Analysis Overview
SHA256
71f39570512da5614436bdff0536deadfabbbfd7d0ad8b92ed85d588d231a01a
Threat Level: Known bad
The file Insomnia.Core-8.4.5.exe was found to be: Known bad.
Malicious Activity Summary
Irata
Irata payload
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-18 17:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-18 17:09
Reported
2023-12-18 17:45
Platform
win10-20231215-en
Max time kernel
1211s
Max time network
1600s
Command Line
Signatures
Irata
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\insomnia\Update.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Insomnia.Core-8.4.5.exe
"C:\Users\Admin\AppData\Local\Temp\Insomnia.Core-8.4.5.exe"
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe
"C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe" --squirrel-install 8.4.5
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Insomnia /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Insomnia\Crashpad --url=https://f.a.k/e --annotation=_productName=Insomnia --annotation=_version=8.4.5 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=27.0.3 --initial-client-data=0x4d4,0x4d8,0x4dc,0x44c,0x4e0,0x7ff7e04b79e0,0x7ff7e04b79f0,0x7ff7e04b7a00
C:\Users\Admin\AppData\Local\insomnia\Update.exe
C:\Users\Admin\AppData\Local\insomnia\Update.exe --createShortcut=Insomnia.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 114.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
| MD5 | e5ed80c2176cb187df060f127395883e |
| SHA1 | 7b76926286b06c7167d078fcda9381aef874aaee |
| SHA256 | 9eabd782e197be01fc518a40bdec934c2d1a2a09af3d80153b755f8f03aba59f |
| SHA512 | 3aae310481f4469a58e3eada5898d1dac40577b013ec2ddeb86959805ec6aa07ad24bb8c7e81b4a432af187f7f6950af0821294985ee256137a66741f303240f |
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
| MD5 | 4a5dbd3d6263eca75561a21b98aa4353 |
| SHA1 | 9308061daf870e2c3b002c5b5ba81556c6e03873 |
| SHA256 | 19a9ed41a69c74f130f53572aa1b07b1fa35d93a408dcf9d3f16f0fd72dd1e69 |
| SHA512 | 1741d133badccedeedc68079e1f6dcaf116bad58b85292031da2759ca0648416054d5806edcbf0910a276a95a76c4b21d2465dd1d994a068a1db5ee47632bd11 |
memory/220-7-0x0000000000C80000-0x0000000000E44000-memory.dmp
memory/220-8-0x00000000730B0000-0x000000007379E000-memory.dmp
memory/220-9-0x00000000056B0000-0x00000000056C0000-memory.dmp
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
| MD5 | f458fc47d7f83c6498c7712cfc2a2564 |
| SHA1 | 168c4619b60e571aecfe4776b1bc7c061e708d7b |
| SHA256 | 3639150a76d9517309f8e71ce28f53dd0efdb04dc6745c9aff443faaa0f3394f |
| SHA512 | 6315468bcf332109fc1aa9d4a978da02145d3fe2c8cc970a871b0de4247b08d4806d8ee727ac2e6cd5a88b0750bd3daa5e2676468c48fbae6f4e30d039fe5b6f |
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif
| MD5 | 90c66f6333edc7f15aa2f183b2082f15 |
| SHA1 | 744d5df7023433c4074a2770f70a72d652f154b2 |
| SHA256 | 65583541ba1a320a783aef7798ddee7dda68385103f9c3b50da403003d2de138 |
| SHA512 | 3b15ca5ce87f0e05811938193aef797c9979ecebd7085510ad127a0a956c09c5eb862bc7aa5066403adcaf9b460096ec5f95ca961db585c562595212daf1be05 |
C:\Users\Admin\AppData\Local\SquirrelTemp\insomnia-8.4.5-full.nupkg
| MD5 | d4945248c78ebdd112447d2a999136db |
| SHA1 | 80794c7621cd1fa3122cbe8aff66bfe51338d887 |
| SHA256 | 98d8d801e4bd32ca64ba5c57cd3555474ad7981157a4a7bba18051eb2d6b01ac |
| SHA512 | c97b46aa8a78e68269bfa3c40128d0fefd68bc800cd7455049226d024085dfd3f64ad5ada31b616791eeca92205e36d1cc773103685bf0b370d99ccf5ab20d4b |
memory/220-16-0x000000000A760000-0x000000000A798000-memory.dmp
memory/220-18-0x00000000056B0000-0x00000000056C0000-memory.dmp
C:\Users\Admin\AppData\Local\insomnia\packages\insomnia-8.4.5-full.nupkg
| MD5 | 9b320419f5ed3b1665c363a9060160c2 |
| SHA1 | 1478a96b31a21d9ebcd81d2d2156862cd414d685 |
| SHA256 | 6dc9f1912c6d55bfd05b1bf4ef7f67b80e51da56b133848df7e1de99701cba09 |
| SHA512 | 081a63f264417f172ac1d90722521eb052c44e34861fe385ce3d44eed8b75e3f9d9d618a5430bb0a6ec1f55267f30dae6eee9b5de9a7218548523c5774270ea5 |
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe
| MD5 | ab337de05780ffd738900490287cb1e2 |
| SHA1 | d6aeb0666dfedacda0ec1db36f3d7adf27c32682 |
| SHA256 | 029a717cf2761a49d5ac0b0c6edd05b231f2d7dca213404a68cf7227b1bf43a9 |
| SHA512 | 9419861946f5e94cf7d631f0e10ff29890bd4780ea8259b310a1549fd99fc4160200c3b692239c7fbd1eb3dd1c572e41fb71760581beef4f2a1069ecdcab0ce6 |
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\ffmpeg.dll
| MD5 | c121e3bb53b032edf463e46a532c608d |
| SHA1 | 442f6f5ce709edcd5aab1a09f3cb61816b67223e |
| SHA256 | e86df2f9096533401042ffbfa26c19872fb7e8b1a76e7121894d98afe9ce7410 |
| SHA512 | ee34ec2f91bac3da8324eb598807f9ed2d317f5630de546a4a20aa15bbaed6b86e47b48955582714bf17f86b49289a2ee2a0499127948bcbbc758f54326be211 |
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\v8_context_snapshot.bin
| MD5 | 60eb166778169f8ad72ebc8023212403 |
| SHA1 | e0f23610fa2274a6b4ca79ee0b17b094b62d4103 |
| SHA256 | ffb23f669e2fee9b45c0180ccf7bca07315613bc78c53b264fcfc069de078972 |
| SHA512 | cccf3a5d8e24f2250ff87d173eee32743cae212c5baa8ad526bb0f02bfa382bb017dd8e01242a2d6d5c1d27048900eb7e897daa7349826297acde435870775d1 |
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\icudtl.dat
| MD5 | c03995d8d831dfddc4154be80c55d7fb |
| SHA1 | c1a9e447b08df6f16627d1aa3a3ffc169e33e242 |
| SHA256 | 97dabd33e11ee41dc51af226f12b6a554a28cb07b38cfcdbcccec68e72ce1d5c |
| SHA512 | 0b55689bdc9e5aa2c4094524728ffd029320b4333b0c215e33994863175d5aaf3c6b6b78b6ce2cb6fe45339c95df932ab84089c079f75d7562e78c423192131a |
\Users\Admin\AppData\Local\insomnia\app-8.4.5\ffmpeg.dll
| MD5 | b0b1e2191e9c8bbd809693dbb63a61e0 |
| SHA1 | 602a620ad6018c836e5ded2184637cd5430af87f |
| SHA256 | 10d86a853e5739bb9832fefa323b528cd27558e608e1ef25fffb9df3efd17969 |
| SHA512 | d872bd2356124a968cd8d2bd1410f2cf227ef02bc2d2279d02897b71ca665c7ce39a21ca0771526115cbffe5a2e5f2da8b783f122ba20caa24f4b17a9d2555d1 |
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe
| MD5 | 5a415ae35cc928dc127c089c11671b39 |
| SHA1 | da17daa1a77168f645a4abcac17bfafee71a5c13 |
| SHA256 | 9b73187ccb35c7aed85025a3722e6450597e6545403bc9b39c995503de414068 |
| SHA512 | 33fc3d6fa2e96b156bc791da7311dd7f9cc5e1bf4109730d99263c8e933f7da6b2658613d496019ee784ff36339f982a7fe08936ef5ff038a491f74639ce40a1 |
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\resources\app.asar
| MD5 | 94bec7e12335041d2504e57ae85224f2 |
| SHA1 | 6d54fb6c7fc60f1a4f052df4b62d30dd7a84efe2 |
| SHA256 | bc42e7ca618da93d6f20e1440b18fa1e854a524e5ba59da8e9bb4129fbc70d53 |
| SHA512 | 44c833a9ff3ef2ad4d3d52de41c815a937066d129f8cd7eff9ff2179a7be43016ec3d19bddb983ed442db355a974720fa34dbca1b4a1addb6cc190b39759c36f |
C:\Users\Admin\AppData\Local\insomnia\update.exe
| MD5 | 21e86e72a469ab5c786758f50071b2d3 |
| SHA1 | 3d352fd4f71e8d114995499c676b55c11da0d72c |
| SHA256 | d2e6ffc33d7bb4dbf3e54e90b81ec237eb0fac107fe03aa555b5a03bbd1c24e9 |
| SHA512 | f61cf0ce91df177b94a61c2800cfd5a9b9f18ab7a80fcba269f15968100b7e44a35342b0e289eafc98af957c9a195d0a42aba6006cd0d7692194a2cbbc600d49 |
\Users\Admin\AppData\Local\Temp\644e011c-f06c-45a1-86da-844c52a52e6e.tmp.node
| MD5 | d5fd7d5e82543312c27fefca1dd900e0 |
| SHA1 | da1d35634f909bb977b893d59030cbbfb22fbf41 |
| SHA256 | e8b78b031eb5c0db8aa50dfc0046a7fb25eda28535151471701feabd396541a8 |
| SHA512 | 5099cf6497e240049dd56ce35c013ddf48a61b6b6aed05abf0fb0bb993e7f9737c69163f8755f6a58f172434ae9a89a74ffcff764dc4737a0e8d72c1c940a837 |
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe
| MD5 | 944d83e9e11f7e9e0aaea47aa3d18d5c |
| SHA1 | db6e30c1b1d6a5433b4c23c2f4a53bb402bbd3bd |
| SHA256 | 19e02d7f0f3418ecdbe0104d6ce42137bc9dc958ae998393b59f6470b013df05 |
| SHA512 | 1e78f8efcf57c4d559055cc6120ccbaf0e4648174233264267cbdab4288971f2c9819823cccb6a722a10ebd9390703fd661f71a06a635ef0223516f36f21dd3e |
\Users\Admin\AppData\Local\insomnia\app-8.4.5\ffmpeg.dll
| MD5 | 48e313f686747f266ccf8b905474529a |
| SHA1 | be285d598af1c014e5dc74eba94cd957e4868c03 |
| SHA256 | 55f0041f95e800838adc243164ac4e94091cb5664e2109cdd209c3bbba00ef93 |
| SHA512 | 5842912d8d3a80f33c8bf0916b9c7bcd8167a70aea4f4d5b502f87ac3d9879777b94eb4cabc694eb394a69ef394cfe430b2b1bc2d855458afa8b09db69e05c44 |
memory/4060-133-0x00000000730B0000-0x000000007379E000-memory.dmp
memory/4060-135-0x0000000004BC0000-0x0000000004BD0000-memory.dmp
C:\Users\Admin\AppData\Local\insomnia\packages\insomnia-8.4.5-full.nupkg
| MD5 | d4f3291210e1f276eb48ce68ea933efa |
| SHA1 | 403e0aacbaa4b4f41b2cda1b3e86f6ef3f0ec4c7 |
| SHA256 | 5b787580e095cc155fc68cc2208ec989301933f5c118dec226ba3ab99fd73037 |
| SHA512 | a9cce77fe5291f44d43d214f4f203d5cd1e26c19e798bd4a2bc35d555814202592b074cf63d1a8cc3bbc179619598671f7c4c7c2a5d6f88f40375dede36d117e |
C:\Users\Admin\AppData\Local\insomnia\packages\RELEASES
| MD5 | da8bc3e11c604a3e8211dbafc1d42294 |
| SHA1 | 194e8f87f2cd34df489aa66a4363510595d969b5 |
| SHA256 | 1bdf7620a1c54409e1b86c560bc90a015dd3bee1097361d4ae2c07b1a190c6c8 |
| SHA512 | ae9dd958546450750410b5a4870c24016873b203cab68b159f4562af91cc40ccddf4abdfc09b764904273d1b9ff325d672bdcc4fb5e50c69275f0c05a66f82ff |
memory/4060-137-0x0000000004B30000-0x0000000004B50000-memory.dmp
C:\Users\Admin\AppData\Local\insomnia\Update.exe
| MD5 | e2becb06eeed069bbb275698e14d4c32 |
| SHA1 | 79f407b3ad0bbb24f4e84aae4be00425e07425ff |
| SHA256 | 659939195df4f209c37b105175d210e1f20965d7c488328da7e7720b8a904588 |
| SHA512 | 667b1e4ade7bd93392a9a22627b0ad323b65d81eef95fff264ce9fdfa6bf84edb6cf7bbb7542157887937d177cd12e5bfbf34be671afe2507b8d157a28a64b3c |
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe
| MD5 | 604ac6c84f2101819803188312b53605 |
| SHA1 | 0ca098602f217fa6db95b9b0fca607ec14fa534d |
| SHA256 | a23367a1ba5c3293265cf0307650f1e2c1cdd425b33b06ba11a2ca6671495dd4 |
| SHA512 | 4390f37cdcfdc6bf5867c1fbe9d09a82a458f8ff7427b628997ea400782e26dd27f125d5bad4ceb5cf31858eb9ab47a376b8b41feb9764a3960869a853edd876 |
C:\Users\Admin\AppData\Local\insomnia\Insomnia.exe
| MD5 | 588bb92da6030957741459902b00b94d |
| SHA1 | bce29ac64141461a535633bee83fe06aa926c76c |
| SHA256 | 102a34d39e77fc1c8f7723da06dd251e7cfae2447fb81cd6a33af4243bdc7e56 |
| SHA512 | 1ef0ea4daa2e2f2d61f8010eb34fbb02208fa6309eec9d784f642d87e1093da2558d6711d8d149320241383a08c48d71d00bd3e1f300a7b3b70490d68087e905 |
memory/4060-144-0x00000000730B0000-0x000000007379E000-memory.dmp
memory/220-145-0x00000000730B0000-0x000000007379E000-memory.dmp
memory/220-146-0x00000000056B0000-0x00000000056C0000-memory.dmp
memory/220-147-0x00000000056B0000-0x00000000056C0000-memory.dmp