Malware Analysis Report

2024-10-10 07:38

Sample ID 240615-kxkdwavcmh
Target Solaris.zip
SHA256 fb32a45773d44d351532eb9233cbf56de2dd312e85af0fcc053b84530d48a307
Tags
execution themida
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

fb32a45773d44d351532eb9233cbf56de2dd312e85af0fcc053b84530d48a307

Threat Level: Shows suspicious behavior

The file Solaris.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

execution themida

Themida packer

Command and Scripting Interpreter: JavaScript

Unsigned PE

Command and Scripting Interpreter: PowerShell

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-15 09:02

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

116s

Max time network

142s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\no-base-to-string.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\no-base-to-string.js

Network

Country Destination Domain Proto
US 52.111.227.14:443 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 154.141.79.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

111s

Max time network

135s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\no-floating-promises.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\no-floating-promises.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 154.141.79.40.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

109s

Max time network

135s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\no-implied-eval.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\no-implied-eval.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.73.50.20.in-addr.arpa udp
US 8.8.8.8:53 213.131.50.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

104s

Max time network

135s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\restrict-plus-operands.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\restrict-plus-operands.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:08

Platform

win10-20240404-en

Max time kernel

116s

Max time network

144s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\.bin\semver

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\.bin\semver

Network

Country Destination Domain Proto
US 8.8.8.8:53 f.f.f.f.8.f.2.0.2.c.1.c.3.1.0.9.f.f.f.f.6.9.8.8.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 41.173.79.40.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

113s

Max time network

136s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\no-throw-literal.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\no-throw-literal.js

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 213.131.50.23.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:08

Platform

win10-20240611-en

Max time kernel

132s

Max time network

196s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\classes\comparator.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\classes\comparator.js

Network

Country Destination Domain Proto
GB 2.21.189.164:80 tcp
BE 2.17.107.203:80 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 41.173.79.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:09

Platform

win10-20240611-en

Max time kernel

139s

Max time network

197s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\no-misused-promises.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\no-misused-promises.js

Network

Country Destination Domain Proto
US 199.232.210.172:80 tcp
US 8.8.8.8:53 105.246.116.51.in-addr.arpa udp
US 8.8.8.8:53 200.131.50.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

110s

Max time network

138s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\explicit-function-return-type.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\explicit-function-return-type.js

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 154.141.79.40.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

111s

Max time network

147s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\no-var-requires.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\no-var-requires.js

Network

Country Destination Domain Proto
US 52.111.227.14:443 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

113s

Max time network

141s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\strict-boolean-expressions.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\strict-boolean-expressions.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 227.162.46.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

114s

Max time network

139s

Command Line

powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\.bin\semver.ps1

Signatures

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Processes

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\.bin\semver.ps1

Network

Country Destination Domain Proto
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

memory/1004-3-0x00007FFAEFCA3000-0x00007FFAEFCA4000-memory.dmp

memory/1004-5-0x0000023E74C30000-0x0000023E74C52000-memory.dmp

memory/1004-6-0x00007FFAEFCA0000-0x00007FFAF068C000-memory.dmp

memory/1004-9-0x0000023E74DE0000-0x0000023E74E56000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kc4rg1ja.h4q.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/1004-10-0x00007FFAEFCA0000-0x00007FFAF068C000-memory.dmp

memory/1004-45-0x00007FFAEFCA0000-0x00007FFAF068C000-memory.dmp

memory/1004-49-0x00007FFAEFCA0000-0x00007FFAF068C000-memory.dmp

Analysis: behavioral21

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:08

Platform

win10-20240404-en

Max time kernel

53s

Max time network

83s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\bin\semver.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\bin\semver.js

Network

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

114s

Max time network

135s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\classes\range.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\classes\range.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 13.73.50.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

115s

Max time network

138s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\explicit-module-boundary-types.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\explicit-module-boundary-types.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

112s

Max time network

135s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\no-this-alias.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\no-this-alias.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

114s

Max time network

138s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\.bin\semver.cmd"

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\.bin\semver.cmd"

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

111s

Max time network

138s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\classes\semver.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\classes\semver.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

107s

Max time network

134s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\functions\clean.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\functions\clean.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 13.73.50.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

116s

Max time network

139s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\functions\cmp.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\functions\cmp.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 1.0.a.d.6.8.4.c.2.6.6.6.8.4.0.e.1.0.a.d.6.8.4.c.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

115s

Max time network

141s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\functions\compare-build.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\functions\compare-build.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:08

Platform

win10-20240611-en

Max time kernel

133s

Max time network

195s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\functions\compare-loose.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\functions\compare-loose.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 66.112.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

109s

Max time network

144s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\functions\diff.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\functions\diff.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:08

Platform

win10-20240404-en

Max time kernel

55s

Max time network

84s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\no-implicit-any-catch.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\no-implicit-any-catch.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

113s

Max time network

140s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\no-require-imports.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\no-require-imports.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

113s

Max time network

140s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\no-shadow.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\no-shadow.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:08

Platform

win10-20240404-en

Max time kernel

115s

Max time network

143s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\classes\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\classes\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 227.162.46.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

113s

Max time network

136s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\functions\compare.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\functions\compare.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 13.73.50.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

113s

Max time network

135s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\prefer-as-const.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\prefer-as-const.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 f.f.f.f.5.e.a.8.b.6.d.3.0.8.0.1.f.f.f.f.5.e.a.8.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:09

Platform

win10-20240611-en

Max time kernel

138s

Max time network

197s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\return-await.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\return-await.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 66.112.168.52.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:07

Platform

win10-20240404-en

Max time kernel

113s

Max time network

139s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\switch-exhaustiveness-check.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\docs\rules\switch-exhaustiveness-check.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 154.141.79.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-06-15 08:58

Reported

2024-06-15 09:08

Platform

win10-20240611-en

Max time kernel

135s

Max time network

197s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\functions\coerce.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Data\luau\node_modules\@typescript-eslint\eslint-plugin\node_modules\semver\functions\coerce.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 205.131.50.23.in-addr.arpa udp

Files

N/A