Analysis Overview
SHA256
80d30fe55cdfc1497b9abbe30710844a5f845e0c856ce0bb50590fb7a2662766
Threat Level: No (potentially) malicious behavior was detected
The file sample was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 18:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 18:24
Reported
2024-06-13 18:24
Platform
win7-20240221-en
Max time kernel
19s
Max time network
16s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{24F6E321-29B2-11EF-9340-6EAD7206CC74} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2880 wrote to memory of 2760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2880 wrote to memory of 2760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2880 wrote to memory of 2760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2880 wrote to memory of 2760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.majorgeeks.com | udp |
| US | 8.8.8.8:53 | ra.majorgeeks.com | udp |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | cdn-images.mailchimp.com | udp |
| US | 8.8.8.8:53 | img.buymeacoffee.com | udp |
| US | 51.81.2.248:443 | ra.majorgeeks.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 51.81.2.248:443 | ra.majorgeeks.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 108.157.60.42:443 | cdn-images.mailchimp.com | tcp |
| US | 108.157.60.42:443 | cdn-images.mailchimp.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 104.26.3.199:443 | img.buymeacoffee.com | tcp |
| US | 104.26.3.199:443 | img.buymeacoffee.com | tcp |
| US | 108.157.52.16:443 | platform-api.sharethis.com | tcp |
| US | 108.157.52.16:443 | platform-api.sharethis.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 108.157.52.16:443 | platform-api.sharethis.com | tcp |
| US | 108.157.52.16:443 | platform-api.sharethis.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 108.157.52.16:443 | platform-api.sharethis.com | tcp |
| US | 108.157.52.16:443 | platform-api.sharethis.com | tcp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 108.157.52.16:443 | platform-api.sharethis.com | tcp |
| US | 108.157.52.16:443 | platform-api.sharethis.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 51.81.2.248:80 | ra.majorgeeks.com | tcp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| GB | 172.217.169.46:443 | cse.google.com | tcp |
| GB | 172.217.169.46:443 | cse.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab13A2.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | f8aa1a291d20db704aff8dcc99c0782f |
| SHA1 | 52ce8f8661c98ed78ce5e778da3ee0a6063eee0d |
| SHA256 | 67e07cd7b225a0c1e39e6977f6c9605db430dc8bc953f619b8e6576c0bbc7d0e |
| SHA512 | ad9c5756b501c2ab332eed9f82a3d8ab1efa36c1163bf875a249071ebc3ca12866c470396b42510f73a86117d56e074bdb4e82e55d8ce14f7028168a5a350cc1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | ee65ed7b71ac11f70c971dd2bee1f783 |
| SHA1 | 5c87a2d433e5df4ff185d1a0a251b28e7562dab9 |
| SHA256 | 4cff1e5804a3c6f987e9e8c6db9c13bb8e8543bca67d7e94dd8964bd70ceb13c |
| SHA512 | 7b8aac146657ce3dfd7b32e91cb234478b7ce09e659b2f5c76664e73c774e2275bcf233076fcf7c96d611bfd39b71d894595838834285cd70f1558260aeefcc9 |
C:\Users\Admin\AppData\Local\Temp\Tar1470.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 921a7d63addd1a8e7870c5a6723911c1 |
| SHA1 | 6def683356bff659799e931290f92b2172eef531 |
| SHA256 | 4b0097926da3e9d6a98011a7273f4c990f20b1241fff25f2fdbdf40829e2eadc |
| SHA512 | b876a461204ae0260140c66004d14e706c3c1a2f7a47f7ec75933351e3a905c524ce7d1c62c90575906b45aad2f9275cabf2c3746d0536ce2ecbb02687ed5d32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\Local\Temp\Tar14D5.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 1b4a773fe7a38d462addb23c10b503a2 |
| SHA1 | 10c787328d64f8cb9cca5009de038e2a1649b9c8 |
| SHA256 | 95f9387dc630f37b1320390e0a9fb65605ce1f770d71b39dad3c5421af1a2091 |
| SHA512 | ab0b28e61f013235c2df43c4b993b9c499d04b0d1dfdcd781aa813d4e3c72f11540702a0522fed6a4984636dc8eb6524642f852b21120d3a636c0d42878393fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1343679d3fb42bea62184c265962b966 |
| SHA1 | ff6257a2708dab7ce1398e8ecc7cc3ae555ba861 |
| SHA256 | 0ab7287444ee91d0e78f64701d1b097a490ad7ac537ca34ca6538ea7ac1c4d8d |
| SHA512 | 45a0445015a0512cda8e9e97c24814d460bdb6c3d26f4976713d678c80401a631a26eaa32e5a866acb3eab92e086f9e693e6d9ea315f8d270e81db6fe5e1f35f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49b3882a28baf436eab2a5ff3fe8659c |
| SHA1 | 3404a38f412c862cc3d47c0037e4289c570762f2 |
| SHA256 | 91aec1429d7527ac896aa408c4d29dd5d599c8ecfbdf79b4ed4f13c06129d63a |
| SHA512 | ced193510e7fd81058a1272be5dc7c7d5221c4d1aa25329be8e845a52dedc023f1540893f40b901afc7f6775b95e9a627aff8448cbe937d569c63137588f694d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f1956318f9c67d904bef8b2162ed716 |
| SHA1 | 8269690b39d26507f09414c5ce1899133e4eb5d8 |
| SHA256 | e9555dce68bca1f4ff7e5fa8339b6f2931a3a5f9bf5d719eb4b86d04b669769d |
| SHA512 | 32b2f6e430ad77d2a9d0e8b5165ee03881f76b1ec68409b846f67fad2720e9ef0140b67aaa2394e3f021eaabba3aa8e4a022145942e65b899c9d7c6506163cd8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C9298EC3762B1F1C928C1D1CE9C7DF11
| MD5 | 2b24e8c8f9b36a646070db904a8c109d |
| SHA1 | 9651ffd603a2b77a90aa9621ceac7e19946a0dbc |
| SHA256 | 29c7c025d7a1cf991a6b5e9b87a76a55ff845fbf27081bbf94ca4a17be6b4c47 |
| SHA512 | d6234316b5921fc83d7f75d8d78b5a2ff5f8a8680484410b7d66ae77654708fd28ecb969b2d26e70b9d9156d4b8ee06c1eaf6109d489bd597bc790d283ad5df0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C9298EC3762B1F1C928C1D1CE9C7DF11
| MD5 | b83b99f31cab3af58b627b06d9262503 |
| SHA1 | 9d18c44be0eb78725495596c70754bc44d800444 |
| SHA256 | 674fa50761f5503be5a64daa23f8b9efead82410dc7bb7e82cf6346339f1f15a |
| SHA512 | 35b39497451179d1e6c73ce721c78d5ed81f6b272a7c4fefe45f46619784358b7002c659a3f39d3101fd77befcf4fdf68f6f9ffba71b5ab985d84f1159d8340b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 44120fbb4547202dff513a9dfef88851 |
| SHA1 | 0eabffdfab4075471578f73e9854a8026368a545 |
| SHA256 | 12d3d21a85a55c13fa74dc531bfe13cd6e180533b8a9f65d9bbd2fec4816b1fd |
| SHA512 | b6de998726756203f7295a7f5d112da71a2fe8dcd948af771d959e43ca7f48519781638bf06d7265aa9433648b5248ebc07f3c7da9499b0442816fa683872228 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66b300a397b2b4160dd27defdec46575 |
| SHA1 | e0f9e3880624f97ae85a000057f09ac6aa572c91 |
| SHA256 | b3481faa2ac7fc3d4ff3ca14ecbf43bae9a92b7ace25b68e9772acffeb35e34c |
| SHA512 | f98c9fa61454929f4fe9e22a28ce0f3ff57b365f11936ff922da29e2a190c834d61ba62e1d62dbe705e70e9dc73728337397c65dd454bdf8dbba70a96da3252c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1382db92b38fc1fde842c5c793f26cc8 |
| SHA1 | 61aa64096906d6770836e22f1c93e453d26bb2ff |
| SHA256 | 53db8076295dc4a61d61980bb00bfca082786794cf8972fc6ac11286d03f6e00 |
| SHA512 | 5f743849c3d438a715db4fb172dad0d28d23da59a6ed09da8c2b2505828a627db7e30c595fbe6e4e1f820636efff4bf333513ba67079bdf68cdb958b3d163ec2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8247a11a15b681575cdcc601a8720070 |
| SHA1 | a7b3180d2c37741494ff8249172959e792d95b6d |
| SHA256 | d09e73a637228b62f45f751635eb1f98a0bd0eb0110914519b42266a8063b0ab |
| SHA512 | f5c6fa71951db50693f20f311056e7e991547d5c59b90811fea7fdd651bbac4b14324cde5149c30ac56bea846ce624f949034e70283af2152f155ffdcdef8ca9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7eebfcdaf682967201073f438f4cfb1d |
| SHA1 | 1d46c7cf34135883978aa0fe667a328d3802d6d6 |
| SHA256 | bee3d7fc6b0898b012a0762e74c2ea0155cc9b84fc79a18b11a06238a58bbd21 |
| SHA512 | 851af9fbb0af3ea9693377d4e21ccb1245d41979d935618ac626fe0cc40766fe4d7002be7b79b1d4c272018f509148c1ad45d3b70de2fb1cad3b9066feb3d6f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e499a0c48e0f93902c9f8456a1c3e4e |
| SHA1 | 2d92c78d800585989be24fbb9424fa2bcdf12411 |
| SHA256 | 0f5a1673dedc122ef64bf6416ab310c708985beb0d3a6fca15bb194248cd5689 |
| SHA512 | 162d8e67b12e3ba8836a6a977ebf00b03e4230eb3b2115850d084e45d9dbd837d1e07fdc3137a85b7f1c96bca52a1ad2893e48191552baaa96fb563007840a76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42badfb0fc4838a765e1b3d92268f2fb |
| SHA1 | caaff952344f9fe5bbbc3ecf221767316a3dcfc7 |
| SHA256 | 38789af8555247765b00a59c5154427a7019678689517324b8bb9ab371bdd42f |
| SHA512 | 22b21489733b4d22372ec6192e33b3396c50bf6575221c45d68b9f3a540e79e3cddf2f983e29271041018de504f1d6b013f58cd48497a658c647de5c4efce619 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a854cb9041450843b5814be8c540539 |
| SHA1 | 810a002658363b155c5d9c39b49b073df4b85ee8 |
| SHA256 | d771f49745db12c10b74186935c0ac030322488517eeadec2413849938932b28 |
| SHA512 | 5a5c3e850bc2660dbdec54e3f0ba008f7b93d9218ab5300d875e066a5dc13a307b9cdda033f927b550c8bd1e5029b7c4f131d43241a1839eb871b670c8455ff1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 885f94b6021145f96bce8b6b4e7ba8a5 |
| SHA1 | 259719e043d700906505f8c8e5463903bbdec5c4 |
| SHA256 | bbbe3e5ebc16e0b7ce431c8b9f2c4fa1ec04dac7360b9be8a611572dfce235e0 |
| SHA512 | 4f9662e2bca935239e5f4be62508d61ad0bc46972bfb4a0416b6cd6f747bd1cbabdfbac70bd42125c3b997342b8296bc810b13ade7cb2b1f76a8eaf878cf57fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d13cb17ec6969f287b912f5f41707093 |
| SHA1 | a95294527f4fe89db0a9eecbe629973e5b91b1d9 |
| SHA256 | 789d35c7b0b5da3371e9962e466f1f82c74055be89e7dda54c9b93ae4333a4ba |
| SHA512 | ba2a2b35b206c3e3aa9ade57c907b2ae6fec42b1f19ee8e371a0e3ed1943b9fe050da24fbed86a85d760d3a7c2d54ad325eab7aebc49245220259b44440ff547 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3b5501f8fac5c514fc5758ece131d7a |
| SHA1 | 00e12dea21abcaf70f4d04dff674b6d1f2ceb37b |
| SHA256 | e2a2d6827ca8bad9e023cbf51fc5c3711f08527ced6bc131e601753b50496cdd |
| SHA512 | 74e7b3df3ee6061cfc239fbbab801187db4f9af4083380c915d2933e1af45e70bbf2c3399b5dd642390102efe2171e7f0762619fef46002ac7cbfcb59bb32b12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94171fbf47203ef771dda06167926dcf |
| SHA1 | 1d8f1c74c7adfe1f42cde96cf3f9db6c5e8f61e6 |
| SHA256 | e37afc37f4a874b3b212fdb7fea71afe5bdd2b287f88c7fbc6c6a9ed788217ca |
| SHA512 | 4253ef63f858110f6c36022f273439699f158dec9cee5f1090216565b77c6633690a3319de3311b97670658c96dd581f93237cac3283fa6731795547ada2c1a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4487bb79018b9642e68dd94afb1f447f |
| SHA1 | 3fbdebe1d76603d8df1248c9ca7b7f7283f5e677 |
| SHA256 | ba6ae08914d786256c6d12781d878548eb532a8429ae83a8c740dc925fa3cb7e |
| SHA512 | 772f9819b0c36c4c3cbc935bf41a80d6db3ecabfd6740d2700fd32e5e88c7bdad8ed16f20c323c2a15bc8dce4465df913eb31c4543943ba12a5d0a3d8f798d8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8f2d4ad5d4cbebaacc5084e6c0bee0c |
| SHA1 | 825ec3bd6de010da6ccc700f5411726657b4e34c |
| SHA256 | 2cdde763325d31d997f87a34c6d07c08dbdf9e88bd5e6182fbb270159dc8a937 |
| SHA512 | 1331ba6fd44cfb18a62fd72579544e894db049566f8e9f9c3f08428827f6b67ebbac464a0a630f0a9f24452094ab17443d0d81147515fd644b8b9eca48747b0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30851f4dad463af23490e5b38dee7865 |
| SHA1 | b1b7d216ded405ddd2290052ee3c24748dd36488 |
| SHA256 | b739e4abfa00b5bddd839b686c148a0f1242195941a2561a70205e67ab5e8a8a |
| SHA512 | 8e5a2b2ab29a75bb5b3d82c63bb7fa172feba9d5185fcdea68efae4672edcded71adab4ff91e74e3e1be605894519b4eaf032dd5a7e344a9db9f052efb9994bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6c354ccfc892e5b3e8609488da6b4f4 |
| SHA1 | 9e856d15d0f1e32d5157eaa46c6b7814a57ae80d |
| SHA256 | a45fad82c91f0b9ef37c5a262ad4dc6ef4faeaf47d8a7491aff7e0a2bb124dbd |
| SHA512 | e296026d27e5ec61321dd332f33dfae2daff895c7978c88deb96cd6d2fb97035fe01accb38371fdd6468b6de0f9ec6722c52902ff3d711cfab31dab1c832b5ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02ca46895bb16840d21c85d9ab3cbe15 |
| SHA1 | c468a689f16d69c00976e00679b1d13f60e71b13 |
| SHA256 | 59b956da0db28dfa28fa3c9509b8d762a639906a3675f1f521793490799c1a96 |
| SHA512 | a864cdfd3a32ba09141df1d06e8826f7c4d31e1280de91b7a59b467b0dd6e29c339aa6bafcae44990c835b2aaf37321392ad81a86e5a9f5cde0204d4b40e9313 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3603cb306fb192c60705e64a35cb6134 |
| SHA1 | fe95e84d233bdee8640835e967271f9f5d920c15 |
| SHA256 | 29946c6adbeacca053af43453790a0d14583da70da6317009aa3afb74a33ecbf |
| SHA512 | 02a7fcd57f990518835aac20becc2204508b38ea8af6bf4bbd6ce67d7e82a3a3bd547447046b1df50cd75d175447053d9ccf72aca344af07441ccb69f601d233 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd21647dc5233e4a1905de00e2a1b7c9 |
| SHA1 | 529c500fadbeb87462436f0bd252d622111e6804 |
| SHA256 | 008a57cf4270940af6bdd8094a3ebd0f691deb6fb518e51e4bbbfd08d1a6cf5a |
| SHA512 | abf6857e058d3392653d6dccf6ec439a1ba8650a98b4ac96f7d272b3bf85ff08b0a04f8c7597a7eda86f5c8079ddba0ce792713edecdeea843982d711ddb0cdf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21f023aba6b07aa10d6197b05dc919af |
| SHA1 | b88cff2fc042021269e1c2a6623d9000f0fe3310 |
| SHA256 | c4fe9b8db72eeb16b0d0d88ed9bc6ecf8493b8a6cd26f297de9418754d7480ad |
| SHA512 | 5cb735ff75e821fa44319f75b2ea475e211c808e3ea82afc484376df644f420b962971780a823b4e6e8155e50ae951f88c65264cb6662aafa94f399af83f354f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83ade6811bc3f94e9f6961877b03c43f |
| SHA1 | c83a3cb59bfd299c977f86497f544eef64f33926 |
| SHA256 | 521d1e81a7812a63a2d76cb0138a5b98ef1c7b6480ca0a500d2d73c0a92828c8 |
| SHA512 | df442b138574eada0772c9a1343bc93eee2ea217d57a528a3c06c216560ac2b7b33a3e09031530af5b6e12e30dbd60eb0fba57cf5cabaa6cc212260263a4bc0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa381cefce4ce365efa98c009522811a |
| SHA1 | 6fae578ba0964fcf8a117cd3d65d4692dc272576 |
| SHA256 | 9ca83377ddf61ed692476077f69d2ebab620124dd52a5082da325512be9d3ff2 |
| SHA512 | be8dc68c3dc09f89dcf1e55b5ce45fbe7d82ca93a7dc03b6a135fa05337932905b547dc86c8c0431710f9759e6d907183377152b92a35676fbffdaf95a1430f6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 18:24
Reported
2024-06-13 18:24
Platform
win10v2004-20240508-en
Max time kernel
25s
Max time network
26s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3976,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=3832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4828,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5296,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5328,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5324,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.majorgeeks.com | udp |
| US | 8.8.8.8:53 | www.majorgeeks.com | udp |
| US | 8.8.8.8:53 | ra.majorgeeks.com | udp |
| US | 8.8.8.8:53 | ra.majorgeeks.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | cdn-images.mailchimp.com | udp |
| US | 8.8.8.8:53 | cdn-images.mailchimp.com | udp |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.majorgeeks.com | udp |
| US | 8.8.8.8:53 | www.majorgeeks.com | udp |
| US | 8.8.8.8:53 | ra.majorgeeks.com | udp |
| US | 8.8.8.8:53 | ra.majorgeeks.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | cdn-images.mailchimp.com | udp |
| US | 8.8.8.8:53 | cdn-images.mailchimp.com | udp |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.majorgeeks.com | udp |
| US | 8.8.8.8:53 | ra.majorgeeks.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | cdn-images.mailchimp.com | udp |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | img.buymeacoffee.com | udp |
| US | 8.8.8.8:53 | img.buymeacoffee.com | udp |
| US | 8.8.8.8:53 | www.majorgeeks.com | udp |
| US | 8.8.8.8:53 | www.majorgeeks.com | udp |
| US | 8.8.8.8:53 | ra.majorgeeks.com | udp |
| US | 8.8.8.8:53 | ra.majorgeeks.com | udp |
| US | 8.8.8.8:53 | cdn-images.mailchimp.com | udp |
| US | 8.8.8.8:53 | cdn-images.mailchimp.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | img.buymeacoffee.com | udp |
| US | 8.8.8.8:53 | img.buymeacoffee.com | udp |
| US | 8.8.8.8:53 | www.majorgeeks.com | udp |
| US | 8.8.8.8:53 | www.majorgeeks.com | udp |
| US | 8.8.8.8:53 | ra.majorgeeks.com | udp |
| US | 8.8.8.8:53 | ra.majorgeeks.com | udp |
| US | 8.8.8.8:53 | cdn-images.mailchimp.com | udp |
| US | 8.8.8.8:53 | cdn-images.mailchimp.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | img.buymeacoffee.com | udp |
| US | 8.8.8.8:53 | www.majorgeeks.com | udp |
| US | 8.8.8.8:53 | ra.majorgeeks.com | udp |
| US | 8.8.8.8:53 | cdn-images.mailchimp.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| US | 8.8.8.8:53 | www.majorgeeks.com | udp |
| US | 8.8.8.8:53 | www.majorgeeks.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp |