Malware Analysis Report

2024-10-10 08:00

Sample ID 240612-cccjjayckm
Target 6b1d4d347523de7994c30aafa136b758.bin
SHA256 bba9ee471147935cf964828b3b3c34baa045207b4fbe1c96743943f8cf71375c
Tags
execution themida
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

bba9ee471147935cf964828b3b3c34baa045207b4fbe1c96743943f8cf71375c

Threat Level: Shows suspicious behavior

The file 6b1d4d347523de7994c30aafa136b758.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

execution themida

Themida packer

Legitimate hosting services abused for malware hosting/C2

Unsigned PE

Reads runtime system information

Enumerates kernel/hardware configuration

Command and Scripting Interpreter: JavaScript

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 01:55

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:55

Platform

debian9-mipsbe-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win10v2004-20240508-en

Max time kernel

89s

Max time network

51s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\array-flatten\array-flatten.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\array-flatten\array-flatten.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win7-20240221-en

Max time kernel

117s

Max time network

142s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fgd.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001768cf05bf804643a1b1a2d5c58b69080000000002000000000010660000000100002000000019f7a97f15d2ec3cb5f12ffaf9c888edde6b8b49ca4b64a0de0f94300a335103000000000e80000000020000200000002731742de8dfb80f81054519d65477077c2c518910c4bf9a5cdefe314388a1c620000000d9e548c50a170ef88e96128a738df5f6edff7803eba4e2f781938529f2b9682c400000004ed19fd7a286196b32aa6eb6a277900d14f700d4e1639da168562e14c3d67bde9a9e6a3250665945d123de1bba8d50f78f5b29740e763cc3db5f2f0126b00b64 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001768cf05bf804643a1b1a2d5c58b69080000000002000000000010660000000100002000000087263b1ca91a95a93848a21d039938652acc744ad1897297362279965c3a11c8000000000e8000000002000020000000c1be45b0e805272175bf851b47928fd35b7ddad96a59b103b6effb896b033e149000000035b0260180a497613717567702d3c8eeeb3745949ea639b4ba92853d6dc05a8c9df65934159dda2ba381961ba13f086310d6874b4b6b6eecf460cbd55264789b529f1e78ae2acdc73a023712cdff409e50c97dcbf74b6de3dd06725d1ff7313f2c5fca4c27f0ba64ca00440157b1b5847ea1d81d0b734a5154c845ded45361b5469c68714af17d1622b1effb1005772c40000000d6ed1e572830f62adef4643036646db9371f3e44ef0525dfcf640eb4fc6a5e679cec4c23a04f6fb412a3569c96db62b9147ad3ec000d0b5e755285fa19d2c7f1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E17189B1-285E-11EF-87AA-FA8378BF1C4A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70ef5fcd6bbcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424319245" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fgd.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1616 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 kit-pro.fontawesome.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 172.64.147.188:443 kit-pro.fontawesome.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 172.64.147.188:443 kit-pro.fontawesome.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 104.18.40.68:443 kit-pro.fontawesome.com tcp
US 104.18.40.68:443 kit-pro.fontawesome.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab46B3.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar47AF.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 851c672a46417f0555e3bece7c7e866b
SHA1 aaad27985c05b9f95a793a7ad4659575ca960a69
SHA256 ff3bd2be526987cada18c864e7461360339b2a0cdb6b9aa7224bef4efdcd7f74
SHA512 c337cf810d660f496b8ecee55643267be9d7dfd8e7e1661d1d43af1fbc64b4379d70a61c41079c13c16a6f2a255fb20450c0e3593ac0c84ea9f81d94ffdc936e

C:\Users\Admin\AppData\Local\Temp\Tar4861.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc76707c1901f7d13af93c8a10c8a72f
SHA1 f363c69894036199d70a2b2ac9b171031f5500aa
SHA256 3f2968eefedb6a32ec5b22a99ed16dee1bbd13b51bff0e45ee545a801b1898c4
SHA512 db60d5ee166f8a34ae72b87dcd6d11940e5e896c1aeb108449bddc9c8ca4145e3ac75feea12d14ea6511c163a1c059b6e8ffa1df8cd10bedeaa040b3e6435b06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9de7fd2130d0768569595e24fd7061e
SHA1 6fb1f27ea039796725db07228388f3e24de5c6b5
SHA256 82bad16efc212871112721c6790b2d2a34b6d726953222344b63e723769304b8
SHA512 fb7976a1d5eb836ec1d83af371507be90a8bdb4df162eef6763e9d2a88d91e56a8ba46662e11e567d5816f9d4d979ca390489b2665d02c9f2286e79d7d3212c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 337ff8e45ddb574868a1a85c84b1f2d4
SHA1 6c80718bf427210c9306773ce4f5d3cadecd4b04
SHA256 3332763952dd4b0158d7d096dc2d2355abb272e9689b72172e73672aa7caa45b
SHA512 3258e68f6af3995c3174b5f9c58425ce6346bcea9d31ef1aa0234ba22a767158acd91c77c7cc04de9560115de3af4e8527951dc98c2dd92153a0867caed70696

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51aad2f56d748eaaedf3fd0aa865a74e
SHA1 4a9f2cdfd608b4e5e7e4d290bc176c214c9669b9
SHA256 89fa464de73bda3acbbe7d333b6360b4078f4fe7b50385723b3fcb0b6f86d1fd
SHA512 126599fdad042773ce17449bded3d70cb4b88344b0179509e0348264d6f5c6805913ca556b575ac64c4a597166d46d93a3a5f018e998f432266f7d4bd5604b9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02572b7f11bc93ba73b20f83038103c0
SHA1 c64e6054e21268a592fca5dfa8953c32e051888a
SHA256 8a60fdc45930ac426b8283ba8ec8372d24378dceb904ae6316890c00c7fd6c90
SHA512 0261633599c51f7cb4f2dbfb2f7910d474154c73571a5e420d37fe4abc1ff3af856aa435148f8f5d87bb2e4e15b2a2e5c5263a0e315c1c6d9a715472f1dd4f01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 536788b6186cb75d92fc3f7ec7a938c3
SHA1 eda1235d265c0af1a8d19360be017005f4a0e022
SHA256 9c5a2cec054ed64ffeec6e239f47b36d7f469b157cbb29090a971c458335d053
SHA512 069666ef113e87d3e75b913372358d6216c2e2578c5839612f89d0ab0c3c57ef763d0756ae371238b66225206704ee0e4443d00238de0bab9115163d68fa427b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c51b2d7f77a51bf3e81364db43501c8b
SHA1 6e474882a8ca589c4b0c58ace730d906fb501d34
SHA256 87c0c868bc424be15c6049bce47af62e1fe549ea97ce1bec6c54fd7feabe57f6
SHA512 87a556042248912eec8657558b062005131fd76c0bec007ec0b1a5428856d088cddbfae75bcbd815969f670974d5bb389922b55c4503a0793f13e1b1153867fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c448086b87e0283dbfb0798581a62c7b
SHA1 c39cd63350727e7ea5ad0e5a98964d6bfd31ba7a
SHA256 e8c54b883ef082995d4fd6d04972eb7889de1f5cd15a251dc11bfdf1c1516975
SHA512 c9e534b781d3e0bc6f91169bb48d9aeae64f3b121a8cca4f7bc0968524060e3f307c2adc773559835bb29a6b621145e1eb11cff03d7b23947074d9cd154ab73b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a55e0130b0a9d08d47d153eec1ac2ba5
SHA1 19c13d7ebd1ae325102b50fdc6f8d0f30ae3302e
SHA256 fd3842081b549f34d19a6ab285701e14c92aef4fc117e952f176aea2687edd35
SHA512 b2026c0bdb8fd87c4a892009ad120eed00a1372a6e7176672aa419e5a720d51a66bf153c307097f6187507e63a6ec56614077be4eb0a6e879dca231d69902fe0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 f269d3f83b38900744cc0cee5519b633
SHA1 962a12c379b2ae7fa1122647bdfda39ebda238b5
SHA256 5cdde5354984f9dcc25ac14533715dcd009391f840371c613de9df7d9c8b6f4d
SHA512 555326be2a17db48f182ed9d1f559408efdcf29361c18a787e5661c2551920ddf7c43642c421adf4554851b003213788b80875d148bd95259b5411ac390a954d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93c4a4900edd0174b23b9094cba6efde
SHA1 695954c1bb3cfaa6bc830504f9b1804e539ee85d
SHA256 90e58eb84d5e5f5aa2ca61e3216e50989936ea75569c8e53658e90be86edd1b1
SHA512 c84b5d01469cd47a7686ad9b15048b3ff00778e930f53b27bd1a759fc880818176715d4346469aac49c329205087ca1ffb390caf5e84f92369e938884f1a71bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8f1e1b440831cb9490fd2a57d71f29a
SHA1 55a40606d2ab1b9f7ba5465f9e3a1129f0c6ca7e
SHA256 5bb26f16f8db4b1b964573b0769ad6100ad853ee4279445a09be5ec9b15103c9
SHA512 ff79eabd293bf41218ee2f18ea27f45916aa700b6131abaa8cf39907ecb3e982de8cf709a2dd32b859b371c554c0b73b22f43eba594c5a18d36a6d436b7d3b72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e56a9425e60d3270fe45432db4424b7
SHA1 8f3919f84343cc80844888e20622a61900249e2e
SHA256 b64f744bd397ef804993025b45b739615854ea2175f40f369499de00a960a915
SHA512 39463e2e7c917fe1292e024e4336c108440adb766f39d1eb31c3478f18afc0e3dcc2de3e49119bea48a6edb5d99354f9845562b52902fc26585e4a0eb1017339

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe8cc472c6880305cbc8aed46ce18980
SHA1 202647805c00edcd12a26cf63c7709fa30d09a1f
SHA256 b85822973d5c8c1a2d4151087b3f376fb24ef207d1a550cfcc8ca822d8820d2b
SHA512 be92767170f2970d0e8d698f67987e786e3470681324bd1896e11a5451e88c3433ccbe7ea1a3950fb8626662588547d31f1c361745b1f7e4d283e9c78cb87adf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57fa9c80e6fa393e4e653078b0e08b9d
SHA1 f86f416a7b697adb103a19b147c14ce5b46d9b8a
SHA256 56a3863e69a0e3e4f8e77d0dfe3c8d273c46fdfd1a0098e2acd018b2dbce57e5
SHA512 b87c49f1035601b02d8f9ae02c1394019b0d8a3d6805fb426cc6a0cdd26453bf2e564f63b7d0294bb9b1744f347db99a3d4e089f3dc567c02d4c0c6454e79e4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98823baacc375334e2e985088fd10676
SHA1 ad345abc29e732678ba01c68ede61750f5979293
SHA256 18a5b167263378a3b746a339f49e4e1347bb73c41a4d6d170e8920bbce757ffd
SHA512 92e9a84d578c84527de4bed52be9724718cf175ce351aec896fc0d1b7933ff4a798b036d5d94e451bf89810273cb7aea59235b94c6b1f8e0444105ef130ee1d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8c7b174fba6714f08eaef6a52b8c2ad
SHA1 be0bf8c4da18c85550985baaa29163ee7cdc569b
SHA256 f6f6dc75d59bd76522f94c0fe30b1fbca714e53fc051fdbbebb0117cd891b602
SHA512 5ba7c17231d83ed73ae4eecae004b49cd37fc788004b26802acfbfede41266c6478bed6e2ecf784c354ac7c1162c5762c8e7528d279e6f50d75e49cff24a76e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 585ace9bb6d0d133d6c333593b9b83b2
SHA1 c7bd129d8873a61c6edf6cdd254429325a0d22b0
SHA256 eeca6fd894e7eb83caad3629c3df92e417845c9d88ccb86168bf84d6d915b0a1
SHA512 93a4de1661f52e5fdc7b9fe0022600087099b23af83bafef88d6516fa3c81dfda7a1da3de3d2faf82e7356bbd162f61ee5c1e452c941ed941dd7246541ce5169

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e60ce212f2b1aa6828b330f97336601a
SHA1 a789161b5e5a8fb8ae9adba0009dcbcc80f173fd
SHA256 d228927dc650e6a4e19c1fcbf7bd217e47197f3496246c9a0b537eb6f00b0fac
SHA512 9487d895c8d3e46985eaf13144e0d907566f5b0f15c695f9a672f45b3e969f90de6dabdc491b039eadf4a93d583d922d0d5bf2e106c163b6bcb168f533662563

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb46af46af96e81e185a694f267a8cfa
SHA1 f3d40c250795dc17d0a2046776efb81f50f1e463
SHA256 6f10381d3e00c3223794d4dcc53850cf298c0064fac03007de78245619c3ee20
SHA512 ce1b27edfaa0c370b551307f1805316ab3256a9c715ecf4b961fa1996e64d97bbff9767a632d8ee047d42a1b18763771844573abbf49ec2ac8ac24e3ec3665c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 982dfe25e82c12d0c1429cc23a5fc1b3
SHA1 7658596931a485050b30d5d6193a3f6e675e2ca1
SHA256 e118285c1cb08d348dbdba0951aff4315fe6a446f67f9955042e22e2d7f78202
SHA512 cbc19622908994a28d23d9f46dd5127c7d9cb6192d78db57c6abb035857b47e32313c896bf426efcaf2867dc48a474a444d9f489be375d0a2ba2a3a9743315b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4914ecd059061e180a35fe061e1431d
SHA1 7869a11732ec3721589485f1a2456173ead8d0b6
SHA256 62b0fe4ab8de785bbb838df3ac5726dd99aebbf54ed181eac75d044046f11d4d
SHA512 74bcc21caebf1f7194e2516509317e2af60cd5cf1e31dbfb1be4b267176e6d1d71a41b10b96d8880690cb48e27d6338a03793957798c6f238dd72bd8220df173

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a805aff5750dd25f8323af4456c5c3f
SHA1 9a156d87b36029314b0d0a1ce623253198c22946
SHA256 8b8bf8ecbc7425f72fd3d7e72de375ee8c1a77467294bf3bb588c661ad4be565
SHA512 79337cdfcf46aaa4370546fd0d55052c1180080e44f58bafc055a0308dea26d618399dd1ce5e5a9f2ce55faded92b91d381957aa6bedbd6d6ad9c7841698df18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59fef90c250db871d799d424f4ca4bcb
SHA1 ab57ef9207cd19599699fec9dbec1a9ffe77d40b
SHA256 7a0ff227380426115f561dbf0987ed989c62844e84348ef27c79101bc5a83421
SHA512 166b4d1ca4515969cd079935b6ec513cbc9b77738a65df4c64fe7a78275c573a2f39ae5270d565b81ea33d0c0fdc895c7c1ec8938e0475188d675651f4dabf74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 516f5aec4c85a41160b9bd9183db7373
SHA1 d2bd90c4f3ed548c2ecd7ef838d0a1bb0416eab8
SHA256 09c6bdd52ce2ffaa84ca325f24da639dfa06a63d1031a38629c23f034b43575f
SHA512 578fd18a84bb58c122864d96bdf143df774cbb671ee121d9f2dc94ead3e9366176bd2ff34758394ca1905e13f1e450e7347c65cd985d42ba4ddef6cde5e14f73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b4316cf47186ca3ac79f54e0ba4c423d
SHA1 ce9904dae73c9c2520af3a40741ab2ce319ebfc9
SHA256 494cc9c5339b3bedef65e4a52dcf1863b4ca03fa2992309e75af196f1f77e959
SHA512 f23f163fc8a96f62ba7b6e2c59a62d3410b5ca0d4d69eefe68aeab8b19237743103c4861f004e3f56224d26889f33f8bf23c4d1de21ce6a035c6301b04b61b3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 000498c5ee30c4ee771bbc2e1e4700b2
SHA1 23b8cc873e1aa791e3e402be707b6107521d4f5a
SHA256 8f34b5fe56e7fbb3decd12eadd7003453945616b4758d6d4b147906260b04d95
SHA512 f6807c82f10d8c75271a98264de69b789746c2ebd3818bad52547ce91e3ca6b6cec836bc661882674b0e393d4683be6cdc135fb19c6f9651925d614523bd00d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aea356c01bbc5886de6971f08c821d59
SHA1 036df1f6c1b99ff12a622e5609fc51eebf4978d0
SHA256 a77c1c267d9c705107b4a485e66658e81d94919efb56fe3c7afacc4c304bdac4
SHA512 1be5d5c28607ac43d0865b664ac24796b3d43fb4125488d7b7044e39c20b3e4cc621dcad034f01693741d4bd6b0caef72c5f85f74f2b22914e9f349546e5e110

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b1a139d5e17060f5ea8ecc9d7e7356f
SHA1 1d139bf69b7c45cd5c6cf02e99baec126a19ca3f
SHA256 e29dd1f31f1ff84614fc80fcb701862c69fd9a884de02ed844e1210613141bb1
SHA512 d15fcc5d1dce1ad95eb4817ebd230806309b5fc8bd9327a5785e67466c7c4d3d0ea75ea096a3d85399879178c9991bdd66ec43d5804b06adebf3defd271ca5b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 378b6ea772dc064d84948519bbe9fa02
SHA1 7e0ca44714fe7e6b7caf13e758bba6b8c44d107e
SHA256 ab1f8de114309e363b03abae9cf6b18df8d190619b566850378856f38e630711
SHA512 f2fc3f2e24a8b2edebb2fa5b78b924e45dff13f32a43b289a6c4e9f743036f415f2636aa1e8987301324a68d578b6919249edfa2aed4f4193efa88d50aec084b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a92bd0033ba0e0958ae1a7705f6c3169
SHA1 84c856d792d728de4bb1e3f6e9a9c7826e6ff9e3
SHA256 baa6125a5fa345bb86aadccb5b2877ddeec37374f498d0429c9920a4d700039f
SHA512 c990a183524e23c20741c91ff7ff803dadfc93dce7c2551b84c0abf54d77ac36dd338317d5761b1725f04383dc40b17627599896c32ac951024b9d3599d08d3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71c4ddea41a90b3ab49eb96be702b9f6
SHA1 f628319229748dfd73c069a8bb8de87f10270cab
SHA256 348af44eb571cb866afe5bec37a178205a4745bbfe0e8669dbbaabdbed527e9e
SHA512 0c1c4b53a527cc2584203eaf133111d8345759f19943b1285a1510986423976f1770119e79dd651d7b2bfea46d444493cce065c333f59a1afe6f9e45c15f3771

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5616a1677a554af76da92f72ad9a7e8
SHA1 a4071f0a0a80935804d1f5cde45c81420f39e0cf
SHA256 765b589f1a091f67c06a23658773868ef530d7205d428f537deb7f93edfd1cb1
SHA512 4d1fc02f81cdbc8648c758dee27cf303e27616343323c343b58444d426f3bd7153e1f52833191406d1f3c48c6d0259fbd110c354fa087fa534e41903c593162e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 b62b5972939b282ede335019d9d8a912
SHA1 5aa59d31967384daf48619e5b2a47c2267700765
SHA256 ef508bbfb36b33d6ec34f368a63a2096cb40994817018f75650c290461967102
SHA512 9a0b4ce73f36b3e1ef468045bd8145cb625de96b0d8b941399ae9f6fb94256c9552f11ee6f2518727a2b1b26355469f3e7969ba7dad28840281d1f771a569000

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30e18cb56d272903c1731a1ad978be0d
SHA1 38606de5c611242d91a8ece62f6dbefb95395ec8
SHA256 0b8bf22bfcad0a5c70897e4c77e96ebf9328042bc2128c6a511d04dc5e0c7cb1
SHA512 bc8cf20e48b9ccc5c5f75cb01ab378d274dd6397823a30494cb7a965de45722e73b9b8681c2856a837edff961684f86843e8de744d598a095644ebeb73155235

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 463b1c06f9888d6110a502413c499b47
SHA1 7417b09120141fac7166cee35bf9b2295f01d9df
SHA256 88fd57d2e2a73b186f4ac1bb2745311f5d031ea73ac9131b49d19a3b967f6999
SHA512 847fd05e1739b1764de872f9baa43f152bcc06c17f3de891ecd25d19c1dccddeda48939b13f6dffb190a1bde61919bf7ee6170c8444b023310334ae2b978219f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1ebdb85e03e9eb2150efe52ea70aaaf
SHA1 5979d0080cffb655cea40832d608478b4ea5a8f8
SHA256 c7f074318e5314476f400ec04872fdb5192a3131542a2c8c2f5a85b3b1a63f84
SHA512 09b401018b89afec1ee8af3dbe933e6dc049d40646ac7c6bb77db93f61530e39df315573c56fcb74f602c35ed47cee962e2b45f2a1a503e617ff90268c804cb0

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win7-20240508-en

Max time kernel

120s

Max time network

123s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\index.js

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:56

Platform

debian9-mipsbe-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

128s

Command Line

[/tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime]

Signatures

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime

[/tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime]

/bin/sed

[sed -e s,\\,/,g]

/usr/bin/dirname

[dirname /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime]

/bin/uname

[uname]

/usr/local/sbin/node

[node /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/../mime/cli.js]

/usr/local/bin/node

[node /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/../mime/cli.js]

/usr/sbin/node

[node /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/../mime/cli.js]

/usr/bin/node

[node /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/../mime/cli.js]

Network

Country Destination Domain Proto
GB 195.181.164.19:443 tcp
N/A 224.0.0.251:5353 udp
US 151.101.129.91:443 tcp
US 151.101.129.91:443 tcp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win10v2004-20240508-en

Max time kernel

146s

Max time network

150s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\accepts\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\accepts\README.js

Network

Country Destination Domain Proto
US 52.111.229.43:443 tcp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win7-20240221-en

Max time kernel

117s

Max time network

119s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\array-flatten\array-flatten.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\array-flatten\array-flatten.js

Network

N/A

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win10v2004-20240508-en

Max time kernel

146s

Max time network

150s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\body-parser\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\body-parser\index.js

Network

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win10v2004-20240508-en

Max time kernel

146s

Max time network

150s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.WinForms.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.WinForms.dll,#1

Network

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

53s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll,#1

Network

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win10v2004-20240611-en

Max time kernel

147s

Max time network

152s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

debian9-armhf-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:55

Platform

debian9-mipsel-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win7-20240221-en

Max time kernel

118s

Max time network

120s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\accepts\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\accepts\index.js

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win7-20240611-en

Max time kernel

119s

Max time network

121s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\array-flatten\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\array-flatten\README.js

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win10v2004-20240508-en

Max time kernel

146s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fgd.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2092 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2092 wrote to memory of 3448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fgd.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcce3c46f8,0x7ffcce3c4708,0x7ffcce3c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5148 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 kit-pro.fontawesome.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 52.111.229.43:443 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_2092_NQYFLRRXLNYAVDUC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a90d5ef26bb390e275a15e2696c8659c
SHA1 f80246459c1cf7a188baeffeeec29ade99976f88
SHA256 cf786740d2c91a722608d2c1426b312175d68fdf30466b7c69564bf8bb66bebb
SHA512 2ba8b17369d60fa41f3d17f035f0b66bffba1bc5ce82d50c08d321cc3bd37314512143c90c81b89fb5cff1dfa65050539aed4be226a5570b32f63f64e305d186

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c6d962785aa6d95972e75cfebe82a6ca
SHA1 8626e73b0e40d901b739d896478c037a1d4cf159
SHA256 3603fb7ee0804e1d8099985f5a4abdde0c842a591533416f9abb3f0638e34363
SHA512 7fc9b1eb6a1972422219e77630b0017f27fa7e468b8a5de9f6102d6604f5b1fca1ccbdfa42f08e05e8f11e668688825eba522b1452484ca853968fe46588d97a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

debian9-armhf-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime.ps1]

Signatures

N/A

Processes

/tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime.ps1

[/tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime.ps1]

/usr/local/sbin/pwsh

[pwsh /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime.ps1]

/usr/local/bin/pwsh

[pwsh /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime.ps1]

/usr/sbin/pwsh

[pwsh /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime.ps1]

/usr/bin/pwsh

[pwsh /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime.ps1]

/sbin/pwsh

[pwsh /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime.ps1]

/bin/pwsh

[pwsh /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime.ps1]

/snap/bin/pwsh

[pwsh /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime.ps1]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.65.91:443 tcp
GB 89.187.167.3:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win10v2004-20240226-en

Max time kernel

147s

Max time network

161s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\.bin\mime.cmd"

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\.bin\mime.cmd"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

51s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\array-flatten\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\array-flatten\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win7-20240508-en

Max time kernel

122s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\body-parser\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\body-parser\README.js

Network

N/A

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win7-20231129-en

Max time kernel

120s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\body-parser\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\body-parser\index.js

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win10v2004-20240611-en

Max time kernel

146s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
NL 52.111.243.30:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win7-20240221-en

Max time kernel

117s

Max time network

125s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.WinForms.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.WinForms.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win7-20240221-en

Max time kernel

120s

Max time network

122s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\.bin\mime.cmd"

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\.bin\mime.cmd"

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:55

Platform

debian9-mipsel-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win7-20240508-en

Max time kernel

119s

Max time network

121s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\accepts\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\accepts\README.js

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win10v2004-20240611-en

Max time kernel

134s

Max time network

145s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\accepts\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\accepts\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win10v2004-20240226-en

Max time kernel

152s

Max time network

164s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\body-parser\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\body-parser\README.js

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4036 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 216.58.201.106:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 29.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win7-20240215-en

Max time kernel

120s

Max time network

120s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-12 01:55

Reported

2024-06-12 01:58

Platform

win7-20240508-en

Max time kernel

121s

Max time network

122s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll,#1

Network

N/A

Files

N/A