Malware Analysis Report

2024-10-24 21:45

Sample ID 240520-26b8asaf38
Target freshwomen-season-2-episode-2-part-3-pc-720p-compressed.zip
SHA256 9467ea12cebc4405bddd6ae147731c2370faa45f9651b8b70581dfbc69d5abf7
Tags
pdf link antivm
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

9467ea12cebc4405bddd6ae147731c2370faa45f9651b8b70581dfbc69d5abf7

Threat Level: Likely benign

The file freshwomen-season-2-episode-2-part-3-pc-720p-compressed.zip was found to be: Likely benign.

Malicious Activity Summary

pdf link antivm

Changes its process name

Reads CPU attributes

Checks CPU configuration

HTTP links in PDF interactive object

One or more HTTP URLs in PDF identified

Enumerates physical storage devices

Unsigned PE

Enumerates kernel/hardware configuration

Reads runtime system information

Writes file to tmp directory

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-20 23:16

Signatures

HTTP links in PDF interactive object

pdf link
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

One or more HTTP URLs in PDF identified

pdf link

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:24

Platform

win10v2004-20240426-en

Max time kernel

115s

Max time network

176s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\nvdrs.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\nvdrs.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 50.192.11.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:24

Platform

win10v2004-20240508-en

Max time kernel

123s

Max time network

151s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\python2.7\BaseHTTPServer.pyo

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\python2.7\BaseHTTPServer.pyo

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:24

Platform

win10v2004-20240508-en

Max time kernel

126s

Max time network

172s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\libEGL.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:23

Platform

win7-20240508-en

Max time kernel

120s

Max time network

155s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\steam_api64.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\steam_api64.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:24

Platform

win10v2004-20240508-en

Max time kernel

118s

Max time network

191s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\steam_api64.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\steam_api64.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:23

Platform

win7-20240508-en

Max time kernel

142s

Max time network

35s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\libpython2.7.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1524 wrote to memory of 1932 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 1524 wrote to memory of 1932 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 1524 wrote to memory of 1932 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\libpython2.7.dll,#1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1524 -s 148

Network

N/A

Files

memory/1524-0-0x000007FEF5910000-0x000007FEF5F29000-memory.dmp

Analysis: behavioral11

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:23

Platform

win7-20240221-en

Max time kernel

14s

Max time network

35s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\libGLESv2.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\libGLESv2.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:23

Platform

win7-20231129-en

Max time kernel

140s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\python.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\python.exe

"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\python.exe"

Network

N/A

Files

memory/1940-0-0x0000000140000000-0x0000000140021000-memory.dmp

memory/1940-2-0x000007FEF43D0000-0x000007FEF49E9000-memory.dmp

memory/1940-1-0x000007FEF49F0000-0x000007FEF5A2A000-memory.dmp

Analysis: behavioral20

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:23

Platform

win10v2004-20240508-en

Max time kernel

141s

Max time network

188s

Command Line

"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\python.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\python.exe

"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\python.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp

Files

memory/2328-0-0x0000000140000000-0x0000000140021000-memory.dmp

memory/2328-2-0x00007FFCC0B70000-0x00007FFCC1189000-memory.dmp

memory/2328-1-0x00007FFCC1190000-0x00007FFCC21CA000-memory.dmp

Analysis: behavioral23

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:25

Platform

win7-20240221-en

Max time kernel

7s

Max time network

84s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\say.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\say.vbs"

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:24

Platform

win10v2004-20240508-en

Max time kernel

121s

Max time network

173s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\d3dcompiler_47.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\d3dcompiler_47.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 50.192.11.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:23

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

62s

Command Line

[/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/python]

Signatures

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/1495/maps /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/python N/A

Processes

/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/python

[/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/python]

Network

Country Destination Domain Proto
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.65.91:443 tcp
US 1.1.1.1:53 extensions.gnome.org udp
US 1.1.1.1:53 extensions.gnome.org udp
US 151.101.65.91:443 extensions.gnome.org tcp
GB 89.187.167.3:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:24

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

63s

Command Line

[/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/zsync]

Signatures

N/A

Processes

/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/zsync

[/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/zsync]

Network

Country Destination Domain Proto
US 151.101.193.91:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
GB 195.181.164.15:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:24

Platform

win7-20240508-en

Max time kernel

142s

Max time network

34s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\librenpython.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1808 wrote to memory of 2064 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 1808 wrote to memory of 2064 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 1808 wrote to memory of 2064 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\librenpython.dll,#1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1808 -s 216

Network

N/A

Files

memory/1808-1-0x000007FEF5B10000-0x000007FEF6129000-memory.dmp

memory/1808-0-0x000007FEF40B0000-0x000007FEF50EA000-memory.dmp

Analysis: behavioral16

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:24

Platform

win10v2004-20240508-en

Max time kernel

123s

Max time network

174s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\librenpython.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\librenpython.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/3904-1-0x00007FFF7B090000-0x00007FFF7B6A9000-memory.dmp

memory/3904-0-0x00007FFF7B6B0000-0x00007FFF7C6EA000-memory.dmp

Analysis: behavioral21

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:24

Platform

win7-20240221-en

Max time kernel

2s

Max time network

47s

Command Line

"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\pythonw.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\pythonw.exe

"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\pythonw.exe"

Network

N/A

Files

memory/3060-0-0x0000000140000000-0x0000000140014000-memory.dmp

memory/3060-2-0x000007FEF55C0000-0x000007FEF5BD9000-memory.dmp

memory/3060-1-0x000007FEF5BE0000-0x000007FEF6C1A000-memory.dmp

Analysis: behavioral12

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:24

Platform

win10v2004-20240426-en

Max time kernel

131s

Max time network

168s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\libGLESv2.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\libGLESv2.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:24

Platform

win10v2004-20240426-en

Max time kernel

117s

Max time network

171s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\libpython2.7.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\libpython2.7.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

memory/3892-0-0x00007FFFFCDD0000-0x00007FFFFD3E9000-memory.dmp

Analysis: behavioral31

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:24

Platform

win7-20240508-en

Max time kernel

102s

Max time network

43s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\python2.7\BaseHTTPServer.pyo

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\.pyo C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\.pyo\ = "pyo_auto_file" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyo_auto_file\shell C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyo_auto_file C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyo_auto_file\ C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyo_auto_file\shell\Read C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyo_auto_file\shell\Read\command C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyo_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\python2.7\BaseHTTPServer.pyo

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\python2.7\BaseHTTPServer.pyo

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\python2.7\BaseHTTPServer.pyo"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 a94f4166c78327f8e085ed6ea92e7f3c
SHA1 7b8f943b6b7de447c82b8dffb2cc469b7cee4e37
SHA256 6311d82aa6bde7d6b1f666a538a662ae994e39dcc8cd7c4518f9b2574fd6d2d1
SHA512 f655ddc118828428c0a8fc7895ab3b7ca24147434caa8ad29fe0d2dfc19a4c8e8f8b68b5a2e7f8e23a0c0365e51bd5fb5b61c7163b034cee6366582066f5009f

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:23

Platform

ubuntu2004-amd64-20240508-en

Max time kernel

0s

Max time network

137s

Command Line

[/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/librenpython.so]

Signatures

N/A

Processes

/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/librenpython.so

[/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/librenpython.so]

Network

Country Destination Domain Proto
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:23

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

67s

Command Line

[/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/pythonw]

Signatures

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/1493/maps /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/pythonw N/A

Processes

/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/pythonw

[/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/pythonw]

Network

Country Destination Domain Proto
US 151.101.1.91:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.1.91:443 tcp
GB 89.187.167.3:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:24

Platform

win10v2004-20240508-en

Max time kernel

115s

Max time network

173s

Command Line

"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\zsync.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\zsync.exe

"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\zsync.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 10.73.50.20.in-addr.arpa udp

Files

memory/4004-0-0x0000000000400000-0x000000000041C000-memory.dmp

Analysis: behavioral30

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:24

Platform

win10v2004-20240426-en

Max time kernel

140s

Max time network

171s

Command Line

"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\zsyncmake.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\zsyncmake.exe

"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\zsyncmake.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp

Files

memory/5100-0-0x0000000000400000-0x000000000041C000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:24

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

67s

Command Line

[/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/libsteam_api.so]

Signatures

N/A

Processes

/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/libsteam_api.so

[/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/libsteam_api.so]

Network

Country Destination Domain Proto
US 151.101.1.91:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.1.91:443 tcp
GB 195.181.164.20:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:23

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

66s

Command Line

[/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/zsyncmake]

Signatures

N/A

Processes

/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/zsyncmake

[/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/zsyncmake]

Network

Country Destination Domain Proto
US 151.101.129.91:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.129.91:443 tcp
GB 89.187.167.7:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:24

Platform

win7-20240221-en

Max time kernel

2s

Max time network

47s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\nvdrs.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\nvdrs.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:24

Platform

win10v2004-20240508-en

Max time kernel

122s

Max time network

172s

Command Line

"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\pythonw.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\pythonw.exe

"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\pythonw.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp

Files

memory/1596-0-0x0000000140000000-0x0000000140014000-memory.dmp

memory/1596-2-0x00007FF8AF760000-0x00007FF8AFD79000-memory.dmp

memory/1596-1-0x00007FF8AFD80000-0x00007FF8B0DBA000-memory.dmp

Analysis: behavioral24

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:24

Platform

win10v2004-20240426-en

Max time kernel

117s

Max time network

170s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\say.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\say.vbs"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:24

Platform

win7-20240419-en

Max time kernel

142s

Max time network

33s

Command Line

"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\zsyncmake.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\zsyncmake.exe

"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\zsyncmake.exe"

Network

N/A

Files

memory/1852-0-0x0000000000400000-0x000000000041C000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:23

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

149s

Max time network

62s

Command Line

[/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself SDLHotplugALSA N/A N/A
Changes the process name, possibly in an attempt to hide itself SDLTimer N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/0003:0627:0001.0001/input/input4/uevent /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/bInterfaceNumber /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/class /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/virtual/input/mice/uevent /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/platform/i8042/serio0/input/input1/event1/uevent /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/platform/i8042/serio1/input/input3/event3/uevent /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/platform/i8042/serio0/input/input1/uevent /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/bcdDevice /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/bus /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/class/input /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/platform/i8042/serio1/input/input3/uevent /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/manufacturer /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/product /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/0003:0627:0001.0001/input/input4/js0/uevent /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/0003:0627:0001.0001/input/input4/event2/uevent /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/uevent /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/event0/uevent /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/0003:0627:0001.0001/input/input4/mouse0/uevent /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/0003:0627:0001.0001/hidraw/hidraw0/uevent /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/0003:0627:0001.0001/uevent /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/devices/platform/i8042/serio1/input/input3/mouse1/uevent /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /sys/class/hidraw /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/1488/maps /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for reading /proc/self/fd /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/vc_version.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/audio/androidhw.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/translation/merge.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/gesture.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/minstore.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/log.txt /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/anim.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/test/testmouse.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/presplash.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/sl2/slast.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/defaultstore.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/test/testexecution.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/lint.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/test/__init__.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/test/testkey.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/webloader.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/py2analysis.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/im.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/imagelike.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/error.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/color.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/styledata/__init__.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/text/__init__.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/dragdrop.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/rollback.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/tts.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/editor.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/gl2/live2dmotion.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/debug.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/audio/ioshw.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/curry.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/gl2/live2d.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/cWtUTi /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/__init__.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/log.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/audio/music.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/character.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/ast.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/motion.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/audio/audio.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/sl2/slparser.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/gl2/gl2shadercache.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/test/testfocus.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/config.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/pgrender.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/minigame.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/model.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/layout.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/transition.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/test/testast.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/compat/fixes.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/text/font.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/object.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/viewport.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/imagemap.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/audio/__init__.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/game.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/persistent.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/gl2/gl2functions.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/gl/glfunctions.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/translation/scanstrings.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/focus.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/preferences.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A
File opened for modification /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/savelocation.pyo /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen N/A

Processes

/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen

[/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/bin/sh

[sh -c uname -p 2> /dev/null]

/bin/uname

[uname -p]

Network

Country Destination Domain Proto
US 151.101.129.91:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.129.91:443 tcp
GB 89.187.167.2:443 tcp
N/A 224.0.0.251:5353 udp

Files

/tmp/cWtUTi

MD5 3f1d1d8d87177d3d8d897d7e421f84d6
SHA1 dd082d742a5cb751290f1db2bd519c286aa86d95
SHA256 f02285fb90ed8c81531fe78cf4e2abb68a62be73ee7d317623e2c3e3aefdfff2
SHA512 2ae2b3936f31756332ca7a4b877d18f3fcc50e41e9472b5cd45a70bea82e29a0fa956ee6a9ee0e02f23d9db56b41d19cb51d88aac06e9c923a820a21023752a9

/root/.renpy/FreshWomen-1593632962/text.txt

MD5 f4020e91252aafd4b18d8acd17f883db
SHA1 748d77dbb8bdb0dd330c099e7fde82da053fb1ff
SHA256 314ad142957febe390cc7223b4deb1d1b21c187f84f6e7257a23fe46c27fcae3
SHA512 301ddd0e34cbd842dae99a2cc4ccbfeb6ee8b3def39c214a719fa9edc26d7142749bbe6e992d26353dc167febbab0dbc05476b68a86ad93cab5f299f0aaf916d

Analysis: behavioral27

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:24

Platform

win7-20240221-en

Max time kernel

12s

Max time network

34s

Command Line

"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\zsync.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\zsync.exe

"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\zsync.exe"

Network

N/A

Files

memory/832-0-0x0000000000400000-0x000000000041C000-memory.dmp

Analysis: behavioral9

Detonation Overview

Submitted

2024-05-20 23:11

Reported

2024-05-20 23:24

Platform

win7-20231129-en

Max time kernel

21s

Max time network

32s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\libEGL.dll,#1

Network

N/A

Files

N/A