Malware Analysis Report

2024-10-16 06:51

Sample ID 240615-stecfsvglg
Target CrystalUPDATED.rar
SHA256 57f487f0d8eddd22ea6c42f697c612d3969e8cba20925cb72a1b8568b67b3003
Tags
execution agenttesla
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

57f487f0d8eddd22ea6c42f697c612d3969e8cba20925cb72a1b8568b67b3003

Threat Level: Known bad

The file CrystalUPDATED.rar was found to be: Known bad.

Malicious Activity Summary

execution agenttesla

AgentTesla payload

Agenttesla family

Command and Scripting Interpreter: JavaScript

Unsigned PE

Program crash

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-15 15:24

Signatures

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Agenttesla family

agenttesla

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:27

Platform

win10-20240611-en

Max time kernel

8s

Max time network

22s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\basic-languages\sql\sql.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\basic-languages\sql\sql.js

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:30

Platform

win10-20240404-en

Max time kernel

76s

Max time network

86s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\basic-languages\vb\vb.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\basic-languages\vb\vb.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:30

Platform

win10-20240404-en

Max time kernel

76s

Max time network

86s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.nls.zh-tw.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.nls.zh-tw.js

Network

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:27

Platform

win10-20240404-en

Max time kernel

14s

Max time network

21s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\language\typescript\lib\typescriptservices.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\language\typescript\lib\typescriptservices.js

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

131s

Max time network

139s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.nls.zh-cn.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.nls.zh-cn.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 34.197.79.40.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

132s

Max time network

137s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\language\html\htmlmode.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\language\html\htmlmode.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 34.197.79.40.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:30

Platform

win10-20240404-en

Max time kernel

131s

Max time network

142s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\loader.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\loader.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

131s

Max time network

136s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debug\runtimes\win-x64\native\WebView2Loader.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debug\runtimes\win-x64\native\WebView2Loader.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 64.43.201.23.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:30

Platform

win10-20240611-en

Max time kernel

123s

Max time network

136s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debug\runtimes\win-x86\native\WebView2Loader.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3728 wrote to memory of 4364 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3728 wrote to memory of 4364 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3728 wrote to memory of 4364 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debug\runtimes\win-x86\native\WebView2Loader.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debug\runtimes\win-x86\native\WebView2Loader.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 616

Network

Country Destination Domain Proto
US 8.8.8.8:53 64.43.201.23.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 11.73.50.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

132s

Max time network

139s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.nls.ja.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.nls.ja.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:30

Platform

win10-20240611-en

Max time kernel

120s

Max time network

135s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.nls.ru.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.nls.ru.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 11.73.50.20.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

132s

Max time network

138s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\language\html\htmlworker.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\language\html\htmlworker.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 11.73.50.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

133s

Max time network

141s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\language\typescript\tsmode.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\language\typescript\tsmode.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:30

Platform

win10-20240404-en

Max time kernel

132s

Max time network

142s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.nls.it.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.nls.it.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

132s

Max time network

138s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\basic-languages\yaml\yaml.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\basic-languages\yaml\yaml.js

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

132s

Max time network

140s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 34.197.79.40.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:30

Platform

win10-20240611-en

Max time kernel

122s

Max time network

137s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.nls.de.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.nls.de.js

Network

Country Destination Domain Proto
US 199.232.210.172:80 tcp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

132s

Max time network

140s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debug\runtimes\win-arm64\native\WebView2Loader.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debug\runtimes\win-arm64\native\WebView2Loader.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

132s

Max time network

139s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\basic-languages\swift\swift.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\basic-languages\swift\swift.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

131s

Max time network

136s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\language\css\cssworker.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\language\css\cssworker.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

133s

Max time network

141s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\language\css\cssmode.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\language\css\cssmode.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 34.197.79.40.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:30

Platform

win10-20240611-en

Max time kernel

65s

Max time network

81s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\language\json\jsonmode.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\language\json\jsonmode.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

132s

Max time network

137s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\language\json\jsonworker.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\language\json\jsonworker.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 63.141.182.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

133s

Max time network

137s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debug\Newtonsoft.Json.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debug\Newtonsoft.Json.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 63.141.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

132s

Max time network

141s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debug\SolaraAPI.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debug\SolaraAPI.dll,#1

Network

Country Destination Domain Proto
NL 52.111.243.31:443 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

132s

Max time network

136s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.nls.es.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.nls.es.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

133s

Max time network

139s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\basic-languages\xml\xml.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\basic-languages\xml\xml.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

132s

Max time network

140s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.nls.fr.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.nls.fr.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 34.197.79.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

132s

Max time network

139s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.nls.ko.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.nls.ko.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 11.73.50.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

132s

Max time network

139s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\language\typescript\tsworker.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\language\typescript\tsworker.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 11.73.50.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

132s

Max time network

140s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\basic-languages\st\st.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\basic-languages\st\st.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 34.197.79.40.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-15 15:24

Reported

2024-06-15 15:29

Platform

win10-20240404-en

Max time kernel

132s

Max time network

142s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.nls.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\vs\editor\editor.main.nls.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 63.141.182.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp

Files

N/A