Analysis Overview
SHA256
d26efeb960b006f21abb1a215cbb77fc47cd10c4e9f0722c766239a603d530df
Threat Level: Shows suspicious behavior
The file BlitzedGrabberV12-main_1.zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
Program crash
Unsigned PE
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-14 01:50
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral5
Detonation Overview
Submitted
2024-03-14 01:50
Reported
2024-03-14 01:55
Platform
win10v2004-20240226-en
Max time kernel
298s
Max time network
294s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\svchost.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\BouncyCastle.Crypto.dll,#1
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.178.89.13.in-addr.arpa | udp |
Files
memory/4644-0-0x000001AC41040000-0x000001AC41050000-memory.dmp
memory/4644-16-0x000001AC41140000-0x000001AC41150000-memory.dmp
memory/4644-32-0x000001AC496E0000-0x000001AC496E1000-memory.dmp
memory/4644-33-0x000001AC49710000-0x000001AC49711000-memory.dmp
memory/4644-34-0x000001AC49710000-0x000001AC49711000-memory.dmp
memory/4644-35-0x000001AC49710000-0x000001AC49711000-memory.dmp
memory/4644-36-0x000001AC49710000-0x000001AC49711000-memory.dmp
memory/4644-37-0x000001AC49710000-0x000001AC49711000-memory.dmp
memory/4644-38-0x000001AC49710000-0x000001AC49711000-memory.dmp
memory/4644-39-0x000001AC49710000-0x000001AC49711000-memory.dmp
memory/4644-40-0x000001AC49710000-0x000001AC49711000-memory.dmp
memory/4644-41-0x000001AC49710000-0x000001AC49711000-memory.dmp
memory/4644-42-0x000001AC49710000-0x000001AC49711000-memory.dmp
memory/4644-43-0x000001AC49330000-0x000001AC49331000-memory.dmp
memory/4644-44-0x000001AC49320000-0x000001AC49321000-memory.dmp
memory/4644-46-0x000001AC49330000-0x000001AC49331000-memory.dmp
memory/4644-49-0x000001AC49320000-0x000001AC49321000-memory.dmp
memory/4644-52-0x000001AC49260000-0x000001AC49261000-memory.dmp
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
| MD5 | e79876fa075fad167c8ef8aeebf81ec3 |
| SHA1 | 826f4251c2cd1b8de36977ef5edfc39810f8ffde |
| SHA256 | 11eeec094a43369d6811e03b94d846e1860c54dae484f322772c5f3f505675bc |
| SHA512 | 7b9b2911c61dc8239a89b05d3a6e8429e966e2a4907efed4608bc0e93261091337d05df9e631445770a508e1ea3a3f624e2df27c8c8d857610624c349f1e61c5 |
memory/4644-64-0x000001AC49460000-0x000001AC49461000-memory.dmp
memory/4644-66-0x000001AC49470000-0x000001AC49471000-memory.dmp
memory/4644-67-0x000001AC49470000-0x000001AC49471000-memory.dmp
memory/4644-68-0x000001AC49580000-0x000001AC49581000-memory.dmp
Analysis: behavioral8
Detonation Overview
Submitted
2024-03-14 01:50
Reported
2024-03-14 01:55
Platform
win10v2004-20240226-en
Max time kernel
300s
Max time network
301s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\README.md
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| N/A | 20.42.65.84:443 | tcp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-03-14 01:50
Reported
2024-03-14 01:55
Platform
win10v2004-20240226-en
Max time kernel
300s
Max time network
305s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\Newtonsoft.Json.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-03-14 01:50
Reported
2024-03-14 01:55
Platform
win10v2004-20240226-en
Max time kernel
282s
Max time network
302s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\UltraEmbeddable.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\UltraEmbeddable.exe
"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\UltraEmbeddable.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4912 -ip 4912
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 872
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=2700,i,14629483171127516024,12350888228055326066,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| NL | 142.250.179.138:443 | chromewebstore.googleapis.com | tcp |
| NL | 142.250.179.138:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
Files
memory/4912-0-0x0000000000B50000-0x0000000000BCA000-memory.dmp
memory/4912-1-0x0000000074B90000-0x0000000075340000-memory.dmp
memory/4912-2-0x0000000074B90000-0x0000000075340000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-14 01:50
Reported
2024-03-14 01:55
Platform
win10v2004-20240226-en
Max time kernel
234s
Max time network
302s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main_1.zip
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3996 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-14 01:50
Reported
2024-03-14 01:55
Platform
win10v2004-20240226-en
Max time kernel
217s
Max time network
276s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe
"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
Files
memory/3240-0-0x00000000002C0000-0x000000000046C000-memory.dmp
memory/3240-1-0x0000000074E20000-0x00000000755D0000-memory.dmp
memory/3240-2-0x00000000053C0000-0x0000000005964000-memory.dmp
memory/3240-3-0x0000000004EB0000-0x0000000004F42000-memory.dmp
memory/3240-4-0x0000000002900000-0x0000000002910000-memory.dmp
memory/3240-5-0x0000000004E40000-0x0000000004E4A000-memory.dmp
memory/3240-6-0x0000000005970000-0x0000000005B62000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\dcfb00f9-5ae7-4197-ba59-e48107e40d35\GunaDotNetRT.dll
| MD5 | 9af5eb006bb0bab7f226272d82c896c7 |
| SHA1 | c2a5bb42a5f08f4dc821be374b700652262308f0 |
| SHA256 | 77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db |
| SHA512 | 7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a |
memory/3240-15-0x0000000071520000-0x0000000071557000-memory.dmp
memory/3240-14-0x0000000073830000-0x00000000738B9000-memory.dmp
memory/3240-17-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-16-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-19-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-21-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-23-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-25-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-27-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-29-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-31-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-33-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-35-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-37-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-39-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-41-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-43-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-45-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-47-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-49-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-51-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-53-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-55-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-57-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-59-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-61-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-63-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-65-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-67-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-69-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-73-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-71-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-75-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-77-0x0000000005970000-0x0000000005B5E000-memory.dmp
memory/3240-3133-0x0000000074E20000-0x00000000755D0000-memory.dmp
memory/3240-3510-0x0000000002900000-0x0000000002910000-memory.dmp
memory/3240-3919-0x0000000071520000-0x0000000071557000-memory.dmp
memory/3240-11673-0x0000000000C60000-0x0000000000CFC000-memory.dmp
memory/3240-11674-0x0000000002900000-0x0000000002910000-memory.dmp
memory/3240-11675-0x0000000002900000-0x0000000002910000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe.Config
| MD5 | 02bafe634a181de6af59ecfb1a9a7230 |
| SHA1 | 5fb944dc91a95007795d83f2037cfe42f0d959f0 |
| SHA256 | 6288699c8a0e00de7329c8f642bc22e6d7ed873f1decd32f05231cf69cac4470 |
| SHA512 | 3e4dc4ae10bf527b98608883638356a84aa9652707276981458b0d9c58f000b290f24b4fbd1794ef02484ccf5ff43d5b55ab7161f5c9f408f68f7caa0676b362 |
memory/3240-11682-0x0000000002900000-0x0000000002910000-memory.dmp
memory/3240-11684-0x0000000002900000-0x0000000002910000-memory.dmp
memory/3240-11685-0x0000000002900000-0x0000000002910000-memory.dmp
memory/3240-11686-0x0000000002900000-0x0000000002910000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-03-14 01:50
Reported
2024-03-14 01:55
Platform
win10v2004-20231215-en
Max time kernel
87s
Max time network
197s
Command Line
Signatures
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe.xml"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
memory/5088-1-0x00007FFFC9830000-0x00007FFFC9A25000-memory.dmp
memory/5088-0-0x00007FFF898B0000-0x00007FFF898C0000-memory.dmp
memory/5088-2-0x00007FFFC9830000-0x00007FFFC9A25000-memory.dmp
memory/5088-3-0x00007FFFC7190000-0x00007FFFC7459000-memory.dmp
memory/5088-4-0x00007FFF898B0000-0x00007FFF898C0000-memory.dmp
memory/5088-5-0x00007FFFC9830000-0x00007FFFC9A25000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2024-03-14 01:50
Reported
2024-03-14 01:56
Platform
win10v2004-20240226-en
Max time kernel
144s
Max time network
322s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\APIFOR.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |