Malware Analysis Report

2024-10-10 10:56

Sample ID 240612-vmcamasdqh
Target sketchyorignorant-main.zip
SHA256 b47f027d4abb21ce7a8eca56eea90b8df16a017ea8c8a7bac9f2aaac6b76b70b
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

b47f027d4abb21ce7a8eca56eea90b8df16a017ea8c8a7bac9f2aaac6b76b70b

Threat Level: Shows suspicious behavior

The file sketchyorignorant-main.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary


Deletes log files

Reads runtime system information

Unsigned PE

Enumerates physical storage devices

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 17:06

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win7-20240508-en

Max time kernel

120s

Max time network

121s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\FW.lnk

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\FW.lnk

Network

N/A

Files

memory/1676-26-0x0000000002CD0000-0x0000000002CD1000-memory.dmp

Analysis: behavioral29

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

9s

Max time network

128s

Command Line

[/tmp/sketchyorignorant-main/INSCD]

Signatures

Deletes log files

Description Indicator Process Target
File deleted /var/log/setup/tmp/SeTmount /bin/rm N/A
File deleted /var/log/setup/tmp/SeTCDdev /bin/rm N/A
File truncated /var/log/setup/tmp/reply /tmp/sketchyorignorant-main/INSCD N/A
File deleted /var/log/setup/tmp/SeTDS /bin/rm N/A
File deleted /var/log/setup/tmp/SeTCDdev /bin/rm N/A
File deleted /var/log/setup/tmp/errordo /bin/rm N/A
File deleted /var/log/setup/tmp/SeTDS /bin/rm N/A
File deleted /var/log/setup/tmp/reply /bin/rm N/A
File deleted /var/log/setup/tmp/SeTmount /bin/rm N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A
File opened for reading /proc/filesystems /bin/mount N/A

Processes

/tmp/sketchyorignorant-main/INSCD

[/tmp/sketchyorignorant-main/INSCD]

/bin/mkdir

[mkdir -p /var/log/setup/tmp]

/bin/cat

[cat /var/log/setup/tmp/SeTT_PX]

/bin/rm

[rm -f /var/log/setup/tmp/SeTmount /var/log/setup/tmp/SeTDS /var/log/setup/tmp/SeTCDdev /var/log/setup/tmp/reply]

/bin/cat

[cat /var/log/setup/tmp/reply]

/bin/sleep

[sleep 3]

/bin/mount

[mount -o ro -t iso9660 /dev/hdd /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/hdc /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/hdb /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/hda /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/hde /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/hdf /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/hdg /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/hdh /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/hdi /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/hdj /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/hdk /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/hdl /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/hdm /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/hdn /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/hdo /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/hdp /var/log/mount]

/bin/sleep

[sleep 3]

/bin/mount

[mount -o ro -t iso9660 /dev/sr0 /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/sr1 /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/sr2 /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/sr3 /var/log/mount]

/bin/sleep

[sleep 3]

/bin/mount

[mount -o ro -t iso9660 /dev/pcd0 /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/pcd1 /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/pcd2 /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/pcd3 /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/sonycd /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/gscd /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/optcd /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/sjcd /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/mcdx0 /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/mcdx1 /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/cdu535 /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/sbpcd /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/aztcd /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/cm205cd /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/cm206cd /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/bpcd /var/log/mount]

/bin/mount

[mount -o ro -t iso9660 /dev/mcd /var/log/mount]

/bin/rm

[rm -f /var/log/setup/tmp/SeTDS /var/log/setup/tmp/SeTmount /var/log/setup/tmp/SeTCDdev /var/log/setup/tmp/errordo]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 195.181.164.14:443 tcp

Files

/var/log/setup/tmp/reply

MD5 d74c28a84f1d0d530db1ff720798aa88
SHA1 442f563dcfe2b52de085f62f512e57234515b94c
SHA256 5c3f3112d31ce1828e127a4ec05cbd3584c81526e7aac222fc021bf104df09e5
SHA512 a53580656517fc2f4e83a2096f0320c120495a6c3bb4f672a31f58ea4df279134f292f7b143deb510bfde30946ee7ae9938aa08d5253ab805b33a41ab66fb9fe

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win7-20240419-en

Max time kernel

119s

Max time network

121s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\006962bb76190c6cfad4c4b28868c5b0567993d2a3ee75c39c9e0a49188032e6-a

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\006962bb76190c6cfad4c4b28868c5b0567993d2a3ee75c39c9e0a49188032e6-a

Network

N/A

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win7-20240611-en

Max time kernel

120s

Max time network

122s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0069f092738bc9044b183860f95311e747eae3338bb66b8d88b7c80e9722b15d-a

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0069f092738bc9044b183860f95311e747eae3338bb66b8d88b7c80e9722b15d-a

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win7-20240611-en

Max time kernel

118s

Max time network

126s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\008587ffad9fcc70a0362a8773eed5734ef89edf3e2d2bbc25f7737257567718-a

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\008587ffad9fcc70a0362a8773eed5734ef89edf3e2d2bbc25f7737257567718-a

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win7-20240419-en

Max time kernel

118s

Max time network

119s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\FDhelp

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\FDhelp

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win10v2004-20240611-en

Max time kernel

92s

Max time network

130s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\00b7a8637bb3363e6294c527c6f10c298c4928f7d4b55578115eda0b57df319c-d

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\00b7a8637bb3363e6294c527c6f10c298c4928f7d4b55578115eda0b57df319c-d

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win7-20240221-en

Max time kernel

120s

Max time network

121s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\CloudImage.lnk

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\system32\cmd.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "1" C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 C:\Windows\system32\cmd.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff C:\Windows\system32\cmd.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5e00310000000000425781941000434c4f5544497e310000460009000400efbe4257c793425781942e000000e89300000000040000000000000000000000000000004a72740043006c006f007500640049006d00610067006500000018000000 C:\Windows\system32\cmd.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\system32\cmd.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\system32\cmd.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\system32\cmd.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\system32\cmd.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\system32\cmd.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\system32\cmd.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Windows\system32\cmd.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 C:\Windows\system32\cmd.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 5c003100000000004257c79312002453595352457e310000440009000400efbe4257c7934257e9932e00000022000000000006000000000000000000000000000000111c3f00240053007900730052006500730065007400000018000000 C:\Windows\system32\cmd.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\CloudImage.lnk

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win10v2004-20240508-en

Max time kernel

142s

Max time network

148s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\FW.lnk

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{088e3905-0323-4b02-9826-5d99428e115f}\Instance\ C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\system32\cmd.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\system32\cmd.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\system32\cmd.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\FW.lnk

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3240,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=4336 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win7-20240419-en

Max time kernel

118s

Max time network

119s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0015ad62d94bd700d44b8d8cd0829b602273a6731658d6a9a12ec26d6e1f05eb-d

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0015ad62d94bd700d44b8d8cd0829b602273a6731658d6a9a12ec26d6e1f05eb-d

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win10v2004-20240611-en

Max time kernel

95s

Max time network

99s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0015ad62d94bd700d44b8d8cd0829b602273a6731658d6a9a12ec26d6e1f05eb-d

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0015ad62d94bd700d44b8d8cd0829b602273a6731658d6a9a12ec26d6e1f05eb-d

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 99.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 131.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 98.83.221.88.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win10v2004-20240611-en

Max time kernel

125s

Max time network

127s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\006962bb76190c6cfad4c4b28868c5b0567993d2a3ee75c39c9e0a49188032e6-a

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\006962bb76190c6cfad4c4b28868c5b0567993d2a3ee75c39c9e0a49188032e6-a

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3920,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=1304 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 170.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

151s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0075c7f4698000aa5aea56f035582cac89ede60edbeb774afe41c516743f7ba4-a

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0075c7f4698000aa5aea56f035582cac89ede60edbeb774afe41c516743f7ba4-a

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 32.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 152.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 66.229.138.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

152s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\000d5c57495cc0d4487b91c61d0c543f68b559156f4284463e5ce72f803b4f90-a

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\000d5c57495cc0d4487b91c61d0c543f68b559156f4284463e5ce72f803b4f90-a

Network

Country Destination Domain Proto
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 79.239.69.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win7-20240221-en

Max time kernel

118s

Max time network

120s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\00b7a8637bb3363e6294c527c6f10c298c4928f7d4b55578115eda0b57df319c-d

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\00b7a8637bb3363e6294c527c6f10c298c4928f7d4b55578115eda0b57df319c-d

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

52s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\008587ffad9fcc70a0362a8773eed5734ef89edf3e2d2bbc25f7737257567718-a

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\008587ffad9fcc70a0362a8773eed5734ef89edf3e2d2bbc25f7737257567718-a

Network

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win7-20240220-en

Max time kernel

120s

Max time network

121s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0075c7f4698000aa5aea56f035582cac89ede60edbeb774afe41c516743f7ba4-a

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0075c7f4698000aa5aea56f035582cac89ede60edbeb774afe41c516743f7ba4-a

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win10v2004-20240611-en

Max time kernel

126s

Max time network

133s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\AppInstallPlan.zip.lnk

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\AppInstallPlan.zip.lnk

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=2904,i,17325488789339133686,9539570259395798500,262144 --variations-seed-version --mojo-platform-channel-handle=2900 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
NL 23.62.61.155:443 www.bing.com tcp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 152.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 32.242.123.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

52s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\CloudImage.lnk

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\system32\cmd.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\system32\cmd.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\system32\cmd.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\CloudImage.lnk

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

debian9-armhf-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win10v2004-20240611-en

Max time kernel

146s

Max time network

150s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0033657cd8e5f36c4bfb6fca0d170f97a22247738463071d6fe64481c8bfe494-a

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0033657cd8e5f36c4bfb6fca0d170f97a22247738463071d6fe64481c8bfe494-a

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 152.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 30.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win10v2004-20240508-en

Max time kernel

146s

Max time network

150s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0069f092738bc9044b183860f95311e747eae3338bb66b8d88b7c80e9722b15d-a

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0069f092738bc9044b183860f95311e747eae3338bb66b8d88b7c80e9722b15d-a

Network

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win7-20240220-en

Max time kernel

121s

Max time network

123s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\AppInstallPlan.zip.lnk

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\AppInstallPlan.zip.lnk

Network

N/A

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:07

Platform

debian9-mipsbe-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:07

Platform

debian9-mipsel-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win7-20240611-en

Max time kernel

117s

Max time network

126s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0033657cd8e5f36c4bfb6fca0d170f97a22247738463071d6fe64481c8bfe494-a

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\0033657cd8e5f36c4bfb6fca0d170f97a22247738463071d6fe64481c8bfe494-a

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win7-20240221-en

Max time kernel

121s

Max time network

123s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\006857f2e636f607e93c2b1ff486a196294ddf38d796d3bceb80fce959486538-a

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\006857f2e636f607e93c2b1ff486a196294ddf38d796d3bceb80fce959486538-a

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win10v2004-20240508-en

Max time kernel

142s

Max time network

149s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\006857f2e636f607e93c2b1ff486a196294ddf38d796d3bceb80fce959486538-a

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\006857f2e636f607e93c2b1ff486a196294ddf38d796d3bceb80fce959486538-a

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4008,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4100 /prefetch:8

Network

Country Destination Domain Proto
NL 52.142.223.178:80 tcp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win10v2004-20240508-en

Max time kernel

146s

Max time network

150s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\FDhelp

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\FDhelp

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win7-20240611-en

Max time kernel

118s

Max time network

126s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\000d5c57495cc0d4487b91c61d0c543f68b559156f4284463e5ce72f803b4f90-a

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\000d5c57495cc0d4487b91c61d0c543f68b559156f4284463e5ce72f803b4f90-a

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win7-20231129-en

Max time kernel

121s

Max time network

123s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\004a257c148891b013731949f499049f7b4a6bdc692eb5932b46c8eed30d916b-d

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\004a257c148891b013731949f499049f7b4a6bdc692eb5932b46c8eed30d916b-d

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-12 17:05

Reported

2024-06-12 17:10

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

52s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\004a257c148891b013731949f499049f7b4a6bdc692eb5932b46c8eed30d916b-d

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\004a257c148891b013731949f499049f7b4a6bdc692eb5932b46c8eed30d916b-d

Network

Files

N/A