Malware Analysis Report

2024-10-10 10:10

Sample ID 240201-wbb16addcj
Target S500 CRASHED DESTROYED BY BIG DICK.zip
SHA256 511a99c70f3a3aaad381b3bf626e411b3b41f7a7cf3e040068a8cdddc6224296
Tags
identifier rat agenttesla arrowrat asyncrat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

511a99c70f3a3aaad381b3bf626e411b3b41f7a7cf3e040068a8cdddc6224296

Threat Level: Known bad

The file S500 CRASHED DESTROYED BY BIG DICK.zip was found to be: Known bad.

Malicious Activity Summary

identifier rat agenttesla arrowrat asyncrat

Contains code to disable Windows Defender

AsyncRat

Arrowrat family

Agenttesla family

Async RAT payload

AgentTesla payload

Asyncrat family

Async RAT payload

Executes dropped EXE

Drops file in Program Files directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-01 17:47

Signatures

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Agenttesla family

agenttesla

Arrowrat family

arrowrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Asyncrat family

asyncrat

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-01 17:44

Reported

2024-02-01 18:38

Platform

win7-20231215-en

Max time kernel

1556s

Max time network

1559s

Command Line

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK.zip"

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK.zip"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-01 17:44

Reported

2024-02-01 18:38

Platform

win10-20231220-en

Max time kernel

1214s

Max time network

1576s

Command Line

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK.zip"

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK.zip"

Network

Country Destination Domain Proto
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
NL 52.142.223.178:80 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-02-01 17:44

Reported

2024-02-01 18:29

Platform

win10v2004-20231222-en

Max time kernel

1218s

Max time network

1216s

Command Line

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK.zip"

Signatures

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Win64\crash_handeler.vbs C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\TypedURLs C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\sEXYbABY.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK.zip"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\" -spe -an -ai#7zMap2148:148:7zEvent13780

C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe

"C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\sEXYbABY.exe

"C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\sEXYbABY.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 192.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 23.160.77.104.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 205.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 23.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 filebin.net udp
DE 88.99.137.18:443 filebin.net tcp
US 8.8.8.8:53 18.137.99.88.in-addr.arpa udp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
N/A 127.0.0.1:3232 tcp
DE 88.99.137.18:443 filebin.net tcp
N/A 127.0.0.1:3232 tcp

Files

C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\Anarchy.Forms.FormSendFileToMemory.resources

MD5 fa80841e3dc9ffb31dd5d015c1030172
SHA1 aa0d9e66db2a8528edf9931fe132f18870307216
SHA256 a5b9f5ccfe8ac46a630ac1cc112d343364fa2bc4a2bec0f3911322cff174cff9
SHA512 a38cc863d3c0c8d944340cd4116f03bbdb2f1526fb40b476cd0adbd444fd1dc10790d35eaf50ea34a1083b163baa82251a5048f075651bc14e46ac4cb82897bd

C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\Anarchy.Forms.FormRegValueEditMultiString.resources

MD5 beda8bbd2a72e45431cf5dd68f7c6e61
SHA1 18e28ada040e4c62e33d946046a9ccf66f839f0d
SHA256 f9f9c2a4855d61b7c7f93e9258d0306be802ef9c8c8929186deb71ee96b06d4c
SHA512 6287bb138431c33a2dd30b7c06c979ee89f691900eb407e14465d58188d04d7697ecc68eb6d479db664ea86f35b7ce6b611834028ddbd56513003c1ca28f0899

C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe

MD5 b88305eb1a18c2d943345bf04b5cd100
SHA1 8106ff0e1652ad9327800835dc26b1ed553f3613
SHA256 73be62257ce73c671896efa851c4dfa6f799268fd02a634daa3bd7abd74ebfd6
SHA512 88fdffc73989660c4d3b00290062dc721cddc7f968e228e8c260ea9e68b0abead4267e977c4c2e77dcbccd735bbf20083e5624ca63bee5faed0d6618a2466d9e

C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe

MD5 60d1d5e9dce15e4961c1ccda1dea9490
SHA1 7b5e1000ab793da792198b8e6ea8f0cb89a7f09f
SHA256 ee7a67fd2f1802a2da32cc0cf4d514fdf57f98e656d6005bf57e107a8dbbb68d
SHA512 45820fefa18f36ff8fe8666fede3e6274c2a0916be6e9a9c9f24dbec26c30df383d3b3fcce372b568c1a9311c7adfd9e3f87112f903f4401d71635f5dc82f1f4

C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe.config

MD5 c7a4606f8f222fc96e1e6b08c093794b
SHA1 2700b3727ab01d93e75e1e12f308dcaeb1d37dba
SHA256 32d656a69b19be98ae050512a4d0f49ebe21b6f7bb9c50130b7e952ea4f5239b
SHA512 7516375b47536a51ede8079d25760e0142ac93077326b6cc033fd6cb1676b65aec7edb3f702922506f2b6b18992cd219be01e7adbf70c6d13404adceb410472b

memory/1984-441-0x00007FFE98130000-0x00007FFE98BF1000-memory.dmp

memory/1984-442-0x00000249DFBC0000-0x00000249E0BC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\cGeoIp.dll

MD5 52841e4e8a48b2ae2a789018a20296c9
SHA1 6856fbbd100d0647cb0bc9273224f6ce5dd26331
SHA256 db56bb39ede3564bd45df9ed06caed7462b33916a4ae22db55e285c04eb23e4d
SHA512 edb48aa18feea4ebebfaa08658b7576bb53d34b111cb625ef53bd5f33c9b36bcee37bd2905506b61e7764119c137a68f667b0da8aee60c6eea1fbc49492c4858

memory/1984-444-0x00000249FF860000-0x00000249FFAB2000-memory.dmp

memory/1984-445-0x00000249FF140000-0x00000249FF150000-memory.dmp

memory/1984-447-0x00000249FFBD0000-0x00000249FFDC4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\Guna.UI2.dll

MD5 6feafed894a6ac8aab3747f3ef98b73e
SHA1 b236f33f7ff3e67fb750aafa615933116fa5e1b5
SHA256 9b31269edf1f7021bf1a5862f1e55664bd4637cd64284c0887dbee7bab352401
SHA512 2d2c7286862eb593ade3209d6a148e5c14d4cedff4a9804560ede1dacfe4ff04cff395b673f27c2f0f5a369110501df5876b1b83d3421a16690883256a3d0218

memory/1984-448-0x00000249FF2E0000-0x00000249FF3FA000-memory.dmp

memory/1984-449-0x00000249FF400000-0x00000249FF466000-memory.dmp

memory/1984-450-0x00000249FF1A0000-0x00000249FF1C4000-memory.dmp

memory/1984-451-0x0000024999A60000-0x000002499A61E000-memory.dmp

memory/1984-452-0x00000249FF140000-0x00000249FF150000-memory.dmp

memory/1984-453-0x00000249FF140000-0x00000249FF150000-memory.dmp

memory/1984-455-0x0000024A005F0000-0x0000024A00BD8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\ReaLTaiizor.dll

MD5 89b78070628e55df41f91bbe1bda36da
SHA1 98f4377ffa2d847a6d5ba635b5bc4d34bf775071
SHA256 c95d46841a04204db282a5e9badec5eda4c405f82f36722b740e596d9275bee0
SHA512 77355e050d14b7238ffad629de24b9d305921d142939d79e73bda20298e95106f6dc2c328cc4ec0e7f536ef0bef4cba1c4c9670e20060f7fb6825c22f1554960

memory/1984-456-0x00000249FF140000-0x00000249FF150000-memory.dmp

memory/1984-457-0x00000249FF140000-0x00000249FF150000-memory.dmp

memory/1984-458-0x00007FFE98130000-0x00007FFE98BF1000-memory.dmp

memory/1984-461-0x000002499D990000-0x000002499D9A4000-memory.dmp

memory/1984-460-0x0000024A00000000-0x0000024A0014E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\Siticone.UI.dll

MD5 8e5e6da3e45765ee907bd6b518b1807e
SHA1 a853d23fb98adf78e810f24fb8740cb7551c142f
SHA256 79399cda397342a21ea63aa3fc867d899ae76b7e73219e9c6f89659c096b2395
SHA512 7a230c8c7f6da74da396b9a13c76648ce8a0d1a74add159ad6b944577f3b50a3d625dfc446c889b28b7181f2d8e34be5d3a3f7e2650c9a8d3367b3fc0eea86fc

memory/1984-462-0x00000249FF140000-0x00000249FF150000-memory.dmp

memory/1984-464-0x00000249FF140000-0x00000249FF150000-memory.dmp

memory/1984-463-0x00000249FF140000-0x00000249FF150000-memory.dmp

memory/1984-465-0x00000249FF140000-0x00000249FF150000-memory.dmp

memory/1984-466-0x00000249FF140000-0x00000249FF150000-memory.dmp

memory/1984-467-0x00000249FF140000-0x00000249FF150000-memory.dmp

memory/1984-468-0x00000249FF140000-0x00000249FF150000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\Usrs.p12

MD5 e14c7402da26e4a1a1c226d546ec3aba
SHA1 3234c40fa2aec2d483d2b7ede9b901d3899d5336
SHA256 dd00f7ce28d7ef1e14f50b046ca1736f15ab08e6458d2c2cc72d078e4354ddb7
SHA512 cba4cd515319b11be1a94ffb22c4b14b933868217a1b7f6ce126568b82723769baf170f9d1f262135b8867162b8e932a9c2143603c4c9d668edc3f4622cfb5b2

memory/1984-472-0x00000249FF140000-0x00000249FF150000-memory.dmp

memory/1984-473-0x00000249FF140000-0x00000249FF150000-memory.dmp

memory/1984-475-0x00000249A7270000-0x00000249A7370000-memory.dmp

memory/1984-476-0x00000249A7270000-0x00000249A7370000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.pdb

MD5 5a98d0d238e07f8e1ea530329fb08898
SHA1 b7b16861671027ecd27aa4282e0356058453aa59
SHA256 7908ad8f9e05645b6e7568df656c2aa4f67e8350a08aa8a1993ab67c325bb0db
SHA512 c2c3761709acf86272e2f46ac604f274c2a6feb2f9e680b1783c521347441c9ba6e50c5086bea4aad9e2550edee962dd57b6907bc29c0ec427869d28d83a60f0

memory/1984-478-0x00000249A7270000-0x00000249A7370000-memory.dmp

memory/1984-479-0x00000249A7270000-0x00000249A7370000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\sEXYbABY.exe

MD5 9cabbaa5f95805449b6b39dfb5363ef7
SHA1 bfc9f92dcb82de22f2cfafbc2004375a3de0e112
SHA256 6ee41c8e942eadb4053b0b0e4535366e7a3921c740aa7d607bf3f3c9f8b20df9
SHA512 9fcc2be5099620108668dd06e42c43565c7bc1e8b22e092b1dbd20fbb5145e70a24513010c089a13c1e4ed6575778c4a7ca18669b8a977109f63545a7b430471

memory/2804-482-0x0000000000120000-0x0000000000136000-memory.dmp

memory/2804-483-0x00007FFE98130000-0x00007FFE98BF1000-memory.dmp

memory/2804-484-0x00000000024B0000-0x00000000024C0000-memory.dmp

memory/2804-485-0x00007FFE98130000-0x00007FFE98BF1000-memory.dmp

memory/2804-486-0x00000000024B0000-0x00000000024C0000-memory.dmp

memory/1984-487-0x00000249A7270000-0x00000249A7370000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK\Plugins\KNTmoSnG.AnarHs.dll

MD5 1681e0f3311751361030ff30a957a1ed
SHA1 8f3b55e130af507549817fda37474a1391e6b8f2
SHA256 234724f14dbb999853aeb872d7e6c3ed0b3de5b105009b5c66131a2af8d0dbb4
SHA512 60690b2c1e2816a640f5763f9c20de9a39cb9735ea4a3f0bf4f477d3e184f8791e556313a7523c70ed2fb9182d520842bce70057cedd5cb89b923fd6f9067dd1

memory/1984-489-0x00000249A7270000-0x00000249A7370000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-02-01 17:44

Reported

2024-02-01 18:40

Platform

win11-20231215-en

Max time kernel

440s

Max time network

1160s

Command Line

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK.zip"

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK.zip"

Network

Country Destination Domain Proto
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

N/A