Malware Analysis Report

2024-10-10 08:06

Sample ID 240611-tpjbaasgra
Target cd57e4c171d6e8f5ea8b8f824a6a7316 (1).zip
SHA256 7592ddc11fa1d71c84929ee644b536e7efa7d34f9de87d72be227c6afcda9ea6
Tags
execution themida
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7592ddc11fa1d71c84929ee644b536e7efa7d34f9de87d72be227c6afcda9ea6

Threat Level: Shows suspicious behavior

The file cd57e4c171d6e8f5ea8b8f824a6a7316 (1).zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

execution themida

Themida packer

Command and Scripting Interpreter: JavaScript

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 16:14

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:12

Platform

win11-20240426-en

Max time kernel

448s

Max time network

1176s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\forwarded\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\forwarded\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:21

Platform

win11-20240508-en

Max time kernel

1166s

Max time network

1175s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\fresh\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\fresh\README.js

Network

Country Destination Domain Proto
US 52.111.227.14:443 tcp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:21

Platform

win11-20240508-en

Max time kernel

1181s

Max time network

1197s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\fresh\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\fresh\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:21

Platform

win11-20240426-en

Max time kernel

447s

Max time network

1167s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\get-intrinsic\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\get-intrinsic\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:01

Platform

win11-20240426-en

Max time kernel

446s

Max time network

1169s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\README.js

Network

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:01

Platform

win11-20240426-en

Max time kernel

453s

Max time network

1178s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\node.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\node.js

Network

Country Destination Domain Proto
NL 52.111.243.29:443 tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:02

Platform

win11-20240419-en

Max time kernel

1198s

Max time network

1203s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\es-errors\eval.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\es-errors\eval.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:05

Platform

win11-20240426-en

Max time kernel

450s

Max time network

1174s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\express\lib\utils.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\express\lib\utils.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:01

Platform

win11-20240508-en

Max time kernel

1171s

Max time network

1173s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\src\inspector-log.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\src\inspector-log.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:03

Platform

win11-20240426-en

Max time kernel

450s

Max time network

1174s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\express\lib\response.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\express\lib\response.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:01

Platform

win11-20240426-en

Max time kernel

452s

Max time network

1175s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\src\debug.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\src\debug.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:01

Platform

win11-20240426-en

Max time kernel

455s

Max time network

1181s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\cookie\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\cookie\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 234.197.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:01

Platform

win11-20240426-en

Max time kernel

452s

Max time network

1174s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\src\browser.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\src\browser.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:03

Platform

win11-20240426-en

Max time kernel

445s

Max time network

1166s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\express\lib\router\layer.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\express\lib\router\layer.js

Network

Country Destination Domain Proto
US 52.111.229.43:443 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:05

Platform

win11-20240508-en

Max time kernel

1170s

Max time network

1175s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\finalhandler\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\finalhandler\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:03

Platform

win11-20240419-en

Max time kernel

1175s

Max time network

1177s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\es-errors\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\es-errors\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:21

Platform

win11-20240426-en

Max time kernel

452s

Max time network

1174s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\function-bind\test\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\function-bind\test\index.js

Network

Country Destination Domain Proto
US 52.111.229.48:443 tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:22

Platform

win11-20240508-en

Max time kernel

1167s

Max time network

1170s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\gopd\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\gopd\index.js

Network

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:01

Platform

win11-20240426-en

Max time kernel

448s

Max time network

1173s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\cookie-signature\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\cookie-signature\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:01

Platform

win11-20240426-en

Max time kernel

445s

Max time network

1169s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\src\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\src\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:21

Platform

win11-20240426-en

Max time kernel

449s

Max time network

1173s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\get-intrinsic\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\get-intrinsic\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:21

Platform

win11-20240508-en

Max time kernel

1168s

Max time network

1171s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\get-intrinsic\test\GetIntrinsic.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\get-intrinsic\test\GetIntrinsic.js

Network

Country Destination Domain Proto
US 52.111.229.43:443 tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:01

Platform

win11-20240426-en

Max time kernel

453s

Max time network

1179s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\cookie\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\cookie\index.js

Network

Country Destination Domain Proto
NL 52.111.243.31:443 tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:02

Platform

win11-20240508-en

Max time kernel

1175s

Max time network

1178s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\es-define-property\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\es-define-property\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:06

Platform

win11-20240426-en

Max time kernel

457s

Max time network

1180s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\finalhandler\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\finalhandler\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.197.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:21

Platform

win11-20240426-en

Max time kernel

456s

Max time network

1179s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\function-bind\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\function-bind\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:21

Platform

win11-20240426-en

Max time kernel

454s

Max time network

1179s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\function-bind\implementation.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\function-bind\implementation.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:22

Platform

win11-20240508-en

Max time kernel

1167s

Max time network

1170s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\gopd\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\gopd\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:22

Platform

win11-20240419-en

Max time kernel

1171s

Max time network

1173s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\gopd\test\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\gopd\test\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 16:45

Platform

win11-20240508-en

Max time kernel

1169s

Max time network

1174s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\cookie-signature\Readme.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\cookie-signature\Readme.js

Network

Country Destination Domain Proto
US 52.111.229.19:443 tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:01

Platform

win11-20240426-en

Max time kernel

455s

Max time network

1179s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\karma.conf.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\karma.conf.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-11 16:13

Reported

2024-06-11 17:01

Platform

win11-20240426-en

Max time kernel

449s

Max time network

1172s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\src\node.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Monaco\fileaccess\node_modules\debug\src\node.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A