Malware Analysis Report

2025-05-28 18:10

Sample ID 241109-zwb4fasdlb
Target opensearch.osdx
SHA256 2776acb416038d5af1e52506e080e2c6ed643095eb9d9dfe9ab91dbf726d70c9
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

2776acb416038d5af1e52506e080e2c6ed643095eb9d9dfe9ab91dbf726d70c9

Threat Level: Likely benign

The file opensearch.osdx was found to be: Likely benign.

Malicious Activity Summary

discovery

System Location Discovery: System Language Discovery

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 21:03

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 21:03

Reported

2024-11-09 21:06

Platform

win7-20240903-en

Max time kernel

121s

Max time network

133s

Command Line

"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\opensearch.xml"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\iexplore.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1EABE9B1-9EDE-11EF-9733-46BBF83CD43C} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0b931f3ea32db01 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437348103" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea220000000002000000000010660000000100002000000095c33568bbbe714e574012d0f79f546f27d81821fb94eda07b23dde445f947d1000000000e8000000002000020000000005c75c30e14ccd87ba3bd2fe6d25ea526addb7065a1ac27171f346e3ef245b420000000fc668d53355c8a3f978e4658a840787418ab3bf343efb455f9b1d0441e8cf3ac400000008e21b375f2f217d9cd401f728516c040c0a7bc5f8f354a4cfaef3cc5eaf042efb6ab08a41ba19ca7e521627c38e127a1b8a8ecdf17d954909c047307db84ac72 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea22000000000200000000001066000000010000200000000fb8f8b30429ef8bdef28b1c0a02c3d8a8c21687174509be25053976dee9acf7000000000e800000000200002000000000bc69c2a18ffe092cb308ae1d76936eb317dc757321ec72ec7a7f60b4b0f043900000001fdd33acd8724ccb418a123eac5b2daa2dce1d84b9f01a4b2b03ce3a2b7adbe5d68dc02e739d96ee06a115410f5bf9209fb1d2a1adf457aaecea65256f163cf648fafb8143dfee1e81b7633cf66e85ea6d856a3da32bb4e317a17f1a45c92236a951e2c7a5fecbbff2ee02e45b62de4de541927db0a9bd64a164eb385ba90b32ba747e093e5396b7acb9859b523c1ffe40000000f4b7dece7dcf3cc5abb06150fdcf0a4c151f1344e2ccb104af735652f1f4ba145cdd76a20d2af9eb75ead4c91a44af1f7a4d7a7bfbc77f856577bf64ae7ae298 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2504 wrote to memory of 2916 N/A C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2504 wrote to memory of 2916 N/A C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2504 wrote to memory of 2916 N/A C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2504 wrote to memory of 2916 N/A C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2916 wrote to memory of 2920 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2916 wrote to memory of 2920 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2916 wrote to memory of 2920 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2916 wrote to memory of 2920 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2920 wrote to memory of 2268 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2920 wrote to memory of 2268 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2920 wrote to memory of 2268 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2920 wrote to memory of 2268 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE

"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\opensearch.xml"

C:\Program Files (x86)\Internet Explorer\iexplore.exe

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2920 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabA44E.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarA4FC.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf2466f1c6776309dcd935bd5c7c24b5
SHA1 f5d82bb693fe0ce247acefeb56f22100c14ebb89
SHA256 72813e7d2ab55e887b2ad7e7ed1bc752f80e00a2690e5e47f853b475af3f054e
SHA512 3587491fe0c7faf8ed4de3c6a9e58ea740772b7b0a88c6a4349bc92715b8f66d929734d1132a03c015ca7457c437acb001bc9d93299116a6fb2d11a4ed73bc4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25a3993e176746edff1999f9adcdc3be
SHA1 301e29e6d21e889f4f92ee6b91436fa11e6e1b59
SHA256 3db8b317768fc4ab18088b33b40745366221b692309ab2315e50a710f0533912
SHA512 f978351af13937fa57321a17af8529c5c0c4c2a0ce07d83b2893d2453e98aae8f7eecdee32d27b93fc949d7c13b58328ef2c05b64ce67846bb40bf7cd740289d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e215cf5a9ceadf65af74c13a8eef7a3
SHA1 9b7f4c793fcd393ec4b7a80776befe18bedfa768
SHA256 ec1f00672b97fc9c49a7f1c8d5d75b38576bc6e207b77eda831e394a951dea38
SHA512 8e895ce5260d50deb1096813795c0cd6de0d8c12eb370acd6799a77f57f1006fc5c33caa6fe73b874bc559e9597991c2a951a4b9934b5ec92f4f80c3c5bd24e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9cd9b8a92c079971323d1a720afce16b
SHA1 0852b5641ce6d75cc79dfe3efc905d73c0eab88b
SHA256 2ef9ce18a85448d1b235754cccf4c3900d1fb2603009d65115429cfc70afab67
SHA512 ccf87ac90d254b4dea7d0cd66dd112b0dc0f7a254f522279cc0b000ef3a813bd5e3f4c10abd298e842f0fe40c686fd8d5954e4302b8b170ffecfb0e5cf5edd21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28c187fb22c4b2b4ce42269b04e6446e
SHA1 72f4957b5ef61cf080072e90afdc1b15ad007019
SHA256 e8c74e727da070e0ab88362d38d2c53aad75aac7c5ceb109c27068ae2b6ca5ac
SHA512 50ae8e70b55f9db2b0bec4c1c8119aeb2ea3f9455fd99937b1a0e86ec5e96d73cf2b114b9f8eb6662f87ecac4ef9d15f17370474ca75000bdb648c4f152d2a5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38a6e6e5147a79f2e7c8da4c5638956c
SHA1 9348438ccae0584e8262c22880567c6d6200d871
SHA256 4d1073d9ab9c785e6b5b35bdb1d6374c887bd439befc3981ff3512eb7e592e94
SHA512 2062f5b8487dd751c2dad6e54df0f4017a73c95e2a5ff86bb69e8d260751f05937ab9527d9bf03753e833cf62e79573f2dc6161c34932c1485e00d2487190e07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e31a5daa1b024478915b4063adc163f6
SHA1 d835802f0af4b4ef7265d26a3b8c38f002b4dcaa
SHA256 d3e33f9b925252225c5ba6b238c16e286943c3c30b8d81b11e99fe83c6d04757
SHA512 2dfee9d13b2ffd30d29e5269126dc39a47e0ef8229e630906d3952816f577e4a118998ffd8649eb8553b652b7cd9fe2022c2354d6c154f685989b9b5342c7f69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b157467fee4d1bed00e2253cccdbff9
SHA1 980cbc1853f84b264ee2de46ce839958865d81b5
SHA256 e24d708ff5b0e804a2ee00a966cebb556f7eb1766ee89b7f51566e1bef5a8650
SHA512 3dd01eb313660174d4f76bf8f044fcaec84b4115241ae17aa403deca59877f25f6476129ab7ecc8778e40635cff97352abf723d8b6a4cda87e5a07ed897bb42a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0030bd6d22dd4e19bdf256d95cd49fd4
SHA1 09dfda9a9b34650723de526b1ef5dce004ff96c3
SHA256 67753d3a644b043fcea38126c854baacd68a297ca635ea2bc177b209121b9a57
SHA512 bd2d6cedfbb91b3fffb8bd795b9cbcdfb79b9471d1c280b3dd0848ce97a9c1bd9ebd34c3c56cdb795f2dfae5705f262d06a54fb5f075e150fa765b88ede86a55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bc84ccf53dd33ec57aaf7524f806f2f
SHA1 f4a478765ca7497bdd12a0ae5e3e4f9b234bd28d
SHA256 747d5e6941aa7da6de15e0c04d9463f7635fbc52ddc39b0813329a511440cba1
SHA512 66c6b7dec9ceb87c65e833e37f70e97d07faec85d79156c05c69dc1021b41050c117b9896284ebfd965c062b2ce6e5f54e1357c33d555e4d8d0e7d273a9f9f0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33369a104462c0242ef27e0ca5565c9c
SHA1 cd4a0366a75e4a2dbdffac9742cdad86445fd5a6
SHA256 d400286a4b1b74d6b719bc3a4bdee17ae8e64d5191474785e52a057bc86d787f
SHA512 b67ef2e3593041edb6b5397514371e705d7de72cc9a3cabf0452807ed1411e774ba022155b2bc854090b0cbb2a691c76ecb7ebca59f53ff64889a33b41d9eb72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d6cb21c41f7e8b0ee13b8df08974de5
SHA1 9c62225215c505bff92a4c17a10170120e6ed63e
SHA256 cebe9bc93954d33addaa18ec7498c63b45847326830dc7d4a82470753097edd3
SHA512 49106aeba7a5d6a767fed66b600b1d9f0eeb53cf79bd9c3691deea3d06b4e2eedf87cd1df579aeb170aa175d56f8a50b1338e15380fce7784db7016aaeaf2692

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9a5964727d93d2643ccedf75f13633b
SHA1 2c963d74e736cb1260752866a3a8d0b2766e1148
SHA256 89247f77641afdc0141de7766d7d9c26dba8ada40b7ba2acc90d5162f4ce6dd4
SHA512 b7a865b995f78e3c5deacde719a451c26a805ba57cd1b200ae691b3c7aadac662e449e28781d6c0c8a432f5800bb43c6a70358e654d4b5881cc5c046efa0c10c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 416cd4b605237dac972dd885cb318cce
SHA1 cd575e55978589d8cc64c0235fb19d79a1cbe551
SHA256 a5d03b0ad6f0d2fa36d7ecbc6a48209c328c8b077238b10c75a97dbbc2f58f80
SHA512 35ca8b24006c7ae9594152db3b99a1518444996b426d79081e78bd0eecf3fb2cf2fac4d9eb5d9973b956b8ae4fcfc44c93958c505167a58b13b8a7e2b8ebe6de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a549152cea8a41c94a5a3f7522550cb0
SHA1 f95d5697c192de171d2d295c69e3967b1216934a
SHA256 5a54a44f3182997f164b854022b39e587f7f4d701aeb0eb1c42c357f70377c4a
SHA512 b7b7c1ac73ca9b566fa245fac0aa36233532c2e717d3d75e9f25634e5774ead130974b666c495e3821e7e6c98e9675073fa86ced4aca9663a6c4583990c753c0

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 21:03

Reported

2024-11-09 21:06

Platform

win10v2004-20241007-en

Max time kernel

96s

Max time network

137s

Command Line

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\opensearch.xml"

Signatures

N/A

Processes

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\opensearch.xml"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 101.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

memory/2192-1-0x00007FFF8450D000-0x00007FFF8450E000-memory.dmp

memory/2192-0-0x00007FFF444F0000-0x00007FFF44500000-memory.dmp

memory/2192-2-0x00007FFF84470000-0x00007FFF84665000-memory.dmp

memory/2192-3-0x00007FFF84470000-0x00007FFF84665000-memory.dmp

memory/2192-4-0x00007FFF84470000-0x00007FFF84665000-memory.dmp