Analysis Overview
SHA256
7f36d706affd3899f7a64ff4a63d8b19c9be92b06ca6f601231fcd437a85d971
Threat Level: Likely benign
The file sk_work.zip was found to be: Likely benign.
Malicious Activity Summary
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Opens file in notepad (likely ransom note)
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 21:57
Signatures
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:32
Platform
ubuntu2204-amd64-20240522.1-en
Max time network
1799s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:34
Platform
win11-20240611-en
Max time kernel
451s
Max time network
1173s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\filter_ips.py
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:35
Platform
ubuntu2204-amd64-20240522.1-en
Max time network
1807s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:39
Platform
win11-20240508-en
Max time kernel
1744s
Max time network
1753s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\pv1.py
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:45
Platform
ubuntu2204-amd64-20240522.1-en
Max time network
1799s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:30
Platform
win11-20240508-en
Max time kernel
1759s
Max time network
1771s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\create_cidrs_2.py
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:34
Platform
ubuntu2204-amd64-20240611-en
Max time network
897s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 91.189.91.81:80 | security.ubuntu.com | tcp |
| SE | 194.71.11.165:80 | se.archive.ubuntu.com | tcp |
| US | 8.8.8.8:53 | _http._tcp.laotzu.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | laotzu.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | laotzu.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | _http._tcp.saimei.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | saimei.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | saimei.ftp.acc.umu.se | udp |
| SE | 194.71.11.138:80 | saimei.ftp.acc.umu.se | tcp |
| US | 8.8.8.8:53 | _http._tcp.gemmei.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | gemmei.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | gemmei.ftp.acc.umu.se | udp |
| US | 1.1.1.1:53 | laotzu.ftp.acc.umu.se | udp |
| SE | 194.71.11.166:80 | laotzu.ftp.acc.umu.se | tcp |
| US | 1.1.1.1:53 | gemmei.ftp.acc.umu.se | udp |
| US | 1.1.1.1:53 | gemmei.ftp.acc.umu.se | udp |
| SE | 194.71.11.137:80 | gemmei.ftp.acc.umu.se | tcp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:07
Platform
ubuntu2204-amd64-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:40
Platform
win11-20240611-en
Max time kernel
1523s
Max time network
1513s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\shopifylooker-v1.py
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| NL | 52.111.243.29:443 | tcp | |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:41
Platform
ubuntu2204-amd64-20240522.1-en
Max time network
897s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:42
Platform
win11-20240508-en
Max time kernel
1724s
Max time network
1733s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\sk.py
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.43:443 | tcp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:44
Platform
win11-20240508-en
Max time kernel
1741s
Max time network
1751s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\tool.py
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:29
Platform
ubuntu2204-amd64-20240611-en
Max time network
1074s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 91.189.91.81:80 | security.ubuntu.com | tcp |
| SE | 194.71.11.173:80 | se.archive.ubuntu.com | tcp |
| US | 91.189.91.82:80 | security.ubuntu.com | tcp |
| US | 91.189.91.83:80 | security.ubuntu.com | tcp |
| US | 8.8.8.8:53 | _http._tcp.laotzu.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | laotzu.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | laotzu.ftp.acc.umu.se | udp |
| SE | 194.71.11.166:80 | laotzu.ftp.acc.umu.se | tcp |
| US | 8.8.8.8:53 | _http._tcp.saimei.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | saimei.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | saimei.ftp.acc.umu.se | udp |
| SE | 194.71.11.138:80 | saimei.ftp.acc.umu.se | tcp |
| US | 8.8.8.8:53 | _http._tcp.gemmei.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | gemmei.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | gemmei.ftp.acc.umu.se | udp |
| SE | 194.71.11.137:80 | gemmei.ftp.acc.umu.se | tcp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:38
Platform
ubuntu2204-amd64-20240611-en
Max time network
900s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:40
Platform
ubuntu2204-amd64-20240611-en
Max time network
897s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:40
Platform
win11-20240611-en
Max time kernel
1521s
Max time network
1511s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\sitevalid.py
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.237:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.237:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.237:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.237:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:42
Platform
ubuntu2204-amd64-20240611-en
Max time network
1248s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 91.189.91.82:80 | security.ubuntu.com | tcp |
| SE | 194.71.11.165:80 | se.archive.ubuntu.com | tcp |
| US | 8.8.8.8:53 | _http._tcp.laotzu.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | laotzu.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | laotzu.ftp.acc.umu.se | udp |
| SE | 194.71.11.166:80 | laotzu.ftp.acc.umu.se | tcp |
| US | 8.8.8.8:53 | _http._tcp.saimei.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | saimei.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | saimei.ftp.acc.umu.se | udp |
| SE | 194.71.11.138:80 | saimei.ftp.acc.umu.se | tcp |
| US | 8.8.8.8:53 | _http._tcp.gemmei.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | gemmei.ftp.acc.umu.se | udp |
| US | 8.8.8.8:53 | gemmei.ftp.acc.umu.se | udp |
| SE | 194.71.11.137:80 | gemmei.ftp.acc.umu.se | tcp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:37
Platform
win11-20240508-en
Max time kernel
1776s
Max time network
1785s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3324 wrote to memory of 2628 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 3324 wrote to memory of 2628 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\input.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\sk_work\input.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:33
Platform
win11-20240611-en
Max time kernel
1523s
Max time network
1514s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\create_cidrs_3.py
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.237:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.237:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.237:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.237:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.237:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:37
Platform
win11-20240508-en
Max time kernel
1741s
Max time network
1750s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\program-v2.py
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:40
Platform
ubuntu2204-amd64-20240522.1-en
Max time network
897s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 21:57
Reported
2024-06-12 22:29
Platform
win11-20240419-en
Max time kernel
1790s
Max time network
1801s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\create_cidrs_1.py
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |