Malware Analysis Report

2024-11-30 18:50

Sample ID 240314-b9halshh47
Target BlitzedGrabberV12-main_1.zip
SHA256 d26efeb960b006f21abb1a215cbb77fc47cd10c4e9f0722c766239a603d530df
Tags
agilenet
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d26efeb960b006f21abb1a215cbb77fc47cd10c4e9f0722c766239a603d530df

Threat Level: Shows suspicious behavior

The file BlitzedGrabberV12-main_1.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Program crash

Unsigned PE

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-14 01:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-03-14 01:50

Reported

2024-03-14 01:55

Platform

win10v2004-20240226-en

Max time kernel

298s

Max time network

294s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\BouncyCastle.Crypto.dll,#1

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\BouncyCastle.Crypto.dll,#1

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 33.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 174.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.178.89.13.in-addr.arpa udp

Files

memory/4644-0-0x000001AC41040000-0x000001AC41050000-memory.dmp

memory/4644-16-0x000001AC41140000-0x000001AC41150000-memory.dmp

memory/4644-32-0x000001AC496E0000-0x000001AC496E1000-memory.dmp

memory/4644-33-0x000001AC49710000-0x000001AC49711000-memory.dmp

memory/4644-34-0x000001AC49710000-0x000001AC49711000-memory.dmp

memory/4644-35-0x000001AC49710000-0x000001AC49711000-memory.dmp

memory/4644-36-0x000001AC49710000-0x000001AC49711000-memory.dmp

memory/4644-37-0x000001AC49710000-0x000001AC49711000-memory.dmp

memory/4644-38-0x000001AC49710000-0x000001AC49711000-memory.dmp

memory/4644-39-0x000001AC49710000-0x000001AC49711000-memory.dmp

memory/4644-40-0x000001AC49710000-0x000001AC49711000-memory.dmp

memory/4644-41-0x000001AC49710000-0x000001AC49711000-memory.dmp

memory/4644-42-0x000001AC49710000-0x000001AC49711000-memory.dmp

memory/4644-43-0x000001AC49330000-0x000001AC49331000-memory.dmp

memory/4644-44-0x000001AC49320000-0x000001AC49321000-memory.dmp

memory/4644-46-0x000001AC49330000-0x000001AC49331000-memory.dmp

memory/4644-49-0x000001AC49320000-0x000001AC49321000-memory.dmp

memory/4644-52-0x000001AC49260000-0x000001AC49261000-memory.dmp

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

MD5 e79876fa075fad167c8ef8aeebf81ec3
SHA1 826f4251c2cd1b8de36977ef5edfc39810f8ffde
SHA256 11eeec094a43369d6811e03b94d846e1860c54dae484f322772c5f3f505675bc
SHA512 7b9b2911c61dc8239a89b05d3a6e8429e966e2a4907efed4608bc0e93261091337d05df9e631445770a508e1ea3a3f624e2df27c8c8d857610624c349f1e61c5

memory/4644-64-0x000001AC49460000-0x000001AC49461000-memory.dmp

memory/4644-66-0x000001AC49470000-0x000001AC49471000-memory.dmp

memory/4644-67-0x000001AC49470000-0x000001AC49471000-memory.dmp

memory/4644-68-0x000001AC49580000-0x000001AC49581000-memory.dmp

Analysis: behavioral8

Detonation Overview

Submitted

2024-03-14 01:50

Reported

2024-03-14 01:55

Platform

win10v2004-20240226-en

Max time kernel

300s

Max time network

301s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\README.md

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\README.md

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 64.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 174.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 udp
N/A 20.42.65.84:443 tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-03-14 01:50

Reported

2024-03-14 01:55

Platform

win10v2004-20240226-en

Max time kernel

300s

Max time network

305s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\Newtonsoft.Json.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\Newtonsoft.Json.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 174.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-03-14 01:50

Reported

2024-03-14 01:55

Platform

win10v2004-20240226-en

Max time kernel

282s

Max time network

302s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\UltraEmbeddable.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\UltraEmbeddable.exe

"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\UltraEmbeddable.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4912 -ip 4912

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=2700,i,14629483171127516024,12350888228055326066,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
NL 142.250.179.138:443 chromewebstore.googleapis.com tcp
NL 142.250.179.138:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp

Files

memory/4912-0-0x0000000000B50000-0x0000000000BCA000-memory.dmp

memory/4912-1-0x0000000074B90000-0x0000000075340000-memory.dmp

memory/4912-2-0x0000000074B90000-0x0000000075340000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-14 01:50

Reported

2024-03-14 01:55

Platform

win10v2004-20240226-en

Max time kernel

234s

Max time network

302s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main_1.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main_1.zip

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3996 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 66.112.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-14 01:50

Reported

2024-03-14 01:55

Platform

win10v2004-20240226-en

Max time kernel

217s

Max time network

276s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe

"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp

Files

memory/3240-0-0x00000000002C0000-0x000000000046C000-memory.dmp

memory/3240-1-0x0000000074E20000-0x00000000755D0000-memory.dmp

memory/3240-2-0x00000000053C0000-0x0000000005964000-memory.dmp

memory/3240-3-0x0000000004EB0000-0x0000000004F42000-memory.dmp

memory/3240-4-0x0000000002900000-0x0000000002910000-memory.dmp

memory/3240-5-0x0000000004E40000-0x0000000004E4A000-memory.dmp

memory/3240-6-0x0000000005970000-0x0000000005B62000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\dcfb00f9-5ae7-4197-ba59-e48107e40d35\GunaDotNetRT.dll

MD5 9af5eb006bb0bab7f226272d82c896c7
SHA1 c2a5bb42a5f08f4dc821be374b700652262308f0
SHA256 77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db
SHA512 7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

memory/3240-15-0x0000000071520000-0x0000000071557000-memory.dmp

memory/3240-14-0x0000000073830000-0x00000000738B9000-memory.dmp

memory/3240-17-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-16-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-19-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-21-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-23-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-25-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-27-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-29-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-31-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-33-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-35-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-37-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-39-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-41-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-43-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-45-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-47-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-49-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-51-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-53-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-55-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-57-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-59-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-61-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-63-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-65-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-67-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-69-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-73-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-71-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-75-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-77-0x0000000005970000-0x0000000005B5E000-memory.dmp

memory/3240-3133-0x0000000074E20000-0x00000000755D0000-memory.dmp

memory/3240-3510-0x0000000002900000-0x0000000002910000-memory.dmp

memory/3240-3919-0x0000000071520000-0x0000000071557000-memory.dmp

memory/3240-11673-0x0000000000C60000-0x0000000000CFC000-memory.dmp

memory/3240-11674-0x0000000002900000-0x0000000002910000-memory.dmp

memory/3240-11675-0x0000000002900000-0x0000000002910000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe.Config

MD5 02bafe634a181de6af59ecfb1a9a7230
SHA1 5fb944dc91a95007795d83f2037cfe42f0d959f0
SHA256 6288699c8a0e00de7329c8f642bc22e6d7ed873f1decd32f05231cf69cac4470
SHA512 3e4dc4ae10bf527b98608883638356a84aa9652707276981458b0d9c58f000b290f24b4fbd1794ef02484ccf5ff43d5b55ab7161f5c9f408f68f7caa0676b362

memory/3240-11682-0x0000000002900000-0x0000000002910000-memory.dmp

memory/3240-11684-0x0000000002900000-0x0000000002910000-memory.dmp

memory/3240-11685-0x0000000002900000-0x0000000002910000-memory.dmp

memory/3240-11686-0x0000000002900000-0x0000000002910000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-03-14 01:50

Reported

2024-03-14 01:55

Platform

win10v2004-20231215-en

Max time kernel

87s

Max time network

197s

Command Line

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe.xml"

Signatures

N/A

Processes

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe.xml"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

memory/5088-1-0x00007FFFC9830000-0x00007FFFC9A25000-memory.dmp

memory/5088-0-0x00007FFF898B0000-0x00007FFF898C0000-memory.dmp

memory/5088-2-0x00007FFFC9830000-0x00007FFFC9A25000-memory.dmp

memory/5088-3-0x00007FFFC7190000-0x00007FFFC7459000-memory.dmp

memory/5088-4-0x00007FFF898B0000-0x00007FFF898C0000-memory.dmp

memory/5088-5-0x00007FFFC9830000-0x00007FFFC9A25000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-03-14 01:50

Reported

2024-03-14 01:56

Platform

win10v2004-20240226-en

Max time kernel

144s

Max time network

322s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\APIFOR.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\APIFOR.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

N/A