Analysis Overview
SHA256
5c3698ae03004b6832f15eb99df5ef302867a49d3226e281f8039fe72ed0f8db
Threat Level: Known bad
The file 5c3698ae03004b6832f15eb99df5ef302867a49d3226e281f8039fe72ed0f8db.bin was found to be: Known bad.
Malicious Activity Summary
Alienbot
Cerberus
Cerberus payload
Makes use of the framework's Accessibility service.
Removes its main activity from the application launcher
Loads dropped Dex/Jar
Acquires the wake lock.
Requests dangerous framework permissions
Requests disabling of battery optimizations (often used to enable hiding in the background).
Removes a system notification.
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-11-01 22:00
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an app to access location in the background. | android.permission.ACCESS_BACKGROUND_LOCATION | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:05
Platform
android-x64-arm64-20231023-en
Max time kernel
2364223s
Max time network
169s
Command Line
Signatures
Alienbot
Cerberus
Cerberus payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.hammer.abuse/app_DynamicOptDex/sddPBX.json | N/A | N/A |
Requests disabling of battery optimizations (often used to enable hiding in the background).
| Description | Indicator | Process | Target |
| Intent action | android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS | N/A | N/A |
Processes
com.hammer.abuse
getprop ro.miui.ui.version.name
getprop ro.miui.ui.version.name
Network
| Country | Destination | Domain | Proto |
| NL | 142.250.179.142:443 | tcp | |
| NL | 142.250.179.142:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | jsonplaceholder.typicode.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| DE | 172.217.23.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | bundangayri.com | udp |
| US | 1.1.1.1:53 | bundangayri.com | udp |
| US | 1.1.1.1:53 | bundangayri.com | udp |
Files
/data/user/0/com.hammer.abuse/app_DynamicOptDex/sddPBX.json
| MD5 | 8a84cb4cd62df7053f117c23f79e9340 |
| SHA1 | ff6a23580b006de7bacc86fbe4eb003b18d985f1 |
| SHA256 | 84ac1990c0d000252436dc44163e3211db9585e2f521268e33bb130890aaf8f9 |
| SHA512 | 822fdbeb236c3f7c680a0fdf926cda6ec7875c07073cd994689329d987175ceda27878456acbd9f3ec95039d4e5c008ae2b36a6acf363424e85c42386fbcbed0 |
/data/user/0/com.hammer.abuse/app_DynamicOptDex/sddPBX.json
| MD5 | 62d6cafa163c8dae7594cbfb9785ffb7 |
| SHA1 | c42ff394c29fe148ec9aae8658b61512375fd7fd |
| SHA256 | d68215d4ae0589442ac38b5acbfa3a0d73d7155ebc6168da81e3048d4bd3440b |
| SHA512 | bf979ef863aff48474f0416b9639e0b663c90e58f0f08b054b139cdd7b3070c5521604517ab48b2af45069dea2c0ad9dccdf6e00d9edc0865b80f79f2b3e435d |
/data/user/0/com.hammer.abuse/app_DynamicOptDex/sddPBX.json
| MD5 | 3fad4fc6c7fe2d43154b8af5137b109d |
| SHA1 | a4627dd6dab4bf7a8af274bf0958455646a8d559 |
| SHA256 | 90b18be5b64da444b7729613d465fa61df61f5000a8052941b3fd9decfa54e4d |
| SHA512 | 58a9164cf54ca65bf52a79e396299c1b5257596ae919bb98493e5137aa018de6483c8937cb7e4a789e2abb554190395e45a8886b8ea1bff7a3cd90e67f75c18c |
/data/user/0/com.hammer.abuse/app_DynamicOptDex/oat/sddPBX.json.cur.prof
| MD5 | 9f7ee0af892562289835c6f9d20d0cef |
| SHA1 | 68dc7248de1657af8498ab64983edca7771b1316 |
| SHA256 | a07d3c48a9377e239bc1e72ce14eec1e54906d4a90c65b77bbdcb3f26d0287e5 |
| SHA512 | e0636c9cff0b7e0e75f9a123202c10f67f0d86722422410b2a329d4335a7d0908f546139616d1fb9f8dcc537cfedcd21037d4e02724ff9dc3e78e0d64a698906 |
Analysis: behavioral5
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:04
Platform
win10v2004-20231020-en
Max time kernel
136s
Max time network
148s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\165.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.142.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.208.253.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.192.11.51.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:03
Platform
win10v2004-20231023-en
Max time kernel
143s
Max time network
156s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\340.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:04
Platform
win10v2004-20231020-en
Max time kernel
150s
Max time network
156s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\387.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.4.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
Files
Analysis: behavioral31
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:04
Platform
win10v2004-20231020-en
Max time kernel
138s
Max time network
149s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\394.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.142.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.178.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.98.74.40.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:03
Platform
win7-20231020-en
Max time kernel
117s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\165.js
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:04
Platform
win10v2004-20231020-en
Max time kernel
141s
Max time network
167s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\338.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.142.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:04
Platform
win10v2004-20231020-en
Max time kernel
146s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\386.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.142.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.177.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:05
Platform
win7-20231020-en
Max time kernel
118s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\394.js
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:05
Platform
win10v2004-20231020-en
Max time kernel
129s
Max time network
135s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\388.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.177.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.142.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:05
Platform
android-x64-20231023.1-en
Max time kernel
2364091s
Max time network
155s
Command Line
Signatures
Alienbot
Cerberus
Cerberus payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.hammer.abuse/app_DynamicOptDex/sddPBX.json | N/A | N/A |
Processes
com.hammer.abuse
getprop ro.miui.ui.version.name
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 172.217.23.202:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 216.58.214.8:443 | ssl.google-analytics.com | tcp |
| DE | 172.217.23.202:443 | tcp | |
| US | 1.1.1.1:53 | jsonplaceholder.typicode.com | udp |
| US | 1.1.1.1:53 | jsonplaceholder.typicode.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | bundangayri.com | udp |
| NL | 142.250.102.188:5228 | tcp | |
| GB | 216.58.208.110:443 | tcp | |
| NL | 142.250.179.142:443 | tcp | |
| NL | 142.251.36.14:443 | tcp | |
| NL | 172.217.168.226:443 | tcp | |
| DE | 172.217.23.196:443 | tcp | |
| NL | 172.217.168.195:443 | tcp | |
| NL | 172.217.168.195:443 | tcp | |
| US | 1.1.1.1:53 | bundangayri.com | udp |
| US | 1.1.1.1:53 | g.tenor.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| NL | 142.250.179.142:443 | android.apis.google.com | tcp |
| NL | 142.250.179.142:443 | android.apis.google.com | tcp |
| NL | 142.250.179.142:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | bundangayri.com | udp |
| US | 1.1.1.1:53 | g.tenor.com | udp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| NL | 142.250.179.202:443 | semanticlocation-pa.googleapis.com | tcp |
Files
/data/data/com.hammer.abuse/app_DynamicOptDex/sddPBX.json
| MD5 | 8a84cb4cd62df7053f117c23f79e9340 |
| SHA1 | ff6a23580b006de7bacc86fbe4eb003b18d985f1 |
| SHA256 | 84ac1990c0d000252436dc44163e3211db9585e2f521268e33bb130890aaf8f9 |
| SHA512 | 822fdbeb236c3f7c680a0fdf926cda6ec7875c07073cd994689329d987175ceda27878456acbd9f3ec95039d4e5c008ae2b36a6acf363424e85c42386fbcbed0 |
/data/data/com.hammer.abuse/app_DynamicOptDex/sddPBX.json
| MD5 | 62d6cafa163c8dae7594cbfb9785ffb7 |
| SHA1 | c42ff394c29fe148ec9aae8658b61512375fd7fd |
| SHA256 | d68215d4ae0589442ac38b5acbfa3a0d73d7155ebc6168da81e3048d4bd3440b |
| SHA512 | bf979ef863aff48474f0416b9639e0b663c90e58f0f08b054b139cdd7b3070c5521604517ab48b2af45069dea2c0ad9dccdf6e00d9edc0865b80f79f2b3e435d |
/data/user/0/com.hammer.abuse/app_DynamicOptDex/sddPBX.json
| MD5 | 3fad4fc6c7fe2d43154b8af5137b109d |
| SHA1 | a4627dd6dab4bf7a8af274bf0958455646a8d559 |
| SHA256 | 90b18be5b64da444b7729613d465fa61df61f5000a8052941b3fd9decfa54e4d |
| SHA512 | 58a9164cf54ca65bf52a79e396299c1b5257596ae919bb98493e5137aa018de6483c8937cb7e4a789e2abb554190395e45a8886b8ea1bff7a3cd90e67f75c18c |
Analysis: behavioral6
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:04
Platform
win7-20231020-en
Max time kernel
119s
Max time network
133s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\338.js
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:04
Platform
win10v2004-20231020-en
Max time kernel
133s
Max time network
156s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\380.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.4.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:04
Platform
win7-20231025-en
Max time kernel
117s
Max time network
123s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\381.js
Network
Files
Analysis: behavioral32
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:05
Platform
win7-20231023-en
Max time kernel
121s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\395.js
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:04
Platform
android-x86-arm-20231023-en
Max time kernel
2364184s
Max time network
138s
Command Line
Signatures
Alienbot
Cerberus
Cerberus payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Acquires the wake lock.
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.hammer.abuse/app_DynamicOptDex/sddPBX.json | N/A | N/A |
| N/A | /data/user/0/com.hammer.abuse/app_DynamicOptDex/sddPBX.json | N/A | N/A |
Requests disabling of battery optimizations (often used to enable hiding in the background).
| Description | Indicator | Process | Target |
| Intent action | android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS | N/A | N/A |
Removes a system notification.
| Description | Indicator | Process | Target |
| Framework service call | android.app.INotificationManager.cancelNotificationWithTag | N/A | N/A |
Processes
com.hammer.abuse
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.hammer.abuse/app_DynamicOptDex/sddPBX.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.hammer.abuse/app_DynamicOptDex/oat/x86/sddPBX.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| DE | 172.217.23.202:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | jsonplaceholder.typicode.com | udp |
| US | 172.64.199.35:443 | jsonplaceholder.typicode.com | tcp |
| NL | 142.251.36.14:443 | tcp | |
| NL | 142.251.36.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| DE | 172.217.23.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | bundangayri.com | udp |
| NL | 142.250.179.170:443 | semanticlocation-pa.googleapis.com | tcp |
Files
/data/data/com.hammer.abuse/app_DynamicOptDex/sddPBX.json
| MD5 | 8a84cb4cd62df7053f117c23f79e9340 |
| SHA1 | ff6a23580b006de7bacc86fbe4eb003b18d985f1 |
| SHA256 | 84ac1990c0d000252436dc44163e3211db9585e2f521268e33bb130890aaf8f9 |
| SHA512 | 822fdbeb236c3f7c680a0fdf926cda6ec7875c07073cd994689329d987175ceda27878456acbd9f3ec95039d4e5c008ae2b36a6acf363424e85c42386fbcbed0 |
/data/data/com.hammer.abuse/app_DynamicOptDex/sddPBX.json
| MD5 | 62d6cafa163c8dae7594cbfb9785ffb7 |
| SHA1 | c42ff394c29fe148ec9aae8658b61512375fd7fd |
| SHA256 | d68215d4ae0589442ac38b5acbfa3a0d73d7155ebc6168da81e3048d4bd3440b |
| SHA512 | bf979ef863aff48474f0416b9639e0b663c90e58f0f08b054b139cdd7b3070c5521604517ab48b2af45069dea2c0ad9dccdf6e00d9edc0865b80f79f2b3e435d |
/data/user/0/com.hammer.abuse/app_DynamicOptDex/sddPBX.json
| MD5 | 3fad4fc6c7fe2d43154b8af5137b109d |
| SHA1 | a4627dd6dab4bf7a8af274bf0958455646a8d559 |
| SHA256 | 90b18be5b64da444b7729613d465fa61df61f5000a8052941b3fd9decfa54e4d |
| SHA512 | 58a9164cf54ca65bf52a79e396299c1b5257596ae919bb98493e5137aa018de6483c8937cb7e4a789e2abb554190395e45a8886b8ea1bff7a3cd90e67f75c18c |
/data/user/0/com.hammer.abuse/app_DynamicOptDex/sddPBX.json
| MD5 | a9a27905b06d8576c443f23aba195e6b |
| SHA1 | 770c9456a534045219f22fa6f3a4003545b816fd |
| SHA256 | 233a73d03446cb87b6a3f72f56465f193fbc0efa1d7abe3bf4bcf371a62d80bf |
| SHA512 | db6e8fcc04ca1b2657bc1f2afc720f2e047db6357d23de522aa6cff6d6d589c68c41978193cf6169d65ab5acabb1d25a9b7c9323a11d4c0ecc836378a232a7d3 |
/data/data/com.hammer.abuse/app_DynamicOptDex/oat/sddPBX.json.cur.prof
| MD5 | b777abdfa52cebbc7d4eed6b86f01546 |
| SHA1 | d49387703f4e897c28bd7cf30695750adff97b88 |
| SHA256 | 6be7faecd99ecb75aa9b57b4799b763c7bd48cb0dd3b9f5ab3d4469e40474100 |
| SHA512 | 10d012897ab1ee0717336a4255c1ae472e95fb0682829e558d6f45ee3ed3a338922b61072d788c78457096490da140725b44217a4920b1e6d28dfc6b3720e0ff |
Analysis: behavioral18
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:04
Platform
win7-20231020-en
Max time kernel
122s
Max time network
126s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\384.js
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:04
Platform
win7-20231023-en
Max time kernel
119s
Max time network
126s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\388.js
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:07
Platform
win7-20231023-en
Max time kernel
119s
Max time network
159s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\389.js
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:07
Platform
win7-20231023-en
Max time kernel
240s
Max time network
281s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\392.js
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:04
Platform
win10v2004-20231023-en
Max time kernel
119s
Max time network
131s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\341.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.4.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:07
Platform
win7-20231023-en
Max time kernel
241s
Max time network
282s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\342.js
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:04
Platform
win7-20231023-en
Max time kernel
120s
Max time network
128s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\380.js
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:04
Platform
win7-20231020-en
Max time kernel
120s
Max time network
124s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\387.js
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:04
Platform
win7-20231023-en
Max time kernel
122s
Max time network
125s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\341.js
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:04
Platform
win10v2004-20231023-en
Max time kernel
137s
Max time network
158s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\389.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.4.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:04
Platform
win10v2004-20231023-en
Max time kernel
137s
Max time network
158s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\392.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:06
Platform
win7-20231023-en
Max time kernel
239s
Max time network
278s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\340.js
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:05
Platform
win10v2004-20231023-en
Max time kernel
143s
Max time network
162s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\342.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.142.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.4.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:04
Platform
win10v2004-20231023-en
Max time kernel
138s
Max time network
158s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\381.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:05
Platform
win10v2004-20231025-en
Max time kernel
115s
Max time network
147s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\384.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.142.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2023-11-01 22:00
Reported
2023-11-01 22:05
Platform
win7-20231025-en
Max time kernel
121s
Max time network
136s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\386.js