Malware Analysis Report

2024-10-19 08:19

Sample ID 240613-wthlna1gmr
Target download
SHA256 2ca50f1448a180e2b717451281fd349b922a463fdfdfc5d62f7309f92c37531a
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

2ca50f1448a180e2b717451281fd349b922a463fdfdfc5d62f7309f92c37531a

Threat Level: No (potentially) malicious behavior was detected

The file download was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 18:12

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 18:12

Reported

2024-06-13 18:15

Platform

win7-20240611-en

Max time kernel

140s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\download.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000d348d6396450236e4af08dac4b6cd8923e9c1c283963a1c8390195e08421880b000000000e800000000200002000000087f467b93d9a6c2bc5a03f784e8228517ef43236a1dfe2adc578f00cf96b510290000000af5e7ea55a17fc2563e3ff92567c3dc5ac1f50755358b9d10eb2f8594253d5dcbfb06ecbbe0daef198aefbd02dcc30864676be51f9096e6559d8488e5152af3166703a107193d28e17508fe159ff7a9a1c449d2e1e707a5f31109a1f6f3b0efff2cbc024bfc688c70d33b7496a8c22f23d131b19b8f90040f99762c5261692303bfdbb89239ade7893561709343a8b18400000003abb2b0363260a1bf266889702f7554fa9b5cddd0328a71db5f363a0850149756abdafd692e1614c455165421ec72332549aab77f2f0350b0aa4cda4a4ec2ffe C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8E7B2A11-29B0-11EF-A8D3-D2DB9F9EC2A6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000005536a9b8906d9d0fd2ced7076146884a1416783f94adabb5eb0c46ae02e12ba000000000e8000000002000020000000e52ff0aa36669e536c66808e98ce0c37a57ca13d2a3e47abbf27165bc667be9d20000000813e11318532f4aa48b8f4a6ef44f771385e69c9be4e1d3ca707b22d9ee51db240000000df5162defd615833e6d11b322c98881d85fc25ff5b156b438d123739aa27f6c80ef97e1826d888b60e8ee36dfcfb3d85969a5f69f4c6fd55e3deb42bdcd267f5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424464244" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00f71965bdbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\download.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 macdownload.informer.com udp
US 8.8.8.8:53 img.informer.com udp
US 74.117.179.70:443 img.informer.com tcp
US 104.22.16.194:443 macdownload.informer.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.194:443 www.googletagservices.com tcp
US 104.22.16.194:443 macdownload.informer.com tcp
GB 142.250.187.194:443 www.googletagservices.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 104.22.16.194:443 macdownload.informer.com tcp
US 104.22.16.194:443 macdownload.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 hits.informer.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 204.155.159.109:443 hits.informer.com tcp
US 204.155.159.109:443 hits.informer.com tcp
US 8.8.8.8:53 a13af6b8626b8c4ed5a845345b1f8f41.safeframe.googlesyndication.com udp
GB 172.217.169.65:443 a13af6b8626b8c4ed5a845345b1f8f41.safeframe.googlesyndication.com tcp
GB 172.217.169.65:443 a13af6b8626b8c4ed5a845345b1f8f41.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab537F.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f8aa1a291d20db704aff8dcc99c0782f
SHA1 52ce8f8661c98ed78ce5e778da3ee0a6063eee0d
SHA256 67e07cd7b225a0c1e39e6977f6c9605db430dc8bc953f619b8e6576c0bbc7d0e
SHA512 ad9c5756b501c2ab332eed9f82a3d8ab1efa36c1163bf875a249071ebc3ca12866c470396b42510f73a86117d56e074bdb4e82e55d8ce14f7028168a5a350cc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5b6cea3c249dd887dbe74c718953780d
SHA1 e29cbfb91f85e1459c3fe4cf6f180b5da3f91669
SHA256 69277d5ab12b33205ef524d891f6af03b74a9508799d29b1e5ba23b7c72232d1
SHA512 cd5f64d957750e72c1ab9d364207e76a6dc77b91a32adab4a963227abcba6a5303bccb5a4087582bcb848fff506051fdc9830ec2b2ac2242122c7603edcf4802

C:\Users\Admin\AppData\Local\Temp\Tar546C.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1efbc53092dbde59280a7f0b4ccb40e
SHA1 ac4dff223f8c52458b953a762b51500a25ed4bce
SHA256 386be574ba45828946524f1ba443e134ba82dfb3a8fe531d9f26211c1dce94ed
SHA512 720afa2e2f40910191ddd84845c79c371e0860501bb8c0907786529010d0430fd480b0d889435608976d43215c101552973a79281190b5734f8eca9c8c56ef3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F42EE0B26294A18B6FABB48D92D55F87

MD5 9970909d0aba40d65ac5b10b1392712c
SHA1 f8a7220d7ddd6b033f1dca6500af8ec9b7907c82
SHA256 a062f4d9049ce566c85887afec5d73cbb471fca7149a12f32b9f51753ec7acb4
SHA512 51b54795c500450b9a0cfde7742592919edd66272c42919d78d9d93f4e33c87ea2ed973aecb619c4241309cf375988154d4d8207f10b4b6134ed388931713e31

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\f[2].txt

MD5 cac580c733b97073494b84501f8b53be
SHA1 c7ec514d04d6d93c98de2047ed8ea8b36ef4a37f
SHA256 3567d3f1e303ae3d52dd5283548308e35e7330ce7e8c6db71329f4b7e4af91f0
SHA512 00968245534a00e8f341103011218dc1ffb875705f8ae10251c31b43afe89f0424b349c6f79bb9d919ee63c6ce220b5e564ed827132acfa2a916d0a87671f1d7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\f[2].txt

MD5 543f1ba5d21d72cfd5af1b7f3f5a7dea
SHA1 819aa419ec1d9ac0e6a75345ae8e501476abfe65
SHA256 e680f15ef156077429b715ace513107f66461727a57814c75b32246ed87e6f07
SHA512 6e0fb83899e7cd129c677115eb17945418572d7c357b848870b791d131451374833e39eb0086a498dea4d915133104a140de8dfd83b8177aacb27fa6ff005125

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\f[3].txt

MD5 98408a561a774e2414e19971eec1f993
SHA1 f51216ceb3dc42de1416511664a7ab3bf7ef6b55
SHA256 bc7ef6c5abc6ad9f53e4b766c83bd5f57fce9d43db9cca546b1187e4a0583ef1
SHA512 a81646843f0d44a52db9e04debcd5262d8892827aa0608fa3a9284f3963e9177cbf3ae99538c28692dcfa78ed6240ace96486e9e6eab6562a6b8d9e1b545f844

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88ca2c780e3201d7427c8cc7cf47b91c
SHA1 97e908a98fc027b307f4c8de5a0b61dae8ceddc7
SHA256 7dc3844ca808c2c9436ed27becdbf3bb11079c0da43b3e6c46172fda30ac88f9
SHA512 d12099a9fd94299eed34659802fe3e7767c9d5d81d92de436e275e3fb5750e3fccf09a13c7706462a21ba223bddb7ee12dff3e4eb0a863f2e09345fe1b2d1659

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a8a08306416b846b9a55bab2baec6bb
SHA1 2003fd403df853475da6c8d6b88fa0eba2eb5174
SHA256 9920d941e6432ef7a58d244e5b5e9cab2d8e3e8bc255c74b134705d51055ea0a
SHA512 4c4cd9293da2519ce3ac1a643806515b0aa08d3056839505365abb9dd757759354b47cb0783e226e07ce40fb932957b21301995907b73d6e5db6602b4674bad4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48b5b51e4610b1e6f88a97aca9eb7eb0
SHA1 6991399341cc75ce9182f8f83d38c83cbbbd37fe
SHA256 ea07a9b5abbac070cecb05b5e5c62844835144cf7b3a767ba37a63afff0cc871
SHA512 2377e108de365e3d12ae1455617244fb6d085023271db2809805a3d409bd53216d202244090dfd23e677963f49983add122be415c2fc22b7836cdf76f52f825e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d04c650e4c651c73d2321f8bf20b82a2
SHA1 fc32c2dde65f584d3627c9046dc12c74b95b0ae7
SHA256 227315056ac3f30b74346264626ef5ad1580bdbed28801057c7faeac1cb91891
SHA512 7a473cf949f0648a8b1d83e21a6dfe2c01808d1decf009fe63bfb66ec5593e818fae89419202b3d93a80959585fc0b2fc88793bc1652bd2f166d9e434aef66ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42053b9c6f592f35496d60f34943b1eb
SHA1 11ac71a822717027f035cb3445dea35a463d82d3
SHA256 f9abe8e5068f1a3cdf1788595cac2deafa0c7ff8c0dd3a31c5490614a49cc063
SHA512 6246d06a627ba7bdbb74326e6147f0f80e2970061aa9ddcc954545408be0fe6abc1e9c87378b798e3cc27d60688befeabfe185e1b13ef6790a79fee7e042f9ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98413f6520dfbab51a5627cc40d00278
SHA1 56ea7a33bdc306f201ef5fdf7e423ba57ac98d7d
SHA256 c4a69cd3a1186475c106344a4c0e2d70eae4c259e92c7e675731fac3382e5241
SHA512 a258931d41fd4b32bcd1e52f676f16bd2d20c910a9c86c431addd17ff6caeb51743380c535b9d334c1f3524f17e9f4bdd373e00a34021410b29d0168e7ba7ade

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f484ea54a281d57bc4f07adfab30fc2a
SHA1 615cb9b6bd5bf5cf83c7a45fd3fd5bc1d8ee631f
SHA256 a7faf9b670d1fe8c1a58f4aa237259d86b11ebeb5a88d90b3942dceb6fa941d9
SHA512 42b20f8170bcbfcb212057b58df2276610ea6931aab580bbac0ce299aeb639aa99c2bc602b77ad3147a74a94340ab2d40e19cd82cccac36219563a9054aefec8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb53d083347ec044fb5d99976a90906d
SHA1 cd3d7880a3dabac527412279b55e90cd5bc403c9
SHA256 660d6a3e2e5af7fc5ddd96fc85362d331afb1f542115f2b0fee21f9a1fb82d5b
SHA512 c054d594dd136a5661af76b58be835ac4b48c378e54965ada168ed17da6599888e5a812ae69d11e0d6d431f184397dfb8c53c8354e27281fa75e14bd6f689c3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e708f3b75b5ae5f245b8bf392a0a57f3
SHA1 9cb4e0fdeb3c33a0e6c3b835ac5008b452910fa1
SHA256 4f6699307efdc095761d4a71c708a94d5bccb6c28ec6e2c7d61372f94e443f2d
SHA512 ffb7882e778b3f72407ec79bd1565c156411744390e712ff7df791959e3b74abfa97c80e18b46a00d7c9a0b32ab383e3f2b955ed681723285375e94fa53fac0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d29b238e7447125c01510c8a4c8e6f4a
SHA1 748cada4251e5c9dfaf2868ddacf2d51dae6aa51
SHA256 e6d050b3590d5feb2dd8e1c27c92f79200905625e633856c4fce3e82cd431aa0
SHA512 ce5fbf378afa8839dcd668ebfb689fc8d0ab165e0f1ee0bf7ec3d3db169be3f4f6b507cb320cb5efd0ccfa550fe94bd72926024390eae77df7e4bb6cb4bb6769

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7dccb41fb2854b78a3a36f864c5d1d67
SHA1 eba68816b140ef7ea34825cec97e5ed558bf6c1f
SHA256 7f4c1ffe7b16d0ed318ed6845f59f6343309e5519f0509338be5bd711f2a4a29
SHA512 72f8cd98a0e74d275538f772a3e52f158c54aa6e2b4bdff4daaf03be51c01fbf465d845d63c225d87623ac3581e36a9543cb8b5aa89bcd802aad324ccf7278b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ad0f7994506c455ea4f8b741eb5216c
SHA1 085d4c1f204d4d941ded9d0678e2efd2dd9e0704
SHA256 16158fcc6b56373a5747cc43435fc00e457ba6ef0b8c3d00cbf15c8f60d733a1
SHA512 07a62a3735011960cb3ae578ca5562310cc99b48072f69a8c9cc7edf92b8b4bc4befca1768f1f406df4f0546bd0a6c60f0fa227dfe453f0e8a6efacb753687f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e2580d39e940c38359577f636e40e8d
SHA1 3cffde0fde841c8bae2d0328a82e197b5efb0fee
SHA256 32018f141246df0c6156378def3a1f24d77dda5baf944f0e222de2284d0ddc41
SHA512 f67084b04978f08a0907c0e97f4f45aeeb24e574f2cc3824c3065da9245a4af107cf56907243900e26433a1601c6428ed1ea648fe55531b160c410d2c99df6d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03cc6f8da520eb652430133ac6f0caa9
SHA1 f2ccf1c401ee46296d08ad0887db689798862af8
SHA256 ae116d3526e04e9ea0a3bb50008303ea1f2723a6ca37a419a676582143ac23bd
SHA512 1ef722ce09d4e0b7ac727a5b65d0d8d298ce55783f909b0a5ab6441183a54e5350430b4cc4570e4217d37c761c69b86d84786d8332b68d823601953f8d18b10a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4316417c96d1c96449b5711d77206306
SHA1 0d13a591c2aab0ea706c7b78f5653e27581f2fa4
SHA256 98005cd38755eefbd81812de074ad59b014341bc4c58680838c677ecdf1818b1
SHA512 a4e8147d8eb1171039cb5ce6b0b90b10f9a1371e045085a4298036034d0ff5f72ad885f0cdeb6ce9f5ec50483ee75e447ce20df0e61a17b6838dff1044d1fb2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31c00cffddfd487d297dee11d60b1fa4
SHA1 6c975ca906952a25c69cfff133b6b297d26723d3
SHA256 10852bcdc5e42e1ad7f2f605634ff961ebf1d28e7ab4d03a83711d9d8ac02d44
SHA512 81e5d57c37eb443574487d642878640313e69eb7589052b82cdb97fe309cd3c45b25756dddd8910ada7517890df27793abfa6d2359db1c01d98a8ad8d7a8219d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ccbf901e66a06921fd0288138267003
SHA1 ab5f55e636dfe75f486d8e6399fa76d69130c873
SHA256 e6a9cfe6c24c2673f37bbfc5a70a0c42d4744b58992af1d295ef2c0af6f38ded
SHA512 e45da0da2144493726b18fd1d4067dcefa96ca96890b4e292859458384d44d68a167151d2f49862b4746982484d35d5b0b24fa7929e293630d2defc7a2e41f33

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1d6f5dce6656614d2fcd54c1c4843ef
SHA1 399a27051e7a31746bd2688c1d51d8cbddc497a4
SHA256 9ef9908521c118d60f2a3bf6e76e7ed878ab43ca58b8e2111f062f9cee22eec4
SHA512 b49e32f3610f8b3bbd96244465c91f566fd8c5359aa7e7962b92255bbae7ef630e661b3b9875b5635b8b72282f218004677d8577d7ca19b0d288e1c8b4a172b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e07345043a5209942826515b5c5258c
SHA1 6154ed89386305b4998b825611196cb31c239081
SHA256 6581558cf994c798a12113da11478478a3be4a8259754515bf6ef66dc62f8ead
SHA512 1ba6f7998ccd3061fe0e002c592cc14f1f00a4bccf9fc5ddae2f7e2123a74d148fe141f450f53002550bb12bf046d53b856102f576e453cb89b6a77296c578f3

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 18:12

Reported

2024-06-13 18:15

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\download.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\download.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5676 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5556 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5756 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5368 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=1344 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5500 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5416 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4592 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 img.informer.com udp
US 8.8.8.8:53 img.informer.com udp
US 13.107.6.158:443 business.bing.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 142.250.200.2:443 www.googletagservices.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 img.informer.com udp
US 8.8.8.8:53 img.informer.com udp
US 8.8.8.8:53 img.informer.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 macdownload.informer.com udp
US 8.8.8.8:53 macdownload.informer.com udp
US 8.8.8.8:53 img.informer.com udp
US 74.117.179.70:443 img.informer.com tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 23.200.189.225:443 www.microsoft.com tcp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 70.179.117.74.in-addr.arpa udp
US 74.117.179.70:445 img.informer.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 104.22.17.194:443 macdownload.informer.com tcp
US 104.22.17.194:443 macdownload.informer.com tcp
US 104.22.17.194:443 macdownload.informer.com tcp
US 104.22.17.194:443 macdownload.informer.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.21:443 bzib.nelreports.net tcp
US 8.8.8.8:53 hits.informer.com udp
US 8.8.8.8:53 hits.informer.com udp
US 204.155.159.109:443 hits.informer.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.17.22.104.in-addr.arpa udp
US 8.8.8.8:53 225.189.200.23.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 109.159.155.204.in-addr.arpa udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 www.microsoft.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 e60760188d109c28774d64e0faf763f2.safeframe.googlesyndication.com udp
US 8.8.8.8:53 e60760188d109c28774d64e0faf763f2.safeframe.googlesyndication.com udp
US 8.8.8.8:53 e60760188d109c28774d64e0faf763f2.safeframe.googlesyndication.com udp
GB 172.217.169.65:443 e60760188d109c28774d64e0faf763f2.safeframe.googlesyndication.com tcp
GB 172.217.169.65:443 e60760188d109c28774d64e0faf763f2.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 img.informer.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 203.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 216.58.201.106:443 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.73.29:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 32.251.17.2.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp

Files

N/A