Analysis Overview
SHA256
d9a7e6d3cf5d9f794c93ab649d14ad08ca69b3427b9df6fb08569e4b22841dcf
Threat Level: No (potentially) malicious behavior was detected
The file sample was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 18:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 18:08
Reported
2024-06-13 18:11
Platform
win7-20240611-en
Max time kernel
120s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F0F0F6D1-29AF-11EF-9E46-6ACBDECABE1A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 401dd0c6bcbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000005ef6fe95b93394b7446a060982b35c712c47128af711f8e7dadea50984cedc07000000000e8000000002000020000000dedda46391d8efe20721a456f1036ad1e7724e23b9b7181efb4f5c88b26e4edd200000002dfb0bb8baa54fe34b24a9d9853d2e6aa62e31f551c5dcde03e86e795ff162b5400000009f31c4ecece1f22eb398f5f8cf2ba0b3503a7734e59c6ae79f07f1883ac1414dc85e975369183c9e7b255f6a2827a59a7c9ff134000eb5397923d780397bb49e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000290bbf200e763d58ca62f7c2eece2e79083f8883549fd274607a96e8598725ac000000000e8000000002000020000000fc022981d34a4076c5d130e8c6df339b3ea6298924c824dbc184c3cdecc9507f900000000f4b7290d7dae245c7cd4b42c0d9178e647285a5c1c2b4c578f6f5719610e9c1eba48e7bb36cb99200d0f5adcb8d60c93f074d9fbfb091515cae4a56c1d36266d69cfc812d9565eb8334c6879d71eff0c82783150af5b0b16030cac7ecc0ed1643da3d7172fc2eeb30e7f9201850e48030cd5de825822d6dda0a6c89cb91c5320534fc59cc56be196504ee2f99b33c4940000000adc520e983e360cd8e3fbe98d5f0660c14db016375f4ff2a88bf5c6df078b84b618d9612ca26ec91d5bd3835ccc67f453995b812102740c8a29c271744369047 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424463980" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2172 wrote to memory of 2660 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2172 wrote to memory of 2660 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2172 wrote to memory of 2660 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2172 wrote to memory of 2660 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab7F22.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar7FE0.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4c260d87fa46365feabf642ba03a3f8 |
| SHA1 | d1356d5271e0149aa4853fe755a02746bdc345a4 |
| SHA256 | 76df1cb052d99659447fa54c626821cff7eade3c62f8b014bcf795d319953ac0 |
| SHA512 | f8c7ba22f5b973e5ac6f148e23a0475e7220f6f0d1c1dcb11032162a421a0914ee8193db2bdd741d0b426cb78675c3dafbcaff62d9d950685d1162abfd482df5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99cb30b2af73674ad1ce3d98a747afa3 |
| SHA1 | 251c1a5c04f1127e7a61cfedb581a6b1072434cd |
| SHA256 | c9a05f977135f7a68c330be0a339fff4fd64f63b0c7132e1fd1cab9113864f46 |
| SHA512 | 5a2f817f277740a64cd6adec797fa6e72d797e858cb820980a5c38f899e34442bcac27bb335abe197c1fd52d90b2f49948249750d11695e1d8efac994324624d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96455ad01cf801ce35b11ef11466cfd5 |
| SHA1 | 490163f76ce94207e6a618792dc95bdaf896a94d |
| SHA256 | 468fe00960a9a436b8b3c7d800f43c5b9005edc2662f1399cf11c8a083b9ef68 |
| SHA512 | 176a599fb27db786a6ee4715b029f46e9e707aec025fd7e25e67c6186a3a2d93505539644cb58649e1dda9a750b18aba51fdc5191ff4ddf58f57991ca1982dfc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15a8dc806e2fad3c67acac1cfed8e758 |
| SHA1 | d2babcb2c23537b22e08f11e88840302dbef370f |
| SHA256 | db0ca77628d5893e71bb85a84b4a64e4595250c5eb3266eeb01c4b0f08a5436f |
| SHA512 | f5bdbad809658ba8f9c2f7ecd04dd53a97944dc08f9f22b2b6ba6b1e0a0aa585266da1e60056b5ce834f658dea05644618a14a3d9dff75098cdd7aae95df7e62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8004b02b811c215b50e4d5685712e26d |
| SHA1 | ccd4c666d9d3003904e12b9249f5a8d5fd9dc183 |
| SHA256 | 74c37cfe76273fabc61376a26fc33b0c1cfa099bae8b423957d08920e2e68e12 |
| SHA512 | 0ff24fea92b28055074105914240e449ea69d87a4e5f557abdc2c448e266f5595c84efdabb880c9f8162cb761f0e3d01409a91f7066f5d478991cf1654dd08ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db5240c87a4357db300f939114529ed9 |
| SHA1 | c20885375f96e05befbcee2c5ddb42a7d5bbcdbf |
| SHA256 | 25acb6b802c1817d37f4ff6fb0790ea73450bb19e285934ebdcf334e85e7f19b |
| SHA512 | ff44f775269d0359cf20a61e043b5281d244670dc49326ee03304a528431a68421fd6236ca20b85cde594361c668ddbd094249275466ab7bea6046023a7abcb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a9c3e220773d076fb2681863518b787 |
| SHA1 | 38e3ab5eb4d7911a9b380f6945dfe8e22b4220b4 |
| SHA256 | 06dfa36c271cdc1e72d6022edb6bf7d89f1813d3213da15798cba30991345ac9 |
| SHA512 | da48f7170cfc80f5f0433dc81be046e45a1f05d3ed02c183ada626902f9c0736a44f2b42bbc21fbd6f9b8abd622b840b03061983d73de106d420943fe28e407e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30a9061affdb61d6aa61d206ddf526a3 |
| SHA1 | 7db9a359cfc1bb19322ac1691ad20e55b92fc404 |
| SHA256 | 100e3838f1a594d41f27ac98a365389120ec3989e55e604b61baefd7e2ecb97a |
| SHA512 | 06fd97cfd6ccccdc4962899a1efaf60bc21ac63514bd105cc51777971ffcedd91cfd080b25b89f4294f08649fb7117d2752f291135ea140075d8e28739a74412 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1adf50e1dc3e632fac915063c53ac931 |
| SHA1 | 15a542e7324cb815f38bae2c5d0e7b8d2abe1588 |
| SHA256 | 6065d8af76ae4b269561305551fd9d4f39c4fd3091d52dba9f7281f9354f2a78 |
| SHA512 | af85b95ab9a4c64fa7ae2e1b940dcb3b163bd8bc3951b069f3c1b06aea3408ce0f24eab4a3ce84ea3fae6c758821250248411b9303929e41fc03d06309e72255 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de2f1559ba5e39d37ba649cf8bee2d87 |
| SHA1 | 3865e0f57815a299418f44a341d566ad6f2be70c |
| SHA256 | 4f7720bce0a092ef40c0f6d292b109f0eb13e72a47f9fb7d9af762d60bc2a81e |
| SHA512 | c2f3732a1109e3d5e9c41fbb1a0eff8c19011d4dab35b3f2afb11b8dfdd5cac4fcd80dab3752657af40ae007ef151e1ff9095f99bec7d87692ce209ade4b959e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0791d46a3e4ebc68e8cce8c899c47a3e |
| SHA1 | a9125b3df51df3cee22c6f18ef0f36c88a6d7951 |
| SHA256 | 90a45a23af490b6763ebeb606fa1577eac26562358c8cd7f1f2715589bd23fc7 |
| SHA512 | f36cd5b0c0247bda4f2f2106aaa70ea7a1c17822625a8bcb0a0a40bdc650259ab6c67c50eb1556de4aa9d82972ca22a475390b63f92f675eb5778d907a04f22b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 782ffb525e81f391917547ac5337956e |
| SHA1 | f7cb28b86229cce170adde6c2d3070a7b9f080ef |
| SHA256 | ce9eb93e16c5baada61ab004730cd918cfb04cd73c9a7fe9b7be57d01a9a1a70 |
| SHA512 | 7610887f340e688010218836ebc74c2f1840048c033feb1fb50052eede7662d35587aed166f759771ac056f350a568d1f0085c28208fc1cff3877909e68849e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69cc1fb334c160a9a4b3efa06c5be5d1 |
| SHA1 | aa8f9871a6dd7bc1f19e86f09d84c8ca1cdfcb3e |
| SHA256 | bc631375d75ca424233f5cbc83ab9f1784cc085abd60068dd68e21a7dae98c45 |
| SHA512 | e798c0529e165488a2dd185e7f808f7ab936a4cbb923f77ad94e3fa3ecc8cf3e904b2f1658b1029bc26b2761e5613c0530b964018f84483369ccdffe09f60b9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f0562e3fefb6cf7bf9eb893449e3699 |
| SHA1 | 045346830cb29d0095f5967665a2b02881106604 |
| SHA256 | 5dbcccadd78a5bdb2f48af7c9237c58d2379ea078d3b32cfdc8a90e745df6c78 |
| SHA512 | b6cc9b64898f6e2116ce9d305982267fed1820519b6bcb5ed0646e30e60ebacb6dbc600c5e9aaed11f3763bac5dd94828d954ba348da6bd561e9f60b122a2d0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9db3bb216e98c357326b1798342d3b38 |
| SHA1 | 1ba27a09b645893bf9ac99971e6d0072d7b5d410 |
| SHA256 | b1e3298a58244e670fbd7cfe828dac66f3a7b71869455077dea3520643cc2c55 |
| SHA512 | 342842b7ef91567b4e43ce482a92af562fbb190bf615b2d0b519f17ae8225f61d160667f0841cff481763bef338134e8a0586dec8c0c5992e71678bcc3ae17af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d22b2c8c212ec419b339a8c91c35405 |
| SHA1 | a88cfe9b8496c1ba152a18e782a3df9bc0be265b |
| SHA256 | 051f10b2564f708fc5393bda34bea96ae0179ee5b140d66e13d85159c8c7c88b |
| SHA512 | aeb9da653203bfcb8a45e32a6e489a92ce88d6c7eebaf87374a5cfc51aaa57c171d9d04905370ec1d155b6219b3689b3c09b57a6e62737efc7ffc2868051ccf9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92e78c7543ae444f94bf6e5453a9a9db |
| SHA1 | 4fbcc94f307d48bd78f8595911a3ac9379264586 |
| SHA256 | 1666212047d315a3cf838c2f5e811e10a2f4f3da60bf92779d4a255aff84ddaf |
| SHA512 | f3886ddbabd13b077c8cfedda7388143bd0b6a7afb305626314da32cb0b403ebc1c0a33d280adec5fc6ad96b24db5693736dac93660c7d3eaff8f6bfbdbc8fc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ead3c87c42935ac4b993bce488250dbe |
| SHA1 | 8bba376962d3913e5d2a093db7a156e65c605244 |
| SHA256 | 4d010e882c5cb807777445fb9d98f4034451441daa2c5159b2af34b645f4b074 |
| SHA512 | 43515414270b11054664b05044b659eb8209182d6e6c8e40bf0153b94dbf576162aecf06dfcd4307e3988dfb7952eeb7951fc20df616f0bdea6161943f7f7061 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5812766fe3a0e8bc92ff42e723bffaf6 |
| SHA1 | 835fea02a51fd9bc8e9e153dc4637e2905fb141f |
| SHA256 | 595bb3757aaddbe75105f243b109d8003114c0c9b229f0b90e5bba4737ed744e |
| SHA512 | 052a752c7e323a46b81947a7f493b36f047bba41c4cd5632e7f645fbeedf35b06899409bdc7287cca6d2d72649f2af34414d9ed8d5593570971637573baab677 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcd0a53f55501d71e2e57984b2b035e4 |
| SHA1 | a4dc500e2f6cb0466508f8109f750e4a773bc32a |
| SHA256 | 4e8eeb95309f7736891e7f7a0d02c7140adaddf70dc4f1a23c57f7b3e22bc43f |
| SHA512 | d96ed4fe73bfb9bb2a0367dc57dbf3a0572c5d329bad6a4faa84a2db2a40708619b4df87750afe03422a47f1e1342f4aa176bf3ef40b7d5c8a8af3c0a447e95d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7685e2f81391b9f0a895f74209d9fe0 |
| SHA1 | 22f5ecd5bb7f9adac566714b312add71bc73f251 |
| SHA256 | 1a47be4122e08410100219884841c90bd02115baee69f83a7b67b7445b373a8c |
| SHA512 | 649effc12a6ef07860713841a938d2af4656ffdfb3a6184958ba74564eb73893534b8fa4977ca5a65a03eedfd91e81a38d9f2a31ab0ec3cce0c6f0af2346e951 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86226d6f1217832dda66446ab8e0db38 |
| SHA1 | 7363fc9458fc3676e021d4d30e813d2e992f4e9e |
| SHA256 | 10363e460c2a15b225f011feb095ee43b8d21f86f5ff81604879e52b70c9e26d |
| SHA512 | 4a76194e5697318e52809ffd2eb9cb9b911f13f9f6ad1824ac919a09cb056cc1975198b893f01d0b8d29253e3ba71368ddecf037ded55e33fa5eb673a7e084b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 622db45763d8e2a300411ca3529acecb |
| SHA1 | 0df812928a4025408813bf978567f4c2b78d5bbb |
| SHA256 | 3f19df993fb41c39b73c776b3ea7255abe3b221787ce9d96d48f41dff95797e6 |
| SHA512 | a718d7d6939cdb8fab16ef86e0855916888bf2ef9408cd394e91b98068c73ceb8794c1fa42b19385e210d45e29411161eacc5ff5269282f3df61fb5b7548dd7e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 18:08
Reported
2024-06-13 18:11
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc80da46f8,0x7ffc80da4708,0x7ffc80da4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,7462318125338269142,14980017609372769808,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,7462318125338269142,14980017609372769808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,7462318125338269142,14980017609372769808,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7462318125338269142,14980017609372769808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7462318125338269142,14980017609372769808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,7462318125338269142,14980017609372769808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,7462318125338269142,14980017609372769808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7462318125338269142,14980017609372769808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7462318125338269142,14980017609372769808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7462318125338269142,14980017609372769808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7462318125338269142,14980017609372769808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,7462318125338269142,14980017609372769808,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| BE | 88.221.83.210:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 210.83.221.88.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.197.17.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
\??\pipe\LOCAL\crashpad_1500_IIDSTLBEGDGTHRTS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1cda82a440eccfc9b7b9c8ed28438832 |
| SHA1 | ad46c52674c776cbd0f4f293f5624155231fe286 |
| SHA256 | 5312380ad472e329cb988f59d930e7aae5274a928f38ad4c9ce215a40b045965 |
| SHA512 | a6e4afffc4ede43766e6c70e2e26c7acb449f0656706c96ba1f12df4c5e244ec8642114c3f59cb6eeff46088c012d3c2a65c59c4464db89643112a980dce5404 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ce4872ded88f4309f3232988664b16ab |
| SHA1 | 4aee04099a8b2f18648bf8969f7d5c437e0162fc |
| SHA256 | e0175154bfd1758352c381b08849e518b6945b88aeca469a72085bd8dfa182e7 |
| SHA512 | 2333d8fd9a7faa0fcd0d4c5ffa0b3e0bdef1faa086e323fea482a23def3a9f4c6158134e49375238180da0d6f9dce07781fd1358820c1b7a0f7df2647d487db0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d72f48934e33468c01c16e320c17a69d |
| SHA1 | 5ebc3ebaea8aa40edda54b6924ce8ce536904c38 |
| SHA256 | 081794682f911efb0b9af9e2b82a86ca62dff206fe9d4107fa857ca59dc7cf80 |
| SHA512 | c278a77952b686fa801c5c8a1a6898362be0dd5beef2a19cb160e9ead07dcda9dd2ad6a5a47eae3678ee5e3a9af2e1f0626d24f97e57010fa930a26b6bc8d598 |