Analysis Overview
SHA256
b47f027d4abb21ce7a8eca56eea90b8df16a017ea8c8a7bac9f2aaac6b76b70b
Threat Level: Shows suspicious behavior
The file sketchyorignorant-main.zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
Deletes log files
Reads runtime system information
Unsigned PE
Enumerates physical storage devices
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 17:06
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral27
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win7-20240508-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\FW.lnk
Network
Files
memory/1676-26-0x0000000002CD0000-0x0000000002CD1000-memory.dmp
Analysis: behavioral29
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
9s
Max time network
128s
Command Line
Signatures
Deletes log files
| Description | Indicator | Process | Target |
| File deleted | /var/log/setup/tmp/SeTmount | /bin/rm | N/A |
| File deleted | /var/log/setup/tmp/SeTCDdev | /bin/rm | N/A |
| File truncated | /var/log/setup/tmp/reply | /tmp/sketchyorignorant-main/INSCD | N/A |
| File deleted | /var/log/setup/tmp/SeTDS | /bin/rm | N/A |
| File deleted | /var/log/setup/tmp/SeTCDdev | /bin/rm | N/A |
| File deleted | /var/log/setup/tmp/errordo | /bin/rm | N/A |
| File deleted | /var/log/setup/tmp/SeTDS | /bin/rm | N/A |
| File deleted | /var/log/setup/tmp/reply | /bin/rm | N/A |
| File deleted | /var/log/setup/tmp/SeTmount | /bin/rm | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
| File opened for reading | /proc/filesystems | /bin/mount | N/A |
Processes
/tmp/sketchyorignorant-main/INSCD
[/tmp/sketchyorignorant-main/INSCD]
/bin/mkdir
[mkdir -p /var/log/setup/tmp]
/bin/cat
[cat /var/log/setup/tmp/SeTT_PX]
/bin/rm
[rm -f /var/log/setup/tmp/SeTmount /var/log/setup/tmp/SeTDS /var/log/setup/tmp/SeTCDdev /var/log/setup/tmp/reply]
/bin/cat
[cat /var/log/setup/tmp/reply]
/bin/sleep
[sleep 3]
/bin/mount
[mount -o ro -t iso9660 /dev/hdd /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/hdc /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/hdb /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/hda /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/hde /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/hdf /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/hdg /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/hdh /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/hdi /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/hdj /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/hdk /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/hdl /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/hdm /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/hdn /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/hdo /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/hdp /var/log/mount]
/bin/sleep
[sleep 3]
/bin/mount
[mount -o ro -t iso9660 /dev/sr0 /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/sr1 /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/sr2 /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/sr3 /var/log/mount]
/bin/sleep
[sleep 3]
/bin/mount
[mount -o ro -t iso9660 /dev/pcd0 /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/pcd1 /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/pcd2 /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/pcd3 /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/sonycd /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/gscd /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/optcd /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/sjcd /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/mcdx0 /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/mcdx1 /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/cdu535 /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/sbpcd /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/aztcd /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/cm205cd /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/cm206cd /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/bpcd /var/log/mount]
/bin/mount
[mount -o ro -t iso9660 /dev/mcd /var/log/mount]
/bin/rm
[rm -f /var/log/setup/tmp/SeTDS /var/log/setup/tmp/SeTmount /var/log/setup/tmp/SeTCDdev /var/log/setup/tmp/errordo]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp |
Files
/var/log/setup/tmp/reply
| MD5 | d74c28a84f1d0d530db1ff720798aa88 |
| SHA1 | 442f563dcfe2b52de085f62f512e57234515b94c |
| SHA256 | 5c3f3112d31ce1828e127a4ec05cbd3584c81526e7aac222fc021bf104df09e5 |
| SHA512 | a53580656517fc2f4e83a2096f0320c120495a6c3bb4f672a31f58ea4df279134f292f7b143deb510bfde30946ee7ae9938aa08d5253ab805b33a41ab66fb9fe |
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win7-20240419-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\006962bb76190c6cfad4c4b28868c5b0567993d2a3ee75c39c9e0a49188032e6-a
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win7-20240611-en
Max time kernel
120s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0069f092738bc9044b183860f95311e747eae3338bb66b8d88b7c80e9722b15d-a
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win7-20240611-en
Max time kernel
118s
Max time network
126s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\008587ffad9fcc70a0362a8773eed5734ef89edf3e2d2bbc25f7737257567718-a
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win7-20240419-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\FDhelp
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win10v2004-20240611-en
Max time kernel
92s
Max time network
130s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\00b7a8637bb3363e6294c527c6f10c298c4928f7d4b55578115eda0b57df319c-d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win7-20240221-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Windows\system32\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "1" | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 | C:\Windows\system32\cmd.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff | C:\Windows\system32\cmd.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5e00310000000000425781941000434c4f5544497e310000460009000400efbe4257c793425781942e000000e89300000000040000000000000000000000000000004a72740043006c006f007500640049006d00610067006500000018000000 | C:\Windows\system32\cmd.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\system32\cmd.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Windows\system32\cmd.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Windows\system32\cmd.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\system32\cmd.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\system32\cmd.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\cmd.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Windows\system32\cmd.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Windows\system32\cmd.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 5c003100000000004257c79312002453595352457e310000440009000400efbe4257c7934257e9932e00000022000000000006000000000000000000000000000000111c3f00240053007900730052006500730065007400000018000000 | C:\Windows\system32\cmd.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\CloudImage.lnk
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win10v2004-20240508-en
Max time kernel
142s
Max time network
148s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{088e3905-0323-4b02-9826-5d99428e115f}\Instance\ | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\cmd.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\system32\cmd.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\system32\cmd.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\FW.lnk
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3240,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=4336 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win7-20240419-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0015ad62d94bd700d44b8d8cd0829b602273a6731658d6a9a12ec26d6e1f05eb-d
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win10v2004-20240611-en
Max time kernel
95s
Max time network
99s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0015ad62d94bd700d44b8d8cd0829b602273a6731658d6a9a12ec26d6e1f05eb-d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.83.221.88.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win10v2004-20240611-en
Max time kernel
125s
Max time network
127s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\006962bb76190c6cfad4c4b28868c5b0567993d2a3ee75c39c9e0a49188032e6-a
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3920,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=1304 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0075c7f4698000aa5aea56f035582cac89ede60edbeb774afe41c516743f7ba4-a
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.229.138.52.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\000d5c57495cc0d4487b91c61d0c543f68b559156f4284463e5ce72f803b4f90-a
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.239.69.13.in-addr.arpa | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win7-20240221-en
Max time kernel
118s
Max time network
120s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\00b7a8637bb3363e6294c527c6f10c298c4928f7d4b55578115eda0b57df319c-d
Network
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
52s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\008587ffad9fcc70a0362a8773eed5734ef89edf3e2d2bbc25f7737257567718-a
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win7-20240220-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0075c7f4698000aa5aea56f035582cac89ede60edbeb774afe41c516743f7ba4-a
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win10v2004-20240611-en
Max time kernel
126s
Max time network
133s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\AppInstallPlan.zip.lnk
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=2904,i,17325488789339133686,9539570259395798500,262144 --variations-seed-version --mojo-platform-channel-handle=2900 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.242.123.52.in-addr.arpa | udp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
52s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\cmd.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\system32\cmd.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\system32\cmd.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\CloudImage.lnk
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
debian9-armhf-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win10v2004-20240611-en
Max time kernel
146s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0033657cd8e5f36c4bfb6fca0d170f97a22247738463071d6fe64481c8bfe494-a
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0069f092738bc9044b183860f95311e747eae3338bb66b8d88b7c80e9722b15d-a
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win7-20240220-en
Max time kernel
121s
Max time network
123s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\AppInstallPlan.zip.lnk
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:07
Platform
debian9-mipsbe-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:07
Platform
debian9-mipsel-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win7-20240611-en
Max time kernel
117s
Max time network
126s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0033657cd8e5f36c4bfb6fca0d170f97a22247738463071d6fe64481c8bfe494-a
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win7-20240221-en
Max time kernel
121s
Max time network
123s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\006857f2e636f607e93c2b1ff486a196294ddf38d796d3bceb80fce959486538-a
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win10v2004-20240508-en
Max time kernel
142s
Max time network
149s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\006857f2e636f607e93c2b1ff486a196294ddf38d796d3bceb80fce959486538-a
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4008,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4100 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| NL | 52.142.223.178:80 | tcp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\FDhelp
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win7-20240611-en
Max time kernel
118s
Max time network
126s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\000d5c57495cc0d4487b91c61d0c543f68b559156f4284463e5ce72f803b4f90-a
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win7-20231129-en
Max time kernel
121s
Max time network
123s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\004a257c148891b013731949f499049f7b4a6bdc692eb5932b46c8eed30d916b-d
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-12 17:05
Reported
2024-06-12 17:10
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
52s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\004a257c148891b013731949f499049f7b4a6bdc692eb5932b46c8eed30d916b-d