Analysis Overview
SHA256
7b8fa20ab5bd5dc50c9d899789a68e6b1d77d567d53da5057f3f43560df82509
Threat Level: No (potentially) malicious behavior was detected
The file Confirmation.htm was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:13
Reported
2024-06-13 14:16
Platform
win7-20240611-en
Max time kernel
133s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000c09ee76656d0ea190d2f842e7a25abc1b141eaa55d374f3f5b99a795cf1d660a000000000e80000000020000200000002f66cc9e8c9a38bbc1dbac52b50958e42e5a88d85c36264b0ffe293e52adda2090000000944af56ebf1b22d9837c3c523e4ca10a8cbcb724c149f9147784f555e105dd471d8b74069b74107dce6c6e4879a05a600f5ba9cfea2b72e30076dc6b46dcc9875005d1d5eb4e2f4abbf6f065cfc7db0e638efb32a3db3d6a956e8c581652c3cd8491b9f4e4de330028fc51200c553b49d5836f5041e5aa82f234d4f8dfc6bf35bdea0fdfaebf39ef42fd92a2ae5afa8240000000e2950d8ae63047ff9a64c580ff89fc1dc7f8dd533259bc63da5b4a2961c2341ab6204d2e3de5199884d5eaf7f00c50308049615f99a72005d5a486ca49cd3ce4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 607195ef9bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1B169E41-298F-11EF-9CF0-C299D158824A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449875" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000bb6d9a7192fe05eb9777b5ebfccd7840e1d460b9492b7badc12419c2aed41879000000000e8000000002000020000000685630f678fbeb8d768776b307e20768b0c8b4a554bb7b33d78d3bb9061a003c200000005c8c1b8746f350c82e106764758850246b216d00a392ba2d1510f56a985b5598400000006e69cdf2daeb5f786a7500eca10731d9b037188b87e9b4b633756a7f81bc6f288c2d0bc8d30f24dfeff6032f1cf8d4d2264dbd603c3b614d6b639dc7eacd2bb9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 816 wrote to memory of 3028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 816 wrote to memory of 3028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 816 wrote to memory of 3028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 816 wrote to memory of 3028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Confirmation.htm
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:816 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1C98.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar1D4B.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8821e192ce1828afba9cdf0943e6d1d4 |
| SHA1 | 21b67a62d2bf0886846426ab99ee680da2b15d05 |
| SHA256 | 266585474fee4977e99db21c146fb8259e12b36fb554595d4556d0f8524dd4c1 |
| SHA512 | 7e0e5dd5cb6723344e3264c4ca1721ecf1fb9465a1e294cb0790b7fa53d4a8a87d7d99f2f2073c29aa9c5f59e9cec13631ffb3e0ed682e3bf7d83fc40bd8d2ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7cf496c9dde6cfaaf18c6b9b78c3672d |
| SHA1 | 953b0a81bda5d81ddd546b06b715b54e6f7de805 |
| SHA256 | 7f42cbd81c8a33ce9633f615482197f553ab0d68acd8b79071472ad9e78c7f52 |
| SHA512 | c38ca9024afcd760e407b493717ed65924e16ee6ee25c8f72b0f02a9e3220b9aa2c6b24fd1745d830c0c55fcf1039dbda22e9aa2c3de5f1776ec67e69e983594 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a0a978fcf9669811beb55e5f3e223fe |
| SHA1 | 15bf27ed8deab349ec50be24d3539321cf088b62 |
| SHA256 | 0d0a4b2576fdcd6835b7d93a26f21501a731f952d25394a45f82911426cd6c4c |
| SHA512 | 172e3ff05b30b0c0d421b6c627dac8bb1bfa25e55466fc4889483a6eca609d957f577cc0c42c4cfd424ea98f3d3641b40d5ca9c1a34a5a0b3197abb61e478d2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bed680f82a022dcaa2d5d6d8a1f4564 |
| SHA1 | 3443066f21578099cbfd6ab8e48f83cb8194127b |
| SHA256 | 9156125a07909cab20941614a694a040b39913f7489410809dc66c809081b255 |
| SHA512 | 7d95f0e3198ab00f7e37157a04d4eea31353f7daec00b246ed5476b0aedd7a81daf72738f075f9ece7dd38056836e52527d9b0909188f061018e2db67e7f64c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c5db7db8898e310860f01eccce0b751 |
| SHA1 | 67f32e7e57e499dc0d38a21ac2286e409d685da4 |
| SHA256 | d01e6cbffbaaccec258f86b4269c0c21ffaa14ee16e2c84ca70122fa740d2478 |
| SHA512 | 2286081461bb7148fc46e7d2423ec7bcd0a1bfe2cfac178c72fd2063e808f6a1e65f822a9fc82940eae33391beb547a7ffb287876f905d4cf2a2bee6314c5314 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91ea7ef2b44f8d19f60cc916ce586630 |
| SHA1 | 5c63c6fbdb9e2dbcb30a2114d724a43037ab7af6 |
| SHA256 | 7191df60b5dd289750b2c13dc66357960baaa62abe2261702b45dd6762f78296 |
| SHA512 | 6f67b672d435eeb01e42f80f6b0b8db867da5a54c8f2f1eeac4d5f62d2cd389f1010e9c34d4ae8ec33ac7de0ac6a39ff9f601e7a2d3f0b89806f84c5252fd6d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db6f4ac4992c6c8c69d016d0da443e63 |
| SHA1 | 3aaf022089c3f4a0f509655c7bddf53573d1c23e |
| SHA256 | 8cd0563c1aa7e8cebe07c54dc804bb501d80b97a6beef9576b1eef24d8b51be9 |
| SHA512 | 4c70364a8374133e6399cb96fdab8e9a60103dacf9e9cef7d720f49aa1901f9ef78e6cb10e0ba59cf7befa5e0cfdfda5a19e99c53d3db790f6733ddc99f90b2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9ac657dc789f8d5cc18f8e71e7a744a |
| SHA1 | ff9a098fd772673878562c3bc12424369014fa79 |
| SHA256 | 5b44f2815da258f525433cdff3c1959f9da92aa4c1c768fe197d4608ed3862b9 |
| SHA512 | 93a98214be6f664604d65c4c46970ada249d3043365dba8039a5a1502c8d60c8804054f0a005abb39e079be70887bcdfe69819e12cccfda7b5cdf41501a55dab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35ffb1545c06053dd6580ac9e399583f |
| SHA1 | 42b1128978986f5008b860da54075e984d509d82 |
| SHA256 | cfb0c632d7506dd88944ed88845f80c4929f9b1583c39cbcedee66d7076d54c4 |
| SHA512 | ed173f32bbb386d162e889c8d99d277d1251fb02087445eae1c8b9ab175d076cb0cc2582b12cf14bba115ae2311e3824f180b02b16800c4d43b72e17803a25fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7684d6cc01863287234ccbe61d73e5a6 |
| SHA1 | dc65fffcc679c80e84b5b9ec0bf68ff2d56ef06b |
| SHA256 | 897705c2db407ac26e8aba63fc97d9b76a2612ae3ab79052d44fa513c44e3281 |
| SHA512 | fed0872339a2f1b097248093f5cf079e45fa4a322631f786d4ea8072a168c10a8063eb9a187781b0721db71db747b1679c781229539678c724e2e32e6c97e378 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 256ca90596f7eea38daad3ba44e045b6 |
| SHA1 | e5fbe32c891fea268481278d59994bffb8603184 |
| SHA256 | 6bbfa5ed018cb915b829c2e81d9c668bcd74338cff49767a0a29cc95721c88cb |
| SHA512 | 2928a8a5ee1dd4da52dc53451c15f3edc303904801d56171c9bdad3d3680c6a50698f5a040b64b90b7810c2d014c6b2fdc07e5e589adb8c26e4c67ea8a2a5130 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3e009d0f182d2a47d92e8295de7c0e0 |
| SHA1 | b24364d16c8afc50bfa5111048ffba677c365d29 |
| SHA256 | eb4e6354e52510f0ba38fd57cb1404865998c16e522d4309a6916e8bb48f6032 |
| SHA512 | a231103df56b3334921cf3bbbd51148ab7450cf953ea9108680fc1096670689888ee75f7944152b30204ef0a75754d79daea576d3f91783f047cb7aeb6f746dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45fb4df95e4f355d98e0c208a8d2e983 |
| SHA1 | df71ae7c280283b345115f1079934c1fc5676fa5 |
| SHA256 | be734cb53a8fbfdf896f455514fcff95170b522623ec9e02f779a4f63ee2af04 |
| SHA512 | 1dd530b2eee4c87bddb09e1c47198fd200e511a69c415f62493c6e26296befdaa75b9baf144ba696eef9ca0ffa593ec76d5b2ef12469396629f2b19a2f106994 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8858a6c76ecdb13cddd3f5bea974bff7 |
| SHA1 | b838613750cd751f9a7355c7d4230f51e9843915 |
| SHA256 | a2e260c50d4c335e345825732cb93ae0d01254cf7cc3e871d92df145a81bbae0 |
| SHA512 | 2839d99260ead2f320aa9b9891e26de97c092f6623446e8ccca604348cb344b844b8b9003182862fe4137f4e5b8d82c74faee5cd82d7c75afb066106e898e3be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22912113952d2769c273307ef9b97b93 |
| SHA1 | 8e4a77fac4f5abd9c0914a07b830729896923cf9 |
| SHA256 | bcaed5571f36dfe3bffb6b85d0954e0d6b125775d19d0ab5b969419bd7fbd630 |
| SHA512 | 2c430a8840f4c543015ba29e6484f67be8a6824d8104e17f5cd338c72224f85e11f4f3f69eaafe33f183fefb1547b889fd7317926563a5a4e32c937029417d2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 563e668e22d1d8baa4d01ec0bb3651d5 |
| SHA1 | e8c71773239e5ff1ffb44bb8d4f618a37ed07bc7 |
| SHA256 | f0c95505c4474defe02b2bd8847893605e8c747ecb39571750ed783ed5fdcbde |
| SHA512 | 3deb5bf3813a0a3a62c718e2cecda328d271c2b9df3beacf8772d325de5f629411ee12f005a89c0773d26b983a09c03db4e7d6eeb05a3664888b37b0d2de6dec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd2df5949692a0b47ec58fc87c2183dc |
| SHA1 | 188a4027d598a8868b9ae7facdccdd7093142e1d |
| SHA256 | d0f6b74025efa881446dd603d9b778a2a11b66456a0cbf1a65e2d78abc45f02d |
| SHA512 | 7c82fd77371c5e67889d04faaa16fb7b0846fdf234aec8db9761f69a1d9242fd5c68a6069e9e1fb3f10357f6c6979c2881552d3f2720e428a908ffb2c1df0db6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9260c91d998fb4130d2c9b48ad4bf26 |
| SHA1 | ca26c4de14c849c9b06348783fe5171e35e876c4 |
| SHA256 | 313234e254bebe78e43eccc9a7b457ab9af5e29bb47e72c5c7b96826de903e5d |
| SHA512 | c86db36f4d012a64797900f298e13b34bd69c5b71fa3f3340107a803a61c62db390fa0ea0c95a15d337d660629a4e88b139e269e059d34aef3b932ca39e4b583 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c64d8fc208eaa85244ef6c95dfbc8148 |
| SHA1 | 6f9e8b8d0f4eb7622d9d9c0873c8a1e6c4691b05 |
| SHA256 | 4ffdab777ce2c1528ea3887ba5f211280b53853578b596ecb85ab2d15ed06892 |
| SHA512 | 8a021b3731db487fde3befdac7e9329ba15ffde6dfc71b8a33fe0454d5bd597756eae71a163fd0a5ab820b74880ed4db2b328183dafdff3ce438649fa6de065d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 14:13
Reported
2024-06-13 14:16
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
139s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Confirmation.htm
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3848,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=4400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4732,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5200,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5460,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5464,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=5552 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6028,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=6108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5812,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=5672 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| SE | 23.34.233.128:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.40:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 88.221.83.211:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| GB | 172.165.69.228:443 | telem-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| BE | 2.17.107.115:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 115.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| BE | 88.221.83.240:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 240.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |