Analysis Overview
SHA256
2ca50f1448a180e2b717451281fd349b922a463fdfdfc5d62f7309f92c37531a
Threat Level: No (potentially) malicious behavior was detected
The file download was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 18:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 18:12
Reported
2024-06-13 18:15
Platform
win7-20240611-en
Max time kernel
140s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000d348d6396450236e4af08dac4b6cd8923e9c1c283963a1c8390195e08421880b000000000e800000000200002000000087f467b93d9a6c2bc5a03f784e8228517ef43236a1dfe2adc578f00cf96b510290000000af5e7ea55a17fc2563e3ff92567c3dc5ac1f50755358b9d10eb2f8594253d5dcbfb06ecbbe0daef198aefbd02dcc30864676be51f9096e6559d8488e5152af3166703a107193d28e17508fe159ff7a9a1c449d2e1e707a5f31109a1f6f3b0efff2cbc024bfc688c70d33b7496a8c22f23d131b19b8f90040f99762c5261692303bfdbb89239ade7893561709343a8b18400000003abb2b0363260a1bf266889702f7554fa9b5cddd0328a71db5f363a0850149756abdafd692e1614c455165421ec72332549aab77f2f0350b0aa4cda4a4ec2ffe | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8E7B2A11-29B0-11EF-A8D3-D2DB9F9EC2A6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000005536a9b8906d9d0fd2ced7076146884a1416783f94adabb5eb0c46ae02e12ba000000000e8000000002000020000000e52ff0aa36669e536c66808e98ce0c37a57ca13d2a3e47abbf27165bc667be9d20000000813e11318532f4aa48b8f4a6ef44f771385e69c9be4e1d3ca707b22d9ee51db240000000df5162defd615833e6d11b322c98881d85fc25ff5b156b438d123739aa27f6c80ef97e1826d888b60e8ee36dfcfb3d85969a5f69f4c6fd55e3deb42bdcd267f5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424464244" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00f71965bdbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2192 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\download.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | macdownload.informer.com | udp |
| US | 8.8.8.8:53 | img.informer.com | udp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 104.22.16.194:443 | macdownload.informer.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.194:443 | www.googletagservices.com | tcp |
| US | 104.22.16.194:443 | macdownload.informer.com | tcp |
| GB | 142.250.187.194:443 | www.googletagservices.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 104.22.16.194:443 | macdownload.informer.com | tcp |
| US | 104.22.16.194:443 | macdownload.informer.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | hits.informer.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 204.155.159.109:443 | hits.informer.com | tcp |
| US | 204.155.159.109:443 | hits.informer.com | tcp |
| US | 8.8.8.8:53 | a13af6b8626b8c4ed5a845345b1f8f41.safeframe.googlesyndication.com | udp |
| GB | 172.217.169.65:443 | a13af6b8626b8c4ed5a845345b1f8f41.safeframe.googlesyndication.com | tcp |
| GB | 172.217.169.65:443 | a13af6b8626b8c4ed5a845345b1f8f41.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab537F.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | f8aa1a291d20db704aff8dcc99c0782f |
| SHA1 | 52ce8f8661c98ed78ce5e778da3ee0a6063eee0d |
| SHA256 | 67e07cd7b225a0c1e39e6977f6c9605db430dc8bc953f619b8e6576c0bbc7d0e |
| SHA512 | ad9c5756b501c2ab332eed9f82a3d8ab1efa36c1163bf875a249071ebc3ca12866c470396b42510f73a86117d56e074bdb4e82e55d8ce14f7028168a5a350cc1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 5b6cea3c249dd887dbe74c718953780d |
| SHA1 | e29cbfb91f85e1459c3fe4cf6f180b5da3f91669 |
| SHA256 | 69277d5ab12b33205ef524d891f6af03b74a9508799d29b1e5ba23b7c72232d1 |
| SHA512 | cd5f64d957750e72c1ab9d364207e76a6dc77b91a32adab4a963227abcba6a5303bccb5a4087582bcb848fff506051fdc9830ec2b2ac2242122c7603edcf4802 |
C:\Users\Admin\AppData\Local\Temp\Tar546C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1efbc53092dbde59280a7f0b4ccb40e |
| SHA1 | ac4dff223f8c52458b953a762b51500a25ed4bce |
| SHA256 | 386be574ba45828946524f1ba443e134ba82dfb3a8fe531d9f26211c1dce94ed |
| SHA512 | 720afa2e2f40910191ddd84845c79c371e0860501bb8c0907786529010d0430fd480b0d889435608976d43215c101552973a79281190b5734f8eca9c8c56ef3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F42EE0B26294A18B6FABB48D92D55F87
| MD5 | 9970909d0aba40d65ac5b10b1392712c |
| SHA1 | f8a7220d7ddd6b033f1dca6500af8ec9b7907c82 |
| SHA256 | a062f4d9049ce566c85887afec5d73cbb471fca7149a12f32b9f51753ec7acb4 |
| SHA512 | 51b54795c500450b9a0cfde7742592919edd66272c42919d78d9d93f4e33c87ea2ed973aecb619c4241309cf375988154d4d8207f10b4b6134ed388931713e31 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\f[2].txt
| MD5 | cac580c733b97073494b84501f8b53be |
| SHA1 | c7ec514d04d6d93c98de2047ed8ea8b36ef4a37f |
| SHA256 | 3567d3f1e303ae3d52dd5283548308e35e7330ce7e8c6db71329f4b7e4af91f0 |
| SHA512 | 00968245534a00e8f341103011218dc1ffb875705f8ae10251c31b43afe89f0424b349c6f79bb9d919ee63c6ce220b5e564ed827132acfa2a916d0a87671f1d7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\f[2].txt
| MD5 | 543f1ba5d21d72cfd5af1b7f3f5a7dea |
| SHA1 | 819aa419ec1d9ac0e6a75345ae8e501476abfe65 |
| SHA256 | e680f15ef156077429b715ace513107f66461727a57814c75b32246ed87e6f07 |
| SHA512 | 6e0fb83899e7cd129c677115eb17945418572d7c357b848870b791d131451374833e39eb0086a498dea4d915133104a140de8dfd83b8177aacb27fa6ff005125 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\f[3].txt
| MD5 | 98408a561a774e2414e19971eec1f993 |
| SHA1 | f51216ceb3dc42de1416511664a7ab3bf7ef6b55 |
| SHA256 | bc7ef6c5abc6ad9f53e4b766c83bd5f57fce9d43db9cca546b1187e4a0583ef1 |
| SHA512 | a81646843f0d44a52db9e04debcd5262d8892827aa0608fa3a9284f3963e9177cbf3ae99538c28692dcfa78ed6240ace96486e9e6eab6562a6b8d9e1b545f844 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88ca2c780e3201d7427c8cc7cf47b91c |
| SHA1 | 97e908a98fc027b307f4c8de5a0b61dae8ceddc7 |
| SHA256 | 7dc3844ca808c2c9436ed27becdbf3bb11079c0da43b3e6c46172fda30ac88f9 |
| SHA512 | d12099a9fd94299eed34659802fe3e7767c9d5d81d92de436e275e3fb5750e3fccf09a13c7706462a21ba223bddb7ee12dff3e4eb0a863f2e09345fe1b2d1659 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a8a08306416b846b9a55bab2baec6bb |
| SHA1 | 2003fd403df853475da6c8d6b88fa0eba2eb5174 |
| SHA256 | 9920d941e6432ef7a58d244e5b5e9cab2d8e3e8bc255c74b134705d51055ea0a |
| SHA512 | 4c4cd9293da2519ce3ac1a643806515b0aa08d3056839505365abb9dd757759354b47cb0783e226e07ce40fb932957b21301995907b73d6e5db6602b4674bad4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48b5b51e4610b1e6f88a97aca9eb7eb0 |
| SHA1 | 6991399341cc75ce9182f8f83d38c83cbbbd37fe |
| SHA256 | ea07a9b5abbac070cecb05b5e5c62844835144cf7b3a767ba37a63afff0cc871 |
| SHA512 | 2377e108de365e3d12ae1455617244fb6d085023271db2809805a3d409bd53216d202244090dfd23e677963f49983add122be415c2fc22b7836cdf76f52f825e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d04c650e4c651c73d2321f8bf20b82a2 |
| SHA1 | fc32c2dde65f584d3627c9046dc12c74b95b0ae7 |
| SHA256 | 227315056ac3f30b74346264626ef5ad1580bdbed28801057c7faeac1cb91891 |
| SHA512 | 7a473cf949f0648a8b1d83e21a6dfe2c01808d1decf009fe63bfb66ec5593e818fae89419202b3d93a80959585fc0b2fc88793bc1652bd2f166d9e434aef66ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42053b9c6f592f35496d60f34943b1eb |
| SHA1 | 11ac71a822717027f035cb3445dea35a463d82d3 |
| SHA256 | f9abe8e5068f1a3cdf1788595cac2deafa0c7ff8c0dd3a31c5490614a49cc063 |
| SHA512 | 6246d06a627ba7bdbb74326e6147f0f80e2970061aa9ddcc954545408be0fe6abc1e9c87378b798e3cc27d60688befeabfe185e1b13ef6790a79fee7e042f9ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98413f6520dfbab51a5627cc40d00278 |
| SHA1 | 56ea7a33bdc306f201ef5fdf7e423ba57ac98d7d |
| SHA256 | c4a69cd3a1186475c106344a4c0e2d70eae4c259e92c7e675731fac3382e5241 |
| SHA512 | a258931d41fd4b32bcd1e52f676f16bd2d20c910a9c86c431addd17ff6caeb51743380c535b9d334c1f3524f17e9f4bdd373e00a34021410b29d0168e7ba7ade |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f484ea54a281d57bc4f07adfab30fc2a |
| SHA1 | 615cb9b6bd5bf5cf83c7a45fd3fd5bc1d8ee631f |
| SHA256 | a7faf9b670d1fe8c1a58f4aa237259d86b11ebeb5a88d90b3942dceb6fa941d9 |
| SHA512 | 42b20f8170bcbfcb212057b58df2276610ea6931aab580bbac0ce299aeb639aa99c2bc602b77ad3147a74a94340ab2d40e19cd82cccac36219563a9054aefec8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb53d083347ec044fb5d99976a90906d |
| SHA1 | cd3d7880a3dabac527412279b55e90cd5bc403c9 |
| SHA256 | 660d6a3e2e5af7fc5ddd96fc85362d331afb1f542115f2b0fee21f9a1fb82d5b |
| SHA512 | c054d594dd136a5661af76b58be835ac4b48c378e54965ada168ed17da6599888e5a812ae69d11e0d6d431f184397dfb8c53c8354e27281fa75e14bd6f689c3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e708f3b75b5ae5f245b8bf392a0a57f3 |
| SHA1 | 9cb4e0fdeb3c33a0e6c3b835ac5008b452910fa1 |
| SHA256 | 4f6699307efdc095761d4a71c708a94d5bccb6c28ec6e2c7d61372f94e443f2d |
| SHA512 | ffb7882e778b3f72407ec79bd1565c156411744390e712ff7df791959e3b74abfa97c80e18b46a00d7c9a0b32ab383e3f2b955ed681723285375e94fa53fac0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d29b238e7447125c01510c8a4c8e6f4a |
| SHA1 | 748cada4251e5c9dfaf2868ddacf2d51dae6aa51 |
| SHA256 | e6d050b3590d5feb2dd8e1c27c92f79200905625e633856c4fce3e82cd431aa0 |
| SHA512 | ce5fbf378afa8839dcd668ebfb689fc8d0ab165e0f1ee0bf7ec3d3db169be3f4f6b507cb320cb5efd0ccfa550fe94bd72926024390eae77df7e4bb6cb4bb6769 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7dccb41fb2854b78a3a36f864c5d1d67 |
| SHA1 | eba68816b140ef7ea34825cec97e5ed558bf6c1f |
| SHA256 | 7f4c1ffe7b16d0ed318ed6845f59f6343309e5519f0509338be5bd711f2a4a29 |
| SHA512 | 72f8cd98a0e74d275538f772a3e52f158c54aa6e2b4bdff4daaf03be51c01fbf465d845d63c225d87623ac3581e36a9543cb8b5aa89bcd802aad324ccf7278b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ad0f7994506c455ea4f8b741eb5216c |
| SHA1 | 085d4c1f204d4d941ded9d0678e2efd2dd9e0704 |
| SHA256 | 16158fcc6b56373a5747cc43435fc00e457ba6ef0b8c3d00cbf15c8f60d733a1 |
| SHA512 | 07a62a3735011960cb3ae578ca5562310cc99b48072f69a8c9cc7edf92b8b4bc4befca1768f1f406df4f0546bd0a6c60f0fa227dfe453f0e8a6efacb753687f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e2580d39e940c38359577f636e40e8d |
| SHA1 | 3cffde0fde841c8bae2d0328a82e197b5efb0fee |
| SHA256 | 32018f141246df0c6156378def3a1f24d77dda5baf944f0e222de2284d0ddc41 |
| SHA512 | f67084b04978f08a0907c0e97f4f45aeeb24e574f2cc3824c3065da9245a4af107cf56907243900e26433a1601c6428ed1ea648fe55531b160c410d2c99df6d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03cc6f8da520eb652430133ac6f0caa9 |
| SHA1 | f2ccf1c401ee46296d08ad0887db689798862af8 |
| SHA256 | ae116d3526e04e9ea0a3bb50008303ea1f2723a6ca37a419a676582143ac23bd |
| SHA512 | 1ef722ce09d4e0b7ac727a5b65d0d8d298ce55783f909b0a5ab6441183a54e5350430b4cc4570e4217d37c761c69b86d84786d8332b68d823601953f8d18b10a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4316417c96d1c96449b5711d77206306 |
| SHA1 | 0d13a591c2aab0ea706c7b78f5653e27581f2fa4 |
| SHA256 | 98005cd38755eefbd81812de074ad59b014341bc4c58680838c677ecdf1818b1 |
| SHA512 | a4e8147d8eb1171039cb5ce6b0b90b10f9a1371e045085a4298036034d0ff5f72ad885f0cdeb6ce9f5ec50483ee75e447ce20df0e61a17b6838dff1044d1fb2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31c00cffddfd487d297dee11d60b1fa4 |
| SHA1 | 6c975ca906952a25c69cfff133b6b297d26723d3 |
| SHA256 | 10852bcdc5e42e1ad7f2f605634ff961ebf1d28e7ab4d03a83711d9d8ac02d44 |
| SHA512 | 81e5d57c37eb443574487d642878640313e69eb7589052b82cdb97fe309cd3c45b25756dddd8910ada7517890df27793abfa6d2359db1c01d98a8ad8d7a8219d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ccbf901e66a06921fd0288138267003 |
| SHA1 | ab5f55e636dfe75f486d8e6399fa76d69130c873 |
| SHA256 | e6a9cfe6c24c2673f37bbfc5a70a0c42d4744b58992af1d295ef2c0af6f38ded |
| SHA512 | e45da0da2144493726b18fd1d4067dcefa96ca96890b4e292859458384d44d68a167151d2f49862b4746982484d35d5b0b24fa7929e293630d2defc7a2e41f33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1d6f5dce6656614d2fcd54c1c4843ef |
| SHA1 | 399a27051e7a31746bd2688c1d51d8cbddc497a4 |
| SHA256 | 9ef9908521c118d60f2a3bf6e76e7ed878ab43ca58b8e2111f062f9cee22eec4 |
| SHA512 | b49e32f3610f8b3bbd96244465c91f566fd8c5359aa7e7962b92255bbae7ef630e661b3b9875b5635b8b72282f218004677d8577d7ca19b0d288e1c8b4a172b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e07345043a5209942826515b5c5258c |
| SHA1 | 6154ed89386305b4998b825611196cb31c239081 |
| SHA256 | 6581558cf994c798a12113da11478478a3be4a8259754515bf6ef66dc62f8ead |
| SHA512 | 1ba6f7998ccd3061fe0e002c592cc14f1f00a4bccf9fc5ddae2f7e2123a74d148fe141f450f53002550bb12bf046d53b856102f576e453cb89b6a77296c578f3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 18:12
Reported
2024-06-13 18:15
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
144s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\download.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5676 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5556 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5756 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5368 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=1344 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5500 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5416 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4592 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | img.informer.com | udp |
| US | 8.8.8.8:53 | img.informer.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 142.250.200.2:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | img.informer.com | udp |
| US | 8.8.8.8:53 | img.informer.com | udp |
| US | 8.8.8.8:53 | img.informer.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | macdownload.informer.com | udp |
| US | 8.8.8.8:53 | macdownload.informer.com | udp |
| US | 8.8.8.8:53 | img.informer.com | udp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 23.200.189.225:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.179.117.74.in-addr.arpa | udp |
| US | 74.117.179.70:445 | img.informer.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 104.22.17.194:443 | macdownload.informer.com | tcp |
| US | 104.22.17.194:443 | macdownload.informer.com | tcp |
| US | 104.22.17.194:443 | macdownload.informer.com | tcp |
| US | 104.22.17.194:443 | macdownload.informer.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.21:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | hits.informer.com | udp |
| US | 8.8.8.8:53 | hits.informer.com | udp |
| US | 204.155.159.109:443 | hits.informer.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.189.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.159.155.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e60760188d109c28774d64e0faf763f2.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | e60760188d109c28774d64e0faf763f2.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | e60760188d109c28774d64e0faf763f2.safeframe.googlesyndication.com | udp |
| GB | 172.217.169.65:443 | e60760188d109c28774d64e0faf763f2.safeframe.googlesyndication.com | tcp |
| GB | 172.217.169.65:443 | e60760188d109c28774d64e0faf763f2.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | img.informer.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 216.58.201.106:443 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.73.29:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.73.42.20.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.251.17.2.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |