Analysis Overview
SHA256
6a1f8cc8b6c6c425b07fb5bcbe66053d4c58090295fbdd846eca25a280a77623
Threat Level: Likely benign
The file Spoofing method.zip was found to be: Likely benign.
Malicious Activity Summary
Program crash
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: LoadsDriver
Opens file in notepad (likely ransom note)
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-13 17:35
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Spoofing method.zip"
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win7-20231129-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\new.sys
C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\new.sys
C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\new.sys
Network
Files
memory/1028-0-0x0000000000010000-0x0000000000019000-memory.dmp
Analysis: behavioral31
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win10v2004-20240611-en
Max time kernel
126s
Max time network
131s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREVXD.vxd
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4232,i,1305347165619645738,15927664461101562802,262144 --variations-seed-version --mojo-platform-channel-handle=3772 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.201.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.242.123.52.in-addr.arpa | udp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\vgk.sys
C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\vgk.sys
C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\vgk.sys
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\GRINX64v2.zip
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:37
Platform
win7-20240221-en
Max time kernel
0s
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
51s
Command Line
Signatures
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\GRINX64v2\README.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\EAC.sys
C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\EAC.sys
C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\EAC.sys
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win7-20240508-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\mapper.exe
"C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\mapper.exe"
Network
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCORESYS.sys
C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCORESYS.sys
C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCORESYS.sys
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win7-20240220-en
Max time kernel
118s
Max time network
118s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREVXD.vxd
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\GRINX64v2\AMIDEWIN.exe
"C:\Users\Admin\AppData\Local\Temp\GRINX64v2\AMIDEWIN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 203.197.17.2.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.14.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 52.111.227.14:443 | tcp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win7-20240221-en
Max time kernel
118s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREW64.sys
C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREW64.sys
C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREW64.sys
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win7-20240611-en
Max time kernel
118s
Max time network
120s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main.zip
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win10v2004-20240611-en
Max time kernel
91s
Max time network
96s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main.zip
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.14.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
51s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\new.sys
C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\new.sys
C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\new.sys
Network
Files
memory/220-0-0x0000000000010000-0x0000000000019000-memory.dmp
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win7-20240508-en
Max time kernel
118s
Max time network
118s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\GRINX64v2.zip
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win7-20240611-en
Max time kernel
118s
Max time network
123s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\command.exe
"C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\command.exe"
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win7-20240221-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\GRINX64v2\README.txt
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win7-20240611-en
Max time kernel
120s
Max time network
122s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREDLL.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREDLL.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 224
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win7-20240611-en
Max time kernel
122s
Max time network
127s
Command Line
Signatures
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\GRINX64v2\DMIEDIT.exe
"C:\Users\Admin\AppData\Local\Temp\GRINX64v2\DMIEDIT.exe"
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\GRINX64v2\DMIEDIT.exe
"C:\Users\Admin\AppData\Local\Temp\GRINX64v2\DMIEDIT.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.197.17.2.in-addr.arpa | udp |
| GB | 104.86.110.115:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 115.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.14.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\command.exe
"C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\command.exe"
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
151s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\mapper.exe
"C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\mapper.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| GB | 172.217.169.74:443 | tcp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 17.14.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win7-20240508-en
Max time kernel
119s
Max time network
119s
Command Line
Signatures
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\GRINX64v2\AMIDEWINx64.exe
"C:\Users\Admin\AppData\Local\Temp\GRINX64v2\AMIDEWINx64.exe"
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:37
Platform
win10v2004-20240226-en
Max time kernel
1s
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.234:443 | tcp | |
| N/A | 8.8.8.8:53 | udp | |
| N/A | 52.167.17.97:443 | tcp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3920 wrote to memory of 216 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3920 wrote to memory of 216 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3920 wrote to memory of 216 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREDLL.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCOREDLL.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 216 -ip 216
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 216 -s 616
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.48:443 | tcp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win7-20240508-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCORESYS.sys
C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCORESYS.sys
C:\Users\Admin\AppData\Local\Temp\GRINX64v2\UCORESYS.sys
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win7-20240221-en
Max time kernel
120s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Spoofing method.zip"
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win10v2004-20240611-en
Max time kernel
93s
Max time network
96s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\new1.sys
C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\new1.sys
C:\Users\Admin\AppData\Local\Temp\Eac.gg-Spoofer-Crack-main\new1.sys
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| GB | 104.86.110.115:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win7-20240611-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\GRINX64v2\AMIDEWIN.exe
"C:\Users\Admin\AppData\Local\Temp\GRINX64v2\AMIDEWIN.exe"
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-06-13 17:35
Reported
2024-06-13 17:40
Platform
win10v2004-20240611-en
Max time kernel
127s
Max time network
129s
Command Line
Signatures
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\GRINX64v2\AMIDEWINx64.exe
"C:\Users\Admin\AppData\Local\Temp\GRINX64v2\AMIDEWINx64.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4028,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=4224 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.242.123.52.in-addr.arpa | udp |