Analysis Overview
SHA256
2ab315537510fc91d73825d0d6661e9f4b141799877e2f5159892886265f362e
Threat Level: No (potentially) malicious behavior was detected
The file file was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 21:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 21:58
Reported
2024-06-13 22:01
Platform
win7-20240611-en
Max time kernel
121s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b091dcf1dcbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000003a091c50a3992da25b67c290acee3a39bf67d4718c07767d73eed0ee9709ada7000000000e8000000002000020000000239b274fad12252729fa1a7e9551a57a38e118c32811387c9d68bd84f63aa7e920000000d01edca161f6ba6baeb4569838f6b8f09f08e577016030262388dbd94a91d861400000000af7ac1af76cc7e9410716c19cd4eef021bbc4ec32106258163335d1f4a2ebc72ba6ae47e3e54810bee9fc5562ab86620086b5967567297eb09d402491c95f84 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424477796" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000d261b2b4db8f9b7c6efd4a62b56505118b9dc66fdb3738fa37db4f63018f6858000000000e80000000020000200000000c2aa3d1b13716259f74b4db18f12c9510807ceed08070200ad0617ef919d441900000002afa2713a617261cb279c975d5afb8d43ffdebfb1b2652b44fb1b128a9cd3be86872bdde75093a8b5860c480d80ed306eccc52abced9e4fa327d47155ad99d80f924b0ff0a165c43271ec6f62b84b7ddd9a0bbee8db028965d12f4fc442c6a0d089999f3fd93b9541b9447e244272103b241e0a700b786cf662314c783bb19a7bccff5cb8ee00a5f5b6159f83c29fb9940000000d741a6e65237366a2d78e607a5c6bccaf09ee9a898704b82f6287aaf8bd77d6343a3563d50f743ff3104f1e0842c21c7ae5c460f8034ed6a62f23292676fd478 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1C500F81-29D0-11EF-BD87-DEB4B2C1951C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2212 wrote to memory of 2012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2212 wrote to memory of 2012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2212 wrote to memory of 2012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2212 wrote to memory of 2012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\file.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2212 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | assets.dropbox.com | udp |
| US | 8.8.8.8:53 | cfl.dropboxstatic.com | udp |
| FR | 52.222.149.92:443 | assets.dropbox.com | tcp |
| US | 104.16.100.29:443 | cfl.dropboxstatic.com | tcp |
| FR | 52.222.149.92:443 | assets.dropbox.com | tcp |
| US | 104.16.100.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.100.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.100.29:443 | cfl.dropboxstatic.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de8001ac01f943502fcfcbb29eb84db3 |
| SHA1 | 69d9effdaaa42af551dabacda84788f43b738273 |
| SHA256 | 3d827b8e57ee68fbff38715793c97316226f9bf7898eb0fd50d0bd50f2620af6 |
| SHA512 | 445ac6f1280feb1dfdaabf1c25b7f8e1639c9452ecae07c1739a5f5e5eb06bb406386d957586582f098ea1cbcb8a8662d1f2a837d79f85478cc29c9c5f87cec5 |
C:\Users\Admin\AppData\Local\Temp\Cab9688.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9687.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d59177e80dc365caa89159aef6b4b418 |
| SHA1 | 7a6bee5d9b11f47dba3517bedf5b8981bd942cfa |
| SHA256 | 815dba404df55cdc01dac8cedd9a71bcdfb56e2273347e37824ad384c580d63d |
| SHA512 | 4ed9c02842c83b46fe792edab8fa11bd1e30c29a7125d2ba4b2c8a05d75209a2d480fbcb2a8e11ffe69179efcf2dbf2fb3d03d753e503651725d9ee578a76248 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58281a97a6f355d6cc21dc7c875f0d29 |
| SHA1 | 08f1249ceaa0451611d5a9b4206b53016f55ec60 |
| SHA256 | d9848af3e3c8a0a3e7c65b5f9782c2434012d67fbd637a5fa7eefa0a19aa4d18 |
| SHA512 | 9d8fc13a73a29e32427fd572e00f254edd085d895391e91db28a1c0f3d6d436dcddd8140bd5e6a189a663004e75a13ad9014f02520e7ac7d614066291d8ae664 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c7c2a9cdaabbf3e507bec6ceb0147dd |
| SHA1 | 5753203994fcb31c8300202e852a8a8934273b38 |
| SHA256 | 73316c21f9196814b26464ffb51608187b4a1e74da9c82f81dfcbcb1ebe8a96e |
| SHA512 | 2a6bbfc32c8df25c28ccfe88ccd360242e80e72387ddc791005df87e351deb8b9f7e8c2c7b49067cf5ae9dcd21d5bdb35e97ab6f82dd0cfe994b256c9fc51b64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2ad71f7e7e1372c3628b3ead0ce0e29 |
| SHA1 | f011db61e55c08dea4df2354fa908180931f8a11 |
| SHA256 | babba0fdc3ac9ea63c375847d5dd15832314097ee0c7e67ddab766974b072ccd |
| SHA512 | f4ac8493f08ab9d8a8b219e77f546d1cf7b43adcb3145f88256ef1b61810c50bae031c84e9fa4258597401d0e0715699d34539de28cacec8182b9e0570db1f3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16d9f1ef04ba8a71f48ed09d2fffb800 |
| SHA1 | 8aaf2fb37645de67f743fefee075e87c4e9f2a00 |
| SHA256 | 2280ab8bfdc7cc48feee785f1e34b4adb474987fec93b9540787f201a5687af4 |
| SHA512 | f1be52e488685aeaf2b99fb018c7faf901c297824e0fbfd72ca6df02368e56a976ddb682584535de87c6cca10df976fcb2dffb4d06f426989223a34a4c519970 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d85927f4f21e407071e24ec981a92ae |
| SHA1 | 9cbd0b228043ee6449636efb229434718b35f816 |
| SHA256 | 3c945cd4761346b2dbbc3fd81d450bbd6416312f4b477956c90b9d7dfe65bea2 |
| SHA512 | 6d44a4b1892f285d02fe980b8e6f62944d1686752d2ebdf6028d05515d01a0f4359d3f894407b7f48fd4bf0726a8b55000f01774b70ebf58ca491012bc1edd91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0673edb0b7389576b7aef657293630ac |
| SHA1 | b8b764baf9a149123b0ce8590b5901a3a2e4c41c |
| SHA256 | 0d35765a71fb57fafa922e71e3fff892aec392de205bb2f27fb62d6354f18e2b |
| SHA512 | fe12cc3013023614e2db7717f4650312f7dd14e871108f5b93c99051bdf4389ba47e733e623fc8742acd39a541c38e66d3887d5d51e57b9ca9ca4fb456f4bef8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 467961bcad121691acfc4f767fd9f142 |
| SHA1 | 64daccdd42b0ec633730b57e19538e211eb90e24 |
| SHA256 | a6a51b92c5e1f72d4d7369509d3cb7884ee854ed2fed833bd636344357636757 |
| SHA512 | 6c42dd9665dac9b138b54e5072bf55508de4bf3ae5fbb3542e6d0670f665663b7947107978cbc8f2f0fedd29ac3d0358de80d91e6e4f046ff7da28cb0f85d307 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9c3e97c697d6b24c50721b65045b134 |
| SHA1 | f918bb13f1922e68971a5a1a362d435b48092a3f |
| SHA256 | 72cc6023346c3c5298b6f6d5bcbe6fba9e8886cbd54b5a34f3a8c453cae3d0eb |
| SHA512 | 84974e932ebc5132a578dcb48e761e7e9046c8f934eea8d5377d9d073a030d42bd3d5e35c4346990511cc7552051bd2ec8d95ade08813abf8c2679cfd632f91f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e2fc3ee86510862def6c7ef28ddf30a |
| SHA1 | 1c14ea53e082f3cbba86b20c1b7cd8d747239bce |
| SHA256 | 2e5a0f2fbd89122f2ba3b4d01ff392c457649889b9adb14e3beedb9915dac3e6 |
| SHA512 | ea4b70692f413abe56a6229983c21c1225f8670de862b203ded1f0b8e5db46cc1a3ae8393b9dec728b12f61cfe816226f1c4f25f83ab72d8153e320743047a9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6cc9b659ccb3f08a00b59e93a9d8f0fb |
| SHA1 | 350b4296376683c9f3f414eda532e832221689ac |
| SHA256 | 947ba9a4c22e82b98acc2e7e8c57e0ff9c63419894bd2c81c83a3060db35a424 |
| SHA512 | 2c4a261e36436d4d81459d4f28358aed4f6a11c97fb6632c2d95548babf9eb4720257b2b37c9d286a01a152c33fc9f179fe2814f241f88b1be8107edd105c5f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8cd7cadb63a9ad12657d39fdb9c6fc0 |
| SHA1 | 6ddd3ed4c74adc6ba112627c27981065b96b8c6d |
| SHA256 | 9d4f5227a128327408c7e878c9862ccc319443999d45fae79a75f19c2db8e66d |
| SHA512 | c854e3696bec77e8032c0a8ef97c302e993654adbd6253f41f6df8e0dd64fc2758d566ded8165c4402379201ea729858fccc448de4239a88bb27a4fad09bbade |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e57c565a824f218517b9d3b0b8f3a2a |
| SHA1 | 0554a9918096aa12afc04df9c8395fa0f8a439ee |
| SHA256 | 964705c8b589b10b6dda368c7e70d03cf0ac550f14d9482a0536a1e870f2e7b7 |
| SHA512 | 8eaeb29b312c1cfa9eff39bb3c2f706d8afbd50d7038433e01ef8ac7214b560adfc949dc5baa4a975e89393454d8256bfa2899edb06cba1673f27d158fdb31f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25254d9fa1536a35fca8931acb1f654a |
| SHA1 | 73eeaabf20af2f92f3a89e93cc7a949b45cb2786 |
| SHA256 | b9c0a4c7e2a2dbc96a268ed939f2cd64400fe7822ca4c602f9afa66930f52dd0 |
| SHA512 | 4df1a74a65f3c96a133d694d4a5b790132002934249009e448d5fbd1ee828ee58f38cc58f8790f211ee9397539aae0eb922572a5fccdc497b0fa09096c349df2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d70a8f9cfabcbd21b93fff337a30c4f |
| SHA1 | 1c3dbabf2e8e02864f20cf277e8abdde9c49913e |
| SHA256 | ff5bc887c2424f1b3f85b20ae05d3f650826e7d137524dfc0d03b24a73ce9cb7 |
| SHA512 | 2091c007b8b7ef2675a9bb18138e40ea3ec21edccf08e7f612ef2a4c7854f840ac279982f6f61382f486189c592eb54aa6fd8f7462bfcea5d15294754a5b7ad3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24e90f438365a9b935c045d821885523 |
| SHA1 | 20ef00fe2d96d86e715de75c8d89119d342af717 |
| SHA256 | f811b2d45e67cfab0052b807e21741136d2c530af89b6a6543ff8b437aad2921 |
| SHA512 | 6ea5377f24d9b15acdfe4b2a9e50d29c637970f651e7b92c2c4063b70c8dd445a058f578e24e7721fa1f02296f297306c57531eebf38a585e3c56e505a9658ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef5aa6f492de2dedcec9228f9783ecc7 |
| SHA1 | c8b827942eb0a32580ad898a29146c9005f29a35 |
| SHA256 | 1fd581699a74d13ca868925c21fcf4c85aad5ec1251e2f25f69a9112c68c50a9 |
| SHA512 | c5ffd9335c450b2df876e25eb044cdaa1004bd9d1ebfd49f13f64e0132b30b70c03b3fcb1988b4e92a647f57976ce76c8eab491a2b53457a9fb90dcc3b97a5e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38e0482e695edc067cd37ca000ba9337 |
| SHA1 | 744d65fe00c6114891f855897856e1a32710f6a0 |
| SHA256 | 5386b4608653980a37d59de2f719dcdab070ffdad94db87dbb02cf3763c64429 |
| SHA512 | 17e39c8943d792906f5387ceffae13c68ea19f035a56f687c4e1ee18f222f1a23cd9e30850b03571bf557d1f332b00e3f3db6d443b2977bfc8fb086249a8ad3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60315576d4f9a8364831619769d37cb4 |
| SHA1 | 073cc1fc993104b5cf8f839c634ffb124e1f19a7 |
| SHA256 | 97cebd10f810d1e638b60cd8f2c35ec837acb1f24c0743b9a162985d297b4c66 |
| SHA512 | 4ba6f56d3e5ea47c1ee281626c07a0b0ca29bf805353789a1bdcc5198ebb843a6d6735bb411c51738ad8107f5bcff7f338d03dc922be9d6983d8b485eaea2b07 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 21:58
Reported
2024-06-13 22:01
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffef99446f8,0x7ffef9944708,0x7ffef9944718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13294570300220471872,3743774726214346980,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,13294570300220471872,3743774726214346980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,13294570300220471872,3743774726214346980,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13294570300220471872,3743774726214346980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13294570300220471872,3743774726214346980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13294570300220471872,3743774726214346980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13294570300220471872,3743774726214346980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13294570300220471872,3743774726214346980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13294570300220471872,3743774726214346980,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13294570300220471872,3743774726214346980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13294570300220471872,3743774726214346980,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13294570300220471872,3743774726214346980,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cfl.dropboxstatic.com | udp |
| US | 8.8.8.8:53 | assets.dropbox.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | cfl.dropboxstatic.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_1816_VGLUXUJFBFYPYEKM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 10193e03d2779ef95274ea0f43bd8b9d |
| SHA1 | d8befed1ebbf766f6374fa6b2bd54e35446dc5b2 |
| SHA256 | 2df303b71c6bb16df3b4688d81a50cc987efeea6f2131f89293e687cff02e02e |
| SHA512 | 0ae8aed565e30fcce692946c53a14142c8d0204728f101b614955c9f0b6521e2ea7a2e85a2d8035e97341d4127fd8417b12e1cc19882ea9e4d625e02633ff678 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ffd63b6853f99f8bd2b7c3902625e9ad |
| SHA1 | 1d6dd14cdc2a45d241e1e19bc9e68abb1eed6d8e |
| SHA256 | cff09cddae2db308b097c947ae3ddbdb41e97f91a8541741b297194bddeb56d6 |
| SHA512 | d5a5af1c9bac1ef3922df2ed65c91011fc238c88580f6cee3c12a06ad28ccd85a2a3387b9be4942ad41921144e70461739987c7dc2ee8723e15b15da94dd13c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6ab84ee943aba0197a492ab91d162fbf |
| SHA1 | 1b89704211ea70a1dd781f27ab173747f239cc7d |
| SHA256 | 32ad451fd6e5a6ae0fc9574e976f04744a89e5b25c2eeef10086e09449513d59 |
| SHA512 | d868068bd797aa49b076661fe852142c768d5adfdf8404f8b1e0a852b2e3202b41ec273e022be39c53dd31b8276b6058c09e0aa39466af59ea81d6908121b7ba |