Analysis Overview
SHA256
24cfb58d360a8690723e3b7ebc223f32a550b7694fc21a86b4cd506f6a6bfdf8
Threat Level: Shows suspicious behavior
The file CrystalRELEASE_.rar was found to be: Shows suspicious behavior.
Malicious Activity Summary
Themida packer
Legitimate hosting services abused for malware hosting/C2
Unsigned PE
Command and Scripting Interpreter: JavaScript
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 09:48
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win10v2004-20240508-en
Max time kernel
56s
Max time network
56s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalAPI.dll,#1
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win10v2004-20240611-en
Max time kernel
87s
Max time network
127s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\abap\abap.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win10v2004-20240611-en
Max time kernel
85s
Max time network
126s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\coffee\coffee.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win7-20240419-en
Max time kernel
118s
Max time network
128s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\csharp\csharp.js
Network
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win7-20240508-en
Max time kernel
121s
Max time network
132s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\csp\csp.js
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win10v2004-20240508-en
Max time kernel
137s
Max time network
160s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalUI.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalUI.exe
"C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalUI.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pastebin.com | udp |
Files
memory/4380-0-0x00007FF8D7E43000-0x00007FF8D7E45000-memory.dmp
memory/4380-1-0x000001D791E80000-0x000001D791EA0000-memory.dmp
memory/4380-2-0x000001D793A00000-0x000001D793A0A000-memory.dmp
memory/4380-3-0x00007FF8D7E40000-0x00007FF8D8901000-memory.dmp
memory/4380-4-0x00007FF8D7E40000-0x00007FF8D8901000-memory.dmp
memory/4380-5-0x00007FF8D7E40000-0x00007FF8D8901000-memory.dmp
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:54
Platform
win7-20240611-en
Max time kernel
14s
Max time network
26s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\base\worker\workerMain.js
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win7-20240611-en
Max time kernel
121s
Max time network
131s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\abap\abap.js
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win7-20240221-en
Max time kernel
121s
Max time network
133s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\clojure\clojure.js
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:54
Platform
win7-20240611-en
Max time kernel
118s
Max time network
144s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\coffee\coffee.js
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win7-20240611-en
Max time kernel
118s
Max time network
128s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalAPI.dll,#1
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win7-20240221-en
Max time kernel
117s
Max time network
129s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalUI.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\adblock_snippet.js"
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win7-20231129-en
Max time kernel
117s
Max time network
126s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\cameligo\cameligo.js
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:54
Platform
win10v2004-20240226-en
Max time kernel
123s
Max time network
199s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\clojure\clojure.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win10v2004-20240611-en
Max time kernel
141s
Max time network
152s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\base\worker\workerMain.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win10v2004-20240508-en
Max time kernel
136s
Max time network
156s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\azcli\azcli.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win7-20240220-en
Max time kernel
122s
Max time network
130s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\cpp\cpp.js
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win7-20240508-en
Max time kernel
119s
Max time network
129s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\css\css.js
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win7-20240220-en
Max time kernel
118s
Max time network
126s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalUI.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalUI.exe
"C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalUI.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
Files
memory/1992-0-0x000007FEF5383000-0x000007FEF5384000-memory.dmp
memory/1992-1-0x000000013F630000-0x000000013F650000-memory.dmp
memory/1992-2-0x0000000000740000-0x000000000074A000-memory.dmp
memory/1992-3-0x000007FEF5380000-0x000007FEF5D6C000-memory.dmp
memory/1992-4-0x0000000000760000-0x000000000076A000-memory.dmp
memory/1992-5-0x0000000000760000-0x000000000076A000-memory.dmp
memory/1992-6-0x000007FEF5380000-0x000007FEF5D6C000-memory.dmp
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win7-20240508-en
Max time kernel
119s
Max time network
130s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\apex\apex.js
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:54
Platform
win7-20240611-en
Max time kernel
117s
Max time network
145s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CefSharp.Wpf.dll,#1
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win10v2004-20240508-en
Max time kernel
137s
Max time network
161s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CefSharp.Wpf.dll,#1
Network
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win10v2004-20240508-en
Max time kernel
136s
Max time network
160s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\css\css.js
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
157s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\cameligo\cameligo.js
Network
| Country | Destination | Domain | Proto |
| NL | 52.142.223.178:80 | tcp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win10v2004-20240611-en
Max time kernel
141s
Max time network
151s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\cpp\cpp.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win10v2004-20240611-en
Max time kernel
115s
Max time network
151s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\csp\csp.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 5.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| NL | 52.111.243.30:443 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win10v2004-20240508-en
Max time kernel
46s
Max time network
59s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\apex\apex.js
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win7-20240508-en
Max time kernel
122s
Max time network
132s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\azcli\azcli.js
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win7-20240419-en
Max time kernel
121s
Max time network
132s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\bat\bat.js
Network
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win10v2004-20240611-en
Max time kernel
142s
Max time network
151s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\bat\bat.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:54
Platform
win10v2004-20240226-en
Max time kernel
133s
Max time network
175s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalUI.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\adblock_snippet.js"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3688 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-06-12 09:46
Reported
2024-06-12 09:53
Platform
win10v2004-20240611-en
Max time kernel
87s
Max time network
126s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\csharp\csharp.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |