Malware Analysis Report

2024-10-10 07:59

Sample ID 240612-lrxyfsteqr
Target CrystalRELEASE_.rar
SHA256 24cfb58d360a8690723e3b7ebc223f32a550b7694fc21a86b4cd506f6a6bfdf8
Tags
execution themida
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

24cfb58d360a8690723e3b7ebc223f32a550b7694fc21a86b4cd506f6a6bfdf8

Threat Level: Shows suspicious behavior

The file CrystalRELEASE_.rar was found to be: Shows suspicious behavior.

Malicious Activity Summary

execution themida

Themida packer

Legitimate hosting services abused for malware hosting/C2

Unsigned PE

Command and Scripting Interpreter: JavaScript

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 09:48

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win10v2004-20240508-en

Max time kernel

56s

Max time network

56s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalAPI.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalAPI.dll,#1

Network

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win10v2004-20240611-en

Max time kernel

87s

Max time network

127s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\abap\abap.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\abap\abap.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.160:443 www.bing.com tcp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 160.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win10v2004-20240611-en

Max time kernel

85s

Max time network

126s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\coffee\coffee.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\coffee\coffee.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win7-20240419-en

Max time kernel

118s

Max time network

128s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\csharp\csharp.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\csharp\csharp.js

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win7-20240508-en

Max time kernel

121s

Max time network

132s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\csp\csp.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\csp\csp.js

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win10v2004-20240508-en

Max time kernel

137s

Max time network

160s

Command Line

"C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalUI.exe"

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalUI.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalUI.exe

"C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalUI.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 pastebin.com udp

Files

memory/4380-0-0x00007FF8D7E43000-0x00007FF8D7E45000-memory.dmp

memory/4380-1-0x000001D791E80000-0x000001D791EA0000-memory.dmp

memory/4380-2-0x000001D793A00000-0x000001D793A0A000-memory.dmp

memory/4380-3-0x00007FF8D7E40000-0x00007FF8D8901000-memory.dmp

memory/4380-4-0x00007FF8D7E40000-0x00007FF8D8901000-memory.dmp

memory/4380-5-0x00007FF8D7E40000-0x00007FF8D8901000-memory.dmp

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:54

Platform

win7-20240611-en

Max time kernel

14s

Max time network

26s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\base\worker\workerMain.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\base\worker\workerMain.js

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win7-20240611-en

Max time kernel

121s

Max time network

131s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\abap\abap.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\abap\abap.js

Network

N/A

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win7-20240221-en

Max time kernel

121s

Max time network

133s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\clojure\clojure.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\clojure\clojure.js

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:54

Platform

win7-20240611-en

Max time kernel

118s

Max time network

144s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\coffee\coffee.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\coffee\coffee.js

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win7-20240611-en

Max time kernel

118s

Max time network

128s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalAPI.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalAPI.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win7-20240221-en

Max time kernel

117s

Max time network

129s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalUI.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\adblock_snippet.js"

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalUI.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\adblock_snippet.js"

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win7-20231129-en

Max time kernel

117s

Max time network

126s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\cameligo\cameligo.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\cameligo\cameligo.js

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:54

Platform

win10v2004-20240226-en

Max time kernel

123s

Max time network

199s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\clojure\clojure.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\clojure\clojure.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 25.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win10v2004-20240611-en

Max time kernel

141s

Max time network

152s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\base\worker\workerMain.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\base\worker\workerMain.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 92.16.208.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win10v2004-20240508-en

Max time kernel

136s

Max time network

156s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\azcli\azcli.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\azcli\azcli.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win7-20240220-en

Max time kernel

122s

Max time network

130s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\cpp\cpp.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\cpp\cpp.js

Network

N/A

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win7-20240508-en

Max time kernel

119s

Max time network

129s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\css\css.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\css\css.js

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win7-20240220-en

Max time kernel

118s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalUI.exe"

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalUI.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalUI.exe

"C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalUI.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 pastebin.com udp
US 104.20.4.235:443 pastebin.com tcp

Files

memory/1992-0-0x000007FEF5383000-0x000007FEF5384000-memory.dmp

memory/1992-1-0x000000013F630000-0x000000013F650000-memory.dmp

memory/1992-2-0x0000000000740000-0x000000000074A000-memory.dmp

memory/1992-3-0x000007FEF5380000-0x000007FEF5D6C000-memory.dmp

memory/1992-4-0x0000000000760000-0x000000000076A000-memory.dmp

memory/1992-5-0x0000000000760000-0x000000000076A000-memory.dmp

memory/1992-6-0x000007FEF5380000-0x000007FEF5D6C000-memory.dmp

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win7-20240508-en

Max time kernel

119s

Max time network

130s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\apex\apex.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\apex\apex.js

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:54

Platform

win7-20240611-en

Max time kernel

117s

Max time network

145s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CefSharp.Wpf.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CefSharp.Wpf.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win10v2004-20240508-en

Max time kernel

137s

Max time network

161s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CefSharp.Wpf.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CefSharp.Wpf.dll,#1

Network

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win10v2004-20240508-en

Max time kernel

136s

Max time network

160s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\css\css.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\css\css.js

Network

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

157s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\cameligo\cameligo.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\cameligo\cameligo.js

Network

Country Destination Domain Proto
NL 52.142.223.178:80 tcp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win10v2004-20240611-en

Max time kernel

141s

Max time network

151s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\cpp\cpp.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\cpp\cpp.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 91.16.208.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win10v2004-20240611-en

Max time kernel

115s

Max time network

151s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\csp\csp.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\csp\csp.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 5.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
NL 52.111.243.30:443 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win10v2004-20240508-en

Max time kernel

46s

Max time network

59s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\apex\apex.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\apex\apex.js

Network

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win7-20240508-en

Max time kernel

122s

Max time network

132s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\azcli\azcli.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\azcli\azcli.js

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win7-20240419-en

Max time kernel

121s

Max time network

132s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\bat\bat.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\bat\bat.js

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win10v2004-20240611-en

Max time kernel

142s

Max time network

151s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\bat\bat.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\bat\bat.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 84.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:54

Platform

win10v2004-20240226-en

Max time kernel

133s

Max time network

175s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalUI.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\adblock_snippet.js"

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\CrystalUI.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\adblock_snippet.js"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3688 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-06-12 09:46

Reported

2024-06-12 09:53

Platform

win10v2004-20240611-en

Max time kernel

87s

Max time network

126s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\csharp\csharp.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\CrystalRELEASE\Editor\package\dev\vs\basic-languages\csharp\csharp.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.113:443 www.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 113.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A