Analysis Overview
SHA256
3f9077b18d4e4cece23b1d378006cf5f1ac67638fe03357498fad6ba11acff05
Threat Level: Known bad
The file 3f9077b18d4e4cece23b1d378006cf5f1ac67638fe03357498fad6ba11acff05 was found to be: Known bad.
Malicious Activity Summary
AgentTesla payload
Agenttesla family
Obfuscated with Agile.Net obfuscator
Unsigned PE
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-10-19 17:08
Signatures
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Agenttesla family
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral18
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win10v2004-20230915-en
Max time kernel
147s
Max time network
162s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-language_tools.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win7-20230831-en
Max time kernel
122s
Max time network
148s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-rtl.js
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win7-20230831-en
Max time kernel
119s
Max time network
124s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-elastic_tabstops_lite.js
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:13
Platform
win7-20230831-en
Max time kernel
240s
Max time network
270s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-error_marker.js
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win7-20230831-en
Max time kernel
118s
Max time network
124s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-keybinding_menu.js
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win10v2004-20230915-en
Max time kernel
164s
Max time network
181s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-keybinding_menu.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.111.78.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.57.101.20.in-addr.arpa | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win7-20230831-en
Max time kernel
117s
Max time network
142s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-linking.js
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win7-20230831-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-modelist.js
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win10v2004-20230915-en
Max time kernel
152s
Max time network
160s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-prompt.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.111.78.13.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win10v2004-20230915-en
Max time kernel
132s
Max time network
160s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-settings_menu.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.23.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win7-20230831-en
Max time kernel
135s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60cfd8f6ae02da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{21328B71-6EA2-11EE-BC85-F6205DB39F9E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac2000000000200000000001066000000010000200000008a76ded441b5b4fd62c55793ef7b87c88d91b12bd15dbabaf26e58d1583abec6000000000e80000000020000200000003eb0c197346df76909cad54c4304622c9d0f19fe5e25b5444c6424cffb8f657d90000000d33322cfd452ca818f3d4dca92e7008d5db3cdf69b1b87d6428350d46dd9df92aec897c54f7c2cab5ec6a2706f6a573d167ae59b4e0e01151e9e035ccecf869ab134acf709e451caa830a6194bfce50bdb21cc1be8f33932a65d4fc99a9fae71ac548ed7cd5be050e375e6bc356a4e3f597837917749f3389d973d2142d63cfb267f12abba79a1c7b252d22c10a3ce5640000000982f367e339f0540284ebc51f3f0164a8b246e8f38e684d1087cff508434d8e28e326a23a04a42023af5dfe4d5ade4ba7040b267f9965c272033f3027905cb4e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac200000000020000000000106600000001000020000000f3f9bf160bd5c6ee05dae1ab6897a6130737dc3b4f058f42f0882c75838d6c69000000000e8000000002000020000000f09238f52f58b042721df468c883e30bea542d27a2c8df47f7b67a8d6ff22b5d20000000459ec30b82fccdde4a64fb7729b088b6f1d409125a6a0ecf5073dc7dc062e8f4400000004ddab1cdcee3aa04a01ba0e8236208cfedfdeb0173141222a82761d267e4c386e3f52bbb26b2841fec4ec452d2ae19ab38eca80d127e32c9d7e16d7ab1f2dcdf | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403897181" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2444 wrote to memory of 2432 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2444 wrote to memory of 2432 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2444 wrote to memory of 2432 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2444 wrote to memory of 2432 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\AceEditor.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2444 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabA113.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\TarA1C1.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5036a460874b1ed8afe9c88b75252a59 |
| SHA1 | 19229f3475aff92de40d6daf2ab3e08dd412c942 |
| SHA256 | 96c7c8f22347e3c15d5f3cfd4edfc04e0bfe46ab47a4abf58e735f06e625bbbc |
| SHA512 | 69ed27f649b251c00da0430db6e6b2fffaac231d153c1a2fad6d061cdfcfdf63fa77ef85715386031c7af2a3bfcf175fc31693ffee15b48877392204d83a7434 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8385ea4e27614504e506a0f92064362 |
| SHA1 | 3784ce5fa43c5e0860572ce586912c5da23b21f7 |
| SHA256 | ccfe2e51a7fef0227d59e327969b5db20cb2f29ba0d8ba2abb862d28129eae1f |
| SHA512 | d6399d785169ffdfead82b350e94839008ee91b7bdd6531aba89f41a25463494eb8831553030d2f8e324487b7fdd8caa435d8e63c62b603446d4ecac4cf72ad7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29c0ce1030c6350edd08bc6e8f85b118 |
| SHA1 | 1fa91f17b3ef196e5de69110ebd591f6fa82701c |
| SHA256 | 18571136bc72c6f2321f7b92e4050b94aad4ba1b6b64df0471a943a3047b1cec |
| SHA512 | dca2e7f542d08e1754abe0bdb7655a76ce848a518bd0174b16a64bb3508c173507f125b339f839250e85db7dcc135a604ea2b2d757e03724ebf626a95e6a806f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff34e46f8e9318eb00806b3dbd574531 |
| SHA1 | d5836ed56f95b29e3ca6083dce8aa233ce505696 |
| SHA256 | af58f59ac19d6d50cef3de226ca687fd08a5b5f1d55bba488901ad74d1c13d16 |
| SHA512 | 26ece698075f41eb6915caa6464e92e8bb95d9ce238ce02c3fa412588fe85ef4d61fcf91f20ea373beaf86a17d590bcc4d5328ea657192f4c0bdc99149b73a82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a095838e6e9ecb69e28d08f24b6f1591 |
| SHA1 | 80cd8e1449fc62fc4b6058129230710602d133f4 |
| SHA256 | 70e3d152ca143beacd2abc5bf20fe3a243bb8d86d1a9002295a317330c0cf935 |
| SHA512 | d6d0dfa22e7e1da49f7e77c0ea1f3fb00b04183498841019afa4637076ad00ddec6c0deeb689525c6bbf17a9f46a8f4a56a904256e5576202768fae8e68e43e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45102b5e6f0b796b891a1065de566ae9 |
| SHA1 | b1cebcae14ef75bcdf0affb4f719e1243b5c2b38 |
| SHA256 | e905f8789568227f5383d75e681ac502823261c8f682461845d8f9ad08e2bd65 |
| SHA512 | e305da311bb5433287f64351aee4903673d523c878c94f5b56b145802275210640bdde83ee5b86e4b7d02a1059bce3338a46079b6e23bdbdacb20fb091df43f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de54ea46ffce65f798b73f18f6f0143d |
| SHA1 | 9888586f7d9d2210c2b8faac615055f2b6411cf4 |
| SHA256 | 06a3547ebccb78b4a062f76a3c9ff4a4abfe02cf903d49c9b5100401529aa9bf |
| SHA512 | 2294431abe89b0481fdbf26c48cd0d8c042e5874d418767c810a8ded77b75f5fb8dcf19539110b22deacd461febcdeaf6b779e686c083abfa2dd843cd9dea4fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66a079e53d6e61b9ffab14a8c710d7bb |
| SHA1 | 8c68ebdb6ba3e4523c17a202e8861395a9cdb358 |
| SHA256 | 149d4a147b0b8eaf54016a2e30fa8a934d8685098cc3e34c7074a2dd2a7d09da |
| SHA512 | 7cf1a40adae94083b1945534b886f5a40cad8de8513bcae79c9d2c4e6caf058ca38679bd34d26d03fbd345d9a3c46c9b4351631c504f76e7d09759704ccbd71f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd71ebe6ee255688ec12c691b30711d2 |
| SHA1 | 4d1535e6a3f2a641042758a70ac5fa2d763c3391 |
| SHA256 | 54f8428c6437d5c6487849907eef083bf509af5b9fba110395894a2ebd9b91a8 |
| SHA512 | fadb1884002cb01653f2b13d3f632f6129695542026e537245ce07ca034639d536ff6994fc6f5a58445e5027d9c523f5a0442bdab443844157db566bdd410d80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f2154971e04aab999607341fb0e85db |
| SHA1 | a2d86fff77e78e20f95518afc3e083baec8c528b |
| SHA256 | bdc3e6f62acbacaa838c4718d665c33d3475ade39a8365524cdac85eafbf5b23 |
| SHA512 | dedf58d2ef854defaee6b6e2dadb41d368ac9188c9e7939adf51428e857059f475defb471f2af672e55b1cff29aff171bf03ca9909b9c471530ebb331e0bab30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c2c6d4461b64446a3b4d34c06c81aa5 |
| SHA1 | 6df4452cce5a3e88fa1ecd9e8599137607bdf932 |
| SHA256 | 0f968fa1c50c04ed55cd03c4adff31ef9b3243fdf76ef8b9fe980c3dd9c1b239 |
| SHA512 | d4c01e1996ebce57c69e3fc3d52c7d3c9a652190d2f88391efa43f7765ab56ca229f8f07b63d7ef4bea1d21a51b8fceff66b2ba97686005c12209c820009a446 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a48e0ec1f218bb03dc5e7e4fa3d02ef |
| SHA1 | 61a045d49050a78c36cbdbf712e581f36df1c846 |
| SHA256 | 3fbcfdbd33e829cbb2f44e2d645cfd95ef9a2d1d8ddf16f35254c2c08560d845 |
| SHA512 | c0f2775b1cdaf0408f2d807d9f5d2ad1650c4409a9d169a66d5dfb4f2160a033ac496daf36533f4e18d7cbfbb1f96544a63b076c409f8761cf5c1caad666317c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18c534f4c4dd402f0edc021468103201 |
| SHA1 | 23fc8b82e5b96e25ed8710d5da90427c8042f257 |
| SHA256 | 7b0851e2bf9e9882ff775f020ff751e4cb2bdd1d87ab5b6f380f43e3a64b2c4f |
| SHA512 | d752139a46a2b7adcbd222fccefe2e99d65280c894bc3adcd9fe1b2226f60774521a9f7753933bd3ee798bb091e70c757ee17f97b338358db7780ed4dc440588 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1afecd14ed33ce374efb3967e6719cde |
| SHA1 | a1361d1b7d348ded1c0f550e881471aa8cc5a2ef |
| SHA256 | 6d9580c58afef0d380af3e0b4a29483a43299f65a84a73ee7459707687abc0f2 |
| SHA512 | ed56ad22287b4ffac060069f8499947f78d6ba6b7334c3cb31368d9ed799dabe9681a8ea88ab803c92e2b7e70d2d2ac57f87dd5eb5cd912d09dc5a2346ecdd1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88cf8c958af73a1e1009215790f66fee |
| SHA1 | a6057f8a633bc76ff622741380390acb3d9dd21d |
| SHA256 | c0d1d1658685147f17537982f31db6406c5fd5ee324be5ad59b7199064c0007e |
| SHA512 | 92658a9584d98b58e83d84b99365ea2856d4682005a25b2fcd9db19c06965068bc6fb57a0221fb75aa71ee329369deb32502a2c39cddd2baf785894020e9a5f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71fc8de4f4a8530c982a6ce5e64d9bf4 |
| SHA1 | 900fd75cd2537e30675b1276ca6db35097741860 |
| SHA256 | 4d5c9710727a1b308ca18d0004ba5735f74a9852122de1a8e8275c39faeca8b9 |
| SHA512 | 7b54b3534ee78efac5e045dfd6523a858f46430076aabc407d65a0c4e1b7f2f05f59415ac5b1d750febeb266a1bbb06f5aabefab4ec2138dcfa4759f42cc3a2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c49d6a0bee1f3abaa0a8b0decb9610a5 |
| SHA1 | ed6329a103d95b7931de4e2cf66c9d05254bf4dc |
| SHA256 | 3693638730f68d56909bc8268f088da674bb40311686ec79e0637196183cdee2 |
| SHA512 | 9e146480e0f39a4953df7c5def2a5df685311312f617259e9a2b990cc751a055fcf8bc5985ab32e64d40375282b076b061d22b684377ef1a4c2804079588624b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1d9442fa337ed34ee44b1b2a23b19c7 |
| SHA1 | a641b99b6c4c573c71bfe2bd3f01e0de870ae1aa |
| SHA256 | 8fcaa8d126245b3e98b0c4886d421f3da598961150a092da70bde2a3395b8577 |
| SHA512 | 0687dc232e87427b3ea53d7a40db390d553051b01309dfaff79419266c78d4d2ee9cf20475de4f237718cbed923af924eabb32a77e22d1ddfcd7d0f5a8037362 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 088ff833cb94a3d96b16afa3da80ca75 |
| SHA1 | bd0f060c712297dbf9ac7f5e5ed4d650a827a83a |
| SHA256 | 1682118007ababac657dc84aa55b3a549bb8925248e8730a4282781e69ce2d93 |
| SHA512 | bec9c3ed32792584ad1806b8e57a0d5461c36b8dc338e58a079cee325458ab143ceb0f9698a9e43ef74a0a6344f4270d04695721686c50f6d3c2391cf1b5bdb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3353e74c6723d80ba11c6bf8683be70 |
| SHA1 | 1eace35433cc384eed56766bbc195984dca52aa7 |
| SHA256 | 92cafef8d1a9abd6787a637914d18f64cdf3e991f54f2b3d147ddc211968ebe6 |
| SHA512 | 9403e28910a26c2d0f64db1676fec6d1c6fc1358afc0ec80ef9f7f19830e1077fbaa9716ab8feb360c04e20c3182976fb3f715d081a20eb5ec6dacabcc9e75a0 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win7-20230831-en
Max time kernel
120s
Max time network
128s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ace.js
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win10v2004-20230915-en
Max time kernel
148s
Max time network
155s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-code_lens.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.148.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.23.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 52.111.227.13:443 | tcp | |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.57.101.20.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win10v2004-20230915-en
Max time kernel
145s
Max time network
160s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-elastic_tabstops_lite.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win10v2004-20230915-en
Max time kernel
136s
Max time network
205s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-linking.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win10v2004-20230915-en
Max time kernel
141s
Max time network
148s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-modelist.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.23.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.23.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.72.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:12
Platform
win10v2004-20230915-en
Max time kernel
151s
Max time network
232s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-rtl.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.111.78.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win7-20230831-en
Max time kernel
117s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-searchbox.js
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win10v2004-20230915-en
Max time kernel
132s
Max time network
161s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064750" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d72dbb839895304dbc3a7dbf8a262ef500000000020000000000106600000001000020000000f54c371ccd0d3a6b3b25f2615a2d9cefec7f6325450d3004883bee044f09b2e3000000000e8000000002000020000000bad5d0ba2dca822bf8e8705ee6b380c70d365ed3d31851b097d274d376b9cb0b20000000aab5d90e053a465c4a1681058e225bee5ba9354479b1941b6ede8144a5da76224000000043e52d56ec4290dc0097073bfb1758f9ce58f402b97fca2a82322c64e698e0260bf5cb9c839e6697b9b74ec680b191ffa1f0f80c871bf0c9033dd8a3f6037de1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4137687273" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064750" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0cad2f8ae02da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6027e8f8ae02da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4137687273" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31064750" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4155813268" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d72dbb839895304dbc3a7dbf8a262ef500000000020000000000106600000001000020000000a93cea0d6e461c9552eb0e6ce589d4db0fe196ddd4df82ba82c53b1d33b59996000000000e8000000002000020000000f498af9cefa0ce161e4ef1f071dab0c3d8673a1dc818c91c541bdbb503787725200000003e0a286b18468eb83d3d1b5ebd8c87d92f7202d5083ae0e7b539bf5d2cf596d940000000c9f4a829a9e8af71d0db2d4d01dbdf57c9fa276cb24bdec1d1ea2135d649a250bdb7eed7c77eda0a375ac0032d64f836e42739173a18541e1941908d9c1bd73a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{2221164D-6EA2-11EE-9784-C68ECCB5A471} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "404500289" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1536 wrote to memory of 1636 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1536 wrote to memory of 1636 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1536 wrote to memory of 1636 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\AceEditor.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1536 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.208.253.8.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 2af19e22336e67d3315cb28621726410 |
| SHA1 | 0badc85a780ed03159626222b4a0a5005e7ca172 |
| SHA256 | 201910e1ea14a674732b48f0278ed914d505f5afda0423a1139851c5bd998467 |
| SHA512 | b1f675e8819c374f3ee61d87e2aeb2517b021a3a6888e2b63c0335378bfdfe8ecc9b674c068e4a061567ac9b2db1ab8441a872104eb2fec0a706f7c2acf44207 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | a22ecab7a455acbd29e4fda5c310d26c |
| SHA1 | 5f8ddc1b8d66b90905de3136abc8b7fa509de4f8 |
| SHA256 | bdb0ea7bdec40e143a4c31ddfef5fbbfc46ed43f956cd59a074b1b4629c0d350 |
| SHA512 | 8d1e1a9972a3e708735fbedca13085899896b154ab484a61fd20d5089485d1ff75b1face12faea02ef9e088350c4ae9249cda1281e201cef044518c874756a4c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q7SK9IL3\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral7
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win7-20230831-en
Max time kernel
121s
Max time network
128s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-code_lens.js
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win10v2004-20230915-en
Max time kernel
126s
Max time network
159s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-emmet.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.178.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win10v2004-20230915-en
Max time kernel
129s
Max time network
177s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-error_marker.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win10v2004-20230915-en
Max time kernel
137s
Max time network
159s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-options.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.208.253.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.72.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win10v2004-20230915-en
Max time kernel
133s
Max time network
161s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ace.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.178.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win7-20230831-en
Max time kernel
121s
Max time network
133s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-language_tools.js
Network
Files
Analysis: behavioral30
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win10v2004-20230915-en
Max time kernel
131s
Max time network
169s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-searchbox.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.111.78.13.in-addr.arpa | udp |
Files
Analysis: behavioral31
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win7-20230831-en
Max time kernel
118s
Max time network
126s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-settings_menu.js
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:13
Platform
win7-20230831-en
Max time kernel
122s
Max time network
151s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-beautify.js
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win10v2004-20230915-en
Max time kernel
125s
Max time network
169s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-beautify.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.178.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.117.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win7-20230831-en
Max time kernel
118s
Max time network
123s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-options.js
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win7-20230831-en
Max time kernel
121s
Max time network
132s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-prompt.js
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2023-10-19 17:08
Reported
2023-10-19 17:11
Platform
win7-20230831-en
Max time kernel
122s
Max time network
134s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-emmet.js