Malware Analysis Report

2024-10-10 10:56

Sample ID 240612-1vd23swbjr
Target sk_work.zip
SHA256 7f36d706affd3899f7a64ff4a63d8b19c9be92b06ca6f601231fcd437a85d971
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

7f36d706affd3899f7a64ff4a63d8b19c9be92b06ca6f601231fcd437a85d971

Threat Level: Likely benign

The file sk_work.zip was found to be: Likely benign.

Malicious Activity Summary


Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Opens file in notepad (likely ransom note)

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 21:57

Signatures

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:32

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

1799s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:34

Platform

win11-20240611-en

Max time kernel

451s

Max time network

1173s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\filter_ips.py

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\filter_ips.py

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:35

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

1807s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:39

Platform

win11-20240508-en

Max time kernel

1744s

Max time network

1753s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\pv1.py

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\pv1.py

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:45

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

1799s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:30

Platform

win11-20240508-en

Max time kernel

1759s

Max time network

1771s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\create_cidrs_2.py

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\create_cidrs_2.py

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:34

Platform

ubuntu2204-amd64-20240611-en

Max time network

897s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 91.189.91.81:80 security.ubuntu.com tcp
SE 194.71.11.165:80 se.archive.ubuntu.com tcp
US 8.8.8.8:53 _http._tcp.laotzu.ftp.acc.umu.se udp
US 8.8.8.8:53 laotzu.ftp.acc.umu.se udp
US 8.8.8.8:53 laotzu.ftp.acc.umu.se udp
US 8.8.8.8:53 _http._tcp.saimei.ftp.acc.umu.se udp
US 8.8.8.8:53 saimei.ftp.acc.umu.se udp
US 8.8.8.8:53 saimei.ftp.acc.umu.se udp
SE 194.71.11.138:80 saimei.ftp.acc.umu.se tcp
US 8.8.8.8:53 _http._tcp.gemmei.ftp.acc.umu.se udp
US 8.8.8.8:53 gemmei.ftp.acc.umu.se udp
US 8.8.8.8:53 gemmei.ftp.acc.umu.se udp
US 1.1.1.1:53 laotzu.ftp.acc.umu.se udp
SE 194.71.11.166:80 laotzu.ftp.acc.umu.se tcp
US 1.1.1.1:53 gemmei.ftp.acc.umu.se udp
US 1.1.1.1:53 gemmei.ftp.acc.umu.se udp
SE 194.71.11.137:80 gemmei.ftp.acc.umu.se tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:07

Platform

ubuntu2204-amd64-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:40

Platform

win11-20240611-en

Max time kernel

1523s

Max time network

1513s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\shopifylooker-v1.py

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\shopifylooker-v1.py

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
NL 52.111.243.29:443 tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:41

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

897s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:42

Platform

win11-20240508-en

Max time kernel

1724s

Max time network

1733s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\sk.py

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\sk.py

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 52.111.229.43:443 tcp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:44

Platform

win11-20240508-en

Max time kernel

1741s

Max time network

1751s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\tool.py

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\tool.py

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:29

Platform

ubuntu2204-amd64-20240611-en

Max time network

1074s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 91.189.91.81:80 security.ubuntu.com tcp
SE 194.71.11.173:80 se.archive.ubuntu.com tcp
US 91.189.91.82:80 security.ubuntu.com tcp
US 91.189.91.83:80 security.ubuntu.com tcp
US 8.8.8.8:53 _http._tcp.laotzu.ftp.acc.umu.se udp
US 8.8.8.8:53 laotzu.ftp.acc.umu.se udp
US 8.8.8.8:53 laotzu.ftp.acc.umu.se udp
SE 194.71.11.166:80 laotzu.ftp.acc.umu.se tcp
US 8.8.8.8:53 _http._tcp.saimei.ftp.acc.umu.se udp
US 8.8.8.8:53 saimei.ftp.acc.umu.se udp
US 8.8.8.8:53 saimei.ftp.acc.umu.se udp
SE 194.71.11.138:80 saimei.ftp.acc.umu.se tcp
US 8.8.8.8:53 _http._tcp.gemmei.ftp.acc.umu.se udp
US 8.8.8.8:53 gemmei.ftp.acc.umu.se udp
US 8.8.8.8:53 gemmei.ftp.acc.umu.se udp
SE 194.71.11.137:80 gemmei.ftp.acc.umu.se tcp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:38

Platform

ubuntu2204-amd64-20240611-en

Max time network

900s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:40

Platform

ubuntu2204-amd64-20240611-en

Max time network

897s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:40

Platform

win11-20240611-en

Max time kernel

1521s

Max time network

1511s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\sitevalid.py

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\sitevalid.py

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 204.79.197.237:443 tse1.mm.bing.net tcp
US 204.79.197.237:443 tse1.mm.bing.net tcp
US 204.79.197.237:443 tse1.mm.bing.net tcp
US 204.79.197.237:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:42

Platform

ubuntu2204-amd64-20240611-en

Max time network

1248s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 91.189.91.82:80 security.ubuntu.com tcp
SE 194.71.11.165:80 se.archive.ubuntu.com tcp
US 8.8.8.8:53 _http._tcp.laotzu.ftp.acc.umu.se udp
US 8.8.8.8:53 laotzu.ftp.acc.umu.se udp
US 8.8.8.8:53 laotzu.ftp.acc.umu.se udp
SE 194.71.11.166:80 laotzu.ftp.acc.umu.se tcp
US 8.8.8.8:53 _http._tcp.saimei.ftp.acc.umu.se udp
US 8.8.8.8:53 saimei.ftp.acc.umu.se udp
US 8.8.8.8:53 saimei.ftp.acc.umu.se udp
SE 194.71.11.138:80 saimei.ftp.acc.umu.se tcp
US 8.8.8.8:53 _http._tcp.gemmei.ftp.acc.umu.se udp
US 8.8.8.8:53 gemmei.ftp.acc.umu.se udp
US 8.8.8.8:53 gemmei.ftp.acc.umu.se udp
SE 194.71.11.137:80 gemmei.ftp.acc.umu.se tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:37

Platform

win11-20240508-en

Max time kernel

1776s

Max time network

1785s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\input.txt

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3324 wrote to memory of 2628 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE
PID 3324 wrote to memory of 2628 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\input.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\sk_work\input.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:33

Platform

win11-20240611-en

Max time kernel

1523s

Max time network

1514s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\create_cidrs_3.py

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\create_cidrs_3.py

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 204.79.197.237:443 tse1.mm.bing.net tcp
US 204.79.197.237:443 tse1.mm.bing.net tcp
US 204.79.197.237:443 tse1.mm.bing.net tcp
US 204.79.197.237:443 tse1.mm.bing.net tcp
US 204.79.197.237:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:37

Platform

win11-20240508-en

Max time kernel

1741s

Max time network

1750s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\program-v2.py

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\program-v2.py

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:40

Platform

ubuntu2204-amd64-20240522.1-en

Max time network

897s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 21:57

Reported

2024-06-12 22:29

Platform

win11-20240419-en

Max time kernel

1790s

Max time network

1801s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\create_cidrs_1.py

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sk_work\create_cidrs_1.py

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A