Malware Analysis Report

2024-11-16 13:50

Sample ID 240628-bx3e1swfln
Target 8c0cc96d57d5b9a58f6d240d5121ec4f69c21255b60b106e6e183de496bb54f5.zip
SHA256 8c0cc96d57d5b9a58f6d240d5121ec4f69c21255b60b106e6e183de496bb54f5
Tags
evasion trojan execution stealc vidar discovery spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8c0cc96d57d5b9a58f6d240d5121ec4f69c21255b60b106e6e183de496bb54f5

Threat Level: Known bad

The file 8c0cc96d57d5b9a58f6d240d5121ec4f69c21255b60b106e6e183de496bb54f5.zip was found to be: Known bad.

Malicious Activity Summary

evasion trojan execution stealc vidar discovery spyware stealer

Vidar

Stealc

Detect Vidar Stealer

Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Detects Windows executables referencing non-Windows User-Agents

Detect binaries embedding considerable number of MFA browser extension IDs.

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Reads data files stored by FTP clients

Checks computer location settings

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Checks whether UAC is enabled

Suspicious use of SetThreadContext

Program crash

Enumerates physical storage devices

Command and Scripting Interpreter: JavaScript

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious behavior: MapViewOfSection

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-28 01:33

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:36

Platform

win7-20240508-en

Max time kernel

122s

Max time network

132s

Command Line

"C:\Users\Admin\AppData\Local\Temp\files\Setup.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hq_Control\JRWeb.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\files\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hq_Control\JRWeb.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\files\Setup.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\files\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\files\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hq_Control\JRWeb.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\files\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\files\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Hq_Control\JRWeb.exe

C:\Users\Admin\AppData\Local\Temp\Hq_Control\JRWeb.exe

Network

N/A

Files

memory/1812-0-0x0000000100000000-0x00000001013EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\d0137a6e

MD5 9b97e0eeeb2c72848b8364571aa3bea6
SHA1 a976cd15348f6caa5b013d16c7bfb89973601686
SHA256 4f60f0dfbfc9671763edd75f3d0ff83b2782c3cf0ee15531f27890cf42ab0028
SHA512 62ee1d713aed80a8f7282fc9f86c05f4e9be202de8b356728b467b264d7a2715e4cf80ece8a2334f0440834bcf39407dd5fd48a097e5add612e1260a7d54e9c1

memory/1812-6-0x000007FEF7030000-0x000007FEF7188000-memory.dmp

memory/1812-7-0x000007FEF7048000-0x000007FEF7049000-memory.dmp

memory/1812-9-0x000007FEF7030000-0x000007FEF7188000-memory.dmp

memory/1812-10-0x000007FEF7030000-0x000007FEF7188000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Hq_Control\JRWeb.exe

MD5 c047ae13fc1e25bc494b17ca10aa179e
SHA1 e293c7815c0eb8fbc44d60a3e9b27bd91b44b522
SHA256 6c30c8a2e827f48fcfc934dd34fb2cb10acb8747fd11faae085d8ad352c01fbf
SHA512 0cfb96d23b043bcb954cc307f85e5bbc349c0c8a0c6eaa335ea9a8fa19ce65b047f30ed0049562d40880400d4f70e3bb28975d6970f3ae4af6da1ba06e36d48c

memory/1812-17-0x000007FEF7030000-0x000007FEF7188000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Hq_Control\WebView2Loader.dll

MD5 4a99cb402c0d843b61a83015e0d3d731
SHA1 ac59e7722c85fef8050a715e6f4c3a3e5085d98e
SHA256 4ae3f7437a6991db64eac8e5d2fa02e9edce56ad98aaa273006963fed39548a8
SHA512 1eceb6ff5f53a98e61f21c90de9242e46c9607817eeb7ce77f500a5b225e123ac52b357c7729b334063cd8c8b37c2fbe38e76c1a5ee77244b176aa3e08d7eb18

C:\Users\Admin\AppData\Local\Temp\Hq_Control\perfidy.svg

MD5 d7046da347cd1c24f9af82a326413734
SHA1 a8ecd6cd212e0b866ef9611bf07b6826262da0c4
SHA256 580209f46352f01b832c81a836e72d05819d33502f51bdda6212eefe0b7675d6
SHA512 cd0327dce2c68ee800e204972a88afc30b59e93847a4837fb72ddb2ee0de73e40b8e4450d7f800d50adf239ee0bdf6a1818e21c05677d1893906fc898f59c9de

C:\Users\Admin\AppData\Local\Temp\Hq_Control\butadiene.wav

MD5 67aff9151292ba13adbbdbe84bef05fe
SHA1 c2766299f21528bdf1593ed4f849df1df1b10642
SHA256 09ff3222b2598b793f7081f8c3c20fe071b45cbdba1982997f1ae9c05c20957c
SHA512 a67122d5880dcd411a1143ba76d75604c592018bc90959360ac995b127c7204c93a68815ba823411d6b5e2ae961f76f7b9e6e11e4a572fe7b5aae598e4ff098a

memory/1812-25-0x000007FEF7030000-0x000007FEF7188000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win7-20240611-en

Max time kernel

119s

Max time network

125s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~00299a408.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~00299a408.js

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win10v2004-20240508-en

Max time kernel

90s

Max time network

153s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~00299a408.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~00299a408.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:36

Platform

win7-20240508-en

Max time kernel

122s

Max time network

130s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~13bdaad06.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~13bdaad06.js

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win7-20240221-en

Max time kernel

121s

Max time network

126s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~32b5733f1.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~32b5733f1.js

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:36

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

160s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~4bfd2d106.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~4bfd2d106.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win10v2004-20240508-en

Max time kernel

146s

Max time network

153s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~2dcc5aaf7.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~2dcc5aaf7.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win7-20240221-en

Max time kernel

119s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~4bfd2d106.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~4bfd2d106.js

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win7-20240220-en

Max time kernel

120s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~5303f55e9.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~5303f55e9.js

Network

N/A

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win7-20240611-en

Max time kernel

119s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~643d02cb5.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~643d02cb5.js

Network

N/A

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win10v2004-20240508-en

Max time kernel

144s

Max time network

152s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~643d02cb5.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~643d02cb5.js

Network

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:36

Platform

win10v2004-20240226-en

Max time kernel

153s

Max time network

200s

Command Line

"C:\Users\Admin\AppData\Local\Temp\files\Setup.exe"

Signatures

Detect Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Stealc

stealer stealc

Vidar

stealer vidar

Detect binaries embedding considerable number of MFA browser extension IDs.

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects Windows executables referencing non-Windows User-Agents

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\files\Setup.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3152 set thread context of 1052 N/A C:\Users\Admin\AppData\Roaming\Hq_Control\JRWeb.exe C:\Windows\SysWOW64\more.com

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\files\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\files\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hq_Control\JRWeb.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Hq_Control\JRWeb.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Hq_Control\JRWeb.exe N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Hq_Control\JRWeb.exe N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 548 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\files\Setup.exe C:\Users\Admin\AppData\Local\Temp\Hq_Control\JRWeb.exe
PID 548 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\files\Setup.exe C:\Users\Admin\AppData\Local\Temp\Hq_Control\JRWeb.exe
PID 2584 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\Hq_Control\JRWeb.exe C:\Users\Admin\AppData\Roaming\Hq_Control\JRWeb.exe
PID 2584 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\Hq_Control\JRWeb.exe C:\Users\Admin\AppData\Roaming\Hq_Control\JRWeb.exe
PID 3152 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Roaming\Hq_Control\JRWeb.exe C:\Users\Admin\AppData\Roaming\Hq_Control\HVOFQKMWLTBAVXNWJ\Setup.exe
PID 3152 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Roaming\Hq_Control\JRWeb.exe C:\Users\Admin\AppData\Roaming\Hq_Control\HVOFQKMWLTBAVXNWJ\Setup.exe
PID 3152 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Roaming\Hq_Control\JRWeb.exe C:\Users\Admin\AppData\Roaming\Hq_Control\HVOFQKMWLTBAVXNWJ\Setup.exe
PID 3152 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Roaming\Hq_Control\JRWeb.exe C:\Windows\SysWOW64\more.com
PID 3152 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Roaming\Hq_Control\JRWeb.exe C:\Windows\SysWOW64\more.com
PID 3152 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Roaming\Hq_Control\JRWeb.exe C:\Windows\SysWOW64\more.com
PID 3152 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Roaming\Hq_Control\JRWeb.exe C:\Windows\SysWOW64\more.com
PID 1052 wrote to memory of 3728 N/A C:\Windows\SysWOW64\more.com C:\Users\Admin\AppData\Local\Temp\Launcher32.exe
PID 1052 wrote to memory of 3728 N/A C:\Windows\SysWOW64\more.com C:\Users\Admin\AppData\Local\Temp\Launcher32.exe
PID 1052 wrote to memory of 3728 N/A C:\Windows\SysWOW64\more.com C:\Users\Admin\AppData\Local\Temp\Launcher32.exe
PID 1052 wrote to memory of 3728 N/A C:\Windows\SysWOW64\more.com C:\Users\Admin\AppData\Local\Temp\Launcher32.exe

Processes

C:\Users\Admin\AppData\Local\Temp\files\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\files\Setup.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1412 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Hq_Control\JRWeb.exe

C:\Users\Admin\AppData\Local\Temp\Hq_Control\JRWeb.exe

C:\Users\Admin\AppData\Roaming\Hq_Control\JRWeb.exe

C:\Users\Admin\AppData\Roaming\Hq_Control\JRWeb.exe

C:\Users\Admin\AppData\Roaming\Hq_Control\HVOFQKMWLTBAVXNWJ\Setup.exe

C:\Users\Admin\AppData\Roaming\Hq_Control\HVOFQKMWLTBAVXNWJ\Setup.exe

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4652 -ip 4652

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 840

C:\Users\Admin\AppData\Local\Temp\Launcher32.exe

C:\Users\Admin\AppData\Local\Temp\Launcher32.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3488 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:3

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 13.107.253.67:443 tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 aliszon.xyz udp
US 104.21.65.207:443 aliszon.xyz tcp
US 8.8.8.8:53 207.65.21.104.in-addr.arpa udp
US 8.8.8.8:53 c.pki.goog udp
GB 172.217.169.67:80 c.pki.goog tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 104.21.65.207:443 aliszon.xyz tcp
US 104.21.65.207:443 aliszon.xyz tcp
US 104.21.65.207:443 aliszon.xyz tcp
US 104.21.65.207:443 aliszon.xyz tcp
US 104.21.65.207:443 aliszon.xyz tcp
US 104.21.65.207:443 aliszon.xyz tcp
US 104.21.65.207:443 aliszon.xyz tcp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp
US 104.21.65.207:443 aliszon.xyz tcp
US 104.21.65.207:443 aliszon.xyz tcp
US 8.8.8.8:53 professionalresources.pw udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.200.42:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp

Files

memory/548-0-0x00007FF7B0750000-0x00007FF7B1B3E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\48b7bfeb

MD5 9b97e0eeeb2c72848b8364571aa3bea6
SHA1 a976cd15348f6caa5b013d16c7bfb89973601686
SHA256 4f60f0dfbfc9671763edd75f3d0ff83b2782c3cf0ee15531f27890cf42ab0028
SHA512 62ee1d713aed80a8f7282fc9f86c05f4e9be202de8b356728b467b264d7a2715e4cf80ece8a2334f0440834bcf39407dd5fd48a097e5add612e1260a7d54e9c1

memory/548-6-0x00007FFFD74F0000-0x00007FFFD7662000-memory.dmp

memory/548-9-0x00007FFFD74F0000-0x00007FFFD7662000-memory.dmp

memory/548-14-0x00007FFFD74F0000-0x00007FFFD7662000-memory.dmp

memory/548-7-0x00007FFFD7508000-0x00007FFFD7509000-memory.dmp

memory/548-17-0x00007FFFD74F0000-0x00007FFFD7662000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Hq_Control\JRWeb.exe

MD5 c047ae13fc1e25bc494b17ca10aa179e
SHA1 e293c7815c0eb8fbc44d60a3e9b27bd91b44b522
SHA256 6c30c8a2e827f48fcfc934dd34fb2cb10acb8747fd11faae085d8ad352c01fbf
SHA512 0cfb96d23b043bcb954cc307f85e5bbc349c0c8a0c6eaa335ea9a8fa19ce65b047f30ed0049562d40880400d4f70e3bb28975d6970f3ae4af6da1ba06e36d48c

C:\Users\Admin\AppData\Local\Temp\Hq_Control\WebView2Loader.dll

MD5 4a99cb402c0d843b61a83015e0d3d731
SHA1 ac59e7722c85fef8050a715e6f4c3a3e5085d98e
SHA256 4ae3f7437a6991db64eac8e5d2fa02e9edce56ad98aaa273006963fed39548a8
SHA512 1eceb6ff5f53a98e61f21c90de9242e46c9607817eeb7ce77f500a5b225e123ac52b357c7729b334063cd8c8b37c2fbe38e76c1a5ee77244b176aa3e08d7eb18

C:\Users\Admin\AppData\Local\Temp\Hq_Control\perfidy.svg

MD5 d7046da347cd1c24f9af82a326413734
SHA1 a8ecd6cd212e0b866ef9611bf07b6826262da0c4
SHA256 580209f46352f01b832c81a836e72d05819d33502f51bdda6212eefe0b7675d6
SHA512 cd0327dce2c68ee800e204972a88afc30b59e93847a4837fb72ddb2ee0de73e40b8e4450d7f800d50adf239ee0bdf6a1818e21c05677d1893906fc898f59c9de

C:\Users\Admin\AppData\Local\Temp\Hq_Control\butadiene.wav

MD5 67aff9151292ba13adbbdbe84bef05fe
SHA1 c2766299f21528bdf1593ed4f849df1df1b10642
SHA256 09ff3222b2598b793f7081f8c3c20fe071b45cbdba1982997f1ae9c05c20957c
SHA512 a67122d5880dcd411a1143ba76d75604c592018bc90959360ac995b127c7204c93a68815ba823411d6b5e2ae961f76f7b9e6e11e4a572fe7b5aae598e4ff098a

memory/2584-24-0x00007FFFD74F0000-0x00007FFFD7662000-memory.dmp

memory/3152-36-0x00007FFFD74F0000-0x00007FFFD7662000-memory.dmp

memory/3152-38-0x00007FFFD74F0000-0x00007FFFD7662000-memory.dmp

memory/3152-39-0x00007FFFD74F0000-0x00007FFFD7662000-memory.dmp

memory/548-40-0x00007FFFD74F0000-0x00007FFFD7662000-memory.dmp

C:\Users\Admin\AppData\Roaming\Hq_Control\HVOFQKMWLTBAVXNWJ\Setup.exe

MD5 9f262921a7fbd432c3a694a372caf1b9
SHA1 dfd75a8835a5553d457f4f702c7fe5785227854f
SHA256 56cff82b9e3ee0ed5e74a3e55115e96fd198598be26492cca7b15d9b9023a238
SHA512 cabeaef6132444dc06e7a53332eb58446f7046069044c44b7a27693866a1d66aad7b3ebb5fe7bb79b780548a75b206528f176f5505c574b1c7ad3bcc6fc628b8

memory/3152-44-0x00007FFFD74F0000-0x00007FFFD7662000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4d1b168a

MD5 84ad3dd740cc0043949163b65f64b97c
SHA1 6174d6418551278d6ca59fc65411a37ad415742e
SHA256 bc31b16a39232c220243a5336624f02316e86f2d9b7e1626e533ddc3c7f97b44
SHA512 74de388d541f2b40c8c8b4627965f2f5abf76dd261ef6de01c60a50891bda792134eda1aee3b8516667870b2ba9b6d816cd84710b8c2dad561ab7583c02e9158

memory/1052-48-0x00007FFFF6CB0000-0x00007FFFF6EA5000-memory.dmp

memory/1052-50-0x0000000074370000-0x00000000744EB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Launcher32.exe

MD5 de0ea31558536ca7e3164c3cd4578bf5
SHA1 5cc890c3ade653bb1ed1e53dabb0410602ee52df
SHA256 6e599490e164505af796569dce30e18218b179b2b791fe69764892b3ed3e7478
SHA512 c47299cd5f3b4961f423c2ca1fef5a33eb4b0f63dc232af70ef9da39f6f82270406061dd543461de7e47abd1244e26d6190de6035120211b27d4c23f97a25aba

memory/3728-55-0x0000000000AC0000-0x000000000120B000-memory.dmp

memory/3728-56-0x00007FFFF6CB0000-0x00007FFFF6EA5000-memory.dmp

memory/3728-57-0x0000000000AC0000-0x000000000120B000-memory.dmp

memory/3728-59-0x0000000000AC0000-0x000000000120B000-memory.dmp

memory/3728-67-0x0000000061E00000-0x0000000061EF3000-memory.dmp

memory/3728-94-0x0000000000AC0000-0x000000000120B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/3728-125-0x0000000000AC0000-0x000000000120B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win10v2004-20240611-en

Max time kernel

132s

Max time network

154s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~13bdaad06.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~13bdaad06.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win7-20231129-en

Max time kernel

118s

Max time network

123s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~1e47f672e.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~1e47f672e.js

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win7-20240508-en

Max time kernel

119s

Max time network

123s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~2dcc5aaf7.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~2dcc5aaf7.js

Network

N/A

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:36

Platform

win7-20240611-en

Max time kernel

134s

Max time network

148s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~3fde5681b.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~3fde5681b.js

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:36

Platform

win10v2004-20240226-en

Max time kernel

134s

Max time network

174s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~3fde5681b.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~3fde5681b.js

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1344 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 233.17.178.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win7-20240221-en

Max time kernel

120s

Max time network

125s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~114e7a4e2.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~114e7a4e2.js

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win10v2004-20240508-en

Max time kernel

49s

Max time network

52s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~1e47f672e.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~1e47f672e.js

Network

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win10v2004-20240508-en

Max time kernel

49s

Max time network

52s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~32b5733f1.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~32b5733f1.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

153s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~57063afaa.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~57063afaa.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win10v2004-20240508-en

Max time kernel

126s

Max time network

153s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~114e7a4e2.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~114e7a4e2.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win7-20240611-en

Max time kernel

119s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~11d764003.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~11d764003.js

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win10v2004-20240611-en

Max time kernel

147s

Max time network

151s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~11d764003.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~11d764003.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 13.107.21.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win7-20240221-en

Max time kernel

119s

Max time network

125s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~05c32d390.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~05c32d390.js

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:36

Platform

win10v2004-20240508-en

Max time kernel

49s

Max time network

56s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~05c32d390.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~05c32d390.js

Network

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win7-20231129-en

Max time kernel

117s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~57063afaa.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~57063afaa.js

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:36

Platform

win7-20240611-en

Max time kernel

118s

Max time network

133s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~074e593a7.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~074e593a7.js

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:36

Platform

win10v2004-20240226-en

Max time kernel

135s

Max time network

175s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~074e593a7.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~074e593a7.js

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3932 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
GB 96.16.110.114:80 tcp
US 13.107.253.64:443 tcp
GB 172.217.169.74:443 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 253.15.104.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:36

Platform

win7-20240508-en

Max time kernel

122s

Max time network

129s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~4611591fd.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~4611591fd.js

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win10v2004-20240508-en

Max time kernel

91s

Max time network

153s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~4611591fd.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~4611591fd.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-06-28 01:32

Reported

2024-06-28 01:35

Platform

win10v2004-20240611-en

Max time kernel

148s

Max time network

153s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~5303f55e9.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\files\autocompletion\libraries\libraries~5303f55e9.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

N/A