Analysis Overview
SHA256
005f18de80776abeb906ccd688dc1d2ff9b02c371159ddd43abba25239e853c9
Threat Level: Likely benign
The file a2a35a3e0e9847ba5625c8abd4da99a0_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Unsigned PE
Reads runtime system information
Writes file to tmp directory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 22:12
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-12 22:12
Reported
2024-06-12 22:13
Platform
debian9-mipsbe-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-12 22:12
Reported
2024-06-12 22:15
Platform
win7-20240221-en
Max time kernel
132s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000494d72819c0807489679d26dbd228afb000000000200000000001066000000010000200000007ff4b48557a97e9d423fa1f54eab84f1347f96234db8e95362a4ebf8107a1e55000000000e8000000002000020000000157378aee3ac2b710df5d4bf46a0c8a5439214d27ecf2e415c74a50eeea4871490000000eaf0b79adb2f650ef1c950f22eb97682b4ec5b58051b30b2ebdedbe5d0e2eee5e1b678c29bd606fb9bc2a96b1e04d4374578fe4ac9371b33effcef80a04f741c8e716a1f0b1108c7727cb180dfc5ed25c9ab68a8a758a2954e8d35b92642d898d077bd38fdeb5f5275fdc293484136efdde74b10da38b8fe9a6fd846e824894d88d6729b7639b843388b4fcd5df91b6140000000303850631300c9552cb6abd5869e0a87f887c3fd1ac267f61a1161b977a66f5c9fa85ef2a773675a0daf3e0790e757d56352f5f6a70f32a5ed287e94d34d98fd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E79416F1-2908-11EF-B238-4AE872E97954} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000494d72819c0807489679d26dbd228afb00000000020000000000106600000001000020000000c8bfd30027d53b6263ca4f92c5696eb775f9c64299c33bb99cd2170e9bf8d09c000000000e800000000200002000000031e80e7eaff4570e95b099daff903a3c44f40aebbce78cf490966d251f9db28f20000000be863a96808a37a8b4fa7aaee46065109d2af4ec3be9d3fa3f007cb5ebd74504400000001e7cb9d627e04689ce094c709f41baaeb66c2c20b3610d53937c9fed2a7e4d58cead97ad0aca57cc102f52f367d84ab88f1cceb66f33d8f3c74c298891c8d530 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0f503bc15bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424392236" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1640 wrote to memory of 2944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1640 wrote to memory of 2944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1640 wrote to memory of 2944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1640 wrote to memory of 2944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\ShadowBot - Sep 2008\ShadowBotDLL.html"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1640 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3804.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab38C1.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar38D6.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b8f874ac01a6af96ffa1efcd0c2e44f |
| SHA1 | 6bfc434aa42bf59e5dec89a8e4a5cfb6819233bd |
| SHA256 | ee96b27345b03ef06450414780c156007f503f45b116fc7d174d6222b4ef154d |
| SHA512 | 4db97a38d2c95d48646e532d131b8c3e85f99f22efe5e2fbdfaf6306a909ad870830ea1c46b6a991bcf6fc242b6967bbcdd730edde070c1233e9cfb5445a2460 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8ee88b3f2dc2247e6c3333945c6ebc6 |
| SHA1 | f80006a3c302102865784410be9fe50e81db5791 |
| SHA256 | 76f34083605cebde044f54eb0eeda9abe12c267e750101bb6661fc4c188ff624 |
| SHA512 | 83821e5a74e07be0755d86c5de8e4759c54c7712bc312cdc9c71709ed00c6e9452d79ed9ea6cb541a32e8d3271bd5517338528ec4782c60ddc716fdef81e05ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 666be772a9cad2823cff447b865b313e |
| SHA1 | 3418e6fb9ebb2a0c3a99f7f4fed971e0534766fb |
| SHA256 | de289df18b1a5df1167c038dedb05c03c74bad198fc76a15edd2948bcca2ffcc |
| SHA512 | e1be6a6f7ddf7899ec9244a7d9c42009eb3a8a82e323d51ce66c5c7205dff622f26c2b6c010a0643cc2dac4f1103c87fd111bf4ac8ac3a96f3f2c62cf889dfc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 840b60c6199fecf610a5874ef83f043d |
| SHA1 | fd9b0c4cb98bdeceaca71c575156e1408bf4ed24 |
| SHA256 | 8367d4a89c6142bd1609cadb7d01e20d9c1321638acf99175e5304823201c558 |
| SHA512 | 33f0263cd00ff177b94a924703225c2d23e568fe1158e15569fc4fea98fd9953d2ff4f165fb68d99c6118d25a853e71ec06b8de527ce2a5742cfdb77836bb545 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3fd811a87ff1909fb20b2be9728d0f10 |
| SHA1 | ca14e7673c97beebe088df0a8a7fd5169bae85b4 |
| SHA256 | 71b2cbc78c6a2c0205bf64bdebc03a3ee152a11737ac485ef9a3ad85e980505d |
| SHA512 | 5e9b3d7579d3cd245ffe94bb47f6f9d288065cf5374dd4a1f074d37a346b21e588b57faba2b7b395f227e3631a9789d1b8f5791e9303a96cc613e1a004ac4908 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6cb56551334be878039b72bd3c0753fb |
| SHA1 | 2f22f05d3f4f1677b3ba7378d2b5f23b1ddf16d2 |
| SHA256 | 5fe1db78207feb5c8523d724d8b99bc5545f14ef47d8778fc50e542b40a97679 |
| SHA512 | 1646a75182ff3a4b17a70add7fc18b90a2b324250f7e0c1fa10918f81d69fd7d875d13b4054e33c980b8fa50f949ef8e9f7af7b5b8d695ee1847fe112e7f7b7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b355c817bfca9d3231e8a8b9ceb67351 |
| SHA1 | 9cc32754e8f8214ce13192034fc9b672e221a935 |
| SHA256 | 41f57fe8874632c03c66c5c12ccb26cc5b26a1f0553b08f58d99eba74e1ac35b |
| SHA512 | 1611946441872ab0145754640259b5cb0de516da08b4483b00b7aa2e62ff4b6665e351ec0b31c7aaa195f79ab067622d098d50dab17a101643f868f6a0bb35a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f19b6c966d4a64b8acfaf5c8d776b0bf |
| SHA1 | 427e1b81feeafc4b4b407cebe488e3e4fc520076 |
| SHA256 | bb967b99a0b597b84c3a6c61a832e1a67c4f87d489fd9f59bdc8c1b8e71a1479 |
| SHA512 | ba81f0cc04af5050129173475a257f7862a8998b62f3cf2e852040b6c4dca92c24f3217bc9094e7f8b72fa6f0b130d158fb513becdb3e40191abf20ec8a6b3e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 396884164839a1fb5419f72dad643713 |
| SHA1 | 62cca662230aa797556bd1b548f56bb8d29c2af5 |
| SHA256 | 0342ac31fcbd3d3f7977b535f3118a0c8f859af55d5609618acc586fb39528a5 |
| SHA512 | b0975e4ed9410ebb6f4f9c1c1a2c296196d0c13b2a60e4db51d896a28b024a3ad82d7f0ac43114ac4b201fdf29e281b0988827ae3f7fb87956d760e13fa86a2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12d72db0776aab6a2968303d089a453e |
| SHA1 | 2e20f0d03324332a6a07512e574fd98aceafa5e8 |
| SHA256 | f9a2f71165d4f70e04c23ae7aebadb64bb2d3988b7ef4f3a2b2cbf42f983c3d2 |
| SHA512 | f14f6fb3f539c6da5644f246aa2a4645102c7bc2c1eb3cae3c371d1f9e9ef757ace7ce53cc654eaa2febcd37efd1e400a6516412af2ea0cd40e001d69fe76357 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97c1b260cdd366bc07429b34f69c8a5e |
| SHA1 | 498016d61ee7ff5d46b44fe502fde911bb527138 |
| SHA256 | 549ab4674bf58b3a78eba55c55822640a180c52905bbcaba8744e281448753d1 |
| SHA512 | 3d5fc1275351a8f636edb90e379b1a2e4457f6302a2310d191a9eaf451d27663ba2bd9d02d80811086a7fe80525fb0ac66ceff2200bd951e291885c801c8b8b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97c6ae341b3552f4e6898b48c005f232 |
| SHA1 | 1b62626e6e4cf20881983ede3fcdb013647a8ce6 |
| SHA256 | a324b7e5280ad8a38f7889ea4fbeaddcecb549094b8e460f2d527a9d038e242b |
| SHA512 | 8ee015a76cd69acc5191bb6b3869089be35be551bfdddda1a1f18f6854698688bcdd71411192b8c8cefc9c2498572f1ec3bc9232ec2d9e24f699fa3e8954b0d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6256c3d702b53c24c60cacd02b3cbc0a |
| SHA1 | c7b148aab5102ca09ead9b6f1b9ae12b6757dd65 |
| SHA256 | ad334bfd45b9e5cb65d6e31f868e1185c7e98ff4003d288e076755b47d4dc1db |
| SHA512 | c6c316de35a02bb719e1c9d1f157ea8515e0833266006083e01a4b99e3d71145b937c8bb0fa4213c4129b68a2eddbfd881e866e7823f4d43c18339743ce5c273 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae71845bf0522e4e1a27804d54b1cd31 |
| SHA1 | a35d1db86e5851e6f9cbb301d18a6e094e54c6d0 |
| SHA256 | ecf3c9a179cd32aa0f5b9e94354a407d173e486c881da0f48d9d3a60e2d9835b |
| SHA512 | a4b5e258c6f0efc4b5aa6a093deb86a5cee2f438d370daa1f5db93f9a2f3bb98de6b138a07f00e83cd83247df80d90ed117cede7fd6030dfebb0de6305a4c1b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4669e096767b112e53dbf54bbe24f807 |
| SHA1 | d6832519d71a95600aaa5cea0c43c71528c7745f |
| SHA256 | 1a2166a0e22d3cfa8ee950c1ee75a47cb6a2e79c52ccd2f62547ab74f34a0785 |
| SHA512 | f75584ab2bb16ee01272077df3de88ee9bfd591e15e398edb3f55c7fe52bba15df9b8b0379a7c85b302374852d4099ec27e62d30175213a076af342bf62c8064 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15b51743e969a296b4b6fe2cd6257584 |
| SHA1 | 3b47dad182b18a52aad610baa07a506f4a9041c0 |
| SHA256 | 9a763565e3d4217754405a6c7aa8e7a531200220a452ef54466e3c2548c8174a |
| SHA512 | 0eb80e3936d5439a1025c35965356c17d3cbf7a8e2d374305db991fd0841b66effeea6cd82b7045a6db4597e63d232838d8d10dceca59459653294cac7bae439 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07399fc94ba527b933264ac8e2c37826 |
| SHA1 | ca5c2338a3a1c04d63b7791a4d397a83894c12cf |
| SHA256 | 9212c33b1dc2a068af9d468c7d885e02a1224b5a641c78daaba37dbca2f71acc |
| SHA512 | e95a291611cb9da91cb6f197de59a61a8dd14467fe4e99c56a7d7758cbea3683d30763f3975283805fe2b7097aacf1e80ae46fe12c0cd9937f489cfba11ba706 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 952d346054c4397774821bf149b3daae |
| SHA1 | 559e2ae08ca9687ada32738e7e28755307c25a67 |
| SHA256 | 70aa4513dd13c276a23df84fc92ba448463abb312233ddcb72cf947ffa2e2395 |
| SHA512 | 9cb3f867dbedce67b3b51c93482f5b863a33932cfe5a951999b1198ecad7454f4d335b5ccb47d73f6a8a2969f86e97009b6deb37fa370a97ec41226e601e101d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fbb108c01fbda2c92796fbcd4ef46af |
| SHA1 | eda1953fec2baa476a769027412001d5f5fa92e5 |
| SHA256 | 9cdc3136f89f49ab3b59c76dbbe60ea1c9edb8770c44b40abe0fcadd636d9707 |
| SHA512 | 54763ff23b4ffe889fab07ca32b65ff7e9553eae25519dd2f765c14eddc48dd02314c56f660a908627f71a5939f8f59e57a2ca9cb28405f1c2ae233cdf684d80 |
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-12 22:12
Reported
2024-06-12 22:15
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ShadowBot - Sep 2008\ShadowBotDLL.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,15183776301369079428,1865650750396161192,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,15183776301369079428,1865650750396161192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,15183776301369079428,1865650750396161192,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15183776301369079428,1865650750396161192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15183776301369079428,1865650750396161192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,15183776301369079428,1865650750396161192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,15183776301369079428,1865650750396161192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15183776301369079428,1865650750396161192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15183776301369079428,1865650750396161192,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15183776301369079428,1865650750396161192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15183776301369079428,1865650750396161192,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,15183776301369079428,1865650750396161192,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 23.53.113.159:80 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_3788_WIJPDMTCDPJYOJOI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6bf6b18e5b322541a68bb3e64eaae6a8 |
| SHA1 | 488ec88c85427c9f7ec5c83ed9abe1e04e0d41ab |
| SHA256 | 499aed0b5904b9aa978470c8c2faf555477f86c2ad3742cf8106554300ab6725 |
| SHA512 | eac8d2da22006c78952366233ebdf69eaf6f99fdcad82368ec840f15c8807128998eaa1d2f282c84e9642a6b2a6942e070c215d0f590794c90e3d2808a49c2ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a115df46b4df3e51bd988b80eadd001e |
| SHA1 | ad1f293cb7c1d78080e7f23edb88b7189d9efa61 |
| SHA256 | 074fffe3715b48d835f6b0f22c5393c521c953a8653717390b140ad02680e9b6 |
| SHA512 | ee4f5915c626a9a98bd23b7ef15dad2d814e4f2f6373dfdc7e23006dd18b51cb01c3a7b09a2608b7b83b80900156ceacc16817a1211892e59792715679212485 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 22:12
Reported
2024-06-12 22:15
Platform
win7-20240508-en
Max time kernel
121s
Max time network
121s
Command Line
Signatures
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ShadowBot - Sep 2008\MD5ChecksumTest.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ShadowBot - Sep 2008\MD5ChecksumTest.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ShadowBot - Sep 2008\MD5ChecksumTest.exe
"C:\Users\Admin\AppData\Local\Temp\ShadowBot - Sep 2008\MD5ChecksumTest.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 22:12
Reported
2024-06-12 22:15
Platform
win10v2004-20240226-en
Max time kernel
141s
Max time network
151s
Command Line
Signatures
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ShadowBot - Sep 2008\MD5ChecksumTest.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ShadowBot - Sep 2008\MD5ChecksumTest.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ShadowBot - Sep 2008\MD5ChecksumTest.exe
"C:\Users\Admin\AppData\Local\Temp\ShadowBot - Sep 2008\MD5ChecksumTest.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4256 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-12 22:12
Reported
2024-06-12 22:15
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
128s
Command Line
Signatures
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /usr/bin/find | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/ShadowBot - Sep 2008/Compressed/..md5 | /tmp/ShadowBot - Sep 2008/PackFiles.sh | N/A |
| File opened for modification | /tmp/ShadowBot - Sep 2008/Compressed/Debug/ziM4NbTM | /usr/bin/zip | N/A |
| File opened for modification | /tmp/ShadowBot - Sep 2008/Compressed/Debug/Debug.pass | /tmp/ShadowBot - Sep 2008/PackFiles.sh | N/A |
| File opened for modification | /tmp/ShadowBot - Sep 2008/Compressed/Compressed/Compressed.md5 | /tmp/ShadowBot - Sep 2008/PackFiles.sh | N/A |
| File opened for modification | /tmp/ShadowBot - Sep 2008/Compressed/Debug/Debug.sha256 | /tmp/ShadowBot - Sep 2008/PackFiles.sh | N/A |
| File opened for modification | /tmp/ShadowBot - Sep 2008/Compressed/Compressed/zikLmkIQ | /usr/bin/zip | N/A |
| File opened for modification | /tmp/ShadowBot - Sep 2008/Compressed/..zip | /usr/bin/zip | N/A |
| File opened for modification | /tmp/ShadowBot - Sep 2008/Compressed/Debug/Debug.zip | /usr/bin/zip | N/A |
| File opened for modification | /tmp/ShadowBot - Sep 2008/Compressed/ziGM6OYK | /usr/bin/zip | N/A |
| File opened for modification | /tmp/ShadowBot - Sep 2008/Compressed/..sha256 | /tmp/ShadowBot - Sep 2008/PackFiles.sh | N/A |
| File opened for modification | /tmp/ShadowBot - Sep 2008/Compressed/..pass | /tmp/ShadowBot - Sep 2008/PackFiles.sh | N/A |
| File opened for modification | /tmp/ShadowBot - Sep 2008/Compressed/Debug/Debug.md5 | /tmp/ShadowBot - Sep 2008/PackFiles.sh | N/A |
| File opened for modification | /tmp/ShadowBot - Sep 2008/Compressed/Compressed/Compressed.zip | /usr/bin/zip | N/A |
| File opened for modification | /tmp/ShadowBot - Sep 2008/Compressed/Compressed/Compressed.sha256 | /tmp/ShadowBot - Sep 2008/PackFiles.sh | N/A |
| File opened for modification | /tmp/ShadowBot - Sep 2008/Compressed/Compressed/Compressed.pass | /tmp/ShadowBot - Sep 2008/PackFiles.sh | N/A |
Processes
/tmp/ShadowBot - Sep 2008/PackFiles.sh
[/tmp/ShadowBot - Sep 2008/PackFiles.sh]
/usr/bin/tput
[tput bold]
/usr/bin/tput
[tput sgr0]
/usr/bin/find
[find -maxdepth 1 -type d]
/bin/mkdir
[mkdir -p Compressed/.]
/usr/bin/zip
[zip -r --password infected Compressed/./..zip .]
/usr/bin/sha256sum
[sha256sum Compressed/./..zip]
/usr/bin/md5sum
[md5sum Compressed/./..zip]
/bin/mkdir
[mkdir -p Compressed/./Debug]
/usr/bin/zip
[zip -r --password infected Compressed/./Debug/./Debug.zip ./Debug]
/usr/bin/sha256sum
[sha256sum Compressed/./Debug/./Debug.zip]
/usr/bin/md5sum
[md5sum Compressed/./Debug/./Debug.zip]
/bin/mkdir
[mkdir -p Compressed/./Compressed]
/usr/bin/zip
[zip -r --password infected Compressed/./Compressed/./Compressed.zip ./Compressed]
/usr/bin/sha256sum
[sha256sum Compressed/./Compressed/./Compressed.zip]
/usr/bin/md5sum
[md5sum Compressed/./Compressed/./Compressed.zip]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| GB | 195.181.164.17:443 | tcp |
Files
/tmp/ShadowBot - Sep 2008/Compressed/ziGM6OYK
| MD5 | 011f28704c7c74a64def42b4170a2477 |
| SHA1 | 390581b09ed5bb8d333ecc2ed00e528ecca1a49c |
| SHA256 | a6938fa830682f9858a6d6d1b7a89f0b99a48e57c4e79a63bf626263d64ecf32 |
| SHA512 | 1ceaa84b6b4fa01dcd28d7573202e6201244f8c2e3d99178b046e629723f49b1dd56c9bb1487325da26a80bcbf3b4b880eab32b1b574b3cebd5ee3a41c9bdb0a |
/tmp/ShadowBot - Sep 2008/Compressed/Debug/ziM4NbTM
| MD5 | 5f4f5c5beda72ad3cf1dd1b0c32b4681 |
| SHA1 | cd69913c9d973dc14360c732e8893a97b5c2ed7f |
| SHA256 | a8bc8505d0faf3fb91a95b92e72035d510828de4a0f67b6ec1d84d292acd195a |
| SHA512 | edec3312ef32acdeaf2dd4438dbaa5d057be01e7466f337f99da61451cfbc723dab34f31d5c6b3045f1afdad81b63fbe526ba96c1d1fb9cb7eaaf4c5297cb5ad |
/tmp/ShadowBot - Sep 2008/Compressed/Compressed/zikLmkIQ
| MD5 | 51183b28ca76a881abe0d4142f8dd28d |
| SHA1 | 9fbbaa7f5a8284f9607ee534584b2dacda04399a |
| SHA256 | 8c952578e32035bfb7b64f2c359549ffca6005728bdf75a6440dec6599a02d89 |
| SHA512 | 90b582a71db290a4670505a73eb9e3e4a9e2354053a1043b2b47fb31eb9d646a5cab49115faf1b2c12375d51c00815144f7b7f2bd6cc4760615aeec86402306c |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-12 22:12
Reported
2024-06-12 22:15
Platform
debian9-armhf-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-12 22:12
Reported
2024-06-12 22:12
Platform
debian9-mipsel-20240418-en