Analysis Overview
SHA256
e38ecdbb67f41dbd1b19e124e52dc78036befd7442b9d8a05a7c1348de7b9a1a
Threat Level: No (potentially) malicious behavior was detected
The file cookie_exporter.exe was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-08 23:34
Signatures
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-08 23:34
Reported
2024-06-08 23:48
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/cookie_exporter.exe
[/tmp/cookie_exporter.exe]
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-08 23:34
Reported
2024-06-09 00:12
Platform
win10-20240404-en
Max time kernel
316s
Max time network
1587s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\cookie_exporter.exe
"C:\Users\Admin\AppData\Local\Temp\cookie_exporter.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.15.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-08 23:34
Reported
2024-06-09 00:17
Platform
win10v2004-20240508-en
Max time kernel
1794s
Max time network
1799s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\cookie_exporter.exe
"C:\Users\Admin\AppData\Local\Temp\cookie_exporter.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3960,i,6166776566165096562,4582328833313060853,262144 --variations-seed-version --mojo-platform-channel-handle=3804 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=2176,i,6166776566165096562,4582328833313060853,262144 --variations-seed-version --mojo-platform-channel-handle=4152 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-08 23:34
Reported
2024-06-09 00:17
Platform
win11-20240508-en
Max time kernel
447s
Max time network
1166s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\cookie_exporter.exe
"C:\Users\Admin\AppData\Local\Temp\cookie_exporter.exe"
Network
| Country | Destination | Domain | Proto |
| IE | 52.111.236.22:443 | tcp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-08 23:34
Reported
2024-06-08 23:48
Platform
debian12-armhf-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-08 23:34
Reported
2024-06-08 23:48
Platform
debian9-armhf-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-08 23:34
Reported
2024-06-09 00:15
Platform
win7-20240215-en
Max time kernel
1558s
Max time network
1558s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\cookie_exporter.exe
"C:\Users\Admin\AppData\Local\Temp\cookie_exporter.exe"
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-08 23:34
Reported
2024-06-08 23:48
Platform
android-x64-arm64-20240603-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-08 23:34
Reported
2024-06-08 23:48
Platform
android-x86-arm-20240603-en
Max time network
3s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-08 23:34
Reported
2024-06-08 23:48
Platform
debian12-mipsel-20240221-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-08 23:34
Reported
2024-06-08 23:48
Platform
ubuntu2004-amd64-20240508-en
Max time kernel
0s
Max time network
0s
Command Line
Signatures
Processes
/tmp/cookie_exporter.exe
[/tmp/cookie_exporter.exe]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-08 23:34
Reported
2024-06-08 23:48
Platform
android-x64-20240603-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-08 23:34
Reported
2024-06-08 23:48
Platform
android-33-x64-arm64-20240603-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.36:443 | udp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | udp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-08 23:34
Reported
2024-06-09 00:18
Platform
macos-20240410-en
Max time kernel
1619s
Max time network
1582s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/cookie_exporter.exe"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/cookie_exporter.exe"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/cookie_exporter.exe]
/bin/zsh
[/bin/zsh -c /Users/run/cookie_exporter.exe]
/Users/run/cookie_exporter.exe
[/Users/run/cookie_exporter.exe]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.diagnosticd]
/usr/libexec/diagnosticd
[/usr/libexec/diagnosticd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.systemstats.daily]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bag-cdn-lb.itunes-apple.com.akadns.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| IE | 17.57.146.88:5223 | tcp | |
| GB | 17.57.146.11:5223 | 32-courier.push.apple.com | tcp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-08 23:34
Reported
2024-06-08 23:48
Platform
debian9-mipsbe-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-08 23:34
Reported
2024-06-08 23:48
Platform
debian9-mipsel-20240226-en