Analysis Overview
SHA256
79f421ab2115223b265dfacfb5a5b61f09e631c9b281db463984409273954c38
Threat Level: No (potentially) malicious behavior was detected
The file 3VuS7pk was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Checks CPU information
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Checks memory information
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 11:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 11:08
Reported
2024-06-13 11:11
Platform
win7-20231129-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{615AAE61-2975-11EF-9066-F6F8CE09FCD4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001e2ebfbcdd88794b84190bea39948319000000000200000000001066000000010000200000008bf34277ea1103589d3406575e1d1b906e3e0b4f8c9a3e3844aaebdf84953556000000000e8000000002000020000000a3268e111b414273191cd3c685c0234629058112f1cbd3e28651a6aa8d1722389000000093ce830611c28a31c8c42a1a5dbee3434547456bb4671b917d4a04f250a4f5669b9073703b2a7623cff6638dc1e202054164cafedb8fe519f9b3e52075bfb8b7abee9e4e0686570eab79e6a19a09fc09c9df175f50a352ffc57f67ad1bdcfef306747baea710359bd9158ddd3099b9733b4fe3eae820432d2f20f1bc9e2e9561bafee44a136d36a55cf5354591307845400000008a14c38f1222779cdf022db20c1b31209036f57a6fa9220d782cdbdcfdd8db6411edc347542cf84d00e5eefa8be5746b4a4baa01b0304744011f50046848baa1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424438827" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001e2ebfbcdd88794b84190bea3994831900000000020000000000106600000001000020000000e71822a0e2e2a7fccabc23a2afe85cc8bd83937620bcdfa1aa2876ae510c3c29000000000e800000000200002000000003c5830ffcd0cac2389e577258bbde08f9edf8f973553d998ca5af7e9913292b200000008853812850ff7012eabbab7357eaa8b456c7f68ccd52014fc1017af5324404fa4000000061b0953f6bc548c5217ec754b7aa259c699bd87427a5f62d6a6ead26ce41d44c430c1f08be284363cb7af0b3554ad456e2168389a9e2c15ed807761dba72ea2a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0f8ee3682bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2152 wrote to memory of 2172 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2152 wrote to memory of 2172 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2152 wrote to memory of 2172 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2152 wrote to memory of 2172 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3VuS7pk.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | d1ayxb9ooonjts.cloudfront.net | udp |
| FR | 13.224.58.155:443 | d1ayxb9ooonjts.cloudfront.net | tcp |
| FR | 13.224.58.155:443 | d1ayxb9ooonjts.cloudfront.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 88.221.83.201:80 | www.bing.com | tcp |
| BE | 88.221.83.201:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1328.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | caafff1ce33ba0b121f0607d555311aa |
| SHA1 | 3ca622dae2d72788894ba6afa5e3a5bf5b164489 |
| SHA256 | 9b151fcb9c1b04088508835cb7939f2dfdf6bfba0114a49c5d4e62b5777bc781 |
| SHA512 | 78cff47400ac6168725725e17b0521b2096d35f48edf1df9a4bd593833512c0e223a265e22bc13c98372393ffe63f3cf4ef210b74d3774bcccc056bdf16bd59a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 773d18848068b57dba96fe51e3b7c70e |
| SHA1 | 8d374b951db5392765e2ed6dcb6774e944109f5d |
| SHA256 | 54136225d6763f68a7881d98972389dcdcac2b099c6d8fd4fa1f857195375b16 |
| SHA512 | bab52b249129c661a014a0ed06a705ea4d7c49b4a06c422d0619f71a2bc8912946cf89bf158936dfaed9064baa5345974c8ee4bef103017f1ca90ccf3cde2fac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 2e8cb5b491b8c082c1900eb5f5996646 |
| SHA1 | 4916c7c0861f9fb48355e8e77f9fff3538a6528b |
| SHA256 | a499d2da492c6b7cea61440397267bf46af8c26f21f75397188e14490678a4cf |
| SHA512 | 6f8ec7e3f223a6f420abe4550d566dba013f4366487fc313b28ae74c4f2b9427f609df816683cc52f614a1ddefd1fe6a0d6dd532c11d8b8525a0b9e6c6243ba8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e82a647bba8a52ea2311d2b299382cf |
| SHA1 | 6ba954cb4c738a6375e9f9df53b59a20061684b1 |
| SHA256 | 69ac985217eb2dfac4a9887254c37305a5a1fd364906532ca079c1d9fff4061d |
| SHA512 | 3b906f8ee8279a279359aa76b27f5883efda243d95b1a4a5b828b38cde54a7d271aea14c28fc66e4ba1d835e57a301a918384bb41808ff8f98033016afa90347 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de0c837c13e83c9a097ec5bc2988b8d2 |
| SHA1 | 0327dbd25588f11828d30d00fb2f45a227eeca68 |
| SHA256 | ab2dd9358c5d0c6c5cbbc85a3f6e369835b191e4a2c88531b13ccf7db873fd95 |
| SHA512 | d3d344370c0fea149dd4b3fbb6f49e7c1075cd36db82dfcbd6ca0b60963fb36bdfa3d81330a832d935ef7ee915a99e552cc25eb267fff3f8f1da0b344404827e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76862f4d82d4129117fdb279021c83ff |
| SHA1 | baf1899bc7f1799b0e534157372410664f5fb400 |
| SHA256 | 17f69a4576ce6c02e5e75d87099a1f79c6426752f860f93744dc8da58aedf7ff |
| SHA512 | 09f65e81f1b61d9e5b6b5dc3b291c600c74d96d9e1afd34b4225b7cada381e9332d9e51c91a8b93021d6414c0e22cd72d6db8bccf87008d53d5209286a204803 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fb5faf88e81bfcb6671b94e6acaf6f1 |
| SHA1 | 45b1b05f41486bd0ee687bc23b0d1720096605c3 |
| SHA256 | 8c976733f91ca04d478eae72d11522522bad7434c131ceaeedf0f0aec75ba8c9 |
| SHA512 | 188afdedfed87cde67ef2f8b79af5a858d1e227cc518eb35d523bc23d324f93aa4fd78a1bb94b7f25bca32ed5c35ec8fcfae55ffdb29f846b68b18d8dac24d87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30e335c916b03ca3a1b7e556b0a8d275 |
| SHA1 | 88de08c2bd657cc4598cf79749823f8804870abb |
| SHA256 | 772823c806a185fdb2ea15e94f9e0f8c04c867998208473fb8ca6f0ec665221b |
| SHA512 | 62b16ef9242a663bc725ec41c9502435fb32c45eef7d8fadfa80e2110eebfa525e44d4d9d46795c1ca53dc6831c4c0932772fb188b9377a950b17f1fd362e77d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b11e4830ab11f4bc15172f5802473aa |
| SHA1 | 2becfa1936d05ce670cb5e1f3c351d6d89d8b6e1 |
| SHA256 | 16cc9588e298964605426515338046cb4d8a7b2b05a782428aad9dddafa9e5f6 |
| SHA512 | fb3765ffcd1ed6a2054b0808e5d78a890404426666572fa25541e5ead43cc0a2d3558d0134349eb544e86aa1d9eaa1e01f3b29a27167d9cd401808db255365ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8ff21103434b965ce7f96697a040bfc |
| SHA1 | df2c31709eda3c0e358eccd982c92b3a17d65747 |
| SHA256 | 8c9925a66fcc741a75501071c02835cc87287756734181d6c042b35bbd85ccef |
| SHA512 | 61d1ca1ac1b2f449b6a7becd62b9436312af82c89d545cb016471828769ea50ea68948aa2120a72f5ad907b61186164ee778da61fb77938400794d36976d44b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d0e1785cfaafe0dbb29d3d2fe04719e |
| SHA1 | 4f5c954869dfd9f4abeba1dad4a4cf048519d328 |
| SHA256 | f0287eb6dcc739c67c892f6c217234d6bea48de4ed212b3b3667112d6ce4f51e |
| SHA512 | 66fb25b61db9bea8516a8ac1e4f2f3c15d896c678165372e7e767a1b26f90c00e5ad77a2c816d5a396031b5b822911b78c68cc2d539df86cb4fa047e7f26b1ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8037bc6d25aa52160532dcb1044222cf |
| SHA1 | 249d338a188919b3248a25a2947d7e7d2aec5232 |
| SHA256 | fe71d49d5104d431ba68cfcb9d5256a3a062290d00073114a97cc6d3bb7e51d1 |
| SHA512 | 15d252260d63283f93ef3d938e3fc2280a1ff77df41fe0a71dcd10b546b787c3bf701742bed1243f34a485c18957cf5e4411152e3f86dca994f0854be95d57dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e494091d0a6e97e8df8172f5290d037a |
| SHA1 | 4acbf310799d537d164c546794dbd24045b3fdb4 |
| SHA256 | fb35b2e0b08df13f6a5362f51fdfd1f146cf5ea0afc3396b06ea38253f7dce4f |
| SHA512 | 589d312a3018f39dac6c7cbcbd12b301583a6ba573d9b425870ccdd9cc6c3ae45ae5eeb9b7a05c9989fd6440d999f0574c63689c31aa41e74695d6b8dd169aa1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 395e354133e00aed1ae0a632e6635053 |
| SHA1 | c6601f819a89c5b0cbfc41fb08375992d415d239 |
| SHA256 | 1f694daa048873a725732061db9d39f911ff5b8af343a63be2a06782ccf2a870 |
| SHA512 | 9ae4421913438fb78cef8d37ea4747346672d3a6705f8517d1f9fc41b011a68f16eac80924aac99b6c1cba8fcf9ea794dc6b6b0e01ede04ead40fa74d49b88a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20e9eecb3b20dc41df7093086a47489e |
| SHA1 | 6e31c6c32647d68e9a015c8a7a288b047cdd7a14 |
| SHA256 | 7ec5fd17d3504bfd77dfbc210cc58d9c354997b40f390adc0f50e22f493b3251 |
| SHA512 | b0ce87744d43cb5f23fec74c5d11334906d9dcaf4de8e5d5e465c90513a87b1d9ffede83ca0f726a07fd35622fee84401de59db833402db8dcd002c37c6ab3e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ec505a97087e55cc0cf6f86db78f840 |
| SHA1 | da1a19aeceedd75e8e136ca58fc786f168206371 |
| SHA256 | e89b5bf9c46a2c2331cba7685c38957a89dd60f64c1fe1053e12eb548ab01dc1 |
| SHA512 | 31377ea7f18c1c123933b1af47bb59ff70714e7f2840986a197e56297a0eb95476a39e958558f4b7a0acaac4942b0c69f908affb9c1a4a2c7e6133c3f61cd6b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5094d3c659192e5ef4dca34ada4fc69c |
| SHA1 | 1608ca49d44f6a1a031912c690d75db13dae26b7 |
| SHA256 | e361eb0276bd7fde31e6bccd7d25afd5612c9e0f16764d31dc0f7ff4319933fc |
| SHA512 | 0485bcbb961a1d74d2c6644ecef726889b2e612728e747daa6e935126386dcfd368a3d8784909c63e36a3bedb986b830dcbe08cd561dfa74b1bdf3b923364a4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8b8f6d7ea618be81b193143a260f1f5 |
| SHA1 | ab3d6ee94cea23c5b1ace0106ec493044c5f24f7 |
| SHA256 | a279c32fa834aed7ea8d3b0989a95119ddd8a18046018b90c01ac03daba422a9 |
| SHA512 | f3918e0df14b95f3cf5f5e5d6918d6c9713a07b801b93c938f2b09c2277d2a12b3791cd629357ae8650bbccf578f92fc061e6621de99a9a632ac74c74c12b934 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99b86585ed939ddf6cf6a94a4a1fac3a |
| SHA1 | 4e366cd60c6c18c95583b9aa9510df79e7b73913 |
| SHA256 | 2095a13ae18a2cce126533b755b7aa357d35ce831863b900c3c6b5d51ed1339d |
| SHA512 | bb893ffcb93e86c7ef8c214819274df761b26d915379edd87078b32fdc1accafd6f71584a5536cbd53ceaff8d14a181be5a27f53327fb110724c5058737a1f54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb5f154e566110626e727bcbd974bb7f |
| SHA1 | 090e4bf72b8e0c28493c9ec7cd75c8ac8baa2692 |
| SHA256 | 8e854d6600c3f7e3e4eea6cbb5072bd4e395d1a231fa1eae166ccb5080642c6f |
| SHA512 | 23853c5a53446522ec393cb9253e3f106974cc1468b187c2f205b61e9d4a108562af5418660536f092b087f3d6e791d56b36e2183a39800ec4da1abf12c35bb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d501081a17634decf475e35f561d991a |
| SHA1 | e37709bdf56172b3925046610bec6e596f6fa371 |
| SHA256 | 13c234fe10b53428d3bd1a22bb8b920318aac31d163c3fb5bfd0388eb731c4c2 |
| SHA512 | 46321e0e577108ce7adbdcdb917d74e38eed295ec540ed56fea45df1565177b3375b4cf0060eea442b7e251667339538da2403c2a96b525fa7b5e7d6754347a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa62fa1aa4e726a11f61bce1112b63ad |
| SHA1 | f31da054be96b4a633c1782d2f6cff0d669379fd |
| SHA256 | 50fbb9252430f080745319715f8f2e22d1e1a74c598dc74f939e5abc99259b91 |
| SHA512 | f817c2d7a4f02ca97de10eb7ae36cd5d9ac5fa6868b91e4006496c9bac176975cacbb5f9ada5786491426e54988daa15bc5c98b6eca8076d958ea6d4b9bf9edf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ece751518dbd6670f13af0c1022ad8b0 |
| SHA1 | dc4453d163a5a2390b08b48fbbf7ad6ea4174ab4 |
| SHA256 | 5ffd4038336b85edb99769c868173385749dc094bdedf386198512f1457fe85c |
| SHA512 | 61c19e9ee83db30b1dd4107e9e3875ef6093027d95771232fa12fac8970f1c03d6d0a1549b55ae44490985ce74debd3b08fd4c323f019e21718b0b426086e74f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 347d2140b15c367951303f17a2ba8251 |
| SHA1 | a9f5266d8a60877f68b880df1b329c494e60c5bc |
| SHA256 | 40b5b3144389cb38e08948c35a0675a5d7d2ad0c468d5a7f8708f7caa9ffdb0c |
| SHA512 | 38489ad54f87b37a0581d1d9b70857fd309c05f390b5971a3492de1f41fc22a6adb9c0d0639b5938dee6bfe0ba983407d6552bf9e09aa1836acbb8c4f4609553 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bccb76f689854167294c67fca5063b6f |
| SHA1 | 08c7e759f483ab979c9ffb48ebeaba539d854dcb |
| SHA256 | 6db6623e1932db0301da2566980d7de7c4285f1fd7f7373f5e3deaa4194a83a2 |
| SHA512 | 0237847eb7c4fc808c4285a83dbb76c484a665ba04ee882007889492b1311015711e7340238d4cf81ca1b8121f7725d62f883953ae2abb872a8d15910cc9e4c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7206200f3c8b67a10520fdbcfb8608c |
| SHA1 | e09b5077a09ba3777be0765abfd2e856abfc1c0f |
| SHA256 | 2ce065660d4b1b009ee269fd42fcc86e3ac25a6f650c967da25eea7e971df554 |
| SHA512 | 47b761602d475af86e3e857ae872b375448baf56d950db39fced683a33fb7bfdd3e1c491935fd28694dcfd9ebee383258ff9fad7358dc824f3d5ce4e1621ebd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29641f9f71ce68aff92d78fb263468d9 |
| SHA1 | 6a6060cf724b0443b0437b59097a237a25b1f48d |
| SHA256 | abc0f1ee388693b668e8d704171c429a33c223cabb96e5fa509b6f3cc6b5aae7 |
| SHA512 | 793101cb0614a163587350092a09d61e5596395c0f9b03f6b3acde7d305619d19852f81950e8ab4e39cdd1083ceb294bd5640e4feb984d4fb8537c1cca367f1e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 11:08
Reported
2024-06-13 11:11
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3VuS7pk.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5eb246f8,0x7ffd5eb24708,0x7ffd5eb24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,7706081847343936831,2535629791419706007,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,7706081847343936831,2535629791419706007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,7706081847343936831,2535629791419706007,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7706081847343936831,2535629791419706007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7706081847343936831,2535629791419706007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7706081847343936831,2535629791419706007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7706081847343936831,2535629791419706007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7706081847343936831,2535629791419706007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7706081847343936831,2535629791419706007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7706081847343936831,2535629791419706007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7706081847343936831,2535629791419706007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,7706081847343936831,2535629791419706007,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1ayxb9ooonjts.cloudfront.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | d1ayxb9ooonjts.cloudfront.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_1848_SXENKUXXQRBAHWXG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0751ce2587f10dd0b328f932d8f71933 |
| SHA1 | 6d4d1326ee5b869f4db532009e16bb484d6ac945 |
| SHA256 | 19a2b61d1a79252da6862c63579b97b6bc297dd9c49b60a407c342c287d706c3 |
| SHA512 | 38894964134da293645b31521886681765e2243d45aeb1d9db7efcda88e552d232e5e704382a978fa7d0e1c01c09f094aa0509ac587aeeda027999e52e97f720 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 19db9fb527db2b61a8ca56fdd6ee101e |
| SHA1 | bb3db204e03c2a88d68b7ad45bc5d544d00b6101 |
| SHA256 | 172f09de01c9edbee22cf32f79823b57e55ac51e1580c600c6b6dcb4ef876273 |
| SHA512 | 957d4e0afaf053814e9939c4d218c50c508328ac2abcc989c832a9509dd6ada13a1c127eadb0515490a93c48fcf3927374445d44d2a85ed4760e444d3ed75e93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1c9200a532101fea1497f53e4368916b |
| SHA1 | 3aa90cd3bd3d1d18efcebd3372ba4c25b4b3f9d8 |
| SHA256 | cfd88d2e82224220d87a068b78aeb8f566bc1fe24de7955eae02d3a72ab52c59 |
| SHA512 | ea3fe626ee8f8900ec41d50c0d78273e12f0d3955cb005c88184d08597f30b4b7ba77fe0a9a1832bf02df6588e2bd48a57003228c892c1857e1b101b19be743d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 11:08
Reported
2024-06-13 11:13
Platform
android-x64-20240611.1-en
Max time kernel
118s
Max time network
146s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.201.99:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.200.46:443 | tcp |