Analysis Overview
SHA256
1580e4f84d62455cd661abf31fa2d9242aa01bdcd648cf22bbb4b98f0788a8a6
Threat Level: No (potentially) malicious behavior was detected
The file file was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:24
Reported
2024-06-03 13:27
Platform
win7-20240508-en
Max time kernel
134s
Max time network
131s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A2F9AD11-21AC-11EF-AE65-4658C477BD5D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582950" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 705d7d78b9b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000b4dac10538dcf010ce4d45a92c03dc54482e33eb8a8c888348304bc330c1ff7d000000000e8000000002000020000000642d47bdd2d48adeb7db13fe69efb3e2331f118c9bed709758ab7ea70823b317900000000ef5ceb1adc394851a96fa02338ed9f5f20e85b4cfe346ff87c485a492a0bae24ed9cdb8b4b8384bd47a559c4860bf8822fcb3e7f8fd50c57475289ff34e58f23e8391556982e2c7dfab4a4c701059d977d8066cdd3d1bd6ffd70dbb0889f6f6741abd3a9d035b7f9f29fa547ee3739fbd392b4b5c4ec84768d63d9bbc20a103dab70d0e7bd5a3e4612f9e56fa91f81d400000006d88d478513145a5b06700c829ff59bc71b7e92df492751e82fbdfd09e7d8edd873be9bec1cff8fc81515de42fcd3d94117fe0cd1b04ee45c9bac5b94adfd72b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000c763e01f94ce5c6742e37f23f515386de29c04128a63c33165d31a13d6c8a7fb000000000e8000000002000020000000a6a126942306a4d5713286d53e9087ec6523b7e7dd847574cea627e29c5edd122000000045d86ed90776a749cddecbc6c7a082e73ca60c19c35a835209a14bd48fdbe0c540000000e9c21ada74ecd67378b444e53ffdaaecc9f747738c6c704a9e25f7df865b34ab2dd44cee5b7d6c352edff6bf20d7bfc1717ae935baa8971a62dfa2d03c3bf04d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 616 wrote to memory of 2216 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 616 wrote to memory of 2216 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 616 wrote to memory of 2216 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 616 wrote to memory of 2216 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\file.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:616 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| GB | 13.224.81.20:443 | cdn.amplitude.com | tcp |
| GB | 13.224.81.20:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 52.26.217.166:443 | api.amplitude.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1CD7.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar1CD9.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 318e606eb42daa86b5d7408966c783e8 |
| SHA1 | 2d9171a7ec56585037d529eea7fc87b65d35786e |
| SHA256 | 659653498e9c617c57f1430ba8fdf47e501ad3c3bccdb8dec23bd09f8d725f5a |
| SHA512 | ee8bb9d3d1e5a56b583f07ff594bc04fbf7ee59ef6c8fb1192cff5fed2526a962748ba17d93287550838a72d3a22f09d33124c83d8f1d54c7d43d4fdba8020e4 |
C:\Users\Admin\AppData\Local\Temp\Cab1D66.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1D8A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40e83747d6e199d5c25438a5460e2c2e |
| SHA1 | 624d17dc9e9e92bb004b0f14c3bb259185ef413d |
| SHA256 | b9518451fbc308ecb5b330226b3ebd743b90a12a21be729b13fb49e0613cf24a |
| SHA512 | 53d60a06eeb6b16796dbbf4de720da3e529983867ca948bd730442bcf6079ce1ef0988aaba119825f4f73e1e4138665c6ccb9f6a26060a79baa2ba264f4c403f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 989d8058cd156ea09e6e3a79f8da7a2d |
| SHA1 | 35e54893913841c91c61238e67a4427c8b65faa1 |
| SHA256 | 9d9c8f0d113ff5d88fd04e4445d11b37eb2c6c578e20b4d265cef22425da4ec5 |
| SHA512 | fdc4e89eb2b0aedb698e665abf2d44852cc0d5b629fec6eae07582dc60848beda9e2c5f99ea827202ea99f4273d2fae8f216bf91514a1fe48a30bd25bba54718 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffea2ba0b083b4fbf3c09266e3757c49 |
| SHA1 | 884b2eafc6607b4c061d9031af13bdf3deaa847e |
| SHA256 | be7e9cbf4dc7d4757a35101acc5f5925a5837bc210675350cb10a34afc48a5b8 |
| SHA512 | f81ea5d84c9ef05cb72fbaa38f3c3180828eceb1675fcef3024cde6989f67c2591c199d55b31ffd315c3507adf1dafc2a74e8c73f784b2eed1f7af6a42d23f5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 903addc1b5e67d4f7be1110173e06858 |
| SHA1 | bdcbe64e21f7dff1cbc4ca9331c861a615b1b93e |
| SHA256 | 943f7c90329091aa148c34a25e3090dbb12809108163631123156d50059d981e |
| SHA512 | 7eecdcead7c871b575ce6ad4982f226bc5fec50b6cd1cda3de5ccbbd505a7a07b5cbdd5c6758891277e5db36797407ab1c59a33480c8bd00cc825c22a8c1e403 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c3094ec7ed640f7b465f1bc53924709 |
| SHA1 | ea26f31b0ab6e9367256e1b3c45f44381e1b0b32 |
| SHA256 | 333b36af5ddf816c1156380c887b07bc34c820629311d1c34181cfa422072736 |
| SHA512 | c881b5a2fc8866291cd3723e50f7b2ae1f9bdbf15b142accbd0e3417bef5a14138ce9a373ffea10f23dddf3b8a9873012a8abdf30b10db3b9bffbf83451902bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 344dbedec856fba54d4f1c37ba341f64 |
| SHA1 | 095c1af09437985a27b70e0eac9dda639214c63e |
| SHA256 | 1c6e294ae33e118e8122003b4ddaad805d382c99d3f1455a0a8d1470bade939f |
| SHA512 | 87eaae54cee294161db2739f67d95a3af3de15e2497f981d64c114b9b89bbef14c033a49c682856a988799856ebc42cd96f751a4fdd33459d703a9da10b83ebe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0093101399cf2bc3bc4bccb2edfe921a |
| SHA1 | d48711ace0122d46df31e91043d1561d727c6e58 |
| SHA256 | 47eb3c9b785270fdc65fbc043f66add6f2700128ef612f4af4195d6ef16f3d93 |
| SHA512 | bb9f07102336dcb1fc2f02ee0d924a0733cd240b45ef1917da95f9d6e7a420131af55f7a6010fa39cdcbd27b69d766d5db92e0de60ec05eb11589674557d5963 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67c14b0f8ee4ee679221e2489d04d3a9 |
| SHA1 | f7b4240e32925ce1888dcb36df05826b626416b5 |
| SHA256 | 8e7bcc8ee66b878afdad47ae4a7369dd73d78f313f85cab9f52ca2cbb59ffefa |
| SHA512 | c4fe1e2fa42974a55c1bc10c7219d7450803622ffd801232b9a783b7cac1e98a2dc4f0c8fd89f73b5348983b623c269198bd5c75c47ea694977d8c78d15d11f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23a59ccd6c0cbbe2d87d19c5963d4fc0 |
| SHA1 | c40bb5932f32cfa1e6d5b4093eb9076ba8076b1b |
| SHA256 | 664c81134839f8504f3b1e29fb848aa738bc6c471d33debc6b34acb58703f278 |
| SHA512 | 1fc72e1dae35025d1da5890dcde0aac38df5d2597786fbe52465c0135face24cb4469b8ef64a6f3d60168dfaaf3bc45b460479169230b2d0954ee0b40ec4b94f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 741838635a69a54eeaf5cfb4ba419170 |
| SHA1 | 1edbe1cf15154410d03d5a82ddcb95015b09dc7b |
| SHA256 | 13c22508916d2a582acb3b2813aceb652ae78abe7d1a23208f248ae264b35801 |
| SHA512 | 83183fc4a615c4a82c51874dbb68fa871440683b87a12e9d8c167683eb439476451d0af9c611b6b698d471803650cc54a882feb0187d9a4178638f23bc52fa68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0036e59540aab504618018b31307ef65 |
| SHA1 | 35c719dfafa17690183777907ae2163b6b899535 |
| SHA256 | 0622f59e89f2a6675f159cc9231c661e2a13ab30f12e5793ce3e2f81f35c6174 |
| SHA512 | dd92572c08b98ec4d044b7a3c70f0323782d8983c068e6fa3e93f5c1acfc38d3f596046bc2703fc771cf55051d0ea7758c71ebe2891558fe72ea91d92fe61425 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0ee6ca72ea20cb57fa76f8c871899e2 |
| SHA1 | 88bb7b66c782c456aceae94178ce363dad8c4f79 |
| SHA256 | ddb8d5ec9c1d52b808b0f64a2007c07c2605bbb4b8eab824558abf11832d79b6 |
| SHA512 | 36620c5cc0818f71b2967dfdd7d788c2116a16d0dd0cabb96e534ffc2d879751b98b1c099118ead5b0a6e04a591c77b8bc4ecbebeaaa18dcf8b8d97b86bbf6f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c4bf971792413cce5beda4d660dfaf6 |
| SHA1 | 48d25f523e91dea19303072a177395ea7d13300f |
| SHA256 | 9f74152eb6980d46ac5478716ae074f6e4a22866d11d4572c2c80fc8c7f15df5 |
| SHA512 | a499c99c28ca060b4a9ca1f026776d5e90f5be762cafb30b110f060f126e77cfb1cb6d5a2ab16524902055dfb0b0bde2a16c08bc2f3689b3743c43418e88bce4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30772d8d901021f308dd8eb4e6f3216c |
| SHA1 | d4cf7382276d7e156d3100483993364bc93bd10e |
| SHA256 | 95a11decfaf16bdbebb97f80d311a33cab31f179a36359493d7ebeeb7e4add8d |
| SHA512 | ab80ab2d48f846c3a04ae490367c8e6d6867a180be7cfd9b3ca271c000213c6e54c464cbafb75268876e49dae73329046e5122eeea3a59abe9c768b286536709 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b21324731a8400ed074e78113e74644 |
| SHA1 | 5a4591d5efbdc4f7bd683bedd83a934c29052208 |
| SHA256 | cd19c8a64c7e8c561354705c96afd094808da364f4e4fdc004ab747a6aae3c0e |
| SHA512 | dbb68af556507d88937724660a4da88cb81284c84cd1579cf1bb4140118c59f9e6854aaa1595242793605873c944631afeb0b0d5828acda3c06c080bea693513 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 438be6ee65ad5dc97e19b79e3c3b221b |
| SHA1 | 0a4fac6fd2bcc923a1a256a4618f5f8c65c165d9 |
| SHA256 | 320b4e90b91f272a2deded7af45fea50ddb46c4535f9376250b4af8cc8bc94b1 |
| SHA512 | c78e1df10f260b1975b3f7282eddfa94f6763128a830e97e6a563e5f934bde23f30fcb192dec258adf4efa1b3479732ac377082fa09475f564af3cda1433acd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d66aa218cc8ff0b8486e6bbb13a8667 |
| SHA1 | 238623b531bf7d89c4eec9c8dacdbf295d97294b |
| SHA256 | 91d79b02c3211b0a6b89ac07c9f27ca50f8f84cea103378e0c04d848bd0a7d8c |
| SHA512 | 2b5f51422243255e597ec29ca43c091bd7da341a4e4823ebd92095e9aa0424af8bbd9da5eef416e53987fbc4da8d686efdf207bcae7b46092e00f6856e8df153 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00405b2c010208365b85907028119452 |
| SHA1 | 95569b3a4ed2f0544201bfe5c6b0160072a7445e |
| SHA256 | d137186d75df1485a02c6cabcc24ce1e1959003c40af50f7ed3abbd8c0b2fa19 |
| SHA512 | 67fc65d4dc17a6a81136088646bd340cd5980c8ebc284a7fc491ed40cb89822b3aaf12d53c0112cf2b2f2e6c9f697db5620be5a88f96d84abda87b94bd33910f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f6c19ecac42ed3084ecde160987f8ee |
| SHA1 | 21af2d2f4bc356040d1c80b42b16f7ca37d7faf4 |
| SHA256 | a019725222e4171cb7f07b8f3333fcdb23a4bda0c1b43d17cbeb7f5016d9f3cd |
| SHA512 | 2fcfd9e7ea4892b0ace6967030fd06332373eb5010dd36d105291c35fd060d83829475617b7eb8e11cabb560d2440fcb107f9b55ebc253adfa19478b0c1c47c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b38229c2c9ed30a83714763540ab788 |
| SHA1 | b1d5a9a2c628c641337703b0d24b5731f9fad168 |
| SHA256 | 0a3f7fd3bc1114ed2d4d6817c92db00ebe51687d7f9b6ab8859013c6e31da800 |
| SHA512 | d18951a47f622ee5cc29b48219f3ee27d39308c789c5f1b365d68deac8b32bc9bc2156f9934b0d7f6b79888151125aedf43c0a048c1334bdf628c094bea50e3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fdd13b748a05c2ea7585a5d5a97f0efa |
| SHA1 | f520aa580e15dc5a5de8ac2c7fc3e490df3415df |
| SHA256 | 793850fabcc4ebed3d08051da0627df9fe5a502499f12149e4de5aae9820515d |
| SHA512 | e7ea12ef57eaaa396c09f67399c478e269448dfa8c0bb7dede4d9343a647f60e59978992649229b0aa8edf332708f9b480ffc3a531cfcfe5f5d6f7a6a537a44b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a550f9c034b8bcd2a2a129003e61f236 |
| SHA1 | be7915d7871fc4cb8ee6e9c752ef8053f4e67a28 |
| SHA256 | 24cfb7f1dc57b96cd401b8311ba68c010538e72f2563b590b90a4e12ac7c2e87 |
| SHA512 | a7a7a5dc4c2b1f672069a19f4226c3d37edefcbc841c2671929bee0848625837e76588a10364f0edde47b7f40bc065b10263625ffead797451eaf523001337f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a826be37c7264498f614b5cfb5a0505 |
| SHA1 | a82729b5872095fadd2129a8ddd9c764ce2964a2 |
| SHA256 | 1ee5fda965c76e3d76f2b99ccf8ce162feddb2d663d3837e9390700c243b139c |
| SHA512 | a0e66a6799b28fbf5a3cc81ed94678bb9d486dbd7d5b2948ef0a83fcc077436cbc07f17929d91c241e899a95ca4598bc5d9b723e285418eefc404febd36a84e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 153c87dc4ec45a2ffa7fa91c0921cb27 |
| SHA1 | dac470195e25f94e64463d418d6068ecb2cd0191 |
| SHA256 | 3f7f19012d19e7c000ec21abc5cdab1004a6763d8b07e476d272d2addcc322b9 |
| SHA512 | 81af3d176f83b0800d2fe00b32f9a25227c0d63200f00c769e2d1520822885460553acd84a5b829bf0af9173b8c9fc3f37368eb1b7b339a75570e4c15631bfce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56c2a753e97a6a8806fd9ef9b4bbbf06 |
| SHA1 | e90461e4eeb28ae2ff6738222cd1f6b277d059aa |
| SHA256 | 8afe0a4c5aed648e5d5c6970fa6e0a3548908d8e5b183eebaef8e990fbf0abdd |
| SHA512 | dcd3b7fe298a29cc68bd68c55aa029405863ae89f65151cdeb3a1ac7450204ab0cd8ea3d210ae62fe260f4fd58616b0d9e250c37d55865dc7420e2bf17ee9345 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81641ec7bb6199e03c888536fa6abca8 |
| SHA1 | b15cbd2e005f0aec53ec84d4410482680ab09dec |
| SHA256 | fb229bdd159ae80a2a21cf6ca81bc2ad6ccf0813a5769014b4b337c3da826654 |
| SHA512 | 46e368b1583e73eaf87cee7677307ce7db4ed6e6c48e415a31f8537abef711d218bfe0921fbf45a72efbda8e912fa1af3f608b1b4baf48746b272e1ce35d71a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c99f70fae9c866d1fa74b3589a370dad |
| SHA1 | d8477582909a63d3d97c00ebe548dda863fd57fa |
| SHA256 | 9041e2105e579be1f6e0541be9ad94b539db06e5c97cfda782254b1af9cdc75e |
| SHA512 | 71203968693db16edfabc36f2c6419cddb116c18a64b9cb9716c37ccb799c5269a57a2ccf1c53e10f44fcc21dbaa680d73bf3d58879eba8ea28badc98ee76501 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db5efade47725dd02b2699f975ce9263 |
| SHA1 | 54718e121d970a8a67e872970a3c6f03a15d08dd |
| SHA256 | a02342a9f91d34f62e371d204ac14f4a2544bf35d03a1741900bdeb3c7b905e7 |
| SHA512 | 0229522eb3bbfee4ef94447833b009b27ba9c29f43028c4ff027d7174ff6edd66a0bfd8015ddebf1431272f174d3795d390347cb725dda0b6450d64c96227f5a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:24
Reported
2024-06-03 13:27
Platform
win10v2004-20240226-en
Max time kernel
141s
Max time network
149s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4132 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5680 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5796 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5456 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5964 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=4636 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
Network
| Country | Destination | Domain | Proto |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 172.67.170.144:445 | www.ezojs.com | tcp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| GB | 13.224.81.20:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 104.16.52.110:443 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 104.21.63.106:445 | www.ezojs.com | tcp |
| US | 8.8.8.8:53 | 20.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.36.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.52.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 44.237.30.204:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 104.26.3.173:443 | www.mediafiredls.com | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | 204.30.237.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.3.26.104.in-addr.arpa | udp |
| IE | 54.220.158.112:443 | bcp.crwdcntrl.net | tcp |
| GB | 13.224.81.56:443 | tags.crwdcntrl.net | tcp |
| IE | 34.246.197.125:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 112.158.220.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.197.246.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.22:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 22.173.189.20.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | tcp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| GB | 142.250.187.238:445 | translate.google.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| GB | 142.250.187.238:139 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.16.113.74:445 | static.mediafire.com | tcp |
| US | 104.16.114.74:445 | static.mediafire.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.16.113.74:139 | static.mediafire.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| IE | 52.48.217.227:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 227.217.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.179.89.13.in-addr.arpa | udp |