Malware Analysis Report

2024-10-10 10:56

Sample ID 240612-vft7vsscma
Target sketchyorignorant-main.zip
SHA256 b47f027d4abb21ce7a8eca56eea90b8df16a017ea8c8a7bac9f2aaac6b76b70b
Tags
execution
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

b47f027d4abb21ce7a8eca56eea90b8df16a017ea8c8a7bac9f2aaac6b76b70b

Threat Level: Shows suspicious behavior

The file sketchyorignorant-main.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

execution

Checks computer location settings

Unsigned PE

Reads runtime system information

Writes file to tmp directory

Enumerates physical storage devices

Command and Scripting Interpreter: JavaScript

Modifies Internet Explorer Phishing Filter

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 16:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 16:58

Platform

ubuntu2404-amd64-20240523-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 16:58

Platform

ubuntu2004-amd64-20240611-en

Max time kernel

0s

Max time network

4s

Command Line

[/tmp/sketchyorignorant-main/67175904]

Signatures

N/A

Processes

/tmp/sketchyorignorant-main/67175904

[/tmp/sketchyorignorant-main/67175904]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 17:01

Platform

win7-20231129-en

Max time kernel

118s

Max time network

120s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175985.gz

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\gz_auto_file\shell\Read C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\gz_auto_file\shell C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\gz_auto_file\shell\Read\command C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\.gz C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\.gz\ = "gz_auto_file" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\gz_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\gz_auto_file C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\gz_auto_file\ C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175985.gz

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175985.gz

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175985.gz"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 8ba8d889b79ed1e203cf2e3f8b327faf
SHA1 4bc0cbeb617afa845afb4175942a6794f554c91a
SHA256 15915cd872851cbaa61b8fc054d87ec9c979317d54df542b94f8ee681bdd6f41
SHA512 b5f1e6703727f2c9a9f82da69d1677647dfa98222b815eac043be5a4a95d3abbb6acb3a08bb38205bd2a4ae4385bfb6a34529dcda1f4df6e9b2178aa81737f6b

Analysis: behavioral22

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 17:01

Platform

win7-20240221-en

Max time kernel

117s

Max time network

119s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175987.gz

Signatures

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2056 wrote to memory of 2740 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 2056 wrote to memory of 2740 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 2056 wrote to memory of 2740 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175987.gz

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175987.gz"

Network

N/A

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 17:01

Platform

win10v2004-20240611-en

Max time kernel

94s

Max time network

97s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-Ethernet-Client-Intel-E2f68-FOD-Package~31bf3856ad364e35~amd64~~.cab

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-Ethernet-Client-Intel-E2f68-FOD-Package~31bf3856ad364e35~amd64~~.cab

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
BE 2.17.107.131:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 131.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 131.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 209.197.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 16:58

Platform

ubuntu2404-amd64-20240523-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 16:58

Platform

ubuntu2404-amd64-20240523-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 17:01

Platform

win10v2004-20240611-en

Max time kernel

124s

Max time network

152s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-Ethernet-Client-Intel-E1i68x64-FOD-Package~31bf3856ad364e35~amd64~~.cab.lnk

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-Ethernet-Client-Intel-E1i68x64-FOD-Package~31bf3856ad364e35~amd64~~.cab.lnk

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3980,i,4778049104057176787,6631751660692402210,262144 --variations-seed-version --mojo-platform-channel-handle=3760 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
NL 52.111.243.30:443 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 209.197.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 16:58

Platform

ubuntu2404-amd64-20240523-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 17:01

Platform

win7-20231129-en

Max time kernel

118s

Max time network

119s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\unicode-width-0.1.5\src\lib.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\unicode-width-0.1.5\src\lib.js

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 17:01

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

144s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175974.gz

Signatures

Enumerates physical storage devices

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 7b9d822a7ba1da01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424373469" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{2E80B3C6-28DD-11EF-BCA5-FE55E2F65CCF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175974.gz

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175974.gz

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3984 CREDAT:17410 /prefetch:2

Network

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 17:01

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

52s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-Ethernet-Client-Intel-E1i68x64-FOD-Package~31bf3856ad364e35~amd64~~.cab

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-Ethernet-Client-Intel-E1i68x64-FOD-Package~31bf3856ad364e35~amd64~~.cab

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 17:01

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

51s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\amd64_dual_net1ic64.inf_31bf3856ad364e35_10.0.22621.1_none_9c37897afc379c39\e1i68x64.sys

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\amd64_dual_net1ic64.inf_31bf3856ad364e35_10.0.22621.1_none_9c37897afc379c39\e1i68x64.sys

C:\Users\Admin\AppData\Local\Temp\amd64_dual_net1ic64.inf_31bf3856ad364e35_10.0.22621.1_none_9c37897afc379c39\e1i68x64.sys

C:\Users\Admin\AppData\Local\Temp\amd64_dual_net1ic64.inf_31bf3856ad364e35_10.0.22621.1_none_9c37897afc379c39\e1i68x64.sys

Network

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 17:01

Platform

win7-20240508-en

Max time kernel

122s

Max time network

123s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-Ethernet-Client-Intel-E2f68-FOD-Package~31bf3856ad364e35~amd64~~.cab

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-Ethernet-Client-Intel-E2f68-FOD-Package~31bf3856ad364e35~amd64~~.cab

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 17:01

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/sketchyorignorant-main/21632898]

Signatures

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/tar N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/sketchyorignorant-main/~/install-exit-status /tmp/sketchyorignorant-main/21632898 N/A
File opened for modification /tmp/sketchyorignorant-main/fio-run /tmp/sketchyorignorant-main/21632898 N/A

Processes

/tmp/sketchyorignorant-main/21632898

[/tmp/sketchyorignorant-main/21632898]

/bin/tar

[tar -xzf fio-3.29.tar.gz]

/tmp/sketchyorignorant-main/configure

[./configure --extra-cflags=-O3 -fcommon]

/usr/bin/make

[make -j]

/bin/chmod

[chmod +x fio-run]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.1.91:443 tcp
US 151.101.1.91:443 tcp
GB 195.181.164.14:443 tcp

Files

/tmp/sketchyorignorant-main/fio-run

MD5 9fcb46055bf473aafdeab2b7a724b892
SHA1 5e0ffdbb7322ad3ebe7b802ab6e5c5b7bfd5a48f
SHA256 1281f27038c45a897021a6a8b65d428f9d903035f32917bc8dafb92eecb45bff
SHA512 6e09a00e0529862ca224a9bb9d60b7048cd219e49698c254a5b7f0450186311a441253e092e6b783743451c4a6d525e39e7a3b0e5fa464d677e32c743a674d12

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 16:59

Platform

debian9-mipsbe-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 16:58

Platform

ubuntu2404-amd64-20240523-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 16:58

Platform

ubuntu2404-amd64-20240523-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 17:01

Platform

debian9-armhf-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 17:01

Platform

win7-20240508-en

Max time kernel

122s

Max time network

124s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\DOOCKEREEERE.7z

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\DOOCKEREEERE.7z

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\DOOCKEREEERE.7z

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\DOOCKEREEERE.7z

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\DOOCKEREEERE.7z"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 185f5610bdfff78562bd0e198f2ef396
SHA1 162580419339f73ef510e57a94106e0a5de53a19
SHA256 84f9f410173e796391f071c6388fec652bd3ab4ad5321a5351e3ce7288249387
SHA512 1f47e9c2b56837bfebb6536f8aed81795d8bf663d9dbce420c1dc0b3f4cea27b2fdcaeebff88bea2fd928a57ee41cec70b1e0df17a4f1a1d193be12ecc2b8957

Analysis: behavioral26

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 17:01

Platform

win7-20231129-en

Max time kernel

119s

Max time network

120s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-Ethernet-Client-Intel-E1i68x64-FOD-Package~31bf3856ad364e35~amd64~~.cab

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-Ethernet-Client-Intel-E1i68x64-FOD-Package~31bf3856ad364e35~amd64~~.cab

Network

N/A

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 17:01

Platform

win10v2004-20240226-en

Max time kernel

139s

Max time network

159s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175985.gz

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\system32\cmd.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2388 wrote to memory of 1848 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 2388 wrote to memory of 1848 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175985.gz

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175985.gz"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4148 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 142.250.187.234:443 tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 153.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 31.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 17:01

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

149s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175987.gz

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175987.gz

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 2.17.107.131:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 131.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 99.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 16:59

Platform

debian9-mipsel-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 16:58

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Command Line

[/tmp/sketchyorignorant-main/67175899]

Signatures

N/A

Processes

/tmp/sketchyorignorant-main/67175899

[/tmp/sketchyorignorant-main/67175899]

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 16:58

Platform

ubuntu2404-amd64-20240523-en

Max time network

0s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 17:01

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

51s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\unicode-width-0.1.5\src\lib.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\unicode-width-0.1.5\src\lib.js

Network

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 17:01

Platform

win7-20240221-en

Max time kernel

120s

Max time network

121s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-Ethernet-Client-Intel-E1i68x64-FOD-Package~31bf3856ad364e35~amd64~~.cab.lnk

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\Microsoft-Windows-Ethernet-Client-Intel-E1i68x64-FOD-Package~31bf3856ad364e35~amd64~~.cab.lnk

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 16:59

Platform

ubuntu2404-amd64-20240523-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 17:01

Platform

ubuntu2404-amd64-20240523-en

Max time network

150s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 _https._tcp.deb.nodesource.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _https._tcp.motd.ubuntu.com udp
US 8.8.8.8:53 contracts.canonical.com udp
US 8.8.8.8:53 contracts.canonical.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _https._tcp.deb.nodesource.com udp
US 1.1.1.1:53 _https._tcp.motd.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 contracts.canonical.com udp
US 1.1.1.1:53 contracts.canonical.com udp
US 1.1.1.1:53 deb.nodesource.com udp
US 8.8.8.8:53 _https._tcp.deb.nodesource.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 deb.nodesource.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 motd.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 _https._tcp.motd.ubuntu.com udp
US 8.8.8.8:53 motd.ubuntu.com udp
US 8.8.8.8:53 contracts.canonical.com udp
US 8.8.8.8:53 contracts.canonical.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 8.8.8.8:53 deb.nodesource.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 deb.nodesource.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 _https._tcp.deb.nodesource.com udp
US 1.1.1.1:53 motd.ubuntu.com udp
US 1.1.1.1:53 motd.ubuntu.com udp
US 1.1.1.1:53 _https._tcp.motd.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 contracts.canonical.com udp
US 1.1.1.1:53 contracts.canonical.com udp
US 8.8.8.8:53 _https._tcp.deb.nodesource.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 deb.nodesource.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 motd.ubuntu.com udp
US 8.8.8.8:53 _https._tcp.motd.ubuntu.com udp
US 8.8.8.8:53 motd.ubuntu.com udp
US 8.8.8.8:53 contracts.canonical.com udp
US 8.8.8.8:53 contracts.canonical.com udp
US 8.8.8.8:53 contracts.canonical.com udp
US 8.8.8.8:53 contracts.canonical.com udp
US 8.8.8.8:53 motd.ubuntu.com udp
US 8.8.8.8:53 _https._tcp.motd.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 motd.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 deb.nodesource.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _https._tcp.deb.nodesource.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 deb.nodesource.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 motd.ubuntu.com udp
US 8.8.8.8:53 deb.nodesource.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _https._tcp.deb.nodesource.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 motd.ubuntu.com udp
US 8.8.8.8:53 _https._tcp.motd.ubuntu.com udp
US 8.8.8.8:53 deb.nodesource.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 contracts.canonical.com udp
US 8.8.8.8:53 contracts.canonical.com udp
US 1.1.1.1:53 contracts.canonical.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 contracts.canonical.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 deb.nodesource.com udp
US 1.1.1.1:53 _https._tcp.motd.ubuntu.com udp
US 1.1.1.1:53 deb.nodesource.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 _https._tcp.deb.nodesource.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 motd.ubuntu.com udp
US 1.1.1.1:53 motd.ubuntu.com udp
US 8.8.8.8:53 motd.ubuntu.com udp
US 8.8.8.8:53 contracts.canonical.com udp
US 8.8.8.8:53 motd.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _https._tcp.deb.nodesource.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 deb.nodesource.com udp
US 8.8.8.8:53 _https._tcp.motd.ubuntu.com udp
US 8.8.8.8:53 contracts.canonical.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 deb.nodesource.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 contracts.canonical.com udp
US 8.8.8.8:53 deb.nodesource.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 _https._tcp.deb.nodesource.com udp
US 8.8.8.8:53 motd.ubuntu.com udp
US 8.8.8.8:53 _https._tcp.motd.ubuntu.com udp
US 8.8.8.8:53 contracts.canonical.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 motd.ubuntu.com udp
US 8.8.8.8:53 deb.nodesource.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 tcp
US 8.8.8.8:53 motd.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 motd.ubuntu.com udp
US 8.8.8.8:53 deb.nodesource.com udp
US 8.8.8.8:53 _https._tcp.motd.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 contracts.canonical.com udp
US 8.8.8.8:53 deb.nodesource.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 contracts.canonical.com udp
US 8.8.8.8:53 _https._tcp.deb.nodesource.com udp
US 1.1.1.1:53 _https._tcp.deb.nodesource.com udp
US 1.1.1.1:53 contracts.canonical.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 deb.nodesource.com udp
US 1.1.1.1:53 contracts.canonical.com udp
US 1.1.1.1:53 security.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.se.archive.ubuntu.com udp
US 1.1.1.1:53 _https._tcp.motd.ubuntu.com udp
US 1.1.1.1:53 deb.nodesource.com udp
US 1.1.1.1:53 motd.ubuntu.com udp
US 1.1.1.1:53 se.archive.ubuntu.com udp
US 1.1.1.1:53 _http._tcp.security.ubuntu.com udp
US 1.1.1.1:53 motd.ubuntu.com udp
US 8.8.8.8:53 motd.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 motd.ubuntu.com udp
US 8.8.8.8:53 deb.nodesource.com udp
US 8.8.8.8:53 _https._tcp.motd.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 contracts.canonical.com udp
US 8.8.8.8:53 deb.nodesource.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 contracts.canonical.com udp
US 8.8.8.8:53 _https._tcp.deb.nodesource.com udp
US 1.1.1.1:53 tcp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 17:01

Platform

win7-20240508-en

Max time kernel

72s

Max time network

121s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175974.gz

Signatures

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1964 wrote to memory of 2720 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 1964 wrote to memory of 2720 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 1964 wrote to memory of 2720 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 2720 wrote to memory of 2728 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe
PID 2720 wrote to memory of 2728 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe
PID 2720 wrote to memory of 2728 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe
PID 2728 wrote to memory of 2904 N/A C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PID 2728 wrote to memory of 2904 N/A C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PID 2728 wrote to memory of 2904 N/A C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PID 2728 wrote to memory of 2904 N/A C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PID 652 wrote to memory of 568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 652 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175974.gz

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175974.gz

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175974.gz

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175974.gz"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7999758,0x7fef7999768,0x7fef7999778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1256,i,2179306794252423562,8913626701638427332,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1256,i,2179306794252423562,8913626701638427332,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1256,i,2179306794252423562,8913626701638427332,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2236 --field-trial-handle=1256,i,2179306794252423562,8913626701638427332,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2244 --field-trial-handle=1256,i,2179306794252423562,8913626701638427332,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2800 --field-trial-handle=1256,i,2179306794252423562,8913626701638427332,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1476 --field-trial-handle=1256,i,2179306794252423562,8913626701638427332,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3300 --field-trial-handle=1256,i,2179306794252423562,8913626701638427332,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.google.com udp

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 60c096b21548b94177dfd21a42ef585a
SHA1 cb920317f65f3d9f7eff00752ae7a964cf416c2c
SHA256 1161542553a4d122bc4a67cea0d1b4ba8f3efd2e59347436ae60d0babfa0715e
SHA512 785221da6c2852de73b1f8dd8e7788a9eabc1eb90d7c09fe44e8fefcf72b6a92622101b5e41c7060d63bc961d08a3e3aa24aec9a5dffc4cedbb4578f061212ce

\??\pipe\crashpad_652_CIGPBUPJPJAAUSQR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 81692cef1e17f6083d7c2831e507ee65
SHA1 70928795c8171e68c5c810230cf1daef069e5cfd
SHA256 a489cb51cf06808f7efaa3f6afa3de063dd44df0a01640a39a88519ec3c5977d
SHA512 d6c1cdb01739b4430e9ee6a9381a9b9ecca346e849843422c92235307e2b9e64bbb0a459b5e4088d7bcc3bb34075bb1d0937d772ca935bfeddea73a954b5f8f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0997462ba771cc5e45c319774c1bb2d1
SHA1 b4d49c4dba228aee3c177439c4f81f74219c1c93
SHA256 152092582c350364b40a4c8d4c596d3496f370912e6a3c5dba075f0bcee2c4c3
SHA512 835ee90e055a6d862dddbc08ce91b129ffbddc6986f2d89963ea013417e03722f957724f758535567935a608e6734a02fc7c1397c93e0dcc327a7d363bf7e67d

Analysis: behavioral25

Detonation Overview

Submitted

2024-06-12 16:56

Reported

2024-06-12 17:01

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

53s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\DOOCKEREEERE.7z

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\DOOCKEREEERE.7z

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Files

N/A