Malware Analysis Report

2025-05-05 22:18

Sample ID 231019-vnl68ahc31
Target 3f9077b18d4e4cece23b1d378006cf5f1ac67638fe03357498fad6ba11acff05
SHA256 3f9077b18d4e4cece23b1d378006cf5f1ac67638fe03357498fad6ba11acff05
Tags
agilenet agenttesla
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3f9077b18d4e4cece23b1d378006cf5f1ac67638fe03357498fad6ba11acff05

Threat Level: Known bad

The file 3f9077b18d4e4cece23b1d378006cf5f1ac67638fe03357498fad6ba11acff05 was found to be: Known bad.

Malicious Activity Summary

agilenet agenttesla

AgentTesla payload

Agenttesla family

Obfuscated with Agile.Net obfuscator

Unsigned PE

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-10-19 17:08

Signatures

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Agenttesla family

agenttesla

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral18

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win10v2004-20230915-en

Max time kernel

147s

Max time network

162s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-language_tools.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-language_tools.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win7-20230831-en

Max time kernel

122s

Max time network

148s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-rtl.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-rtl.js

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win7-20230831-en

Max time kernel

119s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-elastic_tabstops_lite.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-elastic_tabstops_lite.js

Network

N/A

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:13

Platform

win7-20230831-en

Max time kernel

240s

Max time network

270s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-error_marker.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-error_marker.js

Network

N/A

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win7-20230831-en

Max time kernel

118s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-keybinding_menu.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-keybinding_menu.js

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win10v2004-20230915-en

Max time kernel

164s

Max time network

181s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-keybinding_menu.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-keybinding_menu.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 199.111.78.13.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 9.57.101.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win7-20230831-en

Max time kernel

117s

Max time network

142s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-linking.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-linking.js

Network

N/A

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win7-20230831-en

Max time kernel

121s

Max time network

127s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-modelist.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-modelist.js

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win10v2004-20230915-en

Max time kernel

152s

Max time network

160s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-prompt.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-prompt.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 199.111.78.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win10v2004-20230915-en

Max time kernel

132s

Max time network

160s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-settings_menu.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-settings_menu.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 254.23.238.8.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win7-20230831-en

Max time kernel

135s

Max time network

140s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\AceEditor.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60cfd8f6ae02da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{21328B71-6EA2-11EE-BC85-F6205DB39F9E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac2000000000200000000001066000000010000200000008a76ded441b5b4fd62c55793ef7b87c88d91b12bd15dbabaf26e58d1583abec6000000000e80000000020000200000003eb0c197346df76909cad54c4304622c9d0f19fe5e25b5444c6424cffb8f657d90000000d33322cfd452ca818f3d4dca92e7008d5db3cdf69b1b87d6428350d46dd9df92aec897c54f7c2cab5ec6a2706f6a573d167ae59b4e0e01151e9e035ccecf869ab134acf709e451caa830a6194bfce50bdb21cc1be8f33932a65d4fc99a9fae71ac548ed7cd5be050e375e6bc356a4e3f597837917749f3389d973d2142d63cfb267f12abba79a1c7b252d22c10a3ce5640000000982f367e339f0540284ebc51f3f0164a8b246e8f38e684d1087cff508434d8e28e326a23a04a42023af5dfe4d5ade4ba7040b267f9965c272033f3027905cb4e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac200000000020000000000106600000001000020000000f3f9bf160bd5c6ee05dae1ab6897a6130737dc3b4f058f42f0882c75838d6c69000000000e8000000002000020000000f09238f52f58b042721df468c883e30bea542d27a2c8df47f7b67a8d6ff22b5d20000000459ec30b82fccdde4a64fb7729b088b6f1d409125a6a0ecf5073dc7dc062e8f4400000004ddab1cdcee3aa04a01ba0e8236208cfedfdeb0173141222a82761d267e4c386e3f52bbb26b2841fec4ec452d2ae19ab38eca80d127e32c9d7e16d7ab1f2dcdf C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403897181" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\AceEditor.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2444 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabA113.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarA1C1.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5036a460874b1ed8afe9c88b75252a59
SHA1 19229f3475aff92de40d6daf2ab3e08dd412c942
SHA256 96c7c8f22347e3c15d5f3cfd4edfc04e0bfe46ab47a4abf58e735f06e625bbbc
SHA512 69ed27f649b251c00da0430db6e6b2fffaac231d153c1a2fad6d061cdfcfdf63fa77ef85715386031c7af2a3bfcf175fc31693ffee15b48877392204d83a7434

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8385ea4e27614504e506a0f92064362
SHA1 3784ce5fa43c5e0860572ce586912c5da23b21f7
SHA256 ccfe2e51a7fef0227d59e327969b5db20cb2f29ba0d8ba2abb862d28129eae1f
SHA512 d6399d785169ffdfead82b350e94839008ee91b7bdd6531aba89f41a25463494eb8831553030d2f8e324487b7fdd8caa435d8e63c62b603446d4ecac4cf72ad7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29c0ce1030c6350edd08bc6e8f85b118
SHA1 1fa91f17b3ef196e5de69110ebd591f6fa82701c
SHA256 18571136bc72c6f2321f7b92e4050b94aad4ba1b6b64df0471a943a3047b1cec
SHA512 dca2e7f542d08e1754abe0bdb7655a76ce848a518bd0174b16a64bb3508c173507f125b339f839250e85db7dcc135a604ea2b2d757e03724ebf626a95e6a806f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff34e46f8e9318eb00806b3dbd574531
SHA1 d5836ed56f95b29e3ca6083dce8aa233ce505696
SHA256 af58f59ac19d6d50cef3de226ca687fd08a5b5f1d55bba488901ad74d1c13d16
SHA512 26ece698075f41eb6915caa6464e92e8bb95d9ce238ce02c3fa412588fe85ef4d61fcf91f20ea373beaf86a17d590bcc4d5328ea657192f4c0bdc99149b73a82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a095838e6e9ecb69e28d08f24b6f1591
SHA1 80cd8e1449fc62fc4b6058129230710602d133f4
SHA256 70e3d152ca143beacd2abc5bf20fe3a243bb8d86d1a9002295a317330c0cf935
SHA512 d6d0dfa22e7e1da49f7e77c0ea1f3fb00b04183498841019afa4637076ad00ddec6c0deeb689525c6bbf17a9f46a8f4a56a904256e5576202768fae8e68e43e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45102b5e6f0b796b891a1065de566ae9
SHA1 b1cebcae14ef75bcdf0affb4f719e1243b5c2b38
SHA256 e905f8789568227f5383d75e681ac502823261c8f682461845d8f9ad08e2bd65
SHA512 e305da311bb5433287f64351aee4903673d523c878c94f5b56b145802275210640bdde83ee5b86e4b7d02a1059bce3338a46079b6e23bdbdacb20fb091df43f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de54ea46ffce65f798b73f18f6f0143d
SHA1 9888586f7d9d2210c2b8faac615055f2b6411cf4
SHA256 06a3547ebccb78b4a062f76a3c9ff4a4abfe02cf903d49c9b5100401529aa9bf
SHA512 2294431abe89b0481fdbf26c48cd0d8c042e5874d418767c810a8ded77b75f5fb8dcf19539110b22deacd461febcdeaf6b779e686c083abfa2dd843cd9dea4fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66a079e53d6e61b9ffab14a8c710d7bb
SHA1 8c68ebdb6ba3e4523c17a202e8861395a9cdb358
SHA256 149d4a147b0b8eaf54016a2e30fa8a934d8685098cc3e34c7074a2dd2a7d09da
SHA512 7cf1a40adae94083b1945534b886f5a40cad8de8513bcae79c9d2c4e6caf058ca38679bd34d26d03fbd345d9a3c46c9b4351631c504f76e7d09759704ccbd71f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd71ebe6ee255688ec12c691b30711d2
SHA1 4d1535e6a3f2a641042758a70ac5fa2d763c3391
SHA256 54f8428c6437d5c6487849907eef083bf509af5b9fba110395894a2ebd9b91a8
SHA512 fadb1884002cb01653f2b13d3f632f6129695542026e537245ce07ca034639d536ff6994fc6f5a58445e5027d9c523f5a0442bdab443844157db566bdd410d80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f2154971e04aab999607341fb0e85db
SHA1 a2d86fff77e78e20f95518afc3e083baec8c528b
SHA256 bdc3e6f62acbacaa838c4718d665c33d3475ade39a8365524cdac85eafbf5b23
SHA512 dedf58d2ef854defaee6b6e2dadb41d368ac9188c9e7939adf51428e857059f475defb471f2af672e55b1cff29aff171bf03ca9909b9c471530ebb331e0bab30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c2c6d4461b64446a3b4d34c06c81aa5
SHA1 6df4452cce5a3e88fa1ecd9e8599137607bdf932
SHA256 0f968fa1c50c04ed55cd03c4adff31ef9b3243fdf76ef8b9fe980c3dd9c1b239
SHA512 d4c01e1996ebce57c69e3fc3d52c7d3c9a652190d2f88391efa43f7765ab56ca229f8f07b63d7ef4bea1d21a51b8fceff66b2ba97686005c12209c820009a446

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a48e0ec1f218bb03dc5e7e4fa3d02ef
SHA1 61a045d49050a78c36cbdbf712e581f36df1c846
SHA256 3fbcfdbd33e829cbb2f44e2d645cfd95ef9a2d1d8ddf16f35254c2c08560d845
SHA512 c0f2775b1cdaf0408f2d807d9f5d2ad1650c4409a9d169a66d5dfb4f2160a033ac496daf36533f4e18d7cbfbb1f96544a63b076c409f8761cf5c1caad666317c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18c534f4c4dd402f0edc021468103201
SHA1 23fc8b82e5b96e25ed8710d5da90427c8042f257
SHA256 7b0851e2bf9e9882ff775f020ff751e4cb2bdd1d87ab5b6f380f43e3a64b2c4f
SHA512 d752139a46a2b7adcbd222fccefe2e99d65280c894bc3adcd9fe1b2226f60774521a9f7753933bd3ee798bb091e70c757ee17f97b338358db7780ed4dc440588

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1afecd14ed33ce374efb3967e6719cde
SHA1 a1361d1b7d348ded1c0f550e881471aa8cc5a2ef
SHA256 6d9580c58afef0d380af3e0b4a29483a43299f65a84a73ee7459707687abc0f2
SHA512 ed56ad22287b4ffac060069f8499947f78d6ba6b7334c3cb31368d9ed799dabe9681a8ea88ab803c92e2b7e70d2d2ac57f87dd5eb5cd912d09dc5a2346ecdd1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88cf8c958af73a1e1009215790f66fee
SHA1 a6057f8a633bc76ff622741380390acb3d9dd21d
SHA256 c0d1d1658685147f17537982f31db6406c5fd5ee324be5ad59b7199064c0007e
SHA512 92658a9584d98b58e83d84b99365ea2856d4682005a25b2fcd9db19c06965068bc6fb57a0221fb75aa71ee329369deb32502a2c39cddd2baf785894020e9a5f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71fc8de4f4a8530c982a6ce5e64d9bf4
SHA1 900fd75cd2537e30675b1276ca6db35097741860
SHA256 4d5c9710727a1b308ca18d0004ba5735f74a9852122de1a8e8275c39faeca8b9
SHA512 7b54b3534ee78efac5e045dfd6523a858f46430076aabc407d65a0c4e1b7f2f05f59415ac5b1d750febeb266a1bbb06f5aabefab4ec2138dcfa4759f42cc3a2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c49d6a0bee1f3abaa0a8b0decb9610a5
SHA1 ed6329a103d95b7931de4e2cf66c9d05254bf4dc
SHA256 3693638730f68d56909bc8268f088da674bb40311686ec79e0637196183cdee2
SHA512 9e146480e0f39a4953df7c5def2a5df685311312f617259e9a2b990cc751a055fcf8bc5985ab32e64d40375282b076b061d22b684377ef1a4c2804079588624b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1d9442fa337ed34ee44b1b2a23b19c7
SHA1 a641b99b6c4c573c71bfe2bd3f01e0de870ae1aa
SHA256 8fcaa8d126245b3e98b0c4886d421f3da598961150a092da70bde2a3395b8577
SHA512 0687dc232e87427b3ea53d7a40db390d553051b01309dfaff79419266c78d4d2ee9cf20475de4f237718cbed923af924eabb32a77e22d1ddfcd7d0f5a8037362

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 088ff833cb94a3d96b16afa3da80ca75
SHA1 bd0f060c712297dbf9ac7f5e5ed4d650a827a83a
SHA256 1682118007ababac657dc84aa55b3a549bb8925248e8730a4282781e69ce2d93
SHA512 bec9c3ed32792584ad1806b8e57a0d5461c36b8dc338e58a079cee325458ab143ceb0f9698a9e43ef74a0a6344f4270d04695721686c50f6d3c2391cf1b5bdb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3353e74c6723d80ba11c6bf8683be70
SHA1 1eace35433cc384eed56766bbc195984dca52aa7
SHA256 92cafef8d1a9abd6787a637914d18f64cdf3e991f54f2b3d147ddc211968ebe6
SHA512 9403e28910a26c2d0f64db1676fec6d1c6fc1358afc0ec80ef9f7f19830e1077fbaa9716ab8feb360c04e20c3182976fb3f715d081a20eb5ec6dacabcc9e75a0

Analysis: behavioral3

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win7-20230831-en

Max time kernel

120s

Max time network

128s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ace.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ace.js

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win10v2004-20230915-en

Max time kernel

148s

Max time network

155s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-code_lens.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-code_lens.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 38.148.119.40.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 254.23.238.8.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 52.111.227.13:443 tcp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 9.57.101.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win10v2004-20230915-en

Max time kernel

145s

Max time network

160s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-elastic_tabstops_lite.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-elastic_tabstops_lite.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 88.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win10v2004-20230915-en

Max time kernel

136s

Max time network

205s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-linking.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-linking.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win10v2004-20230915-en

Max time kernel

141s

Max time network

148s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-modelist.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-modelist.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 126.23.238.8.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 254.23.238.8.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:12

Platform

win10v2004-20230915-en

Max time kernel

151s

Max time network

232s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-rtl.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-rtl.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 199.111.78.13.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win7-20230831-en

Max time kernel

117s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-searchbox.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-searchbox.js

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win10v2004-20230915-en

Max time kernel

132s

Max time network

161s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\AceEditor.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064750" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d72dbb839895304dbc3a7dbf8a262ef500000000020000000000106600000001000020000000f54c371ccd0d3a6b3b25f2615a2d9cefec7f6325450d3004883bee044f09b2e3000000000e8000000002000020000000bad5d0ba2dca822bf8e8705ee6b380c70d365ed3d31851b097d274d376b9cb0b20000000aab5d90e053a465c4a1681058e225bee5ba9354479b1941b6ede8144a5da76224000000043e52d56ec4290dc0097073bfb1758f9ce58f402b97fca2a82322c64e698e0260bf5cb9c839e6697b9b74ec680b191ffa1f0f80c871bf0c9033dd8a3f6037de1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4137687273" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31064750" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0cad2f8ae02da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6027e8f8ae02da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4137687273" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31064750" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4155813268" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d72dbb839895304dbc3a7dbf8a262ef500000000020000000000106600000001000020000000a93cea0d6e461c9552eb0e6ce589d4db0fe196ddd4df82ba82c53b1d33b59996000000000e8000000002000020000000f498af9cefa0ce161e4ef1f071dab0c3d8673a1dc818c91c541bdbb503787725200000003e0a286b18468eb83d3d1b5ebd8c87d92f7202d5083ae0e7b539bf5d2cf596d940000000c9f4a829a9e8af71d0db2d4d01dbdf57c9fa276cb24bdec1d1ea2135d649a250bdb7eed7c77eda0a375ac0032d64f836e42739173a18541e1941908d9c1bd73a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{2221164D-6EA2-11EE-9784-C68ECCB5A471} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "404500289" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\AceEditor.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1536 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 120.208.253.8.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 2af19e22336e67d3315cb28621726410
SHA1 0badc85a780ed03159626222b4a0a5005e7ca172
SHA256 201910e1ea14a674732b48f0278ed914d505f5afda0423a1139851c5bd998467
SHA512 b1f675e8819c374f3ee61d87e2aeb2517b021a3a6888e2b63c0335378bfdfe8ecc9b674c068e4a061567ac9b2db1ab8441a872104eb2fec0a706f7c2acf44207

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 a22ecab7a455acbd29e4fda5c310d26c
SHA1 5f8ddc1b8d66b90905de3136abc8b7fa509de4f8
SHA256 bdb0ea7bdec40e143a4c31ddfef5fbbfc46ed43f956cd59a074b1b4629c0d350
SHA512 8d1e1a9972a3e708735fbedca13085899896b154ab484a61fd20d5089485d1ff75b1face12faea02ef9e088350c4ae9249cda1281e201cef044518c874756a4c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q7SK9IL3\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral7

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win7-20230831-en

Max time kernel

121s

Max time network

128s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-code_lens.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-code_lens.js

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win10v2004-20230915-en

Max time kernel

126s

Max time network

159s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-emmet.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-emmet.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 254.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 3.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win10v2004-20230915-en

Max time kernel

129s

Max time network

177s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-error_marker.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-error_marker.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 3.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win10v2004-20230915-en

Max time kernel

137s

Max time network

159s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-options.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-options.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 120.208.253.8.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win10v2004-20230915-en

Max time kernel

133s

Max time network

161s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ace.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ace.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 254.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win7-20230831-en

Max time kernel

121s

Max time network

133s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-language_tools.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-language_tools.js

Network

N/A

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win10v2004-20230915-en

Max time kernel

131s

Max time network

169s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-searchbox.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-searchbox.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 199.111.78.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win7-20230831-en

Max time kernel

118s

Max time network

126s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-settings_menu.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-settings_menu.js

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:13

Platform

win7-20230831-en

Max time kernel

122s

Max time network

151s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-beautify.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-beautify.js

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win10v2004-20230915-en

Max time kernel

125s

Max time network

169s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-beautify.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-beautify.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 126.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win7-20230831-en

Max time kernel

118s

Max time network

123s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-options.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-options.js

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win7-20230831-en

Max time kernel

121s

Max time network

132s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-prompt.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-prompt.js

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2023-10-19 17:08

Reported

2023-10-19 17:11

Platform

win7-20230831-en

Max time kernel

122s

Max time network

134s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-emmet.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Bin\EditorLVL\ace\ace\ext-emmet.js

Network

N/A

Files

N/A