Malware Analysis Report

2024-10-19 08:19

Sample ID 240613-wwm9xs1gqk
Target xzda4nwjutljmmepxvm5argfszgpualzaszbkmvfysnfrvxheu2tkuldhagplmwrlvvhbdkwzvxhom05ytm5svmezaetka3riyurswvrgwlfablpry1v4evlqzdnhmdfku0vku2viqm1umnh5tjfktmvirm9ur2hqszfwvu1wahhrm0pty0hwngrrslzarws5tfmwelvhsxzjvmrvyurjdmvtnxnamjftympksu1esjnqvda9ls1my2fkotuwyzgyzjhjmda0zwewzgyyntmzytgwndqxnzhmmtm2njhk
SHA256 f9bc5da3c4631e68b0d9d3e873e466b0781678b9d82bfd9a252737eb27f55ec9
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

f9bc5da3c4631e68b0d9d3e873e466b0781678b9d82bfd9a252737eb27f55ec9

Threat Level: No (potentially) malicious behavior was detected

The file xzda4nwjutljmmepxvm5argfszgpualzaszbkmvfysnfrvxheu2tkuldhagplmwrlvvhbdkwzvxhom05ytm5svmezaetka3riyurswvrgwlfablpry1v4evlqzdnhmdfku0vku2viqm1umnh5tjfktmvirm9ur2hqszfwvu1wahhrm0pty0hwngrrslzarws5tfmwelvhsxzjvmrvyurjdmvtnxnamjftympksu1esjnqvda9ls1my2fkotuwyzgyzjhjmda0zwewzgyyntmzytgwndqxnzhmmtm2njhk was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 18:16

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 18:16

Reported

2024-06-13 18:19

Platform

win7-20240221-en

Max time kernel

121s

Max time network

132s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\xzda4nwjutljmmepxvm5argfszgpualzaszbkmvfysnfrvxheu2tkuldhagplmwrlvvhbdkwzvxhom05ytm5svmezaetka3riyur.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ecd005c24b108041851dd057f2ff9e070000000002000000000010660000000100002000000065abe47b184050d0439134b65dca530d013e009d85af48578ee75b7f724213af000000000e80000000020000200000007f50f91d9cb8dbc17fa9172ed60df1b2a4578f60f13d18af21a5a3975ef1b32b20000000312ed1350c107ece8b96e0e1d333e1e93e404435629786a085a1c4bb92ad7ab040000000aabbc32ca398ec9a04d5d99b98d37a4866c843d61cef9e17ba3cf716221ef237fbad3b1d17423383447f2ef711e03c8c896c882fe44cb90ae5db938260f2bb97 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ecd005c24b108041851dd057f2ff9e0700000000020000000000106600000001000020000000530b49cc62ee6e9cab51018ff29a46c9b6c42ea5cc1a65deee2981f5c2078a48000000000e80000000020000200000009f0ea6348d7c8c4cbaef9a828320449996916a2e7ce7f93d0f050e890268897c90000000743068c026510815a6df0667b69a37c99f838351ae22f7b3fd5a56e811d8754d2d04d76bd1a7e29d9f4a23363613ef34240630a8928cf6b41e44f1c819c0e33729bfa14a168bd74b36ee229c374c060c866672002f1206b4fea3e03aae0db1596acbb937cadfa8f5a8ae67a20981e54b8dcf7b40a5640985a9ca711037e3bb8c2fc7cf04af794d5ad74bd4a0dfa739f940000000ae755ac2de1a06ee3acf285eda650c2e1077fc43f170df7d3c0dac03ec04f5af1f05520c67111aeab7d2538be29e5f936937c2a9a8319fb5fc0067db57c50dec C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90b6f9e4bdbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424464485" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0D733921-29B1-11EF-A34E-5E73522EB9B5} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\xzda4nwjutljmmepxvm5argfszgpualzaszbkmvfysnfrvxheu2tkuldhagplmwrlvvhbdkwzvxhom05ytm5svmezaetka3riyur.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab5ADD.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9e594752b76e5c8da1f9b70df48e2bb
SHA1 66e7a2ffa9bd252b6cf29a47266f2fb293b8573c
SHA256 51b97a2b20c4bdda64580e63fe64bd6f1653b701e4ae7298009ff5f8363d9cd7
SHA512 6bdc0f2cfa292ef09f9ba75e306e66cd74d252360ae8bc6be1219bdbd52747fbd5cbf8812ed335dfec6c47876f2fc07b91e6057781e3050a188051f7be4ecdef

C:\Users\Admin\AppData\Local\Temp\Tar5AE0.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9e153a8b9ee629f4c724284467ed874
SHA1 f2356e54deb2f08be700ebed2bac8c65684373a1
SHA256 7a21fd0bcc6b9df00bb1bb1f113f6e8db706698af93b90b6c611f4d1ff3548db
SHA512 b9c8166360f88d5a6b52cc12314594b1e9be81440aaccb953022a4be2be81ba462a6a203e2e60600755f111aae5ecfa3bdfb96e284a4caed20f34dd4dfada2b7

C:\Users\Admin\AppData\Local\Temp\Tar6820.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a4d84df1e659b585d416cb85a4768b8
SHA1 8e1c3349110e891b45b458a4952e8779a9d9db9a
SHA256 c9f92499f7ce93e08fe4357d4a70a2430b4831ea7296169e5b4ce5d2cf8bf344
SHA512 47cf0a873268e79f2e470c3ee1395709f31f66a4c8f714fa089dc808d75d5fcc7bd49178433194bb19757a3ffb36774d8ec0dd3efaea928b41bead935820ba5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a44e1e09a2b2270dd3f73cfc3c6869af
SHA1 317bab55bb64238fb87c8e031ac0ca72b8017aec
SHA256 fe0c4192fe050657b13acdf424a34e5fe3cf04f7bb36503549d836d2dc8d1d3d
SHA512 9312efbb9858220e71fb3713ae34ed15afa083155097e51b1ffd3b5cd3379901eef1c36d19c32b298560e4cadc4a8a2ecea0e80c03cdb85108ecfef4d05f6fa9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 898b48215a867c9af2e9a18b8f5d85a8
SHA1 a82588f9e55a8e01cf399eeec1b56cbeb6061b18
SHA256 9718a4c734ea8ecdde197344cc3001869ddf4827b1dd9cbe3fb1a890b1d846b1
SHA512 9001e599142823c34642aaa1c8ac3ea74c15d491bc39019167596f599c07657edf78f8018a6371ffbc51c2fa79dda982d05eab8bd3d304fb7f130224d784e88c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86ca1e4a1535d9445ef6fd2482e89f43
SHA1 149150359e020ab9808dbae7164b0ea9a7baa336
SHA256 80687d859ac800a9ddd29a4c4852ac6eee878fac0eec16b19683b0c9c0a22cb4
SHA512 d95c88e265ae36c9345a2f56f478eac37a997c9ac92f9d601e23629128d30e891b0d74d58547cbe20d17a1fa74689da13206d9b50c89aae6f4f921a42bb78472

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 882a136c10a994d8a8739afcd7556b23
SHA1 51c487a07674b2efcf81b03d9683cebaef2d91b7
SHA256 c86b19c68c92577a8b9e91ddaa1c34849498b7b81c662e57baa46df327064617
SHA512 c3b4282266a65cef2067231a818496b5d64bcf39a2326c30de44b38a66b55b917da19660d96b2ea4f77ddbde119cbdc50ee3b6c72eecec53079519b229a140e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 866aa500029aa11b84cd10318ccfe3a2
SHA1 bedf4aa53a6a53aadcf75821db11d52b613033c6
SHA256 468ecfbec7757cd1dc82391d3afe7f05f76a66da293434d9dcd9caad67b6be2a
SHA512 0bddf67b33cbbf219627426d52adb6338874dece8b598783494947d8b82917d16be5d1960960a44280d843e3e5702269dc59982050b1e3b5e3ffeacbcca9aebe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7996312bb6c477755698c2d6939565e
SHA1 d134f23ae4fc7872c780e1a6fc53969e883f3bf3
SHA256 d640b9762d3c924f5bb37c570cb614e4d8cafcdfb237e857871f117a69fdeeff
SHA512 520c9e2e0bcd7cda1fe8ba72f4c560e79c79092f6de23d5ef7b27b967e3aa2f3b019477fde96898eff2a7118427c8d941e8bff02a0d911c1446faefe589f6804

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 686586502da48c4f301cfa8f42970327
SHA1 7c0f2ae46c98b07a73839e9d23403aade3e46871
SHA256 ee6c5688576bf6ce1fc81d234535adbb12aa1b98d823e61d570e7c1de6d62959
SHA512 991c49cdfbfd448c62c242c9de7960edf8c3cdb20927da818c8c4bba84b9b75c653dc8596968ee776678e5ef72e938dd4668da6eb0542111624df5f49309367d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7411a0649c74dfd6d252c930dc551f6a
SHA1 d67a5fb666baf13989221e53b3e3bf52df36d9d3
SHA256 114a6fb8bacab848e7a5aaae50d6774f276621cf69150e367de7be244ce53fc5
SHA512 119ce1041e32b6412e0084d23f5d95973ea94df80cc140c13f759e9345251bd23ffd744076113c09c0639add2baf951b329df81d5aa9f5893e40104cf48daa11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8edd4b634c61af3e1a639eefeb3a99f5
SHA1 c54154783101db5f96bcbe4022e9f3dd8007fe4b
SHA256 d05b067ba7d27376627d8e6ccefabf578a7a689f4fd789b5a4cc47b04dc8cc7b
SHA512 225f399251f301d5b7249f3acfdada405003fba8747ddf6947e56fb360205ba713d6e7a85a789189ca02553d64f51b4b504a62d89c2525d794f22a58c4786a6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 c403f3ddc11b92ad7ae16ffee6d0cd8f
SHA1 c3a52c94f59a8fb5a8484aebedd8e0b8418745f1
SHA256 5112fbe5327ea5289ff5103a4c88d08dbd9b48837e7b445cc34bce6a17cd2225
SHA512 73906d3eaaeabcaf784765451db42d2ee8e49a5fad26a1c015a28a541140a74dfe637fca477d04af3516e3c60142ea202c79c53eeb35703a940cef7be33c6e29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1b331135b0ff9a43285f0d9859e724f
SHA1 1783a85d10fad515e4bc3de3e44ebbee695acb8b
SHA256 a4ab1175b07a1758131f7ce1e27aee3f7de1218998b5bf53df8f3f53102c81a4
SHA512 9ceae7d27cb4026234fe7df815e06105cca04bd4c5c15f0848463592293b64eaa2bc78847ae4d36cb601062222b07294f5446d7765d2a3787c92bfa0e8878eab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d21559bed473e187153900e5c1ea20d4
SHA1 a22884a52a07ff3e1bbe6b8aa9697807c8c46e97
SHA256 ee9b33d416b5e5676a2502d9057aa4575b51a07e1e9dd7ccbcba2ef7fcf59c4f
SHA512 b66e5c90d3a3ab1bb7865972bb195adb0138f46aaac324a4b5bf37793db9c0ba97a0c9c048055c92f9efa0b484b237a409cc8fd5ea70f2a934d0ee0f0f84242e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9440448c6c2a9fdd9c34a7e77cde38c
SHA1 11d5bebdb7149898c3673e560df236f05ca7663f
SHA256 86f0be9fc1876f4106e9b1ad5e0e4ccc21df52536859e04c273b99618ddbda41
SHA512 1b70c309f7e7b1daf2be6bbdbc44578b055f41ad8846c35b42e9503804b8dad12acb6761d47df3dbe05acf0bf3c3c66339d13357e1bd67104614b886ce249609

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1614f4be24e60c58255546157c735fb
SHA1 1257ad13fd501e5d1aabd52bc1d84dca9be1d7d5
SHA256 52aca40627aa1db56489c5befaba669cd74e971d08125f0260cb2db92c2bc823
SHA512 a7a06c9b81f40faf0411060ac8042e9db61444392403aace60b2a40884580b199ea58885080f82fc11399aa1ec9fa257b126b53fad8ae32139cda1875ae0e042

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33733f449b98dc59907bef3c1405758e
SHA1 d9db58617471ca6d6664241768197b6ccb3e8754
SHA256 da683fd4cc3b2ec7e82262a85738e1db263ed42ef49f1d5eaf457bcb67c3faf1
SHA512 7da8420b27f587d0ce86019a83353d63793db605bc4ea09aba9d7f401d0a64f31bbef5f44a8585f0e2a0e52b7b47b7dfa8a65634676da868c61487195ed1c673

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 17e51cbcdd72941eae2ec3c63c8bfe76
SHA1 62c4f4c3af77feebca67e76259aef0617f98ade3
SHA256 394e9218a8f2a8742224c44f7e27e81d37fd9d0cecd83cf95fb5124e41041f6e
SHA512 069b591f52e9c9c85b32457053ba3b1aa188646eebec111dc93de0d740059f0a230a829baeea2a3ff755c998e77e0e1918dde76bda659452bd55554d229e549c

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 18:16

Reported

2024-06-13 18:19

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\xzda4nwjutljmmepxvm5argfszgpualzaszbkmvfysnfrvxheu2tkuldhagplmwrlvvhbdkwzvxhom05ytm5svmezaetka3riyur.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\xzda4nwjutljmmepxvm5argfszgpualzaszbkmvfysnfrvxheu2tkuldhagplmwrlvvhbdkwzvxhom05ytm5svmezaetka3riyur.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4132,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=1304,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5244,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5300,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5428,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5808,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=3780,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A