Malware Analysis Report

2025-03-15 03:20

Sample ID 231226-zdmr8afeh8
Target RC7_for_Syntax_1 (1).zip
SHA256 ba79a6ede88584f6c594c87f44bc497d3c533366fa041798a142804f1cf505ab
Tags
upx pyinstaller empyrean
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ba79a6ede88584f6c594c87f44bc497d3c533366fa041798a142804f1cf505ab

Threat Level: Known bad

The file RC7_for_Syntax_1 (1).zip was found to be: Known bad.

Malicious Activity Summary

upx pyinstaller empyrean

Detects Empyrean stealer

Empyrean family

UPX packed file

Loads dropped DLL

Looks up external IP address via web service

Unsigned PE

Program crash

Detects Pyinstaller

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-26 20:36

Signatures

Detects Empyrean stealer

Description Indicator Process Target
N/A N/A N/A N/A

Empyrean family

empyrean

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral30

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:41

Platform

win10v2004-20231215-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:40

Platform

win10v2004-20231222-en

Max time kernel

96s

Max time network

122s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Bunifu_UI_v1.5.3.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Bunifu_UI_v1.5.3.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 148.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 78.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 195.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 16.143.109.104.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 178.113.50.184.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:40

Platform

win7-20231215-en

Max time kernel

120s

Max time network

129s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Regret.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2884 wrote to memory of 2452 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2884 wrote to memory of 2452 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2884 wrote to memory of 2452 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2884 wrote to memory of 2452 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2884 wrote to memory of 2452 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2884 wrote to memory of 2452 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2884 wrote to memory of 2452 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Regret.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Regret.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:41

Platform

win10v2004-20231222-en

Max time kernel

144s

Max time network

147s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\css\css.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\css\css.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 20.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 84.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 195.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 253.15.104.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:40

Platform

win7-20231215-en

Max time kernel

122s

Max time network

127s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\bat\bat.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\bat\bat.js

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:41

Platform

win7-20231215-en

Max time kernel

117s

Max time network

123s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\coffee\coffee.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\coffee\coffee.js

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:40

Platform

win7-20231215-en

Max time kernel

121s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\RC7_UI.exe"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\RC7_UI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RC7_UI.exe = "11001" C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\RC7_UI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\RC7_UI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\RC7_UI.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\RC7_UI.exe

"C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\RC7_UI.exe"

Network

N/A

Files

memory/2896-0-0x00000000002A0000-0x00000000002FC000-memory.dmp

memory/2896-1-0x0000000073EC0000-0x00000000745AE000-memory.dmp

memory/2896-3-0x0000000000320000-0x000000000032A000-memory.dmp

memory/2896-2-0x0000000004800000-0x0000000004840000-memory.dmp

memory/2896-4-0x0000000004800000-0x0000000004840000-memory.dmp

memory/2896-5-0x0000000073EC0000-0x00000000745AE000-memory.dmp

Analysis: behavioral9

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:43

Platform

win7-20231215-en

Max time kernel

266s

Max time network

319s

Command Line

"C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe

"C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe"

C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe

"C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_MEI21842\python310.dll

MD5 dfac8b8af23d33d0123847138883a746
SHA1 cbd5997cb527b5aab9c139a39bca01359c313e48
SHA256 9b13ca3fb263dd1797943a1faf1c7be313d33c293babd2ee60addc39a4b856e1
SHA512 42f909ac46263f2f8963343f4d2b6cb999416f425ceac37b4493a42592afdd18dd88a36214d9231f4bf1d793731740e464a717bf930f7aee9fe7d3c48ef8013e

\Users\Admin\AppData\Local\Temp\_MEI21842\python310.dll

MD5 97852187ed2d005d8d94cd4811dff33e
SHA1 b6769c6a4726e2496aa774140f3f0c8350af122e
SHA256 8215237e9326076e2679b1e617a4589958214dd4c475e485296b622540e30525
SHA512 7002ea82fda88b5a04053e9f18fec3ce2d893a07e82740a9ee526e31fdc126e46aa2bbcad0ea71154354df145a7d96f94f7b81a224ad33a5a5385f333041deae

memory/2300-113-0x000007FEF5740000-0x000007FEF5BAE000-memory.dmp

Analysis: behavioral18

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:40

Platform

win10v2004-20231222-en

Max time kernel

97s

Max time network

127s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\bat\bat.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\bat\bat.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 195.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 17.143.109.104.in-addr.arpa udp
US 8.8.8.8:53 112.113.50.184.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 84.117.19.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:41

Platform

win10v2004-20231215-en

Max time kernel

145s

Max time network

151s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\csharp\csharp.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\csharp\csharp.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 20.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 78.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 195.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 17.143.109.104.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:45

Platform

win7-20231215-en

Max time kernel

266s

Max time network

319s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\dockerfile\dockerfile.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\dockerfile\dockerfile.js

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:40

Platform

win10v2004-20231215-en

Max time kernel

149s

Max time network

138s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\AlphaBlendTextBox.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\AlphaBlendTextBox.dll,#1

Network

Country Destination Domain Proto
US 138.91.171.81:80 tcp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 195.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 16.234.44.23.in-addr.arpa udp
US 8.8.8.8:53 110.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 97.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 71.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 163.218.122.92.in-addr.arpa udp
US 8.8.8.8:53 146.113.50.184.in-addr.arpa udp
US 8.8.8.8:53 udp
IE 20.223.35.26:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 udp
GB 2.19.117.97:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 2.19.117.71:80 tcp
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 udp
US 138.91.171.81:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
US 8.8.8.8:53 udp
N/A 20.189.173.13:443 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
US 8.8.8.8:53 udp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:40

Platform

win7-20231215-en

Max time kernel

67s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\Monaco.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AE4BACF1-A42E-11EE-9DB1-EEC5CD00071E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0e620863b38da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000ff178ec6e3b4c1f4b46a0f60d5774e9bb2916960edc530c528f3eabc9e3f07de000000000e80000000020000200000009a855838ecafd76a2682cd309782e5cc35ef3dba29f22ef93f29caa7d91fce3520000000cb54f0c4df3634d371a69c5de8bdd2e060610b77931d9ea7a3ed310b058c2c054000000023ebc2f7a9e68adea33e2a40543f786e8eb9df8de5d21b91f3b3af6dfadfc59b1a81726515eda55c3ec360cc0b1d002fe753dc38e2f2d7ad752018546d41857b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa000000000200000000001066000000010000200000002713c2c0ec6b5dfdfb9041f0c8c330eb21b24b55c28c32c17865bf819962a01a000000000e8000000002000020000000be9b9189054e29ecc05ab42c7f4d745ead4e8c5dd4619dbaa2c444564f7d564490000000f7f8b1d2226ece15ce33cfb3494d5fb861befb82b4ff5ce170a4b913609f063603f145641bc65908ef34b677a37e0dcddef39ee7e01c8c476c4844ef0d69038d3f7f2c513fa88268da6d9968944cb2d855190114b9d8e9dfcfb352c745de4182a684fdd79c502afffdfec670d90e0fed3c9901554fce58e496763297470c3b0360a819168538259f77304e47ef9e4bbd40000000f31643d3f10ecb231d44a87b4fb4e36bce5fe8853bd756fa0b6258bdbebcb346d935eb4257df5676223bb63d87501e37379211f95788b2e5645ad42a4811ebd3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\Monaco.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab72C2.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar7F82.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 999d8f5526cff397212ff03a98d45d56
SHA1 7d9c18839745c51d39ed48d4bce0352a21ee89cb
SHA256 d7d6939b2395340ed46b672ecd226f8a67813abbcae87b283c8eea6ec691bc79
SHA512 a80f789a9a5f49588d110468730007e0cf780bf8da70d2da7c9847491f76faa5635f37e46621ae1fc62d28c003269b2f7f1e8db8682947ff3d0619a1813716e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f10598c7a9acc1f981656cae5c121711
SHA1 43c9f4e846b7de77e5b8784d6187a9ed4ceaf4f6
SHA256 0d82673231942e8c150fda4b772afc5b312d4628dacc1125580a73de9e6336be
SHA512 7d84698fd0c08b30a1f856c17654f5c9e7f2c02740dae720d9c6af956cf98f72792a865e8c3ddc68101301ec5456df07f415f4e04ac843feb2f51fc991aa28fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e52cfc668ac2dd444b3ca651503a68db
SHA1 256b010db457ea1ddd7a141d97e25a2e63479294
SHA256 28e6562b37a3383ea198bfdd7cca6b6f24124246c9db0d25726b6a40d75fb808
SHA512 232befba44d292f59d011ae3091cf73d62f822725505858cbc78caadb97a0fa6c26115160a0dff4f302fa105ff25689ba1265a59c487e41d17d6b58163048bc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a50461421e65997c3f1fa79e540dceee
SHA1 4aa2701587538874a9d977d42a6802090c7b8fa8
SHA256 3f7c9e12ce88b6eb4463db3bd162c053df68a3ad705de8a707c1601d13b70fb3
SHA512 70a61563e35cb3793a8edc7f4d2dbdd75c8b112e4e52e397c43f4ffb54ac604e2deef8ca4df1105fcb35923af762be50012ad27fc7129a77fe95b007d3189246

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 238abb6d9c99e426c3652b830451de54
SHA1 d9992e2ef804a04127946c62283fc646793e8104
SHA256 8fdc4cb9c1fdcd2a4cf732366244751b454afec94950d0d62e819288df0e6454
SHA512 c6daa3ddea52de58a891ccb2ee1852bf4bd9a690d1cf2ced6d2bd2cc8f5c2c57e29dccb9cff333cc49ba4e85ed899ac4d233a994e7ae5f457e7162b0667d76a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8bd5a6b4067774407b1a499c2f2b1df4
SHA1 011dd726bb62bcc36aee1dd7ca8966f5a75e6560
SHA256 05cebc870a6e792556d4a399dd7de58660c6c59972d2618a35d3c62a1849a5d7
SHA512 46c5a8129b013ca8c4055d5764563df3261feb83646658bf637bf0a65c3064069c32037d1a6995701587d474501ee5a4390b08496b2f3a56a48f091402ce0911

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c7cc9d9bd2629b9287d0caa4b9cd41a
SHA1 1195824cb8e32c714096548d6c4e347493fd7c78
SHA256 ee278fee36587993577a5f11ca4c31a962396e84d748bccbaf61a36c58ec7264
SHA512 72510b8a70c6215f353afa47eabaaee2b3646a221122c6794ad3e5b5ea5c8b1085561557bb5a3225960ac94cdfe64293acc678cba5ade9e2e175f2974cddf3cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6534b65721edcef7103d03689cd9c58
SHA1 505c7496079dc6aea3d98bbf14e6562d73e565a3
SHA256 22d76e8ce707560375bcda641245e206918bc1b45399d8b472de2692662713fb
SHA512 a21f0409cd6f164f3649c220e6187ad209a3a822a231910d7ae9eeb0c641a889278817a447328eee9ad57c4ab8bfa295f129020cd1c649c6c336bc5d35d64296

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 296b90ed5f3dd21912e03b669ccc7971
SHA1 05451414af83fd4ce8fd3195000e3e7afa9944f7
SHA256 b540ec1696309b01cee0f9dbc3d33a6da559ad2f84b25fdeb4a22d27299b3046
SHA512 c3fd0049816e767ee909584ae14b67d925b77ae3682cdf0a6b5740febedd9de8aeadf47df297fd57597a121c5289e9bca711156800a28622d2bb3b22d61598c1

Analysis: behavioral15

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:41

Platform

win7-20231215-en

Max time kernel

117s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\base\worker\workerMain.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\base\worker\workerMain.js

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:40

Platform

win7-20231129-en

Max time kernel

121s

Max time network

123s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\AlphaBlendTextBox.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\AlphaBlendTextBox.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:40

Platform

win7-20231129-en

Max time kernel

120s

Max time network

122s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Bunifu_UI_v1.5.3.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Bunifu_UI_v1.5.3.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:43

Platform

win10v2004-20231215-en

Max time kernel

203s

Max time network

282s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\Monaco.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d228e40a7820b94dbd5c7b6846f2f5ad00000000020000000000106600000001000020000000155277422cd9957d9d0e194ba47100b8bf34c8ded5f724213b56873dcacb2b6f000000000e8000000002000020000000670cc0d4c3b257305ca0c1527877e40ae36cd5dae2fb5539d861218651c8481520000000ea15ef4ebe74d29f1741d1cd263b4745baa1b79a7385d4ccfe75d188ed28120d400000001ccf6e223a43269885300fd1de757178601586092ec9caa95a4f319ae99518366fded41471b5c65f9297601257377e550314da93202b4bce90eb45799ca5e051 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078459" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d228e40a7820b94dbd5c7b6846f2f5ad00000000020000000000106600000001000020000000171b5d9f9177bcd1d2d5cb534e067d05bcad5971a34ba2de433274afad208e7c000000000e8000000002000020000000849c45d5d45c67a598e86cfe6764aa86db23550b4e06b12c351c46457324b63b200000008cee0c4008c290e7bd6003c65cdbcedca4a7e399e77fd528ff87b8b3f7eb726f400000007de18061405f4016226a2542f50ab149d81354c7518442d5299487f3d847c814561f7b89f52ed59c4ad1fc3d217eaa14475f2f5c8a5590bc86bbdb540dcdc0ca C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3936420618" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078459" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30581f033c38da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1D35F805-A42F-11EE-B7F4-4E55496B34AD} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20b7fdfd3b38da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4076731567" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410388261" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3936420618" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31078459" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\Monaco.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3996 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 138.91.171.81:80 tcp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 16.234.44.23.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 78.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 84.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 213.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 167.109.18.2.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 106.27.33.23.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 2.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\43O0UZKG\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral21

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:40

Platform

win7-20231215-en

Max time kernel

119s

Max time network

121s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\cpp\cpp.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\cpp\cpp.js

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:40

Platform

win7-20231215-en

Max time kernel

0s

Max time network

119s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\csharp\csharp.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\csharp\csharp.js

Network

N/A

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:41

Platform

win7-20231215-en

Max time kernel

7s

Max time network

37s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\fsharp\fsharp.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\fsharp\fsharp.js

Network

N/A

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:41

Platform

win10v2004-20231215-en

Max time kernel

145s

Max time network

97s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\fsharp\fsharp.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\fsharp\fsharp.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 148.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 84.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 195.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 udp
IE 51.104.136.2:443 tcp
IE 51.104.136.2:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
IE 51.104.136.2:443 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 2.19.169.110:80 tcp
N/A 2.19.169.110:80 tcp
NL 104.109.143.17:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 110.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 17.143.109.104.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 udp
N/A 2.19.117.78:80 tcp
N/A 2.19.117.78:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 20.199.58.43:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 udp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
US 93.184.221.240:80 tcp
GB 2.19.117.97:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 2.19.117.97:80 tcp
US 8.8.8.8:53 113.218.122.92.in-addr.arpa udp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
GB 2.19.117.97:80 tcp
FR 92.122.218.113:80 tcp
GB 2.19.117.97:80 tcp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
US 8.8.8.8:53 udp
N/A 184.50.113.178:80 tcp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
US 8.8.8.8:53 udp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
US 8.8.8.8:53 udp
N/A 52.111.227.11:443 tcp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
US 8.8.8.8:53 udp
N/A 20.74.47.205:443 tcp
N/A 20.74.47.205:443 tcp
N/A 20.74.47.205:443 tcp
FR 92.122.218.113:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 204.79.197.200:443 tcp
N/A 204.79.197.200:443 tcp
N/A 204.79.197.200:443 tcp
N/A 204.79.197.200:443 tcp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 udp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
US 8.8.8.8:53 udp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
US 8.8.8.8:53 udp
N/A 13.85.23.206:443 tcp
US 8.8.8.8:53 udp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 udp
N/A 2.19.117.71:80 tcp
US 93.184.221.240:80 tcp
N/A 2.19.117.71:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
US 8.8.8.8:53 udp
FR 92.122.218.113:80 tcp
FR 92.122.218.113:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 2.19.117.71:80 tcp
N/A 13.85.23.206:443 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:40

Platform

win7-20231129-en

Max time kernel

0s

Max time network

132s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\MonacoEditor.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B6B7BE11-A42E-11EE-AAEE-523091137F1B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\MonacoEditor.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2752 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 92.123.128.164:80 www.bing.com tcp
US 92.123.128.164:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2888.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar29F4.tmp

MD5 d5ea2d01ecf9232153f63c15da488330
SHA1 dfa7c984b5818cbce56abe592702cb6ecc04e69e
SHA256 70156f6aa83409aa8feee7474b4a030b732e1f01b08831c1791b8a1d308c1863
SHA512 65b86cc1e8359fe3f7d78ee9d2b00b2c2e2724e361ddee964899387dda1158a66e43f99e93c52e0cf53ccee5416f023f35fb024e39e4eb76c7a774bf72ea3491

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 9489c86554b275fcb6175e2c0dbbc592
SHA1 a7b8f0d4405c5e70126064fa8d7fc0f5f2f0e5ab
SHA256 2e00097e2b3219406345f14005cbed023e9c37570b6e64bf2eec18822467c694
SHA512 aa070e15de9aad008f102190b38e62957a4bb853959829522d31973f57c1c29a18c5ee82e28c346c9cbc3b3fcd82713c8e0710f1bdb2a38b465b1eec3895ebbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b3d7a8169e952f6fa0cd3dd4c86ae3a
SHA1 924f33cd9d13593ba054116d2279f9e6f1f71deb
SHA256 2e0caf010fa45047aea1a90abbb89823055920f7e95f09c05556d03d9489fcc4
SHA512 51d7072e07fc8b26bf41880b446338230653ae10009faae9fc9505128677f9228fd3ba2a14f8342c4dfb81bf25a63e47aa5e8cfe11abe6941f35e492c0697d94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 962368e5bbf869f700fa5073e22f2a70
SHA1 d9f794ee3d907c961a09f025cd36a0679c590305
SHA256 f86c2f563a2ddc9adbe41150700f847ecb622b6db4c585faefa90ec5ee9ac986
SHA512 0fbf9b079b9244bd64d047e780f9b5a472ffbf5a277163712367b1dd1a9bbf08c2fea31b7a1639dade814c29f8f8326840be13734023d701cf1ac2fe59bc9e0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2cead5cb34ad5f0a41f75b4dcdc5ec6
SHA1 94cc970c03db299882b890362bdd24b2cb56e512
SHA256 6976617c79f2b12894a97071f2877e020b6964717b0b15bc23a3e7599b7dcc41
SHA512 5c9a9d21ab1d96f877250233e6fa60e98e47e783815b78428f47a10c83a523dda6fc7c72b5d7aadbea51017cba96352e3bb6ac9c9851ec7bcb567d40760c0755

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3694e7c87c46ed6d41eb337f84d9b4c2
SHA1 0f4cd0da1927890941ee71517facf649baf960bc
SHA256 f1b9aa683e4b642f12a95475ee61365b37cd7b6a411650a86fb0e2be6e777036
SHA512 e72e22804200d414f2b362ed4c02573703537eac282ab5092ca036dc101b7e2e2b29430a70c5ce5a0721399da0b4d75ebe8b2c7deefd6bc081f68d1ae0119bef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 3baad011be61c30784686fb89ae6d76b
SHA1 38e519ac5b053289097a90c05e897a05f8fd6ef9
SHA256 86d21477a175188cca18a79ed6c4268e013089ddbf1652da204351917471b518
SHA512 946fa62c7fdd796353cc07b111c7abb302e62074d65a869c0baffb50587fec6c53aec59bedab05fdf6dc3359e373939383842ab3853573115cff17a42a4189b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3aa0245aa0b068fbb1b499fb3397a21
SHA1 31a9617ff956c62571dcdaa1360d11aa0061ce40
SHA256 3b7b88e7c4d2cba316ddf1c79cdfc57b2716e236634da291630774e1929aba6f
SHA512 8aed6a11367aa6c45b3339c87bbe4e668000aa343ed4f1ba94f0b6d2b7b1c3eaa84ec0cb782aeb202fa566ae0fffc2eb5823b780d35cd0a1ad3d5760838d6b92

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81f5afce6e255fd7bfcd6264d01955ad
SHA1 dc116dd3295602fe4337354794542c875f786fba
SHA256 f94d09fcc70eddd899064d42d0873d940d9bf150518a909cfce31bd9cc242b00
SHA512 06957f952c1605772e26449e2fd582817e7e716cf71cef17d41047e386be1cc8ff3e8d4a1c6e161bacffe475fe2ae02ce1a45d2751deffa61b8aa505cbdb5c9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cea06fc535f7a5344917a9ba42c14103
SHA1 a953adf20580b60e3298a7d3287d7e5ad25d60ac
SHA256 70594da0b9e0ed878f0a1019061f8e351389f571facd63e23b7d4d8931b8464f
SHA512 5b11d6794231faae8f58cf0b25232fc6ed7d1bd93413bbfbb334804b52f86408bfa6d94d4c70ab1b529ffd012ad41b9f6bfb55bb76288655fee01af4df6923c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86fb2943d3dc583f2ef9275220372a44
SHA1 73dcc8b16aa664cad61d37ad8f63d488d501e0d2
SHA256 ebe3da6a3bf250510c13cbc14286f585a2f926696c0f438e7f9f18ff24a44ff7
SHA512 b50ec0369d579581eeca6e4da888039357c56007adf7be15ee79cf7b56fa703cea927580ff2e496cdf26f388b3322a8322ebd86aa0eb41121a3373b0d0910936

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b145182909ab191b891c90cc3f1056f
SHA1 e273911341209e84893eecbd04213e3bd6e04cfc
SHA256 808c8300a3d9a2b4df7babb2022998093f38d21bb24b570beacce6a30f220347
SHA512 4859e380d718a3381dfcae390892e3da5b6885cb0a6af0807505a4fb16df1c43d218545667f7c99efac678b81a63b16dcf6c2db72f81ec09dbc331f1c24a4053

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e330da179e583eb955ceb2c5ddb69c3
SHA1 f114b62fb8ba73594da9b5d9e8d40912064d8d78
SHA256 560a71b22c5973e8a72828690a9139aeb68b8d37d3fe870d59ba79cad9169e7d
SHA512 872205f4b2a4ae017fdac77275ae18aef7b020467d25970cafcdd880a41eef3929d49c368b282eca04daa18c9a2e0d048eb59d6d968ec7acd3ea7e433da10473

Analysis: behavioral16

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:40

Platform

win10v2004-20231215-en

Max time kernel

149s

Max time network

144s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\base\worker\workerMain.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\base\worker\workerMain.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 20.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 84.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 195.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 110.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 17.143.109.104.in-addr.arpa udp
US 8.8.8.8:53 16.234.44.23.in-addr.arpa udp
US 8.8.8.8:53 97.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 113.218.122.92.in-addr.arpa udp
US 8.8.8.8:53 udp
FR 92.122.218.113:80 tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
US 8.8.8.8:53 160.50.123.104.in-addr.arpa udp
GB 2.19.117.97:80 tcp
GB 2.19.117.97:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 71.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
FR 104.123.50.160:80 tcp
FR 104.123.50.160:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
US 8.8.8.8:53 udp
N/A 20.189.173.15:443 tcp
GB 2.19.117.71:80 tcp
US 192.229.221.95:80 tcp
US 8.8.8.8:53 udp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:41

Platform

win7-20231215-en

Max time network

119s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:41

Platform

win10v2004-20231222-en

Max time kernel

91s

Max time network

117s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\csp\csp.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\csp\csp.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 195.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 17.143.109.104.in-addr.arpa udp
US 8.8.8.8:53 84.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:40

Platform

win10v2004-20231222-en

Max time kernel

145s

Max time network

150s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\coffee\coffee.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\coffee\coffee.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 195.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 17.143.109.104.in-addr.arpa udp
US 8.8.8.8:53 78.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:41

Platform

win7-20231215-en

Max time kernel

119s

Max time network

121s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\css\css.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\css\css.js

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:40

Platform

win10v2004-20231222-en

Max time kernel

91s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\RC7_UI.exe"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RC7_UI.exe = "11001" C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\RC7_UI.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\RC7_UI.exe

"C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\RC7_UI.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 20.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 195.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 78.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

memory/2880-0-0x00000000008C0000-0x000000000091C000-memory.dmp

memory/2880-1-0x0000000074600000-0x0000000074DB0000-memory.dmp

memory/2880-2-0x0000000005830000-0x0000000005DD4000-memory.dmp

memory/2880-3-0x0000000005320000-0x00000000053B2000-memory.dmp

memory/2880-4-0x0000000005510000-0x0000000005520000-memory.dmp

memory/2880-5-0x00000000053C0000-0x00000000053CA000-memory.dmp

memory/2880-6-0x00000000053D0000-0x00000000053DA000-memory.dmp

memory/2880-7-0x0000000005510000-0x0000000005520000-memory.dmp

memory/2880-9-0x0000000074600000-0x0000000074DB0000-memory.dmp

Analysis: behavioral8

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:40

Platform

win10v2004-20231215-en

Max time kernel

144s

Max time network

60s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Regret.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4144 wrote to memory of 4372 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4144 wrote to memory of 4372 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4144 wrote to memory of 4372 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Regret.dll,#1

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Regret.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4372 -ip 4372

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 568

Network

Country Destination Domain Proto
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 20.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 78.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 195.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 16.234.44.23.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 2.19.169.110:80 tcp
N/A 2.19.169.110:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 104.109.143.16:80 tcp
US 8.8.8.8:53 udp
IE 20.54.110.119:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 20.242.39.171:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
NL 104.109.143.17:80 tcp
NL 104.109.143.17:80 tcp
NL 104.109.143.17:80 tcp
US 8.8.8.8:53 udp
GB 2.19.117.71:80 tcp
US 8.8.8.8:53 udp
NL 104.109.143.17:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
US 8.8.8.8:53 71.117.19.2.in-addr.arpa udp
NL 104.109.143.17:80 tcp
NL 104.109.143.17:80 tcp
GB 2.19.117.71:80 tcp
GB 23.44.234.16:80 tcp
GB 2.19.117.71:80 tcp
US 8.8.8.8:53 udp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
FR 92.122.218.163:80 tcp
NL 104.109.143.17:80 tcp
NL 104.109.143.17:80 tcp
GB 2.19.117.71:80 tcp
FR 92.122.218.163:80 tcp
GB 2.19.117.71:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
US 8.8.8.8:53 udp
N/A 87.248.204.0:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
US 8.8.8.8:53 udp
FR 92.122.218.163:80 tcp
US 8.8.8.8:53 udp
FR 92.122.218.163:80 tcp
N/A 20.74.47.205:443 tcp
N/A 87.248.204.0:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
US 8.8.8.8:53 udp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
N/A 87.248.204.0:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
US 8.8.8.8:53 udp
N/A 52.111.227.11:443 tcp
US 8.8.8.8:53 udp
NL 104.109.143.17:80 tcp
NL 104.109.143.17:80 tcp
US 8.8.8.8:53 udp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
US 8.8.8.8:53 udp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
US 8.8.8.8:53 udp
N/A 20.199.58.43:443 tcp
N/A 20.199.58.43:443 tcp
N/A 20.199.58.43:443 tcp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
US 8.8.8.8:53 udp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
US 8.8.8.8:53 udp
N/A 204.79.197.200:443 tcp
N/A 204.79.197.200:443 tcp
N/A 204.79.197.200:443 tcp
N/A 204.79.197.200:443 tcp
N/A 204.79.197.200:443 tcp
US 192.229.221.95:80 tcp
N/A 2.19.117.97:80 tcp
N/A 2.19.117.97:80 tcp
US 8.8.8.8:53 udp
N/A 20.242.39.171:443 tcp
US 8.8.8.8:53 udp
N/A 104.123.50.171:80 tcp
N/A 104.123.50.171:80 tcp
N/A 104.123.50.171:80 tcp
US 8.8.8.8:53 udp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
US 8.8.8.8:53 udp
N/A 104.123.50.171:80 tcp
N/A 104.123.50.171:80 tcp
GB 2.19.117.71:80 tcp
N/A 104.123.50.171:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
US 8.8.8.8:53 udp
N/A 92.122.218.113:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 104.123.50.160:80 tcp
N/A 104.123.50.160:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
US 8.8.8.8:53 udp
N/A 20.242.39.171:443 tcp
N/A 104.123.50.160:80 tcp
N/A 104.123.50.160:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
N/A 104.123.50.160:80 tcp
N/A 104.123.50.160:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
N/A 104.123.50.160:80 tcp
N/A 104.123.50.160:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp
GB 2.19.117.71:80 tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:40

Platform

win10v2004-20231215-en

Max time kernel

1s

Max time network

41s

Command Line

"C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe

"C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe

"C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\Run this before rc7.exe"

Network

Country Destination Domain Proto
US 138.91.171.81:80 tcp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 20.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 84.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 ipapi.co udp
US 172.67.69.226:443 ipapi.co tcp
US 8.8.8.8:53 226.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 195.233.44.23.in-addr.arpa udp
GB 23.44.233.195:443 tcp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 16.234.44.23.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
GB 2.19.117.97:80 tcp

Files

memory/3412-115-0x00007FFDE03D0000-0x00007FFDE083E000-memory.dmp

memory/3412-124-0x00007FFDF3420000-0x00007FFDF3444000-memory.dmp

memory/3412-130-0x00007FFDEF9B0000-0x00007FFDEF9C9000-memory.dmp

memory/3412-146-0x00007FFDEF270000-0x00007FFDEF289000-memory.dmp

memory/3412-174-0x00007FFDDFD20000-0x00007FFDE0095000-memory.dmp

memory/3412-193-0x00007FFDDFC00000-0x00007FFDDFD18000-memory.dmp

memory/3412-211-0x00007FFDE1010000-0x00007FFDE101C000-memory.dmp

memory/3412-221-0x00007FFDDF9F0000-0x00007FFDDF9FD000-memory.dmp

memory/3412-224-0x00007FFDDF9A0000-0x00007FFDDF9B5000-memory.dmp

memory/3412-229-0x00007FFDDF890000-0x00007FFDDF8A1000-memory.dmp

memory/3412-231-0x000001C387710000-0x000001C387A85000-memory.dmp

memory/3412-239-0x00007FFDDF840000-0x00007FFDDF869000-memory.dmp

memory/3412-240-0x00007FFDDF590000-0x00007FFDDF7E2000-memory.dmp

memory/3412-238-0x00007FFDE6CA0000-0x00007FFDE6CCE000-memory.dmp

memory/3412-237-0x00007FFDDF870000-0x00007FFDDF88E000-memory.dmp

memory/3412-236-0x00007FFDDF8B0000-0x00007FFDDF8F9000-memory.dmp

memory/3412-235-0x00007FFDDF920000-0x00007FFDDF937000-memory.dmp

memory/3412-234-0x00007FFDE65D0000-0x00007FFDE65F6000-memory.dmp

memory/3412-230-0x00007FFDDF940000-0x00007FFDDF962000-memory.dmp

memory/3412-228-0x00007FFDDF900000-0x00007FFDDF919000-memory.dmp

memory/3412-227-0x00007FFDDF970000-0x00007FFDDF984000-memory.dmp

memory/3412-226-0x00007FFDDF990000-0x00007FFDDF9A0000-memory.dmp

memory/3412-225-0x00007FFDDFD20000-0x00007FFDE0095000-memory.dmp

memory/3412-223-0x00007FFDDF9C0000-0x00007FFDDF9CC000-memory.dmp

memory/3412-222-0x00007FFDDF9D0000-0x00007FFDDF9E2000-memory.dmp

memory/3412-220-0x00007FFDDFA10000-0x00007FFDDFA1C000-memory.dmp

memory/3412-219-0x00007FFDDFA20000-0x00007FFDDFA2B000-memory.dmp

memory/3412-218-0x00007FFDDFA40000-0x00007FFDDFA4C000-memory.dmp

memory/3412-217-0x00007FFDDFA00000-0x00007FFDDFA0C000-memory.dmp

memory/3412-216-0x00007FFDDFA30000-0x00007FFDDFA3B000-memory.dmp

memory/3412-215-0x00007FFDDFA50000-0x00007FFDDFA5C000-memory.dmp

memory/3412-214-0x00007FFDE0160000-0x00007FFDE021C000-memory.dmp

memory/3412-244-0x00007FFDF3420000-0x00007FFDF3444000-memory.dmp

memory/3412-260-0x00007FFDDFD20000-0x00007FFDE0095000-memory.dmp

memory/3412-274-0x00007FFDDFA70000-0x00007FFDDFA7D000-memory.dmp

memory/3412-291-0x00007FFDDF8B0000-0x00007FFDDF8F9000-memory.dmp

memory/3412-295-0x00007FFDDF590000-0x00007FFDDF7E2000-memory.dmp

memory/3412-294-0x00007FFDDF840000-0x00007FFDDF869000-memory.dmp

memory/3412-293-0x00007FFDDF870000-0x00007FFDDF88E000-memory.dmp

memory/3412-292-0x00007FFDDF890000-0x00007FFDDF8A1000-memory.dmp

memory/3412-290-0x00007FFDDF900000-0x00007FFDDF919000-memory.dmp

memory/3412-289-0x00007FFDDF920000-0x00007FFDDF937000-memory.dmp

memory/3412-288-0x00007FFDDF940000-0x00007FFDDF962000-memory.dmp

memory/3412-287-0x00007FFDDF970000-0x00007FFDDF984000-memory.dmp

memory/3412-286-0x00007FFDDF990000-0x00007FFDDF9A0000-memory.dmp

memory/3412-285-0x00007FFDDF9A0000-0x00007FFDDF9B5000-memory.dmp

memory/3412-284-0x00007FFDDF9C0000-0x00007FFDDF9CC000-memory.dmp

memory/3412-283-0x00007FFDDF9D0000-0x00007FFDDF9E2000-memory.dmp

memory/3412-282-0x00007FFDDF9F0000-0x00007FFDDF9FD000-memory.dmp

memory/3412-281-0x00007FFDDFA00000-0x00007FFDDFA0C000-memory.dmp

memory/3412-280-0x00007FFDDFA10000-0x00007FFDDFA1C000-memory.dmp

memory/3412-279-0x00007FFDDFA20000-0x00007FFDDFA2B000-memory.dmp

memory/3412-278-0x00007FFDDFA30000-0x00007FFDDFA3B000-memory.dmp

memory/3412-277-0x00007FFDDFA40000-0x00007FFDDFA4C000-memory.dmp

memory/3412-276-0x00007FFDDFA50000-0x00007FFDDFA5C000-memory.dmp

memory/3412-275-0x00007FFDDFA60000-0x00007FFDDFA6E000-memory.dmp

memory/3412-273-0x00007FFDE1010000-0x00007FFDE101C000-memory.dmp

memory/3412-272-0x00007FFDE1290000-0x00007FFDE129B000-memory.dmp

memory/3412-271-0x00007FFDE1330000-0x00007FFDE133C000-memory.dmp

memory/3412-270-0x00007FFDE6590000-0x00007FFDE659B000-memory.dmp

memory/3412-268-0x00007FFDE8E20000-0x00007FFDE8E2B000-memory.dmp

memory/3412-269-0x00007FFDE65A0000-0x00007FFDE65AC000-memory.dmp

memory/3412-267-0x00007FFDEEB20000-0x00007FFDEEB2B000-memory.dmp

memory/3412-266-0x00007FFDDFA80000-0x00007FFDDFBF1000-memory.dmp

memory/3412-265-0x00007FFDE65B0000-0x00007FFDE65CF000-memory.dmp

memory/3412-264-0x00007FFDDFC00000-0x00007FFDDFD18000-memory.dmp

memory/3412-263-0x00007FFDE65D0000-0x00007FFDE65F6000-memory.dmp

memory/3412-262-0x00007FFDEF1A0000-0x00007FFDEF1AB000-memory.dmp

memory/3412-261-0x00007FFDED330000-0x00007FFDED344000-memory.dmp

memory/3412-259-0x00007FFDE00A0000-0x00007FFDE0158000-memory.dmp

memory/3412-258-0x00007FFDE6CA0000-0x00007FFDE6CCE000-memory.dmp

memory/3412-257-0x00007FFDEF1B0000-0x00007FFDEF1CC000-memory.dmp

memory/3412-256-0x00007FFDEF1F0000-0x00007FFDEF1FA000-memory.dmp

memory/3412-255-0x00007FFDE6CD0000-0x00007FFDE6D12000-memory.dmp

memory/3412-254-0x00007FFDEF200000-0x00007FFDEF20D000-memory.dmp

memory/3412-253-0x00007FFDEEB30000-0x00007FFDEEB64000-memory.dmp

memory/3412-252-0x00007FFDEF210000-0x00007FFDEF23B000-memory.dmp

memory/3412-251-0x00007FFDE0160000-0x00007FFDE021C000-memory.dmp

memory/3412-250-0x00007FFDEF240000-0x00007FFDEF26D000-memory.dmp

memory/3412-249-0x00007FFDEF270000-0x00007FFDEF289000-memory.dmp

memory/3412-248-0x00007FFDEF690000-0x00007FFDEF6BE000-memory.dmp

memory/3412-247-0x00007FFDEF6C0000-0x00007FFDEF6CD000-memory.dmp

memory/3412-246-0x00007FFDEF9B0000-0x00007FFDEF9C9000-memory.dmp

memory/3412-245-0x00007FFDF0570000-0x00007FFDF057F000-memory.dmp

memory/3412-243-0x00007FFDE03D0000-0x00007FFDE083E000-memory.dmp

memory/3412-213-0x00007FFDDFA60000-0x00007FFDDFA6E000-memory.dmp

memory/3412-212-0x00007FFDDFA70000-0x00007FFDDFA7D000-memory.dmp

memory/3412-210-0x00007FFDE1330000-0x00007FFDE133C000-memory.dmp

memory/3412-209-0x00007FFDE6590000-0x00007FFDE659B000-memory.dmp

memory/3412-208-0x00007FFDE8E20000-0x00007FFDE8E2B000-memory.dmp

memory/3412-207-0x00007FFDEEB20000-0x00007FFDEEB2B000-memory.dmp

memory/3412-206-0x00007FFDE1290000-0x00007FFDE129B000-memory.dmp

memory/3412-205-0x00007FFDE65A0000-0x00007FFDE65AC000-memory.dmp

memory/3412-204-0x00007FFDDFA80000-0x00007FFDDFBF1000-memory.dmp

memory/3412-203-0x00007FFDE65B0000-0x00007FFDE65CF000-memory.dmp

memory/3412-198-0x00007FFDEF9B0000-0x00007FFDEF9C9000-memory.dmp

memory/3412-194-0x00007FFDF3420000-0x00007FFDF3444000-memory.dmp

memory/3412-191-0x00007FFDED330000-0x00007FFDED344000-memory.dmp

memory/3412-187-0x00007FFDE00A0000-0x00007FFDE0158000-memory.dmp

memory/3412-186-0x00007FFDEF1B0000-0x00007FFDEF1CC000-memory.dmp

memory/3412-184-0x00007FFDE65D0000-0x00007FFDE65F6000-memory.dmp

memory/3412-182-0x00007FFDEF1A0000-0x00007FFDEF1AB000-memory.dmp

memory/3412-177-0x000001C387710000-0x000001C387A85000-memory.dmp

memory/3412-173-0x00007FFDE6CA0000-0x00007FFDE6CCE000-memory.dmp

memory/3412-169-0x00007FFDEF1F0000-0x00007FFDEF1FA000-memory.dmp

memory/3412-168-0x00007FFDE03D0000-0x00007FFDE083E000-memory.dmp

memory/3412-161-0x00007FFDE6CD0000-0x00007FFDE6D12000-memory.dmp

memory/3412-156-0x00007FFDEF200000-0x00007FFDEF20D000-memory.dmp

memory/3412-153-0x00007FFDEEB30000-0x00007FFDEEB64000-memory.dmp

memory/3412-151-0x00007FFDEF210000-0x00007FFDEF23B000-memory.dmp

memory/3412-148-0x00007FFDE0160000-0x00007FFDE021C000-memory.dmp

memory/3412-145-0x00007FFDEF240000-0x00007FFDEF26D000-memory.dmp

memory/3412-140-0x00007FFDEF690000-0x00007FFDEF6BE000-memory.dmp

memory/3412-136-0x00007FFDEF6C0000-0x00007FFDEF6CD000-memory.dmp

memory/3412-125-0x00007FFDF0570000-0x00007FFDF057F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI23322\VCRUNTIME140.dll

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\_MEI23322\python310.dll

MD5 de9b3fb75a2bd4c454a53129a1e64a99
SHA1 4437b1eb1350c8428de5d4bf14300b3dd89d4f6d
SHA256 21a5973f0ebed640a8029add2d8f5ccb966576ea78b049c6c8d7364e3e407903
SHA512 393d5c8faf8e2804e06cd7c8f140f2063b30089241e4d4ff6479f3d484ad0b3a6b374df03b66836a8cd00ebc22a02f5d4d35edaf8eda47af5606190fc6d42d8e

Analysis: behavioral14

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:41

Platform

win10v2004-20231215-en

Max time kernel

141s

Max time network

155s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\MonacoEditor.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ed60d6ae529e0e4187beee4fa1d8750f0000000002000000000010660000000100002000000091d3c2f19a9b79b021b148104b43cc675c67def5b00d50ed881eddd272c1edff000000000e800000000200002000000041cc1956b4c1271ff8a0e7d53f581a36fb9bc0f2325a4376b4052f2c985ad20e20000000b0feab6224ce24b321acf6e6281ce947914fed0e4092c5636a63b72e0bb53bae40000000dba86882f020460c042dc57ddb91794da367f710f92ba016e457942ae63c2fbc524dd7034de15942a58ad37000cee4904223c68bb78a1d1fec6ef81a3b8af7cb C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2665428953" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2572147415" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410388108" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40abd59e3b38da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31078459" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078459" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078459" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2572147415" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ed60d6ae529e0e4187beee4fa1d8750f00000000020000000000106600000001000020000000c3d3023ebd611a86dec0dd9010612f4756366e0b42b93611260e40b74e300e9c000000000e80000000020000200000003d3ae7186b376e95d250e0d4f8933a6a2c4a6ef0fefd00c26b390a222c94450d2000000042823e1bab1603f65fc29dc90f8281be1a8e8ed84f4959d3b0127d0b98ce640c4000000061ebef52dda36f5d0826767363f7414571a8e80d9525570c57a4b1728166826cbe1c1c6c0c7077a046f73db41d7e6eecfc76d70d3cb03e8ab76f3a22014ed463 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2665428953" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31078459" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C39CCCD8-A42E-11EE-8024-4E55496B34AD} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2010e59a3b38da01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\MonacoEditor.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1980 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 84.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 148.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 2.19.169.143:80 www.microsoft.com tcp
US 8.8.8.8:53 143.169.19.2.in-addr.arpa udp
US 2.19.169.143:80 www.microsoft.com tcp
US 8.8.8.8:53 16.234.44.23.in-addr.arpa udp
US 8.8.8.8:53 195.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 17.143.109.104.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 110.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 178.113.50.184.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 16.143.109.104.in-addr.arpa udp
US 8.8.8.8:53 97.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 163.218.122.92.in-addr.arpa udp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
GB 23.44.234.16:80 tcp
US 138.91.171.81:80 tcp
FR 92.122.218.163:80 tcp
GB 23.44.234.16:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
US 8.8.8.8:53 udp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
FR 92.122.218.163:80 tcp
US 8.8.8.8:53 123.10.44.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver13D1.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DV2I56HE\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral22

Detonation Overview

Submitted

2023-12-26 20:36

Reported

2023-12-26 20:41

Platform

win10v2004-20231215-en

Max time kernel

141s

Max time network

156s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\cpp\cpp.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\RC7_for_Syntax_1\bin\vs\basic-languages\cpp\cpp.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 148.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 78.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 16.234.44.23.in-addr.arpa udp
US 8.8.8.8:53 195.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 160.50.123.104.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp

Files

N/A