Malware Analysis Report

2024-10-19 08:22

Sample ID 240613-v5zhwaxdka
Target Spoofing method.zip
SHA256 6a1f8cc8b6c6c425b07fb5bcbe66053d4c58090295fbdd846eca25a280a77623
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

6a1f8cc8b6c6c425b07fb5bcbe66053d4c58090295fbdd846eca25a280a77623

Threat Level: Likely benign

The file Spoofing method.zip was found to be: Likely benign.

Malicious Activity Summary


Program crash

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: LoadsDriver

Opens file in notepad (likely ransom note)

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 17:35

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Spoofing method.zip"

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Spoofing method.zip"

Network

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win7-20231129-en

Max time kernel

118s

Max time network

119s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\new.sys

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\new.sys

C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\new.sys

C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\new.sys

Network

N/A

Files

memory/1028-0-0x0000000000010000-0x0000000000019000-memory.dmp

Analysis: behavioral31

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win10v2004-20240611-en

Max time kernel

126s

Max time network

131s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREVXD.vxd

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREVXD.vxd

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4232,i,1305347165619645738,15927664461101562802,262144 --variations-seed-version --mojo-platform-channel-handle=3772 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 205.201.50.20.in-addr.arpa udp
US 8.8.8.8:53 57.242.123.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

151s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\vgk.sys

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\vgk.sys

C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\vgk.sys

C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\vgk.sys

Network

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\GRINX64v2.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\GRINX64v2.zip

Network

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:37

Platform

win7-20240221-en

Max time kernel

0s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

51s

Command Line

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\GRINX64v2\README.txt

Signatures

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\GRINX64v2\README.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

151s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\EAC.sys

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\EAC.sys

C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\EAC.sys

C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\EAC.sys

Network

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win7-20240508-en

Max time kernel

122s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\mapper.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\mapper.exe

"C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\mapper.exe"

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCORESYS.sys

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCORESYS.sys

C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCORESYS.sys

C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCORESYS.sys

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win7-20240220-en

Max time kernel

118s

Max time network

118s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREVXD.vxd

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREVXD.vxd

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\GRINX64v2\AMIDEWIN.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\GRINX64v2\AMIDEWIN.exe

"C:\Users\Admin\AppData\Local\Temp\GRINX64v2\AMIDEWIN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 203.197.17.2.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 17.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 52.111.227.14:443 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 27.178.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win7-20240221-en

Max time kernel

118s

Max time network

122s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREW64.sys

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREW64.sys

C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREW64.sys

C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREW64.sys

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win7-20240611-en

Max time kernel

118s

Max time network

120s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main.zip

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win10v2004-20240611-en

Max time kernel

91s

Max time network

96s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main.zip

Network

Country Destination Domain Proto
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 201.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 17.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

51s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\new.sys

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\new.sys

C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\new.sys

C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\new.sys

Network

Files

memory/220-0-0x0000000000010000-0x0000000000019000-memory.dmp

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win7-20240508-en

Max time kernel

118s

Max time network

118s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\GRINX64v2.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\GRINX64v2.zip

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win7-20240611-en

Max time kernel

118s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\command.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\command.exe

"C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\command.exe"

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win7-20240221-en

Max time kernel

119s

Max time network

120s

Command Line

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\GRINX64v2\README.txt

Signatures

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\GRINX64v2\README.txt

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win7-20240611-en

Max time kernel

120s

Max time network

122s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREDLL.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREDLL.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREDLL.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 224

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win7-20240611-en

Max time kernel

122s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\GRINX64v2\DMIEDIT.exe"

Signatures

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\GRINX64v2\DMIEDIT.exe

"C:\Users\Admin\AppData\Local\Temp\GRINX64v2\DMIEDIT.exe"

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\GRINX64v2\DMIEDIT.exe"

Signatures

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\GRINX64v2\DMIEDIT.exe

"C:\Users\Admin\AppData\Local\Temp\GRINX64v2\DMIEDIT.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 242.197.17.2.in-addr.arpa udp
GB 104.86.110.115:443 www.bing.com tcp
US 8.8.8.8:53 115.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 25.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 93.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\command.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\command.exe

"C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\command.exe"

Network

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\mapper.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\mapper.exe

"C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\mapper.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
GB 172.217.169.74:443 tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 17.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 25.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win7-20240508-en

Max time kernel

119s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\GRINX64v2\AMIDEWINx64.exe"

Signatures

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\GRINX64v2\AMIDEWINx64.exe

"C:\Users\Admin\AppData\Local\Temp\GRINX64v2\AMIDEWINx64.exe"

Network

N/A

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:37

Platform

win10v2004-20240226-en

Max time kernel

1s

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.234:443 tcp
N/A 8.8.8.8:53 udp
N/A 52.167.17.97:443 tcp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREDLL.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3920 wrote to memory of 216 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3920 wrote to memory of 216 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3920 wrote to memory of 216 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREDLL.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREDLL.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 216 -ip 216

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 216 -s 616

Network

Country Destination Domain Proto
US 52.111.229.48:443 tcp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win7-20240508-en

Max time kernel

120s

Max time network

121s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCORESYS.sys

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCORESYS.sys

C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCORESYS.sys

C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCORESYS.sys

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win7-20240221-en

Max time kernel

120s

Max time network

122s

Command Line

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Spoofing method.zip"

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Spoofing method.zip"

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win10v2004-20240611-en

Max time kernel

93s

Max time network

96s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\new1.sys

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\new1.sys

C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\new1.sys

C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\new1.sys

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
GB 104.86.110.115:443 www.bing.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 115.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win7-20240611-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\GRINX64v2\AMIDEWIN.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\GRINX64v2\AMIDEWIN.exe

"C:\Users\Admin\AppData\Local\Temp\GRINX64v2\AMIDEWIN.exe"

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-13 17:35

Reported

2024-06-13 17:40

Platform

win10v2004-20240611-en

Max time kernel

127s

Max time network

129s

Command Line

"C:\Users\Admin\AppData\Local\Temp\GRINX64v2\AMIDEWINx64.exe"

Signatures

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\GRINX64v2\AMIDEWINx64.exe

"C:\Users\Admin\AppData\Local\Temp\GRINX64v2\AMIDEWINx64.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4028,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=4224 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 30.242.123.52.in-addr.arpa udp

Files

N/A