Analysis Overview
SHA256
bba9ee471147935cf964828b3b3c34baa045207b4fbe1c96743943f8cf71375c
Threat Level: Shows suspicious behavior
The file 6b1d4d347523de7994c30aafa136b758.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Themida packer
Legitimate hosting services abused for malware hosting/C2
Unsigned PE
Reads runtime system information
Enumerates kernel/hardware configuration
Command and Scripting Interpreter: JavaScript
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 01:55
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:55
Platform
debian9-mipsbe-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win10v2004-20240508-en
Max time kernel
89s
Max time network
51s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\array-flatten\array-flatten.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win7-20240221-en
Max time kernel
117s
Max time network
142s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001768cf05bf804643a1b1a2d5c58b69080000000002000000000010660000000100002000000019f7a97f15d2ec3cb5f12ffaf9c888edde6b8b49ca4b64a0de0f94300a335103000000000e80000000020000200000002731742de8dfb80f81054519d65477077c2c518910c4bf9a5cdefe314388a1c620000000d9e548c50a170ef88e96128a738df5f6edff7803eba4e2f781938529f2b9682c400000004ed19fd7a286196b32aa6eb6a277900d14f700d4e1639da168562e14c3d67bde9a9e6a3250665945d123de1bba8d50f78f5b29740e763cc3db5f2f0126b00b64 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001768cf05bf804643a1b1a2d5c58b69080000000002000000000010660000000100002000000087263b1ca91a95a93848a21d039938652acc744ad1897297362279965c3a11c8000000000e8000000002000020000000c1be45b0e805272175bf851b47928fd35b7ddad96a59b103b6effb896b033e149000000035b0260180a497613717567702d3c8eeeb3745949ea639b4ba92853d6dc05a8c9df65934159dda2ba381961ba13f086310d6874b4b6b6eecf460cbd55264789b529f1e78ae2acdc73a023712cdff409e50c97dcbf74b6de3dd06725d1ff7313f2c5fca4c27f0ba64ca00440157b1b5847ea1d81d0b734a5154c845ded45361b5469c68714af17d1622b1effb1005772c40000000d6ed1e572830f62adef4643036646db9371f3e44ef0525dfcf640eb4fc6a5e679cec4c23a04f6fb412a3569c96db62b9147ad3ec000d0b5e755285fa19d2c7f1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E17189B1-285E-11EF-87AA-FA8378BF1C4A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70ef5fcd6bbcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424319245" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1616 wrote to memory of 2996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1616 wrote to memory of 2996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1616 wrote to memory of 2996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1616 wrote to memory of 2996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fgd.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1616 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | kit-pro.fontawesome.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 172.64.147.188:443 | kit-pro.fontawesome.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 172.64.147.188:443 | kit-pro.fontawesome.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.18.40.68:443 | kit-pro.fontawesome.com | tcp |
| US | 104.18.40.68:443 | kit-pro.fontawesome.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab46B3.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar47AF.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 851c672a46417f0555e3bece7c7e866b |
| SHA1 | aaad27985c05b9f95a793a7ad4659575ca960a69 |
| SHA256 | ff3bd2be526987cada18c864e7461360339b2a0cdb6b9aa7224bef4efdcd7f74 |
| SHA512 | c337cf810d660f496b8ecee55643267be9d7dfd8e7e1661d1d43af1fbc64b4379d70a61c41079c13c16a6f2a255fb20450c0e3593ac0c84ea9f81d94ffdc936e |
C:\Users\Admin\AppData\Local\Temp\Tar4861.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc76707c1901f7d13af93c8a10c8a72f |
| SHA1 | f363c69894036199d70a2b2ac9b171031f5500aa |
| SHA256 | 3f2968eefedb6a32ec5b22a99ed16dee1bbd13b51bff0e45ee545a801b1898c4 |
| SHA512 | db60d5ee166f8a34ae72b87dcd6d11940e5e896c1aeb108449bddc9c8ca4145e3ac75feea12d14ea6511c163a1c059b6e8ffa1df8cd10bedeaa040b3e6435b06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9de7fd2130d0768569595e24fd7061e |
| SHA1 | 6fb1f27ea039796725db07228388f3e24de5c6b5 |
| SHA256 | 82bad16efc212871112721c6790b2d2a34b6d726953222344b63e723769304b8 |
| SHA512 | fb7976a1d5eb836ec1d83af371507be90a8bdb4df162eef6763e9d2a88d91e56a8ba46662e11e567d5816f9d4d979ca390489b2665d02c9f2286e79d7d3212c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 337ff8e45ddb574868a1a85c84b1f2d4 |
| SHA1 | 6c80718bf427210c9306773ce4f5d3cadecd4b04 |
| SHA256 | 3332763952dd4b0158d7d096dc2d2355abb272e9689b72172e73672aa7caa45b |
| SHA512 | 3258e68f6af3995c3174b5f9c58425ce6346bcea9d31ef1aa0234ba22a767158acd91c77c7cc04de9560115de3af4e8527951dc98c2dd92153a0867caed70696 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51aad2f56d748eaaedf3fd0aa865a74e |
| SHA1 | 4a9f2cdfd608b4e5e7e4d290bc176c214c9669b9 |
| SHA256 | 89fa464de73bda3acbbe7d333b6360b4078f4fe7b50385723b3fcb0b6f86d1fd |
| SHA512 | 126599fdad042773ce17449bded3d70cb4b88344b0179509e0348264d6f5c6805913ca556b575ac64c4a597166d46d93a3a5f018e998f432266f7d4bd5604b9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02572b7f11bc93ba73b20f83038103c0 |
| SHA1 | c64e6054e21268a592fca5dfa8953c32e051888a |
| SHA256 | 8a60fdc45930ac426b8283ba8ec8372d24378dceb904ae6316890c00c7fd6c90 |
| SHA512 | 0261633599c51f7cb4f2dbfb2f7910d474154c73571a5e420d37fe4abc1ff3af856aa435148f8f5d87bb2e4e15b2a2e5c5263a0e315c1c6d9a715472f1dd4f01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 536788b6186cb75d92fc3f7ec7a938c3 |
| SHA1 | eda1235d265c0af1a8d19360be017005f4a0e022 |
| SHA256 | 9c5a2cec054ed64ffeec6e239f47b36d7f469b157cbb29090a971c458335d053 |
| SHA512 | 069666ef113e87d3e75b913372358d6216c2e2578c5839612f89d0ab0c3c57ef763d0756ae371238b66225206704ee0e4443d00238de0bab9115163d68fa427b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | c5dfb849ca051355ee2dba1ac33eb028 |
| SHA1 | d69b561148f01c77c54578c10926df5b856976ad |
| SHA256 | cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b |
| SHA512 | 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c51b2d7f77a51bf3e81364db43501c8b |
| SHA1 | 6e474882a8ca589c4b0c58ace730d906fb501d34 |
| SHA256 | 87c0c868bc424be15c6049bce47af62e1fe549ea97ce1bec6c54fd7feabe57f6 |
| SHA512 | 87a556042248912eec8657558b062005131fd76c0bec007ec0b1a5428856d088cddbfae75bcbd815969f670974d5bb389922b55c4503a0793f13e1b1153867fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c448086b87e0283dbfb0798581a62c7b |
| SHA1 | c39cd63350727e7ea5ad0e5a98964d6bfd31ba7a |
| SHA256 | e8c54b883ef082995d4fd6d04972eb7889de1f5cd15a251dc11bfdf1c1516975 |
| SHA512 | c9e534b781d3e0bc6f91169bb48d9aeae64f3b121a8cca4f7bc0968524060e3f307c2adc773559835bb29a6b621145e1eb11cff03d7b23947074d9cd154ab73b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a55e0130b0a9d08d47d153eec1ac2ba5 |
| SHA1 | 19c13d7ebd1ae325102b50fdc6f8d0f30ae3302e |
| SHA256 | fd3842081b549f34d19a6ab285701e14c92aef4fc117e952f176aea2687edd35 |
| SHA512 | b2026c0bdb8fd87c4a892009ad120eed00a1372a6e7176672aa419e5a720d51a66bf153c307097f6187507e63a6ec56614077be4eb0a6e879dca231d69902fe0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | f269d3f83b38900744cc0cee5519b633 |
| SHA1 | 962a12c379b2ae7fa1122647bdfda39ebda238b5 |
| SHA256 | 5cdde5354984f9dcc25ac14533715dcd009391f840371c613de9df7d9c8b6f4d |
| SHA512 | 555326be2a17db48f182ed9d1f559408efdcf29361c18a787e5661c2551920ddf7c43642c421adf4554851b003213788b80875d148bd95259b5411ac390a954d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93c4a4900edd0174b23b9094cba6efde |
| SHA1 | 695954c1bb3cfaa6bc830504f9b1804e539ee85d |
| SHA256 | 90e58eb84d5e5f5aa2ca61e3216e50989936ea75569c8e53658e90be86edd1b1 |
| SHA512 | c84b5d01469cd47a7686ad9b15048b3ff00778e930f53b27bd1a759fc880818176715d4346469aac49c329205087ca1ffb390caf5e84f92369e938884f1a71bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8f1e1b440831cb9490fd2a57d71f29a |
| SHA1 | 55a40606d2ab1b9f7ba5465f9e3a1129f0c6ca7e |
| SHA256 | 5bb26f16f8db4b1b964573b0769ad6100ad853ee4279445a09be5ec9b15103c9 |
| SHA512 | ff79eabd293bf41218ee2f18ea27f45916aa700b6131abaa8cf39907ecb3e982de8cf709a2dd32b859b371c554c0b73b22f43eba594c5a18d36a6d436b7d3b72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e56a9425e60d3270fe45432db4424b7 |
| SHA1 | 8f3919f84343cc80844888e20622a61900249e2e |
| SHA256 | b64f744bd397ef804993025b45b739615854ea2175f40f369499de00a960a915 |
| SHA512 | 39463e2e7c917fe1292e024e4336c108440adb766f39d1eb31c3478f18afc0e3dcc2de3e49119bea48a6edb5d99354f9845562b52902fc26585e4a0eb1017339 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe8cc472c6880305cbc8aed46ce18980 |
| SHA1 | 202647805c00edcd12a26cf63c7709fa30d09a1f |
| SHA256 | b85822973d5c8c1a2d4151087b3f376fb24ef207d1a550cfcc8ca822d8820d2b |
| SHA512 | be92767170f2970d0e8d698f67987e786e3470681324bd1896e11a5451e88c3433ccbe7ea1a3950fb8626662588547d31f1c361745b1f7e4d283e9c78cb87adf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57fa9c80e6fa393e4e653078b0e08b9d |
| SHA1 | f86f416a7b697adb103a19b147c14ce5b46d9b8a |
| SHA256 | 56a3863e69a0e3e4f8e77d0dfe3c8d273c46fdfd1a0098e2acd018b2dbce57e5 |
| SHA512 | b87c49f1035601b02d8f9ae02c1394019b0d8a3d6805fb426cc6a0cdd26453bf2e564f63b7d0294bb9b1744f347db99a3d4e089f3dc567c02d4c0c6454e79e4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98823baacc375334e2e985088fd10676 |
| SHA1 | ad345abc29e732678ba01c68ede61750f5979293 |
| SHA256 | 18a5b167263378a3b746a339f49e4e1347bb73c41a4d6d170e8920bbce757ffd |
| SHA512 | 92e9a84d578c84527de4bed52be9724718cf175ce351aec896fc0d1b7933ff4a798b036d5d94e451bf89810273cb7aea59235b94c6b1f8e0444105ef130ee1d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8c7b174fba6714f08eaef6a52b8c2ad |
| SHA1 | be0bf8c4da18c85550985baaa29163ee7cdc569b |
| SHA256 | f6f6dc75d59bd76522f94c0fe30b1fbca714e53fc051fdbbebb0117cd891b602 |
| SHA512 | 5ba7c17231d83ed73ae4eecae004b49cd37fc788004b26802acfbfede41266c6478bed6e2ecf784c354ac7c1162c5762c8e7528d279e6f50d75e49cff24a76e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 585ace9bb6d0d133d6c333593b9b83b2 |
| SHA1 | c7bd129d8873a61c6edf6cdd254429325a0d22b0 |
| SHA256 | eeca6fd894e7eb83caad3629c3df92e417845c9d88ccb86168bf84d6d915b0a1 |
| SHA512 | 93a4de1661f52e5fdc7b9fe0022600087099b23af83bafef88d6516fa3c81dfda7a1da3de3d2faf82e7356bbd162f61ee5c1e452c941ed941dd7246541ce5169 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e60ce212f2b1aa6828b330f97336601a |
| SHA1 | a789161b5e5a8fb8ae9adba0009dcbcc80f173fd |
| SHA256 | d228927dc650e6a4e19c1fcbf7bd217e47197f3496246c9a0b537eb6f00b0fac |
| SHA512 | 9487d895c8d3e46985eaf13144e0d907566f5b0f15c695f9a672f45b3e969f90de6dabdc491b039eadf4a93d583d922d0d5bf2e106c163b6bcb168f533662563 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb46af46af96e81e185a694f267a8cfa |
| SHA1 | f3d40c250795dc17d0a2046776efb81f50f1e463 |
| SHA256 | 6f10381d3e00c3223794d4dcc53850cf298c0064fac03007de78245619c3ee20 |
| SHA512 | ce1b27edfaa0c370b551307f1805316ab3256a9c715ecf4b961fa1996e64d97bbff9767a632d8ee047d42a1b18763771844573abbf49ec2ac8ac24e3ec3665c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 982dfe25e82c12d0c1429cc23a5fc1b3 |
| SHA1 | 7658596931a485050b30d5d6193a3f6e675e2ca1 |
| SHA256 | e118285c1cb08d348dbdba0951aff4315fe6a446f67f9955042e22e2d7f78202 |
| SHA512 | cbc19622908994a28d23d9f46dd5127c7d9cb6192d78db57c6abb035857b47e32313c896bf426efcaf2867dc48a474a444d9f489be375d0a2ba2a3a9743315b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4914ecd059061e180a35fe061e1431d |
| SHA1 | 7869a11732ec3721589485f1a2456173ead8d0b6 |
| SHA256 | 62b0fe4ab8de785bbb838df3ac5726dd99aebbf54ed181eac75d044046f11d4d |
| SHA512 | 74bcc21caebf1f7194e2516509317e2af60cd5cf1e31dbfb1be4b267176e6d1d71a41b10b96d8880690cb48e27d6338a03793957798c6f238dd72bd8220df173 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a805aff5750dd25f8323af4456c5c3f |
| SHA1 | 9a156d87b36029314b0d0a1ce623253198c22946 |
| SHA256 | 8b8bf8ecbc7425f72fd3d7e72de375ee8c1a77467294bf3bb588c661ad4be565 |
| SHA512 | 79337cdfcf46aaa4370546fd0d55052c1180080e44f58bafc055a0308dea26d618399dd1ce5e5a9f2ce55faded92b91d381957aa6bedbd6d6ad9c7841698df18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59fef90c250db871d799d424f4ca4bcb |
| SHA1 | ab57ef9207cd19599699fec9dbec1a9ffe77d40b |
| SHA256 | 7a0ff227380426115f561dbf0987ed989c62844e84348ef27c79101bc5a83421 |
| SHA512 | 166b4d1ca4515969cd079935b6ec513cbc9b77738a65df4c64fe7a78275c573a2f39ae5270d565b81ea33d0c0fdc895c7c1ec8938e0475188d675651f4dabf74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 516f5aec4c85a41160b9bd9183db7373 |
| SHA1 | d2bd90c4f3ed548c2ecd7ef838d0a1bb0416eab8 |
| SHA256 | 09c6bdd52ce2ffaa84ca325f24da639dfa06a63d1031a38629c23f034b43575f |
| SHA512 | 578fd18a84bb58c122864d96bdf143df774cbb671ee121d9f2dc94ead3e9366176bd2ff34758394ca1905e13f1e450e7347c65cd985d42ba4ddef6cde5e14f73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | b4316cf47186ca3ac79f54e0ba4c423d |
| SHA1 | ce9904dae73c9c2520af3a40741ab2ce319ebfc9 |
| SHA256 | 494cc9c5339b3bedef65e4a52dcf1863b4ca03fa2992309e75af196f1f77e959 |
| SHA512 | f23f163fc8a96f62ba7b6e2c59a62d3410b5ca0d4d69eefe68aeab8b19237743103c4861f004e3f56224d26889f33f8bf23c4d1de21ce6a035c6301b04b61b3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 000498c5ee30c4ee771bbc2e1e4700b2 |
| SHA1 | 23b8cc873e1aa791e3e402be707b6107521d4f5a |
| SHA256 | 8f34b5fe56e7fbb3decd12eadd7003453945616b4758d6d4b147906260b04d95 |
| SHA512 | f6807c82f10d8c75271a98264de69b789746c2ebd3818bad52547ce91e3ca6b6cec836bc661882674b0e393d4683be6cdc135fb19c6f9651925d614523bd00d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aea356c01bbc5886de6971f08c821d59 |
| SHA1 | 036df1f6c1b99ff12a622e5609fc51eebf4978d0 |
| SHA256 | a77c1c267d9c705107b4a485e66658e81d94919efb56fe3c7afacc4c304bdac4 |
| SHA512 | 1be5d5c28607ac43d0865b664ac24796b3d43fb4125488d7b7044e39c20b3e4cc621dcad034f01693741d4bd6b0caef72c5f85f74f2b22914e9f349546e5e110 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b1a139d5e17060f5ea8ecc9d7e7356f |
| SHA1 | 1d139bf69b7c45cd5c6cf02e99baec126a19ca3f |
| SHA256 | e29dd1f31f1ff84614fc80fcb701862c69fd9a884de02ed844e1210613141bb1 |
| SHA512 | d15fcc5d1dce1ad95eb4817ebd230806309b5fc8bd9327a5785e67466c7c4d3d0ea75ea096a3d85399879178c9991bdd66ec43d5804b06adebf3defd271ca5b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 378b6ea772dc064d84948519bbe9fa02 |
| SHA1 | 7e0ca44714fe7e6b7caf13e758bba6b8c44d107e |
| SHA256 | ab1f8de114309e363b03abae9cf6b18df8d190619b566850378856f38e630711 |
| SHA512 | f2fc3f2e24a8b2edebb2fa5b78b924e45dff13f32a43b289a6c4e9f743036f415f2636aa1e8987301324a68d578b6919249edfa2aed4f4193efa88d50aec084b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a92bd0033ba0e0958ae1a7705f6c3169 |
| SHA1 | 84c856d792d728de4bb1e3f6e9a9c7826e6ff9e3 |
| SHA256 | baa6125a5fa345bb86aadccb5b2877ddeec37374f498d0429c9920a4d700039f |
| SHA512 | c990a183524e23c20741c91ff7ff803dadfc93dce7c2551b84c0abf54d77ac36dd338317d5761b1725f04383dc40b17627599896c32ac951024b9d3599d08d3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71c4ddea41a90b3ab49eb96be702b9f6 |
| SHA1 | f628319229748dfd73c069a8bb8de87f10270cab |
| SHA256 | 348af44eb571cb866afe5bec37a178205a4745bbfe0e8669dbbaabdbed527e9e |
| SHA512 | 0c1c4b53a527cc2584203eaf133111d8345759f19943b1285a1510986423976f1770119e79dd651d7b2bfea46d444493cce065c333f59a1afe6f9e45c15f3771 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5616a1677a554af76da92f72ad9a7e8 |
| SHA1 | a4071f0a0a80935804d1f5cde45c81420f39e0cf |
| SHA256 | 765b589f1a091f67c06a23658773868ef530d7205d428f537deb7f93edfd1cb1 |
| SHA512 | 4d1fc02f81cdbc8648c758dee27cf303e27616343323c343b58444d426f3bd7153e1f52833191406d1f3c48c6d0259fbd110c354fa087fa534e41903c593162e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | b62b5972939b282ede335019d9d8a912 |
| SHA1 | 5aa59d31967384daf48619e5b2a47c2267700765 |
| SHA256 | ef508bbfb36b33d6ec34f368a63a2096cb40994817018f75650c290461967102 |
| SHA512 | 9a0b4ce73f36b3e1ef468045bd8145cb625de96b0d8b941399ae9f6fb94256c9552f11ee6f2518727a2b1b26355469f3e7969ba7dad28840281d1f771a569000 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30e18cb56d272903c1731a1ad978be0d |
| SHA1 | 38606de5c611242d91a8ece62f6dbefb95395ec8 |
| SHA256 | 0b8bf22bfcad0a5c70897e4c77e96ebf9328042bc2128c6a511d04dc5e0c7cb1 |
| SHA512 | bc8cf20e48b9ccc5c5f75cb01ab378d274dd6397823a30494cb7a965de45722e73b9b8681c2856a837edff961684f86843e8de744d598a095644ebeb73155235 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 463b1c06f9888d6110a502413c499b47 |
| SHA1 | 7417b09120141fac7166cee35bf9b2295f01d9df |
| SHA256 | 88fd57d2e2a73b186f4ac1bb2745311f5d031ea73ac9131b49d19a3b967f6999 |
| SHA512 | 847fd05e1739b1764de872f9baa43f152bcc06c17f3de891ecd25d19c1dccddeda48939b13f6dffb190a1bde61919bf7ee6170c8444b023310334ae2b978219f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1ebdb85e03e9eb2150efe52ea70aaaf |
| SHA1 | 5979d0080cffb655cea40832d608478b4ea5a8f8 |
| SHA256 | c7f074318e5314476f400ec04872fdb5192a3131542a2c8c2f5a85b3b1a63f84 |
| SHA512 | 09b401018b89afec1ee8af3dbe933e6dc049d40646ac7c6bb77db93f61530e39df315573c56fcb74f602c35ed47cee962e2b45f2a1a503e617ff90268c804cb0 |
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win7-20240508-en
Max time kernel
120s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\index.js
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:56
Platform
debian9-mipsbe-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
128s
Command Line
Signatures
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/fs/cgroup/memory/memory.limit_in_bytes | /usr/bin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/meminfo | /usr/bin/node | N/A |
Processes
/tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime
[/tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime]
/bin/sed
[sed -e s,\\,/,g]
/usr/bin/dirname
[dirname /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime]
/bin/uname
[uname]
/usr/local/sbin/node
[node /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/../mime/cli.js]
/usr/local/bin/node
[node /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/../mime/cli.js]
/usr/sbin/node
[node /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/../mime/cli.js]
/usr/bin/node
[node /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/../mime/cli.js]
Network
| Country | Destination | Domain | Proto |
| GB | 195.181.164.19:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.129.91:443 | tcp | |
| US | 151.101.129.91:443 | tcp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
150s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\accepts\README.js
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.43:443 | tcp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win7-20240221-en
Max time kernel
117s
Max time network
119s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\array-flatten\array-flatten.js
Network
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
150s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\body-parser\index.js
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.WinForms.dll,#1
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
53s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll,#1
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win10v2004-20240611-en
Max time kernel
147s
Max time network
152s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\index.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
debian9-armhf-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:55
Platform
debian9-mipsel-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win7-20240221-en
Max time kernel
118s
Max time network
120s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\accepts\index.js
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win7-20240611-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\array-flatten\README.js
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
150s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fgd.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcce3c46f8,0x7ffcce3c4708,0x7ffcce3c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15173313810512359100,11675551385462129974,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5148 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | kit-pro.fontawesome.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 52.111.229.43:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_2092_NQYFLRRXLNYAVDUC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a90d5ef26bb390e275a15e2696c8659c |
| SHA1 | f80246459c1cf7a188baeffeeec29ade99976f88 |
| SHA256 | cf786740d2c91a722608d2c1426b312175d68fdf30466b7c69564bf8bb66bebb |
| SHA512 | 2ba8b17369d60fa41f3d17f035f0b66bffba1bc5ce82d50c08d321cc3bd37314512143c90c81b89fb5cff1dfa65050539aed4be226a5570b32f63f64e305d186 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c6d962785aa6d95972e75cfebe82a6ca |
| SHA1 | 8626e73b0e40d901b739d896478c037a1d4cf159 |
| SHA256 | 3603fb7ee0804e1d8099985f5a4abdde0c842a591533416f9abb3f0638e34363 |
| SHA512 | 7fc9b1eb6a1972422219e77630b0017f27fa7e468b8a5de9f6102d6604f5b1fca1ccbdfa42f08e05e8f11e668688825eba522b1452484ca853968fe46588d97a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
debian9-armhf-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
129s
Command Line
Signatures
Processes
/tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime.ps1
[/tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime.ps1]
/usr/local/sbin/pwsh
[pwsh /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime.ps1]
/usr/local/bin/pwsh
[pwsh /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime.ps1]
/usr/sbin/pwsh
[pwsh /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime.ps1]
/usr/bin/pwsh
[pwsh /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime.ps1]
/sbin/pwsh
[pwsh /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime.ps1]
/bin/pwsh
[pwsh /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime.ps1]
/snap/bin/pwsh
[pwsh /tmp/Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime.ps1]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| GB | 89.187.167.3:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win10v2004-20240226-en
Max time kernel
147s
Max time network
161s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\.bin\mime.cmd"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
51s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\array-flatten\README.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win7-20240508-en
Max time kernel
122s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\body-parser\README.js
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win7-20231129-en
Max time kernel
120s
Max time network
122s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\body-parser\index.js
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win10v2004-20240611-en
Max time kernel
146s
Max time network
151s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| NL | 52.111.243.30:443 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win7-20240221-en
Max time kernel
117s
Max time network
125s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.WinForms.dll,#1
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win7-20240221-en
Max time kernel
120s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\.bin\mime.cmd"
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:55
Platform
debian9-mipsel-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win7-20240508-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\accepts\README.js
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win10v2004-20240611-en
Max time kernel
134s
Max time network
145s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\accepts\index.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win10v2004-20240226-en
Max time kernel
152s
Max time network
164s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\body-parser\README.js
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4036 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 216.58.201.106:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win7-20240215-en
Max time kernel
120s
Max time network
120s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll,#1
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-12 01:55
Reported
2024-06-12 01:58
Platform
win7-20240508-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll,#1