Analysis Overview
SHA256
f9bc5da3c4631e68b0d9d3e873e466b0781678b9d82bfd9a252737eb27f55ec9
Threat Level: No (potentially) malicious behavior was detected
The file xzda4nwjutljmmepxvm5argfszgpualzaszbkmvfysnfrvxheu2tkuldhagplmwrlvvhbdkwzvxhom05ytm5svmezaetka3riyurswvrgwlfablpry1v4evlqzdnhmdfku0vku2viqm1umnh5tjfktmvirm9ur2hqszfwvu1wahhrm0pty0hwngrrslzarws5tfmwelvhsxzjvmrvyurjdmvtnxnamjftympksu1esjnqvda9ls1my2fkotuwyzgyzjhjmda0zwewzgyyntmzytgwndqxnzhmmtm2njhk was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 18:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 18:16
Reported
2024-06-13 18:19
Platform
win7-20240221-en
Max time kernel
121s
Max time network
132s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ecd005c24b108041851dd057f2ff9e070000000002000000000010660000000100002000000065abe47b184050d0439134b65dca530d013e009d85af48578ee75b7f724213af000000000e80000000020000200000007f50f91d9cb8dbc17fa9172ed60df1b2a4578f60f13d18af21a5a3975ef1b32b20000000312ed1350c107ece8b96e0e1d333e1e93e404435629786a085a1c4bb92ad7ab040000000aabbc32ca398ec9a04d5d99b98d37a4866c843d61cef9e17ba3cf716221ef237fbad3b1d17423383447f2ef711e03c8c896c882fe44cb90ae5db938260f2bb97 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ecd005c24b108041851dd057f2ff9e0700000000020000000000106600000001000020000000530b49cc62ee6e9cab51018ff29a46c9b6c42ea5cc1a65deee2981f5c2078a48000000000e80000000020000200000009f0ea6348d7c8c4cbaef9a828320449996916a2e7ce7f93d0f050e890268897c90000000743068c026510815a6df0667b69a37c99f838351ae22f7b3fd5a56e811d8754d2d04d76bd1a7e29d9f4a23363613ef34240630a8928cf6b41e44f1c819c0e33729bfa14a168bd74b36ee229c374c060c866672002f1206b4fea3e03aae0db1596acbb937cadfa8f5a8ae67a20981e54b8dcf7b40a5640985a9ca711037e3bb8c2fc7cf04af794d5ad74bd4a0dfa739f940000000ae755ac2de1a06ee3acf285eda650c2e1077fc43f170df7d3c0dac03ec04f5af1f05520c67111aeab7d2538be29e5f936937c2a9a8319fb5fc0067db57c50dec | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90b6f9e4bdbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424464485" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0D733921-29B1-11EF-A34E-5E73522EB9B5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2012 wrote to memory of 2200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2012 wrote to memory of 2200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2012 wrote to memory of 2200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2012 wrote to memory of 2200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\xzda4nwjutljmmepxvm5argfszgpualzaszbkmvfysnfrvxheu2tkuldhagplmwrlvvhbdkwzvxhom05ytm5svmezaetka3riyur.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5ADD.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9e594752b76e5c8da1f9b70df48e2bb |
| SHA1 | 66e7a2ffa9bd252b6cf29a47266f2fb293b8573c |
| SHA256 | 51b97a2b20c4bdda64580e63fe64bd6f1653b701e4ae7298009ff5f8363d9cd7 |
| SHA512 | 6bdc0f2cfa292ef09f9ba75e306e66cd74d252360ae8bc6be1219bdbd52747fbd5cbf8812ed335dfec6c47876f2fc07b91e6057781e3050a188051f7be4ecdef |
C:\Users\Admin\AppData\Local\Temp\Tar5AE0.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9e153a8b9ee629f4c724284467ed874 |
| SHA1 | f2356e54deb2f08be700ebed2bac8c65684373a1 |
| SHA256 | 7a21fd0bcc6b9df00bb1bb1f113f6e8db706698af93b90b6c611f4d1ff3548db |
| SHA512 | b9c8166360f88d5a6b52cc12314594b1e9be81440aaccb953022a4be2be81ba462a6a203e2e60600755f111aae5ecfa3bdfb96e284a4caed20f34dd4dfada2b7 |
C:\Users\Admin\AppData\Local\Temp\Tar6820.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a4d84df1e659b585d416cb85a4768b8 |
| SHA1 | 8e1c3349110e891b45b458a4952e8779a9d9db9a |
| SHA256 | c9f92499f7ce93e08fe4357d4a70a2430b4831ea7296169e5b4ce5d2cf8bf344 |
| SHA512 | 47cf0a873268e79f2e470c3ee1395709f31f66a4c8f714fa089dc808d75d5fcc7bd49178433194bb19757a3ffb36774d8ec0dd3efaea928b41bead935820ba5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a44e1e09a2b2270dd3f73cfc3c6869af |
| SHA1 | 317bab55bb64238fb87c8e031ac0ca72b8017aec |
| SHA256 | fe0c4192fe050657b13acdf424a34e5fe3cf04f7bb36503549d836d2dc8d1d3d |
| SHA512 | 9312efbb9858220e71fb3713ae34ed15afa083155097e51b1ffd3b5cd3379901eef1c36d19c32b298560e4cadc4a8a2ecea0e80c03cdb85108ecfef4d05f6fa9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 898b48215a867c9af2e9a18b8f5d85a8 |
| SHA1 | a82588f9e55a8e01cf399eeec1b56cbeb6061b18 |
| SHA256 | 9718a4c734ea8ecdde197344cc3001869ddf4827b1dd9cbe3fb1a890b1d846b1 |
| SHA512 | 9001e599142823c34642aaa1c8ac3ea74c15d491bc39019167596f599c07657edf78f8018a6371ffbc51c2fa79dda982d05eab8bd3d304fb7f130224d784e88c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86ca1e4a1535d9445ef6fd2482e89f43 |
| SHA1 | 149150359e020ab9808dbae7164b0ea9a7baa336 |
| SHA256 | 80687d859ac800a9ddd29a4c4852ac6eee878fac0eec16b19683b0c9c0a22cb4 |
| SHA512 | d95c88e265ae36c9345a2f56f478eac37a997c9ac92f9d601e23629128d30e891b0d74d58547cbe20d17a1fa74689da13206d9b50c89aae6f4f921a42bb78472 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 882a136c10a994d8a8739afcd7556b23 |
| SHA1 | 51c487a07674b2efcf81b03d9683cebaef2d91b7 |
| SHA256 | c86b19c68c92577a8b9e91ddaa1c34849498b7b81c662e57baa46df327064617 |
| SHA512 | c3b4282266a65cef2067231a818496b5d64bcf39a2326c30de44b38a66b55b917da19660d96b2ea4f77ddbde119cbdc50ee3b6c72eecec53079519b229a140e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 866aa500029aa11b84cd10318ccfe3a2 |
| SHA1 | bedf4aa53a6a53aadcf75821db11d52b613033c6 |
| SHA256 | 468ecfbec7757cd1dc82391d3afe7f05f76a66da293434d9dcd9caad67b6be2a |
| SHA512 | 0bddf67b33cbbf219627426d52adb6338874dece8b598783494947d8b82917d16be5d1960960a44280d843e3e5702269dc59982050b1e3b5e3ffeacbcca9aebe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7996312bb6c477755698c2d6939565e |
| SHA1 | d134f23ae4fc7872c780e1a6fc53969e883f3bf3 |
| SHA256 | d640b9762d3c924f5bb37c570cb614e4d8cafcdfb237e857871f117a69fdeeff |
| SHA512 | 520c9e2e0bcd7cda1fe8ba72f4c560e79c79092f6de23d5ef7b27b967e3aa2f3b019477fde96898eff2a7118427c8d941e8bff02a0d911c1446faefe589f6804 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 686586502da48c4f301cfa8f42970327 |
| SHA1 | 7c0f2ae46c98b07a73839e9d23403aade3e46871 |
| SHA256 | ee6c5688576bf6ce1fc81d234535adbb12aa1b98d823e61d570e7c1de6d62959 |
| SHA512 | 991c49cdfbfd448c62c242c9de7960edf8c3cdb20927da818c8c4bba84b9b75c653dc8596968ee776678e5ef72e938dd4668da6eb0542111624df5f49309367d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7411a0649c74dfd6d252c930dc551f6a |
| SHA1 | d67a5fb666baf13989221e53b3e3bf52df36d9d3 |
| SHA256 | 114a6fb8bacab848e7a5aaae50d6774f276621cf69150e367de7be244ce53fc5 |
| SHA512 | 119ce1041e32b6412e0084d23f5d95973ea94df80cc140c13f759e9345251bd23ffd744076113c09c0639add2baf951b329df81d5aa9f5893e40104cf48daa11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8edd4b634c61af3e1a639eefeb3a99f5 |
| SHA1 | c54154783101db5f96bcbe4022e9f3dd8007fe4b |
| SHA256 | d05b067ba7d27376627d8e6ccefabf578a7a689f4fd789b5a4cc47b04dc8cc7b |
| SHA512 | 225f399251f301d5b7249f3acfdada405003fba8747ddf6947e56fb360205ba713d6e7a85a789189ca02553d64f51b4b504a62d89c2525d794f22a58c4786a6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | c403f3ddc11b92ad7ae16ffee6d0cd8f |
| SHA1 | c3a52c94f59a8fb5a8484aebedd8e0b8418745f1 |
| SHA256 | 5112fbe5327ea5289ff5103a4c88d08dbd9b48837e7b445cc34bce6a17cd2225 |
| SHA512 | 73906d3eaaeabcaf784765451db42d2ee8e49a5fad26a1c015a28a541140a74dfe637fca477d04af3516e3c60142ea202c79c53eeb35703a940cef7be33c6e29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1b331135b0ff9a43285f0d9859e724f |
| SHA1 | 1783a85d10fad515e4bc3de3e44ebbee695acb8b |
| SHA256 | a4ab1175b07a1758131f7ce1e27aee3f7de1218998b5bf53df8f3f53102c81a4 |
| SHA512 | 9ceae7d27cb4026234fe7df815e06105cca04bd4c5c15f0848463592293b64eaa2bc78847ae4d36cb601062222b07294f5446d7765d2a3787c92bfa0e8878eab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d21559bed473e187153900e5c1ea20d4 |
| SHA1 | a22884a52a07ff3e1bbe6b8aa9697807c8c46e97 |
| SHA256 | ee9b33d416b5e5676a2502d9057aa4575b51a07e1e9dd7ccbcba2ef7fcf59c4f |
| SHA512 | b66e5c90d3a3ab1bb7865972bb195adb0138f46aaac324a4b5bf37793db9c0ba97a0c9c048055c92f9efa0b484b237a409cc8fd5ea70f2a934d0ee0f0f84242e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9440448c6c2a9fdd9c34a7e77cde38c |
| SHA1 | 11d5bebdb7149898c3673e560df236f05ca7663f |
| SHA256 | 86f0be9fc1876f4106e9b1ad5e0e4ccc21df52536859e04c273b99618ddbda41 |
| SHA512 | 1b70c309f7e7b1daf2be6bbdbc44578b055f41ad8846c35b42e9503804b8dad12acb6761d47df3dbe05acf0bf3c3c66339d13357e1bd67104614b886ce249609 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1614f4be24e60c58255546157c735fb |
| SHA1 | 1257ad13fd501e5d1aabd52bc1d84dca9be1d7d5 |
| SHA256 | 52aca40627aa1db56489c5befaba669cd74e971d08125f0260cb2db92c2bc823 |
| SHA512 | a7a06c9b81f40faf0411060ac8042e9db61444392403aace60b2a40884580b199ea58885080f82fc11399aa1ec9fa257b126b53fad8ae32139cda1875ae0e042 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33733f449b98dc59907bef3c1405758e |
| SHA1 | d9db58617471ca6d6664241768197b6ccb3e8754 |
| SHA256 | da683fd4cc3b2ec7e82262a85738e1db263ed42ef49f1d5eaf457bcb67c3faf1 |
| SHA512 | 7da8420b27f587d0ce86019a83353d63793db605bc4ea09aba9d7f401d0a64f31bbef5f44a8585f0e2a0e52b7b47b7dfa8a65634676da868c61487195ed1c673 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 17e51cbcdd72941eae2ec3c63c8bfe76 |
| SHA1 | 62c4f4c3af77feebca67e76259aef0617f98ade3 |
| SHA256 | 394e9218a8f2a8742224c44f7e27e81d37fd9d0cecd83cf95fb5124e41041f6e |
| SHA512 | 069b591f52e9c9c85b32457053ba3b1aa188646eebec111dc93de0d740059f0a230a829baeea2a3ff755c998e77e0e1918dde76bda659452bd55554d229e549c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 18:16
Reported
2024-06-13 18:19
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
143s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\xzda4nwjutljmmepxvm5argfszgpualzaszbkmvfysnfrvxheu2tkuldhagplmwrlvvhbdkwzvxhom05ytm5svmezaetka3riyur.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4132,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=1304,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5244,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5300,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5428,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5808,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=3780,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |