfb01652c682f9b4ce7155f7a7 |
| SHA1 | 936cf8b7df8e28026e22c8596c5f2dd859bf4487 |
| SHA256 | 0c90ebfc2202fca01e25705f09dab5f21c6901d0e44172d02dc86aaa282e7b73 |
| SHA512 | 1cdc689bd6afb6d4937504f649db6f9e27b139058737bcb576ca7c24df82b21c62b6b1968ff9fb77e8c1af8b2cb85a597162a8d9d5aa08017acc5d2677f0ea99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A3BC975EDDF4BA4DA58105B47AD80418
| MD5 | bdbdd8bf2056249fed97d1e3a36f5897 |
| SHA1 | 8b93b8c618e3be111d220ce2fd8ba4a909f08548 |
| SHA256 | c4e21da13051c8c25571a0e5de749fe7dac7507e569c2d580abe0a0c7e2fc9ad |
| SHA512 | 08de321e3c34a9b419cbc87a2df9084244f05af5e1dba7ee74b7b8b0dad4a205ac223e2fe1e5dc2f69b9e8ef2a27fe82886d6d12aa7954350c8a874603a81b4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46d0e067adb58b4adde3669a507740dd |
| SHA1 | 38bbd2de4674c66b7a870b86733472256093a101 |
| SHA256 | 581cf91d84a38adf815bfc02f4e78715ba854442e3ebbb0f9b21f31933929686 |
| SHA512 | 4ebf79f7121ef94181df3d993f77fd7dd4e2f458c42d60c1e5c28280190f1ce8bc0c7033f255cb39f17f6fe982901ffcf78782132c0262eba4e71554ab63bbd7 |
C:\Users\Admin\AppData\Local\Temp\Cab2D4A.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar2D4B.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab2E17.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05e29904034367b3da28a8cb57c373b0 |
| SHA1 | ee84e565efbeb016916b476d2994bcea4f471171 |
| SHA256 | 656aad60f48272c253f22a557cda881bb8dba85c89a7ea8f2aa0e41f36544f57 |
| SHA512 | 42640a1521c7f8440252466b37ea14a245e17859375d09c99b91a0e883f11ee145a1f1756fdf36c6e738aa274fc6bc56cb37d06dcfbafb44e4e244c16a5ffd2f |
C:\Users\Admin\AppData\Local\Temp\Tar2E3C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb19de67da747c1e36708f2b41126d2d |
| SHA1 | 04c0017beccf6f67b80f9995d9bf22888ad6046e |
| SHA256 | d7506d6ade1da70fc1a243f563e689b0627a22d57d4b41a43a28869a1d571a7f |
| SHA512 | 1120ce6bb06981ede1ad7989a267456b71cd827036be5567c015ff77e25cd9813bff45d8a0d3ee690f5eedb706e8b4f761768567fdb43ff29134f80ca79eb47f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9eb22ba6c715c550b696de1488b2c8b8 |
| SHA1 | e57032a3566dd848edd3ff55c1a1b79d3e33af2f |
| SHA256 | 7fd892526f7076c642be0dd8974aaf269ae98d9d43785387c5b4bbed5874fe8b |
| SHA512 | 56c33cb7da86d9a91054628aaaee7f072660ba67cc60316116bdaa1ad63ad1e12173b4b706d39cd9f412d33b181d9d622deb9b01dbf3fb8a7cf2eb8148221453 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df604d2e450cfee89e9028d8a69e3314 |
| SHA1 | 123d2a31498f42acfce14ff17017f8b2a6968d31 |
| SHA256 | e29d579f454a4f488f2f6ae48ebd6eaf500c83dec92d3d977c8195ceeb36f0b5 |
| SHA512 | c3f1592a7b824260f9e21d933739c232ac5faa90cb88d0f9fa13beaaef7445517778ff8a5c9c65ea34ca43b61772c7b6412311e59df3ee39bf96ecea78840f63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3181b22d21e0eb677b4dd58b5f3d6d76 |
| SHA1 | 517fe3acf31814a4067eff1cf58edf2837d901c0 |
| SHA256 | 287a5da29a0d73718342fbf5b97fc52f96105fa40d60a5ce99792dc8de777ce7 |
| SHA512 | fa3cf2e798c4012ab676e374f1ef0ba4955ec68de6013b0669831d94b3a7b19a269cf7f2821926229afa6b77bb75b5112bd4c92898208a779ebc375f63abd033 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14a53e1e25cc902bd9b56a67709b1648 |
| SHA1 | e6d4127ecd8dd74771b39b2d660ec971794c2e39 |
| SHA256 | 364d76d76c1431dd194e2009b1ced2dae0764f54520319d640e170bc9bebe520 |
| SHA512 | 1e440531a2b5ef8458846a125fd74758cca4f6e472fbced43af1a016f8daca76f52b5b482232498f82fb37f3f422194f16d4fbcd2381096c282f9b828f95d47a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe5e564fcec4e66f848ab70a322a1258 |
| SHA1 | e5009e67747d956958813b821e02a2d8fa04dc8d |
| SHA256 | 50f58ece56642b6119eafe27e35383473bf695a13796bee629c8aefe18f87dcc |
| SHA512 | 77410b33064effb74885e7378fdf27eb28c9c8f2fe7e7bdad2fb1c9fffe2278da45ed82dd9aa888b6eedf064b3659d5b73f7987ac2c4b191d1945de024c2b95b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c4e97f38f28e1bbda5c74b2e953e908 |
| SHA1 | bba6fc445427ac6f3231f79989e21e5b10ff5509 |
| SHA256 | 6e691d841d417c1a22ee7b4b4586fe73ca76e1cb55ab61a6d17440a4ed2ea01e |
| SHA512 | 4e88ba0bb600c5a3db95aee372118e62f3226e30cd9c567c7b95d1e156cf848f2358111a9ef5b0f8d548f235c8625e5d6b4513672e11ca669260cc58e44a1c76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83a60648dd04afd8ac583c89c5935810 |
| SHA1 | 6663933e3cbfc1ebbe076255c2353722aba9a4b7 |
| SHA256 | 0001b8c76999d734c26f6a5a18f83baef878b4a7c770db50ee8b4a225268e5d4 |
| SHA512 | 42aba54dfa0c833f3b32a3696095917bf356452168b0ecf7933f4e035aaf3d0c9c3aea977a3131042c32fc8a72a9ebae5ae42c9d9f73068f8dc3d6fca3b4e168 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd4c801cdc98e02522f75afe1b8f5b52 |
| SHA1 | 1e208568360c46cd182dddc20dba03f9c57a7fac |
| SHA256 | fa8400aefa350d426ba27ef5c003fe4d5df0554e9907279aadd8eafa64958825 |
| SHA512 | 3c8ba54ea40d3ea278577e15127340a0c3042bf0527f58c543e1e749f7376711d0544a3f4cefaf73a02c3271312dce0f3ca2e4e2971465f4de9944c8543d5494 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29b9113934d171a0b024492e91d852f7 |
| SHA1 | 2db0cc498351920076ed66d4938b48e8bdbbfbea |
| SHA256 | 74b5e57bfba86dffeb69a375f38ace75a71ed744acc9ddcafd89d643f46461c4 |
| SHA512 | e1ffa1000cb2c5eb82adbef80c240eb1ceae0d9fc7779be4221551e7ed5901542407d91310b187131d0654e4f0f21aa128606043b02b53492931ec48d41f21b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | e585f052dfd6669f86a26c3f27dbf5b4 |
| SHA1 | 3898111741ca87fe41aa4408644b01ec9bfae8ad |
| SHA256 | 317ff750d890b10354900ace387b6d8fa4e8960d41e5d5f03baf5da440611fc5 |
| SHA512 | 584773bda1651e41f9e9bdd1cedbf5238d5027ebc7a3bb84430d9f4e04f26239283fd413e4511878dfebcfa214071aef1ed8d92b7aa9573c93bc12714fb60be0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f9f5eae988ab873630a7866782746a8 |
| SHA1 | 3b90c2728fe3317a46405befe06d45d815a25e69 |
| SHA256 | f3aa9d242bd7c9c6ab270dc8d81d3d90cc47a24233c0b3f35738f8e4d849fb9e |
| SHA512 | 0a20d26c2cf8342ec61cf8e9f7eb20c140621c275d757c001fb14c566685bf8344e0ce47d3eda0b0450d81e7353377332a23b0fc10fc5831dddedf8470c43985 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 962987694be72ac62d78785b23a0a722 |
| SHA1 | 299dbdaa6757583430e7278552b3dc669e292b66 |
| SHA256 | 14336b6380fb8c8e9377bbdc24538d06b179163ace47bb9a8d478575515fc20d |
| SHA512 | 129d60838f410d928ff6d5c3a81a009b5574a4c54e821f4c497b0250816ece2af7be271326ad6fb28f11e4e5b159894889ac57e0934404f29e9aadd8dec2a082 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3582e2e96e5575343c9a789f68df98dc |
| SHA1 | 7fb88dd46b700f3b9379acf1e599b93926b40714 |
| SHA256 | e2f024a7e14fd0e7988492a2b49cdb510ed9b01dfe667e17f7941e6016258820 |
| SHA512 | e5bde82c9e84b68779b8747374ec5296de9741d99e4c53c21d8548034c9103219ffb8519fa0917faa7954d90cf24abca9beb2877840f73cd568d726483c6a102 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3de1e9ccbfa9a308240c3cd7caaaa84e |
| SHA1 | 117c46871609034cf62e2f67c4716939b26b09c3 |
| SHA256 | 6bde7faee06c107b9fd5f041951f2bdd96eebd23fa1564255246e985360d051f |
| SHA512 | 025a59851f7af3ed5de4137dcebc6a3c477ed5cfd59655e8643f966790ef53a41abe6944ed1158caeece8e850ff3621e3f3b0db051d458d5cfa9ec80efec6c7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3840fdb1d497f7da500e0b149cb5ef38 |
| SHA1 | 74581a958d7762b0a84c5f93d5b27c4f0552570a |
| SHA256 | 5dbf559b4cecdb4b05d82d99222f9ec74209535aa2484b37ce7c2aea15e139d1 |
| SHA512 | 40fa7e955869784b14c95cd502f4434a562cbf13cdf3d0554563ba1fac2b7bb82b3577ade8a2183ec0a6d7c3a14c1f86a4673deeb348820621d399ead9756c12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7452edf96093959ceeeb0159e3b14786 |
| SHA1 | 9b093bd9ba29a601317d3145c5340c828994170a |
| SHA256 | 9bd8511d625746716469399353ce74298909a64152d566b6190d4b3275ebaae6 |
| SHA512 | fe582b4bb24aa57295475ff431e4c4d71eb799156f9dd795c29545bcdb9424c39d7645095901468974330582a45631574fa8ec7d59de100f4b624cee58bc20cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07a2dde7d9c996b32a38d83c81100d11 |
| SHA1 | 717d11748cb79536e714daf585f42d24c792f29a |
| SHA256 | 091ff3f676abfe83b0d35ac61a2a3d38b4fa984f9a03b5a4be1583b7a9e6a7ce |
| SHA512 | 65ce4d7f640faea8d0841c12d0cbb10c9a3e504b81b62f70254c112e5bb3a5544f1268b9483ec62f28f7d5d564e21e7737a2b3fe49593f30675301b8b845786f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 5814c68ef1198d4c8233fd22b30cb7ee |
| SHA1 | a8aad0ab6290159c6c64f3ad623543ac304f09ac |
| SHA256 | c593533a24026107899975727a9470454ff7026417612135f0c19b89de10f6f8 |
| SHA512 | 220d8e8811c8134a5e23ad895f510b394bdca71ca5e02994769c693368a21485e7a046125d92774b844b69bb0373e744fe38fe5e22f94fa9a881c9cc1e39dc30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ad33278090d6328a0f271726e21882b |
| SHA1 | 8d4a18d8702833f4c213f260ed2e5dd348d4f2b5 |
| SHA256 | 37e83898b85d0b6cd9afc11f9d59f76a06436c95f24371069e17dd45179ebf44 |
| SHA512 | 10adc03a550f5e2f5ff784388076c2cfb23e2ae25d36f592aad4a206982c805bc36c99e970fa00864d018e9fa7e28206c90a8626b19cefba83c1415664fd80d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f751160b86ca77ec4e0325a946bc82f |
| SHA1 | ec4690a46735d2ec087634a44078e6ecaae886f4 |
| SHA256 | 5c922adbfd9d056596e7fe968cb13b62244c390e8689668df550e783acf4f7fd |
| SHA512 | 52abe5bdae56cce845a6fe0f0f6fc83c6e51c888246a7d2e80f23950970c585bed1b2ef95673976136c4f0b09b01dcb20fe7fad8fccf917e2acba8c9f057fe32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3480c9ceb12d6060a81a44b6c4354325 |
| SHA1 | 480633483590a81759f4a298e4c15859ab195166 |
| SHA256 | c0f6a4c7478dc1bec5d356bff1ea90d01c577ba72070d7f411bb76be35078708 |
| SHA512 | 7a532520ad36622d9772695d2652409f68793b60ca6ee6a1801d2a1bced40a6b603561df4528d137c413304f428ca3600931daf3e1119128021cff1ed2568a5d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 12:41
Reported
2024-06-03 12:43
Platform
win10v2004-20240508-en
Max time kernel
134s
Max time network
144s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3c692ac20875662695895a24326a9c0_NeikiAnalytics.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=1428,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=756,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=4820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=5236,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5316,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5416,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=5956,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=5940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5744,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4400,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=3872 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | man-world.info | udp |
| US | 8.8.8.8:53 | man-world.info | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 216.58.201.104:445 | www.googletagmanager.com | tcp |
| GB | 104.91.71.133:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| UA | 185.104.45.75:443 | man-world.info | tcp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.169.36.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| UA | 185.104.45.75:443 | man-world.info | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.45.104.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 216.58.201.104:139 | www.googletagmanager.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |