Analysis Overview
Threat Level: Shows suspicious behavior
The file https://contactmonkey.com/api/v1/tracker?cm_session=6cb0d7b4-7514-49ed-a422-137958b36105&cs=d01410f1-e93a-498a-bdf9-aed95ac45c9b&cm_type=link&cm_link=c38d4278-31b3-4240-b05e-868db3a168a7&cm_destination=https://contactmonkey.com/api/v1/tracker?cm_session=78cba606-4216-447f-bc39-16d7e80cd3c0&cs=825ad42b-2c78-40c6-7539-yluh63018564&cm_type=link&cm_link=0da11854-d710-40c4-1845-bcd92bcc7ee9&cm_destination=//computalityit.com/wp-includes/facebook.com-wkipedia.com/6fob0medp65318/SGVsZW4uQmFkZ2VAYWN1LmVkdS5hdQ== was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks CPU information
Checks memory information
Reads the content of photos stored on the user's device.
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-04 01:48
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 01:48
Reported
2024-06-04 01:51
Platform
win10v2004-20240426-en
Max time kernel
147s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://contactmonkey.com/api/v1/tracker?cm_session=6cb0d7b4-7514-49ed-a422-137958b36105&cs=d01410f1-e93a-498a-bdf9-aed95ac45c9b&cm_type=link&cm_link=c38d4278-31b3-4240-b05e-868db3a168a7&cm_destination=https://contactmonkey.com/api/v1/tracker?cm_session=78cba606-4216-447f-bc39-16d7e80cd3c0&cs=825ad42b-2c78-40c6-7539-yluh63018564&cm_type=link&cm_link=0da11854-d710-40c4-1845-bcd92bcc7ee9&cm_destination=//computalityit.com/wp-includes/facebook.com-wkipedia.com/6fob0medp65318/SGVsZW4uQmFkZ2VAYWN1LmVkdS5hdQ==
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff2ca46f8,0x7ffff2ca4708,0x7ffff2ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4008 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15458508321449939763,10718475277610834965,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contactmonkey.com | udp |
| US | 54.205.214.48:443 | contactmonkey.com | tcp |
| US | 54.205.214.48:443 | contactmonkey.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | computalityit.com | udp |
| US | 8.8.8.8:53 | 48.214.205.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 192.185.142.83:443 | computalityit.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ranvilh.com | udp |
| US | 192.185.140.17:443 | ranvilh.com | tcp |
| US | 192.185.140.17:443 | ranvilh.com | tcp |
| US | 192.185.140.17:443 | ranvilh.com | tcp |
| US | 8.8.8.8:53 | 83.142.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.140.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 8.8.8.8:53 | bristol-spray-tan.co.uk | udp |
| GB | 146.70.23.90:443 | bristol-spray-tan.co.uk | tcp |
| GB | 146.70.23.90:443 | bristol-spray-tan.co.uk | tcp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.23.70.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.socket.io | udp |
| US | 8.8.8.8:53 | 11cyclesforest.com | udp |
| GB | 143.204.194.72:443 | cdn.socket.io | tcp |
| GB | 143.204.194.72:443 | cdn.socket.io | tcp |
| US | 8.8.8.8:53 | 72.194.204.143.in-addr.arpa | udp |
| US | 172.67.145.3:443 | 11cyclesforest.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 3.145.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.w3schools.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 192.229.133.221:443 | www.w3schools.com | tcp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.133.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.23.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 172.67.145.3:443 | 11cyclesforest.com | tcp |
| US | 172.67.145.3:443 | 11cyclesforest.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.16.208.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_3120_HEQELQFBWQBYGVEP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ac4b3a52c319eff00f020c5438143270 |
| SHA1 | e1f0d3881db871bb1ff0d0a7ea954ea5a44d0ab0 |
| SHA256 | 770f3b3ce8566c0bb28bc3e9d9a69511076f84364a082a7d73dfbbcd2115d848 |
| SHA512 | 23de135a3a73b22afb41369ecda725f1159b31aefe89757e68e2e215fc3df01f9b7ed3f85fb3d454be809c67e97b5d7eb5f983e0718513a779b44647d9f2674c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ddb6f35df2b8f5f9b3cc84bba4256e32 |
| SHA1 | 61e653e9e4d713e85057b30a9f21661b13ecdd53 |
| SHA256 | 524684175fc433f749da9b3b304e32c352dc7d424a3ac1fee4c5e7e8621547c5 |
| SHA512 | 104da7fafa2d3e7dbe5b626c6cf29b8bca2174423fed4d9f592cd02721fea3962580733218e90e9ca736283ef6995b350619feaf2309031a6444a2986a268fd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 217f621f9a5c60d3a3078eb18ffbb38b |
| SHA1 | b03b62cfbe4892268afdbfd397775c7d1108402c |
| SHA256 | ababb5ed908976454cbd81ff12fd07654e58eb13a4fb5fd35651aba6a22eee65 |
| SHA512 | ccc2fa435b8836aa43ca3fad1b2a6cc3f1234f09c618a02ae201539222006ec6bc8a7b1d9a3c8c298f712a0175f3e413449549ea4bac7d151b93f34c292fc81c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 74b63b9e1b84bc405d3b12c2a8c6df12 |
| SHA1 | dba519120addf7d2157229bbec92520290f42d48 |
| SHA256 | 0892d04080a70b21b1c6fc0fecc79f5a98400299b9546dc6791f0cca9642c632 |
| SHA512 | 084a70417602959a745e2ac439e532b8c641847d6a96ef23a7d79a9656e61cda7b63294f88aa07daff5986ae04996f739f1ad381d72505db375b80fe1ef7a2dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 559cbcf51e586076061cb8785f31bb69 |
| SHA1 | f43cb7479d9e745d16d850ac0f4ce67c8585be5c |
| SHA256 | 715b7f3c7ede8e84d71f8d7230610dfb1b32574d0aaaf89cdbb37560c4e460f9 |
| SHA512 | ea174a5a23359515442ad67a3bedfadd6d2d3ace517bfea9805b54d0d395827ea1ec3ba59f0be7312fb6d4330cd94e20af0577782f75c41880732eb7d4d5f685 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d6e06deacb28bebd6911f389bf0c259b |
| SHA1 | 972ae5f68eea3f291bda7abe4b83d2e1a298cc98 |
| SHA256 | 4d60e698da442b6e2d19cac89abda0496631452cd8dab9dfd764ef5cb54dd53f |
| SHA512 | 0fca54fbc420790cb74d5b6ca49fbd5b2a0171c5d9404ee72e11a1486d40c511d7e9dfa3867620ef4b481130fc9208c83c6f072675d71c7d120cf3c0b4dc6ce3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-04 01:48
Reported
2024-06-04 01:53
Platform
android-x86-arm-20240603-en
Max time kernel
116s
Max time network
160s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | contactmonkey.com | udp |
| US | 54.205.214.48:443 | contactmonkey.com | tcp |
| US | 54.205.214.48:443 | contactmonkey.com | tcp |
| US | 1.1.1.1:53 | computalityit.com | udp |
| US | 192.185.142.83:443 | computalityit.com | tcp |
| US | 1.1.1.1:53 | ranvilh.com | udp |
| US | 192.185.140.17:443 | ranvilh.com | tcp |
| US | 192.185.140.17:443 | ranvilh.com | tcp |
| US | 192.185.140.17:443 | ranvilh.com | tcp |
| US | 1.1.1.1:53 | i0.wp.com | udp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 1.1.1.1:53 | bristol-spray-tan.co.uk | udp |
| GB | 146.70.23.90:443 | bristol-spray-tan.co.uk | tcp |
| GB | 146.70.23.90:443 | bristol-spray-tan.co.uk | tcp |
| US | 1.1.1.1:53 | cdn.socket.io | udp |
| US | 1.1.1.1:53 | 11cyclesforest.com | udp |
| US | 104.21.87.172:443 | 11cyclesforest.com | tcp |
| US | 1.1.1.1:53 | cdn.socket.io | udp |
| GB | 143.204.194.10:443 | cdn.socket.io | tcp |
| US | 1.1.1.1:53 | www.w3schools.com | udp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 192.229.133.221:443 | www.w3schools.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 1.1.1.1:53 | aadcdn.msauth.net | udp |
| US | 1.1.1.1:53 | aadcdn.msftauth.net | udp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| GB | 216.58.212.227:443 | update.googleapis.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
Files
files/dom-0.html
| MD5 | 0beed7937b9be254f91a4590901105df |
| SHA1 | 3394ac248af83f547c02b77dd1aac941f99a5844 |
| SHA256 | e649853c9a4540dc9c57a766e7f5e66848e102549a555bae28ebfae8792a2140 |
| SHA512 | f0d37733d7234a59ce0d6ea1d14d1f5a07b22abfc8200c485d62339ab820f65348a9932f86103741814a031f20337f7e56cbd72d7e521ea805708a41744bf1ca |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-04 01:48
Reported
2024-06-04 01:52
Platform
android-x64-20240603-en
Max time kernel
117s
Max time network
163s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Reads the content of photos stored on the user's device.
| Description | Indicator | Process | Target |
| URI accessed for read | content://media/external/images/media | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | contactmonkey.com | udp |
| US | 52.71.168.89:443 | contactmonkey.com | tcp |
| US | 52.71.168.89:443 | contactmonkey.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | computalityit.com | udp |
| US | 192.185.142.83:443 | computalityit.com | tcp |
| US | 1.1.1.1:53 | ranvilh.com | udp |
| US | 192.185.140.17:443 | ranvilh.com | tcp |
| US | 192.185.140.17:443 | ranvilh.com | tcp |
| US | 1.1.1.1:53 | i0.wp.com | udp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 1.1.1.1:53 | bristol-spray-tan.co.uk | udp |
| GB | 146.70.23.90:443 | bristol-spray-tan.co.uk | tcp |
| GB | 146.70.23.90:443 | bristol-spray-tan.co.uk | tcp |
| US | 1.1.1.1:53 | google.com | udp |
| GB | 172.217.169.14:443 | google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.212.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 142.250.187.228:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
Files
files/dom-0.html
| MD5 | ca8334585fb41d626aaff9601c196ed3 |
| SHA1 | 5f0e68e22fefd660cacfa341caf7e41655f487df |
| SHA256 | 038adbf3116ba04e2561b626519d3c8b99a55acb3a9d3cc9415a2c9df75b15b7 |
| SHA512 | 766bb6d7226208d404e1778c20048ca6f71f3582bb990aa3990162233e3dd57196854485308a3b7684c8a865da6b25c0944dc963af21c53413faf6dea6f06d7f |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-04 01:48
Reported
2024-06-04 01:53
Platform
android-x64-arm64-20240603-en
Max time kernel
167s
Max time network
164s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | contactmonkey.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | contactmonkey.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 54.205.214.48:443 | contactmonkey.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 54.205.214.48:443 | contactmonkey.com | tcp |
| US | 54.205.214.48:443 | contactmonkey.com | tcp |
| US | 1.1.1.1:53 | computalityit.com | udp |
| US | 192.185.142.83:443 | computalityit.com | tcp |
| US | 1.1.1.1:53 | ranvilh.com | udp |
| US | 192.185.140.17:443 | ranvilh.com | tcp |
| US | 192.185.140.17:443 | ranvilh.com | tcp |
| US | 1.1.1.1:53 | bristol-spray-tan.co.uk | udp |
| GB | 146.70.23.90:443 | bristol-spray-tan.co.uk | tcp |
| GB | 146.70.23.90:443 | bristol-spray-tan.co.uk | tcp |
| US | 1.1.1.1:53 | google.com | udp |
| GB | 142.250.200.46:443 | google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.180.3:443 | update.googleapis.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.180.3:443 | update.googleapis.com | tcp |
| GB | 146.70.23.90:443 | bristol-spray-tan.co.uk | tcp |
Files
files/dom-0.html
| MD5 | ca8334585fb41d626aaff9601c196ed3 |
| SHA1 | 5f0e68e22fefd660cacfa341caf7e41655f487df |
| SHA256 | 038adbf3116ba04e2561b626519d3c8b99a55acb3a9d3cc9415a2c9df75b15b7 |
| SHA512 | 766bb6d7226208d404e1778c20048ca6f71f3582bb990aa3990162233e3dd57196854485308a3b7684c8a865da6b25c0944dc963af21c53413faf6dea6f06d7f |