Malware Analysis Report

2024-10-18 22:19

Sample ID 240423-rp47msha83
Target [ASL]_Fear_and_Loathing_in_Las_Vegas_-_Hunter_x_Hunter_ED_-_Just_Awake_[FLAC]_[w_Scans].rar
SHA256 45d18eeff31b0d570d31b1b5b8973090c0c775b72e8bdd2296c7604fa2b5e1f4
Tags
qr link
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

45d18eeff31b0d570d31b1b5b8973090c0c775b72e8bdd2296c7604fa2b5e1f4

Threat Level: Shows suspicious behavior

The file [ASL]_Fear_and_Loathing_in_Las_Vegas_-_Hunter_x_Hunter_ED_-_Just_Awake_[FLAC]_[w_Scans].rar was found to be: Shows suspicious behavior.

Malicious Activity Summary

qr link

Enumerates connected drives

Enumerates physical storage devices

One or more HTTP URLs in qr code identified

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: AddClipboardFormatListener

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-23 14:23

Signatures

One or more HTTP URLs in qr code identified

qr link

Analysis: behavioral9

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win7-20240215-en

Max time kernel

118s

Max time network

121s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0001.jpg"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0001.jpg"

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win7-20240220-en

Max time kernel

120s

Max time network

122s

Command Line

C:\Windows\system32\msinfo32.exe "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\release.nfo"

Signatures

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\msinfo32.exe N/A

Processes

C:\Windows\system32\msinfo32.exe

C:\Windows\system32\msinfo32.exe "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\release.nfo"

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win10v2004-20240412-en

Max time kernel

139s

Max time network

129s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0003.jpg"

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0003.jpg"

Network

Country Destination Domain Proto
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 20.231.121.79:80 tcp
NL 23.62.61.115:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 198.32.209.4.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 115.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 48.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:27

Platform

win10v2004-20240226-en

Max time kernel

135s

Max time network

163s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0004.jpg"

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0004.jpg"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4132 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 193.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.179.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win10v2004-20240412-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Visit anime-sharing.com for more!.url"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Visit anime-sharing.com for more!.url"

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 206.221.208.4.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 154.173.246.72.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 137.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 14.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 225.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 208.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win10v2004-20240412-en

Max time kernel

150s

Max time network

153s

Command Line

C:\Windows\system32\msinfo32.exe "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\release.nfo"

Signatures

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\msinfo32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\msinfo32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\msinfo32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\msinfo32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\msinfo32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\msinfo32.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\msinfo32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\msinfo32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMajorRelease C:\Windows\system32\msinfo32.exe N/A

Processes

C:\Windows\system32\msinfo32.exe

C:\Windows\system32\msinfo32.exe "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\release.nfo"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 156.33.209.4.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 154.173.246.72.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 225.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 14.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 145.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 208.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
BE 2.17.107.145:80 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win7-20240221-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\01 Just Awake.flac"

Signatures

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Processes

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\01 Just Awake.flac"

Network

N/A

Files

memory/2920-7-0x000000013FC80000-0x000000013FD78000-memory.dmp

memory/2920-8-0x000007FEF7D60000-0x000007FEF7D94000-memory.dmp

memory/2920-9-0x000007FEF6300000-0x000007FEF65B4000-memory.dmp

memory/2920-13-0x000007FEF7AC0000-0x000007FEF7AD7000-memory.dmp

memory/2920-12-0x000007FEF7D40000-0x000007FEF7D51000-memory.dmp

memory/2920-11-0x000007FEFACA0000-0x000007FEFACB7000-memory.dmp

memory/2920-14-0x000007FEF7AA0000-0x000007FEF7AB1000-memory.dmp

memory/2920-16-0x000007FEF6F60000-0x000007FEF6F71000-memory.dmp

memory/2920-18-0x000007FEF6F20000-0x000007FEF6F5F000-memory.dmp

memory/2920-17-0x000007FEF6100000-0x000007FEF6300000-memory.dmp

memory/2920-15-0x000007FEF6F80000-0x000007FEF6F9D000-memory.dmp

memory/2920-10-0x000007FEFBB20000-0x000007FEFBB38000-memory.dmp

memory/2920-20-0x000007FEF6AC0000-0x000007FEF6AE1000-memory.dmp

memory/2920-26-0x000007FEF69C0000-0x000007FEF69D1000-memory.dmp

memory/2920-27-0x000007FEF69A0000-0x000007FEF69B8000-memory.dmp

memory/2920-25-0x000007FEF69E0000-0x000007FEF69FB000-memory.dmp

memory/2920-29-0x000007FEF4FE0000-0x000007FEF5047000-memory.dmp

memory/2920-30-0x000007FEF4F70000-0x000007FEF4FDF000-memory.dmp

memory/2920-33-0x000007FEF4EE0000-0x000007FEF4F08000-memory.dmp

memory/2920-32-0x000007FEF4F10000-0x000007FEF4F66000-memory.dmp

memory/2920-31-0x000007FEF6950000-0x000007FEF6961000-memory.dmp

memory/2920-28-0x000007FEF6970000-0x000007FEF69A0000-memory.dmp

memory/2920-24-0x000007FEF6A00000-0x000007FEF6A11000-memory.dmp

memory/2920-23-0x000007FEF6A20000-0x000007FEF6A31000-memory.dmp

memory/2920-35-0x000007FEF6930000-0x000007FEF6947000-memory.dmp

memory/2920-34-0x000007FEF4EB0000-0x000007FEF4ED4000-memory.dmp

memory/2920-37-0x000007FEF4E60000-0x000007FEF4E71000-memory.dmp

memory/2920-38-0x000007FEF4E00000-0x000007FEF4E57000-memory.dmp

memory/2920-41-0x000007FEF4D90000-0x000007FEF4DA1000-memory.dmp

memory/2920-42-0x000007FEF4CC0000-0x000007FEF4D85000-memory.dmp

memory/2920-40-0x000007FEF4DB0000-0x000007FEF4DC3000-memory.dmp

memory/2920-45-0x000007FEF4C60000-0x000007FEF4C74000-memory.dmp

memory/2920-46-0x000007FEF4C40000-0x000007FEF4C52000-memory.dmp

memory/2920-44-0x000007FEF4C80000-0x000007FEF4C91000-memory.dmp

memory/2920-48-0x000007FEF4C00000-0x000007FEF4C1E000-memory.dmp

memory/2920-47-0x000007FEF4C20000-0x000007FEF4C34000-memory.dmp

memory/2920-50-0x000007FEF4BC0000-0x000007FEF4BD5000-memory.dmp

memory/2920-51-0x000007FEF4BA0000-0x000007FEF4BB4000-memory.dmp

memory/2920-49-0x000007FEF4BE0000-0x000007FEF4BF6000-memory.dmp

memory/2920-52-0x000007FEF4B70000-0x000007FEF4B9C000-memory.dmp

memory/2920-43-0x000007FEF4CA0000-0x000007FEF4CB2000-memory.dmp

memory/2920-53-0x000007FEF4B50000-0x000007FEF4B62000-memory.dmp

memory/2920-39-0x000007FEF4DD0000-0x000007FEF4DFF000-memory.dmp

memory/2920-54-0x000007FEF49D0000-0x000007FEF4B48000-memory.dmp

memory/2920-58-0x000007FEF4910000-0x000007FEF4925000-memory.dmp

memory/2920-57-0x000007FEF4930000-0x000007FEF49A5000-memory.dmp

memory/2920-56-0x000007FEF49B0000-0x000007FEF49C6000-memory.dmp

memory/2920-60-0x000007FEF48B0000-0x000007FEF48C2000-memory.dmp

memory/2920-59-0x000007FEF48D0000-0x000007FEF48E1000-memory.dmp

memory/2920-55-0x000007FEFAC90000-0x000007FEFACA0000-memory.dmp

memory/2920-36-0x000007FEF4E80000-0x000007FEF4EA3000-memory.dmp

memory/2920-22-0x000007FEF6A80000-0x000007FEF6A91000-memory.dmp

memory/2920-21-0x000007FEF6AA0000-0x000007FEF6AB8000-memory.dmp

memory/2920-19-0x000007FEF5050000-0x000007FEF60FB000-memory.dmp

memory/2920-61-0x000007FEF4730000-0x000007FEF48AA000-memory.dmp

memory/2920-64-0x000007FEF46D0000-0x000007FEF46E1000-memory.dmp

memory/2920-63-0x000007FEF46F0000-0x000007FEF4704000-memory.dmp

memory/2920-65-0x000007FEF46B0000-0x000007FEF46C1000-memory.dmp

memory/2920-66-0x000007FEF4690000-0x000007FEF46A1000-memory.dmp

memory/2920-62-0x000007FEF4710000-0x000007FEF4723000-memory.dmp

memory/2920-67-0x000007FEF4670000-0x000007FEF4686000-memory.dmp

Analysis: behavioral8

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:27

Platform

win10v2004-20240226-en

Max time kernel

138s

Max time network

162s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Cover.jpg"

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Cover.jpg"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3820 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 142.250.200.42:443 tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 170.253.116.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win7-20240215-en

Max time kernel

122s

Max time network

124s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0006.jpg"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0006.jpg"

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:27

Platform

win10v2004-20240226-en

Max time kernel

136s

Max time network

164s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0008.jpg"

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0008.jpg"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5068 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.200.42:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 29.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 146.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 130.109.69.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win10v2004-20240412-en

Max time kernel

142s

Max time network

139s

Command Line

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\02 Break Out Your Stained Brain.flac"

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\unregmp2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\unregmp2.exe N/A

Processes

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\02 Break Out Your Stained Brain.flac"

C:\Program Files (x86)\Windows Media Player\setup_wm.exe

"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\02 Break Out Your Stained Brain.flac"

C:\Windows\SysWOW64\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\Windows\system32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 21.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 206.221.208.4.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.152:443 www.bing.com tcp
US 8.8.8.8:53 152.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 48.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 88.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\wmsetup.log

MD5 9ed8945f9f73531bae8bf3eca3a89fd8
SHA1 a18f57efcb7cc43b44544df71c4b4190f7118712
SHA256 2040d00992933f49987b8184630834c3ac945d55354caeddddf3f7412d50abe1
SHA512 7c2b5498c58128d65350a1fe4bd07a869b588d4fb38e14a3ac53e8ffdbff7aad8a64db2a4b8906b91d7b8d2f8ae5d88055fb910c7b164082c378119e40ebfa5d

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 987a07b978cfe12e4ce45e513ef86619
SHA1 22eec9a9b2e83ad33bedc59e3205f86590b7d40c
SHA256 f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8
SHA512 39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa

Analysis: behavioral10

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win10v2004-20240412-en

Max time kernel

137s

Max time network

141s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0001.jpg"

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0001.jpg"

Network

Country Destination Domain Proto
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 156.33.209.4.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 14.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win7-20231129-en

Max time kernel

119s

Max time network

122s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0003.jpg"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0003.jpg"

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win10v2004-20240412-en

Max time kernel

140s

Max time network

130s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0009.jpg"

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0009.jpg"

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 156.33.209.4.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 224.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win7-20240221-en

Max time kernel

119s

Max time network

121s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\[ASL]_Fear_and_Loathing_in_Las_Vegas_-_Hunter_x_Hunter_ED_-_Just_Awake_[FLAC]_[w_Scans].rar

Signatures

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2124 wrote to memory of 2688 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 2124 wrote to memory of 2688 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 2124 wrote to memory of 2688 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\[ASL]_Fear_and_Loathing_in_Las_Vegas_-_Hunter_x_Hunter_ED_-_Just_Awake_[FLAC]_[w_Scans].rar

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\[ASL]_Fear_and_Loathing_in_Las_Vegas_-_Hunter_x_Hunter_ED_-_Just_Awake_[FLAC]_[w_Scans].rar"

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win7-20240221-en

Max time kernel

119s

Max time network

128s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Cover.jpg"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Cover.jpg"

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win7-20240221-en

Max time kernel

121s

Max time network

123s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0005.jpg"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0005.jpg"

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win7-20240220-en

Max time kernel

117s

Max time network

120s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0002.jpg"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0002.jpg"

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win10v2004-20240412-en

Max time kernel

142s

Max time network

138s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0002.jpg"

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0002.jpg"

Network

Country Destination Domain Proto
US 8.8.8.8:53 19.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.170:443 www.bing.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 170.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 156.33.209.4.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 218.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win10v2004-20240412-en

Max time kernel

140s

Max time network

127s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0007.jpg"

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0007.jpg"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 156.33.209.4.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 14.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win7-20240221-en

Max time kernel

119s

Max time network

127s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0008.jpg"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0008.jpg"

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win7-20240221-en

Max time kernel

121s

Max time network

126s

Command Line

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Visit anime-sharing.com for more!.url"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Visit anime-sharing.com for more!.url"

Network

N/A

Files

memory/1744-0-0x00000000001E0000-0x00000000001E1000-memory.dmp

Analysis: behavioral25

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win7-20240221-en

Max time kernel

122s

Max time network

125s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0009.jpg"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0009.jpg"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win10v2004-20240412-en

Max time kernel

146s

Max time network

155s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\[ASL]_Fear_and_Loathing_in_Las_Vegas_-_Hunter_x_Hunter_ED_-_Just_Awake_[FLAC]_[w_Scans].rar

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\[ASL]_Fear_and_Loathing_in_Las_Vegas_-_Hunter_x_Hunter_ED_-_Just_Awake_[FLAC]_[w_Scans].rar

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 198.32.209.4.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
NL 23.62.61.106:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 106.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 48.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 203.33.253.131.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win10v2004-20240412-en

Max time kernel

136s

Max time network

128s

Command Line

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\01 Just Awake.flac"

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\unregmp2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\unregmp2.exe N/A

Processes

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\01 Just Awake.flac"

C:\Program Files (x86)\Windows Media Player\setup_wm.exe

"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\01 Just Awake.flac"

C:\Windows\SysWOW64\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\Windows\system32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 206.221.208.4.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\wmsetup.log

MD5 1839efd18c5eacd09d223bcf6dd2b6a1
SHA1 780ed8f97b6f278d76d06a444a24519749c83abd
SHA256 7ab8cf43d6f027aa26bd90cf84b77dd2ce2a2fba82691e96f45fea54ded5a55c
SHA512 18cab89a0bdd5263764014a62bc623d9e0da0c320f15f637614f7e270bcb809a60b24cd46c4f477155ebd3f85ef373eda88d766af56114e5d917b377a7017574

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 987a07b978cfe12e4ce45e513ef86619
SHA1 22eec9a9b2e83ad33bedc59e3205f86590b7d40c
SHA256 f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8
SHA512 39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa

Analysis: behavioral5

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win7-20240220-en

Max time kernel

140s

Max time network

124s

Command Line

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\02 Break Out Your Stained Brain.flac"

Signatures

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Processes

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\02 Break Out Your Stained Brain.flac"

Network

N/A

Files

memory/2244-8-0x000007FEF7C10000-0x000007FEF7C44000-memory.dmp

memory/2244-7-0x000000013F260000-0x000000013F358000-memory.dmp

memory/2244-9-0x000007FEF5B60000-0x000007FEF5E14000-memory.dmp

memory/2244-15-0x000007FEF6DD0000-0x000007FEF6DED000-memory.dmp

memory/2244-14-0x000007FEF6DF0000-0x000007FEF6E01000-memory.dmp

memory/2244-18-0x000007FEF6240000-0x000007FEF627F000-memory.dmp

memory/2244-17-0x000007FEF6280000-0x000007FEF6291000-memory.dmp

memory/2244-20-0x000007FEF61F0000-0x000007FEF6208000-memory.dmp

memory/2244-19-0x000007FEF6210000-0x000007FEF6231000-memory.dmp

memory/2244-16-0x000007FEF5960000-0x000007FEF5B60000-memory.dmp

memory/2244-13-0x000007FEF6E10000-0x000007FEF6E27000-memory.dmp

memory/2244-12-0x000007FEF7BF0000-0x000007FEF7C01000-memory.dmp

memory/2244-11-0x000007FEFA420000-0x000007FEFA437000-memory.dmp

memory/2244-10-0x000007FEFB020000-0x000007FEFB038000-memory.dmp

memory/2244-22-0x000007FEF61D0000-0x000007FEF61E1000-memory.dmp

memory/2244-26-0x000007FEF4870000-0x000007FEF4881000-memory.dmp

memory/2244-25-0x000007FEF4890000-0x000007FEF48AB000-memory.dmp

memory/2244-27-0x000007FEF4850000-0x000007FEF4868000-memory.dmp

memory/2244-29-0x000007FEF47B0000-0x000007FEF4817000-memory.dmp

memory/2244-28-0x000007FEF4820000-0x000007FEF4850000-memory.dmp

memory/2244-24-0x000007FEF6190000-0x000007FEF61A1000-memory.dmp

memory/2244-23-0x000007FEF61B0000-0x000007FEF61C1000-memory.dmp

memory/2244-21-0x000007FEF48B0000-0x000007FEF595B000-memory.dmp

memory/2244-30-0x000007FEF4740000-0x000007FEF47AF000-memory.dmp

memory/2244-31-0x000007FEF4720000-0x000007FEF4731000-memory.dmp

memory/2244-32-0x000007FEF46C0000-0x000007FEF4716000-memory.dmp

memory/2244-33-0x000007FEF4690000-0x000007FEF46B8000-memory.dmp

memory/2244-34-0x000007FEF4660000-0x000007FEF4684000-memory.dmp

memory/2244-37-0x000007FEF45F0000-0x000007FEF4601000-memory.dmp

memory/2244-40-0x000007FEF4540000-0x000007FEF4553000-memory.dmp

memory/2244-41-0x000007FEF4520000-0x000007FEF4531000-memory.dmp

memory/2244-42-0x000007FEF4450000-0x000007FEF4515000-memory.dmp

memory/2244-45-0x000007FEF43F0000-0x000007FEF4404000-memory.dmp

memory/2244-44-0x000007FEF4410000-0x000007FEF4421000-memory.dmp

memory/2244-48-0x000007FEF4390000-0x000007FEF43AE000-memory.dmp

memory/2244-50-0x000007FEF4350000-0x000007FEF4365000-memory.dmp

memory/2244-49-0x000007FEF4370000-0x000007FEF4386000-memory.dmp

memory/2244-53-0x000007FEF42E0000-0x000007FEF42F2000-memory.dmp

memory/2244-54-0x000007FEF4160000-0x000007FEF42D8000-memory.dmp

memory/2244-52-0x000007FEF4300000-0x000007FEF432C000-memory.dmp

memory/2244-51-0x000007FEF4330000-0x000007FEF4344000-memory.dmp

memory/2244-55-0x000007FEFA410000-0x000007FEFA420000-memory.dmp

memory/2244-57-0x000007FEF40C0000-0x000007FEF4135000-memory.dmp

memory/2244-56-0x000007FEF4140000-0x000007FEF4156000-memory.dmp

memory/2244-58-0x000007FEF40A0000-0x000007FEF40B5000-memory.dmp

memory/2244-47-0x000007FEF43B0000-0x000007FEF43C4000-memory.dmp

memory/2244-60-0x000007FEF4040000-0x000007FEF4052000-memory.dmp

memory/2244-59-0x000007FEF4060000-0x000007FEF4071000-memory.dmp

memory/2244-46-0x000007FEF43D0000-0x000007FEF43E2000-memory.dmp

memory/2244-43-0x000007FEF4430000-0x000007FEF4442000-memory.dmp

memory/2244-39-0x000007FEF4560000-0x000007FEF458F000-memory.dmp

memory/2244-38-0x000007FEF4590000-0x000007FEF45E7000-memory.dmp

memory/2244-36-0x000007FEF4610000-0x000007FEF4633000-memory.dmp

memory/2244-35-0x000007FEF4640000-0x000007FEF4657000-memory.dmp

memory/2244-61-0x000007FEF3EC0000-0x000007FEF403A000-memory.dmp

memory/2244-62-0x000007FEF3EA0000-0x000007FEF3EB3000-memory.dmp

memory/2244-63-0x000007FEF3E80000-0x000007FEF3E94000-memory.dmp

memory/2244-64-0x000007FEF3E60000-0x000007FEF3E71000-memory.dmp

memory/2244-65-0x000007FEF3E40000-0x000007FEF3E51000-memory.dmp

memory/2244-66-0x000007FEF3E20000-0x000007FEF3E31000-memory.dmp

memory/2244-67-0x000007FEF3E00000-0x000007FEF3E16000-memory.dmp

Analysis: behavioral15

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:27

Platform

win7-20240221-en

Max time kernel

120s

Max time network

130s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0004.jpg"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0004.jpg"

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win10v2004-20240412-en

Max time kernel

140s

Max time network

125s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0005.jpg"

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0005.jpg"

Network

Country Destination Domain Proto
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 192.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 156.33.209.4.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 218.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 14.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win10v2004-20240412-en

Max time kernel

147s

Max time network

153s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0006.jpg"

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0006.jpg"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 156.33.209.4.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
NL 23.62.61.170:443 www.bing.com tcp
US 8.8.8.8:53 170.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 48.251.17.2.in-addr.arpa udp
US 52.111.227.13:443 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 26.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-04-23 14:23

Reported

2024-04-23 14:26

Platform

win7-20231129-en

Max time kernel

118s

Max time network

121s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0007.jpg"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\Scans\JustAwake_0007.jpg"

Network

N/A

Files

N/A