Analysis Overview
SHA256
2776acb416038d5af1e52506e080e2c6ed643095eb9d9dfe9ab91dbf726d70c9
Threat Level: Likely benign
The file opensearch.osdx was found to be: Likely benign.
Malicious Activity Summary
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 21:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 21:03
Reported
2024-11-09 21:06
Platform
win7-20240903-en
Max time kernel
121s
Max time network
133s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\iexplore.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1EABE9B1-9EDE-11EF-9733-46BBF83CD43C} = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0b931f3ea32db01 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437348103" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea220000000002000000000010660000000100002000000095c33568bbbe714e574012d0f79f546f27d81821fb94eda07b23dde445f947d1000000000e8000000002000020000000005c75c30e14ccd87ba3bd2fe6d25ea526addb7065a1ac27171f346e3ef245b420000000fc668d53355c8a3f978e4658a840787418ab3bf343efb455f9b1d0441e8cf3ac400000008e21b375f2f217d9cd401f728516c040c0a7bc5f8f354a4cfaef3cc5eaf042efb6ab08a41ba19ca7e521627c38e127a1b8a8ecdf17d954909c047307db84ac72 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea22000000000200000000001066000000010000200000000fb8f8b30429ef8bdef28b1c0a02c3d8a8c21687174509be25053976dee9acf7000000000e800000000200002000000000bc69c2a18ffe092cb308ae1d76936eb317dc757321ec72ec7a7f60b4b0f043900000001fdd33acd8724ccb418a123eac5b2daa2dce1d84b9f01a4b2b03ce3a2b7adbe5d68dc02e739d96ee06a115410f5bf9209fb1d2a1adf457aaecea65256f163cf648fafb8143dfee1e81b7633cf66e85ea6d856a3da32bb4e317a17f1a45c92236a951e2c7a5fecbbff2ee02e45b62de4de541927db0a9bd64a164eb385ba90b32ba747e093e5396b7acb9859b523c1ffe40000000f4b7dece7dcf3cc5abb06150fdcf0a4c151f1344e2ccb104af735652f1f4ba145cdd76a20d2af9eb75ead4c91a44af1f7a4d7a7bfbc77f856577bf64ae7ae298 | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\opensearch.xml"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2920 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabA44E.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarA4FC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf2466f1c6776309dcd935bd5c7c24b5 |
| SHA1 | f5d82bb693fe0ce247acefeb56f22100c14ebb89 |
| SHA256 | 72813e7d2ab55e887b2ad7e7ed1bc752f80e00a2690e5e47f853b475af3f054e |
| SHA512 | 3587491fe0c7faf8ed4de3c6a9e58ea740772b7b0a88c6a4349bc92715b8f66d929734d1132a03c015ca7457c437acb001bc9d93299116a6fb2d11a4ed73bc4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25a3993e176746edff1999f9adcdc3be |
| SHA1 | 301e29e6d21e889f4f92ee6b91436fa11e6e1b59 |
| SHA256 | 3db8b317768fc4ab18088b33b40745366221b692309ab2315e50a710f0533912 |
| SHA512 | f978351af13937fa57321a17af8529c5c0c4c2a0ce07d83b2893d2453e98aae8f7eecdee32d27b93fc949d7c13b58328ef2c05b64ce67846bb40bf7cd740289d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e215cf5a9ceadf65af74c13a8eef7a3 |
| SHA1 | 9b7f4c793fcd393ec4b7a80776befe18bedfa768 |
| SHA256 | ec1f00672b97fc9c49a7f1c8d5d75b38576bc6e207b77eda831e394a951dea38 |
| SHA512 | 8e895ce5260d50deb1096813795c0cd6de0d8c12eb370acd6799a77f57f1006fc5c33caa6fe73b874bc559e9597991c2a951a4b9934b5ec92f4f80c3c5bd24e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cd9b8a92c079971323d1a720afce16b |
| SHA1 | 0852b5641ce6d75cc79dfe3efc905d73c0eab88b |
| SHA256 | 2ef9ce18a85448d1b235754cccf4c3900d1fb2603009d65115429cfc70afab67 |
| SHA512 | ccf87ac90d254b4dea7d0cd66dd112b0dc0f7a254f522279cc0b000ef3a813bd5e3f4c10abd298e842f0fe40c686fd8d5954e4302b8b170ffecfb0e5cf5edd21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28c187fb22c4b2b4ce42269b04e6446e |
| SHA1 | 72f4957b5ef61cf080072e90afdc1b15ad007019 |
| SHA256 | e8c74e727da070e0ab88362d38d2c53aad75aac7c5ceb109c27068ae2b6ca5ac |
| SHA512 | 50ae8e70b55f9db2b0bec4c1c8119aeb2ea3f9455fd99937b1a0e86ec5e96d73cf2b114b9f8eb6662f87ecac4ef9d15f17370474ca75000bdb648c4f152d2a5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38a6e6e5147a79f2e7c8da4c5638956c |
| SHA1 | 9348438ccae0584e8262c22880567c6d6200d871 |
| SHA256 | 4d1073d9ab9c785e6b5b35bdb1d6374c887bd439befc3981ff3512eb7e592e94 |
| SHA512 | 2062f5b8487dd751c2dad6e54df0f4017a73c95e2a5ff86bb69e8d260751f05937ab9527d9bf03753e833cf62e79573f2dc6161c34932c1485e00d2487190e07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e31a5daa1b024478915b4063adc163f6 |
| SHA1 | d835802f0af4b4ef7265d26a3b8c38f002b4dcaa |
| SHA256 | d3e33f9b925252225c5ba6b238c16e286943c3c30b8d81b11e99fe83c6d04757 |
| SHA512 | 2dfee9d13b2ffd30d29e5269126dc39a47e0ef8229e630906d3952816f577e4a118998ffd8649eb8553b652b7cd9fe2022c2354d6c154f685989b9b5342c7f69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b157467fee4d1bed00e2253cccdbff9 |
| SHA1 | 980cbc1853f84b264ee2de46ce839958865d81b5 |
| SHA256 | e24d708ff5b0e804a2ee00a966cebb556f7eb1766ee89b7f51566e1bef5a8650 |
| SHA512 | 3dd01eb313660174d4f76bf8f044fcaec84b4115241ae17aa403deca59877f25f6476129ab7ecc8778e40635cff97352abf723d8b6a4cda87e5a07ed897bb42a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0030bd6d22dd4e19bdf256d95cd49fd4 |
| SHA1 | 09dfda9a9b34650723de526b1ef5dce004ff96c3 |
| SHA256 | 67753d3a644b043fcea38126c854baacd68a297ca635ea2bc177b209121b9a57 |
| SHA512 | bd2d6cedfbb91b3fffb8bd795b9cbcdfb79b9471d1c280b3dd0848ce97a9c1bd9ebd34c3c56cdb795f2dfae5705f262d06a54fb5f075e150fa765b88ede86a55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bc84ccf53dd33ec57aaf7524f806f2f |
| SHA1 | f4a478765ca7497bdd12a0ae5e3e4f9b234bd28d |
| SHA256 | 747d5e6941aa7da6de15e0c04d9463f7635fbc52ddc39b0813329a511440cba1 |
| SHA512 | 66c6b7dec9ceb87c65e833e37f70e97d07faec85d79156c05c69dc1021b41050c117b9896284ebfd965c062b2ce6e5f54e1357c33d555e4d8d0e7d273a9f9f0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33369a104462c0242ef27e0ca5565c9c |
| SHA1 | cd4a0366a75e4a2dbdffac9742cdad86445fd5a6 |
| SHA256 | d400286a4b1b74d6b719bc3a4bdee17ae8e64d5191474785e52a057bc86d787f |
| SHA512 | b67ef2e3593041edb6b5397514371e705d7de72cc9a3cabf0452807ed1411e774ba022155b2bc854090b0cbb2a691c76ecb7ebca59f53ff64889a33b41d9eb72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d6cb21c41f7e8b0ee13b8df08974de5 |
| SHA1 | 9c62225215c505bff92a4c17a10170120e6ed63e |
| SHA256 | cebe9bc93954d33addaa18ec7498c63b45847326830dc7d4a82470753097edd3 |
| SHA512 | 49106aeba7a5d6a767fed66b600b1d9f0eeb53cf79bd9c3691deea3d06b4e2eedf87cd1df579aeb170aa175d56f8a50b1338e15380fce7784db7016aaeaf2692 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9a5964727d93d2643ccedf75f13633b |
| SHA1 | 2c963d74e736cb1260752866a3a8d0b2766e1148 |
| SHA256 | 89247f77641afdc0141de7766d7d9c26dba8ada40b7ba2acc90d5162f4ce6dd4 |
| SHA512 | b7a865b995f78e3c5deacde719a451c26a805ba57cd1b200ae691b3c7aadac662e449e28781d6c0c8a432f5800bb43c6a70358e654d4b5881cc5c046efa0c10c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 416cd4b605237dac972dd885cb318cce |
| SHA1 | cd575e55978589d8cc64c0235fb19d79a1cbe551 |
| SHA256 | a5d03b0ad6f0d2fa36d7ecbc6a48209c328c8b077238b10c75a97dbbc2f58f80 |
| SHA512 | 35ca8b24006c7ae9594152db3b99a1518444996b426d79081e78bd0eecf3fb2cf2fac4d9eb5d9973b956b8ae4fcfc44c93958c505167a58b13b8a7e2b8ebe6de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a549152cea8a41c94a5a3f7522550cb0 |
| SHA1 | f95d5697c192de171d2d295c69e3967b1216934a |
| SHA256 | 5a54a44f3182997f164b854022b39e587f7f4d701aeb0eb1c42c357f70377c4a |
| SHA512 | b7b7c1ac73ca9b566fa245fac0aa36233532c2e717d3d75e9f25634e5774ead130974b666c495e3821e7e6c98e9675073fa86ced4aca9663a6c4583990c753c0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 21:03
Reported
2024-11-09 21:06
Platform
win10v2004-20241007-en
Max time kernel
96s
Max time network
137s
Command Line
Signatures
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\opensearch.xml"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
memory/2192-1-0x00007FFF8450D000-0x00007FFF8450E000-memory.dmp
memory/2192-0-0x00007FFF444F0000-0x00007FFF44500000-memory.dmp
memory/2192-2-0x00007FFF84470000-0x00007FFF84665000-memory.dmp
memory/2192-3-0x00007FFF84470000-0x00007FFF84665000-memory.dmp
memory/2192-4-0x00007FFF84470000-0x00007FFF84665000-memory.dmp