Malware Analysis Report

2025-01-17 23:27

Sample ID 240603-qnkk6sfh21
Target file
SHA256 1580e4f84d62455cd661abf31fa2d9242aa01bdcd648cf22bbb4b98f0788a8a6
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

1580e4f84d62455cd661abf31fa2d9242aa01bdcd648cf22bbb4b98f0788a8a6

Threat Level: No (potentially) malicious behavior was detected

The file file was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:24

Reported

2024-06-03 13:27

Platform

win7-20240508-en

Max time kernel

134s

Max time network

131s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\file.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A2F9AD11-21AC-11EF-AE65-4658C477BD5D} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582950" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 705d7d78b9b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000b4dac10538dcf010ce4d45a92c03dc54482e33eb8a8c888348304bc330c1ff7d000000000e8000000002000020000000642d47bdd2d48adeb7db13fe69efb3e2331f118c9bed709758ab7ea70823b317900000000ef5ceb1adc394851a96fa02338ed9f5f20e85b4cfe346ff87c485a492a0bae24ed9cdb8b4b8384bd47a559c4860bf8822fcb3e7f8fd50c57475289ff34e58f23e8391556982e2c7dfab4a4c701059d977d8066cdd3d1bd6ffd70dbb0889f6f6741abd3a9d035b7f9f29fa547ee3739fbd392b4b5c4ec84768d63d9bbc20a103dab70d0e7bd5a3e4612f9e56fa91f81d400000006d88d478513145a5b06700c829ff59bc71b7e92df492751e82fbdfd09e7d8edd873be9bec1cff8fc81515de42fcd3d94117fe0cd1b04ee45c9bac5b94adfd72b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000c763e01f94ce5c6742e37f23f515386de29c04128a63c33165d31a13d6c8a7fb000000000e8000000002000020000000a6a126942306a4d5713286d53e9087ec6523b7e7dd847574cea627e29c5edd122000000045d86ed90776a749cddecbc6c7a082e73ca60c19c35a835209a14bd48fdbe0c540000000e9c21ada74ecd67378b444e53ffdaaecc9f747738c6c704a9e25f7df865b34ab2dd44cee5b7d6c352edff6bf20d7bfc1717ae935baa8971a62dfa2d03c3bf04d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\file.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:616 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
GB 13.224.81.20:443 cdn.amplitude.com tcp
GB 13.224.81.20:443 cdn.amplitude.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 52.26.217.166:443 api.amplitude.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1CD7.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar1CD9.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 318e606eb42daa86b5d7408966c783e8
SHA1 2d9171a7ec56585037d529eea7fc87b65d35786e
SHA256 659653498e9c617c57f1430ba8fdf47e501ad3c3bccdb8dec23bd09f8d725f5a
SHA512 ee8bb9d3d1e5a56b583f07ff594bc04fbf7ee59ef6c8fb1192cff5fed2526a962748ba17d93287550838a72d3a22f09d33124c83d8f1d54c7d43d4fdba8020e4

C:\Users\Admin\AppData\Local\Temp\Cab1D66.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1D8A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40e83747d6e199d5c25438a5460e2c2e
SHA1 624d17dc9e9e92bb004b0f14c3bb259185ef413d
SHA256 b9518451fbc308ecb5b330226b3ebd743b90a12a21be729b13fb49e0613cf24a
SHA512 53d60a06eeb6b16796dbbf4de720da3e529983867ca948bd730442bcf6079ce1ef0988aaba119825f4f73e1e4138665c6ccb9f6a26060a79baa2ba264f4c403f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 989d8058cd156ea09e6e3a79f8da7a2d
SHA1 35e54893913841c91c61238e67a4427c8b65faa1
SHA256 9d9c8f0d113ff5d88fd04e4445d11b37eb2c6c578e20b4d265cef22425da4ec5
SHA512 fdc4e89eb2b0aedb698e665abf2d44852cc0d5b629fec6eae07582dc60848beda9e2c5f99ea827202ea99f4273d2fae8f216bf91514a1fe48a30bd25bba54718

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ffea2ba0b083b4fbf3c09266e3757c49
SHA1 884b2eafc6607b4c061d9031af13bdf3deaa847e
SHA256 be7e9cbf4dc7d4757a35101acc5f5925a5837bc210675350cb10a34afc48a5b8
SHA512 f81ea5d84c9ef05cb72fbaa38f3c3180828eceb1675fcef3024cde6989f67c2591c199d55b31ffd315c3507adf1dafc2a74e8c73f784b2eed1f7af6a42d23f5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 903addc1b5e67d4f7be1110173e06858
SHA1 bdcbe64e21f7dff1cbc4ca9331c861a615b1b93e
SHA256 943f7c90329091aa148c34a25e3090dbb12809108163631123156d50059d981e
SHA512 7eecdcead7c871b575ce6ad4982f226bc5fec50b6cd1cda3de5ccbbd505a7a07b5cbdd5c6758891277e5db36797407ab1c59a33480c8bd00cc825c22a8c1e403

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c3094ec7ed640f7b465f1bc53924709
SHA1 ea26f31b0ab6e9367256e1b3c45f44381e1b0b32
SHA256 333b36af5ddf816c1156380c887b07bc34c820629311d1c34181cfa422072736
SHA512 c881b5a2fc8866291cd3723e50f7b2ae1f9bdbf15b142accbd0e3417bef5a14138ce9a373ffea10f23dddf3b8a9873012a8abdf30b10db3b9bffbf83451902bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 344dbedec856fba54d4f1c37ba341f64
SHA1 095c1af09437985a27b70e0eac9dda639214c63e
SHA256 1c6e294ae33e118e8122003b4ddaad805d382c99d3f1455a0a8d1470bade939f
SHA512 87eaae54cee294161db2739f67d95a3af3de15e2497f981d64c114b9b89bbef14c033a49c682856a988799856ebc42cd96f751a4fdd33459d703a9da10b83ebe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0093101399cf2bc3bc4bccb2edfe921a
SHA1 d48711ace0122d46df31e91043d1561d727c6e58
SHA256 47eb3c9b785270fdc65fbc043f66add6f2700128ef612f4af4195d6ef16f3d93
SHA512 bb9f07102336dcb1fc2f02ee0d924a0733cd240b45ef1917da95f9d6e7a420131af55f7a6010fa39cdcbd27b69d766d5db92e0de60ec05eb11589674557d5963

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67c14b0f8ee4ee679221e2489d04d3a9
SHA1 f7b4240e32925ce1888dcb36df05826b626416b5
SHA256 8e7bcc8ee66b878afdad47ae4a7369dd73d78f313f85cab9f52ca2cbb59ffefa
SHA512 c4fe1e2fa42974a55c1bc10c7219d7450803622ffd801232b9a783b7cac1e98a2dc4f0c8fd89f73b5348983b623c269198bd5c75c47ea694977d8c78d15d11f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23a59ccd6c0cbbe2d87d19c5963d4fc0
SHA1 c40bb5932f32cfa1e6d5b4093eb9076ba8076b1b
SHA256 664c81134839f8504f3b1e29fb848aa738bc6c471d33debc6b34acb58703f278
SHA512 1fc72e1dae35025d1da5890dcde0aac38df5d2597786fbe52465c0135face24cb4469b8ef64a6f3d60168dfaaf3bc45b460479169230b2d0954ee0b40ec4b94f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 741838635a69a54eeaf5cfb4ba419170
SHA1 1edbe1cf15154410d03d5a82ddcb95015b09dc7b
SHA256 13c22508916d2a582acb3b2813aceb652ae78abe7d1a23208f248ae264b35801
SHA512 83183fc4a615c4a82c51874dbb68fa871440683b87a12e9d8c167683eb439476451d0af9c611b6b698d471803650cc54a882feb0187d9a4178638f23bc52fa68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0036e59540aab504618018b31307ef65
SHA1 35c719dfafa17690183777907ae2163b6b899535
SHA256 0622f59e89f2a6675f159cc9231c661e2a13ab30f12e5793ce3e2f81f35c6174
SHA512 dd92572c08b98ec4d044b7a3c70f0323782d8983c068e6fa3e93f5c1acfc38d3f596046bc2703fc771cf55051d0ea7758c71ebe2891558fe72ea91d92fe61425

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0ee6ca72ea20cb57fa76f8c871899e2
SHA1 88bb7b66c782c456aceae94178ce363dad8c4f79
SHA256 ddb8d5ec9c1d52b808b0f64a2007c07c2605bbb4b8eab824558abf11832d79b6
SHA512 36620c5cc0818f71b2967dfdd7d788c2116a16d0dd0cabb96e534ffc2d879751b98b1c099118ead5b0a6e04a591c77b8bc4ecbebeaaa18dcf8b8d97b86bbf6f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c4bf971792413cce5beda4d660dfaf6
SHA1 48d25f523e91dea19303072a177395ea7d13300f
SHA256 9f74152eb6980d46ac5478716ae074f6e4a22866d11d4572c2c80fc8c7f15df5
SHA512 a499c99c28ca060b4a9ca1f026776d5e90f5be762cafb30b110f060f126e77cfb1cb6d5a2ab16524902055dfb0b0bde2a16c08bc2f3689b3743c43418e88bce4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30772d8d901021f308dd8eb4e6f3216c
SHA1 d4cf7382276d7e156d3100483993364bc93bd10e
SHA256 95a11decfaf16bdbebb97f80d311a33cab31f179a36359493d7ebeeb7e4add8d
SHA512 ab80ab2d48f846c3a04ae490367c8e6d6867a180be7cfd9b3ca271c000213c6e54c464cbafb75268876e49dae73329046e5122eeea3a59abe9c768b286536709

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b21324731a8400ed074e78113e74644
SHA1 5a4591d5efbdc4f7bd683bedd83a934c29052208
SHA256 cd19c8a64c7e8c561354705c96afd094808da364f4e4fdc004ab747a6aae3c0e
SHA512 dbb68af556507d88937724660a4da88cb81284c84cd1579cf1bb4140118c59f9e6854aaa1595242793605873c944631afeb0b0d5828acda3c06c080bea693513

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 438be6ee65ad5dc97e19b79e3c3b221b
SHA1 0a4fac6fd2bcc923a1a256a4618f5f8c65c165d9
SHA256 320b4e90b91f272a2deded7af45fea50ddb46c4535f9376250b4af8cc8bc94b1
SHA512 c78e1df10f260b1975b3f7282eddfa94f6763128a830e97e6a563e5f934bde23f30fcb192dec258adf4efa1b3479732ac377082fa09475f564af3cda1433acd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d66aa218cc8ff0b8486e6bbb13a8667
SHA1 238623b531bf7d89c4eec9c8dacdbf295d97294b
SHA256 91d79b02c3211b0a6b89ac07c9f27ca50f8f84cea103378e0c04d848bd0a7d8c
SHA512 2b5f51422243255e597ec29ca43c091bd7da341a4e4823ebd92095e9aa0424af8bbd9da5eef416e53987fbc4da8d686efdf207bcae7b46092e00f6856e8df153

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00405b2c010208365b85907028119452
SHA1 95569b3a4ed2f0544201bfe5c6b0160072a7445e
SHA256 d137186d75df1485a02c6cabcc24ce1e1959003c40af50f7ed3abbd8c0b2fa19
SHA512 67fc65d4dc17a6a81136088646bd340cd5980c8ebc284a7fc491ed40cb89822b3aaf12d53c0112cf2b2f2e6c9f697db5620be5a88f96d84abda87b94bd33910f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f6c19ecac42ed3084ecde160987f8ee
SHA1 21af2d2f4bc356040d1c80b42b16f7ca37d7faf4
SHA256 a019725222e4171cb7f07b8f3333fcdb23a4bda0c1b43d17cbeb7f5016d9f3cd
SHA512 2fcfd9e7ea4892b0ace6967030fd06332373eb5010dd36d105291c35fd060d83829475617b7eb8e11cabb560d2440fcb107f9b55ebc253adfa19478b0c1c47c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b38229c2c9ed30a83714763540ab788
SHA1 b1d5a9a2c628c641337703b0d24b5731f9fad168
SHA256 0a3f7fd3bc1114ed2d4d6817c92db00ebe51687d7f9b6ab8859013c6e31da800
SHA512 d18951a47f622ee5cc29b48219f3ee27d39308c789c5f1b365d68deac8b32bc9bc2156f9934b0d7f6b79888151125aedf43c0a048c1334bdf628c094bea50e3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fdd13b748a05c2ea7585a5d5a97f0efa
SHA1 f520aa580e15dc5a5de8ac2c7fc3e490df3415df
SHA256 793850fabcc4ebed3d08051da0627df9fe5a502499f12149e4de5aae9820515d
SHA512 e7ea12ef57eaaa396c09f67399c478e269448dfa8c0bb7dede4d9343a647f60e59978992649229b0aa8edf332708f9b480ffc3a531cfcfe5f5d6f7a6a537a44b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a550f9c034b8bcd2a2a129003e61f236
SHA1 be7915d7871fc4cb8ee6e9c752ef8053f4e67a28
SHA256 24cfb7f1dc57b96cd401b8311ba68c010538e72f2563b590b90a4e12ac7c2e87
SHA512 a7a7a5dc4c2b1f672069a19f4226c3d37edefcbc841c2671929bee0848625837e76588a10364f0edde47b7f40bc065b10263625ffead797451eaf523001337f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a826be37c7264498f614b5cfb5a0505
SHA1 a82729b5872095fadd2129a8ddd9c764ce2964a2
SHA256 1ee5fda965c76e3d76f2b99ccf8ce162feddb2d663d3837e9390700c243b139c
SHA512 a0e66a6799b28fbf5a3cc81ed94678bb9d486dbd7d5b2948ef0a83fcc077436cbc07f17929d91c241e899a95ca4598bc5d9b723e285418eefc404febd36a84e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 153c87dc4ec45a2ffa7fa91c0921cb27
SHA1 dac470195e25f94e64463d418d6068ecb2cd0191
SHA256 3f7f19012d19e7c000ec21abc5cdab1004a6763d8b07e476d272d2addcc322b9
SHA512 81af3d176f83b0800d2fe00b32f9a25227c0d63200f00c769e2d1520822885460553acd84a5b829bf0af9173b8c9fc3f37368eb1b7b339a75570e4c15631bfce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56c2a753e97a6a8806fd9ef9b4bbbf06
SHA1 e90461e4eeb28ae2ff6738222cd1f6b277d059aa
SHA256 8afe0a4c5aed648e5d5c6970fa6e0a3548908d8e5b183eebaef8e990fbf0abdd
SHA512 dcd3b7fe298a29cc68bd68c55aa029405863ae89f65151cdeb3a1ac7450204ab0cd8ea3d210ae62fe260f4fd58616b0d9e250c37d55865dc7420e2bf17ee9345

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81641ec7bb6199e03c888536fa6abca8
SHA1 b15cbd2e005f0aec53ec84d4410482680ab09dec
SHA256 fb229bdd159ae80a2a21cf6ca81bc2ad6ccf0813a5769014b4b337c3da826654
SHA512 46e368b1583e73eaf87cee7677307ce7db4ed6e6c48e415a31f8537abef711d218bfe0921fbf45a72efbda8e912fa1af3f608b1b4baf48746b272e1ce35d71a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c99f70fae9c866d1fa74b3589a370dad
SHA1 d8477582909a63d3d97c00ebe548dda863fd57fa
SHA256 9041e2105e579be1f6e0541be9ad94b539db06e5c97cfda782254b1af9cdc75e
SHA512 71203968693db16edfabc36f2c6419cddb116c18a64b9cb9716c37ccb799c5269a57a2ccf1c53e10f44fcc21dbaa680d73bf3d58879eba8ea28badc98ee76501

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db5efade47725dd02b2699f975ce9263
SHA1 54718e121d970a8a67e872970a3c6f03a15d08dd
SHA256 a02342a9f91d34f62e371d204ac14f4a2544bf35d03a1741900bdeb3c7b905e7
SHA512 0229522eb3bbfee4ef94447833b009b27ba9c29f43028c4ff027d7174ff6edd66a0bfd8015ddebf1431272f174d3795d390347cb725dda0b6450d64c96227f5a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:24

Reported

2024-06-03 13:27

Platform

win10v2004-20240226-en

Max time kernel

141s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\file.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\file.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4132 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5680 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5796 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5456 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5964 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=4636 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1

Network

Country Destination Domain Proto
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 2.17.251.4:443 bzib.nelreports.net tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 104.21.42.32:443 the.gatekeeperconsent.com udp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 104.21.42.32:443 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 www.ezojs.com udp
US 172.67.170.144:445 www.ezojs.com tcp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 4.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 32.42.21.104.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
GB 13.224.81.20:443 cdn.amplitude.com tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 104.21.42.32:443 privacy.gatekeeperconsent.com udp
US 104.16.52.110:443 cdn.otnolatrnup.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 104.21.63.106:445 www.ezojs.com tcp
US 8.8.8.8:53 20.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 178.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 110.52.16.104.in-addr.arpa udp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 44.237.30.204:443 api.amplitude.com tcp
US 8.8.8.8:53 www.mediafiredls.com udp
US 8.8.8.8:53 www.mediafiredls.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 104.21.42.32:443 privacy.gatekeeperconsent.com udp
US 104.26.3.173:443 www.mediafiredls.com tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 204.30.237.44.in-addr.arpa udp
US 8.8.8.8:53 173.3.26.104.in-addr.arpa udp
IE 54.220.158.112:443 bcp.crwdcntrl.net tcp
GB 13.224.81.56:443 tags.crwdcntrl.net tcp
IE 34.246.197.125:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 112.158.220.54.in-addr.arpa udp
US 8.8.8.8:53 56.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 125.197.246.34.in-addr.arpa udp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.22:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 22.173.189.20.in-addr.arpa udp
GB 142.250.187.234:443 tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
GB 142.250.187.238:445 translate.google.com tcp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
GB 142.250.187.238:139 translate.google.com tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 static.mediafire.com udp
US 104.16.113.74:445 static.mediafire.com tcp
US 104.16.114.74:445 static.mediafire.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 104.16.113.74:139 static.mediafire.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
IE 52.48.217.227:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 227.217.48.52.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 11.179.89.13.in-addr.arpa udp

Files

N/A