Analysis Overview
SHA256
e3f61f01d319d83d17da2eca4a7c2b04aa51bdf84ec780f80be7698bdfded535
Threat Level: Known bad
The file e3f61f01d319d83d17da2eca4a7c2b04aa51bdf84ec780f80be7698bdfded535.zip was found to be: Known bad.
Malicious Activity Summary
Detect Vidar Stealer
Stealc
Vidar
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
Detects Windows executables referencing non-Windows User-Agents
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
Detect binaries embedding considerable number of MFA browser extension IDs.
Downloads MZ/PE file
Reads user/profile data of web browsers
Reads data files stored by FTP clients
Checks computer location settings
Loads dropped DLL
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
Command and Scripting Interpreter: JavaScript
Program crash
Enumerates physical storage devices
Checks processor information in registry
Suspicious use of SetWindowsHookEx
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-29 01:52
Signatures
Analysis: behavioral26
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
155s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~4bfd2d106.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| BE | 23.41.178.51:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.178.41.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 52.111.227.14:443 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.17.178.52.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win7-20240611-en
Max time kernel
121s
Max time network
126s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~00299a408.js
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win7-20240508-en
Max time kernel
117s
Max time network
120s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~114e7a4e2.js
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win7-20240611-en
Max time kernel
121s
Max time network
125s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~2dcc5aaf7.js
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win7-20240508-en
Max time kernel
121s
Max time network
125s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~3fde5681b.js
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win7-20240508-en
Max time kernel
121s
Max time network
125s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~4bfd2d106.js
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
154s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~05c32d390.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win7-20240221-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~643d02cb5.js
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win10v2004-20240611-en
Max time kernel
132s
Max time network
156s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~074e593a7.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| BE | 23.41.178.51:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 51.178.41.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win7-20240508-en
Max time kernel
121s
Max time network
125s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~4611591fd.js
Network
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win7-20240611-en
Max time kernel
121s
Max time network
126s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~57063afaa.js
Network
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win10v2004-20240508-en
Max time kernel
49s
Max time network
52s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~643d02cb5.js
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win7-20240508-en
Max time kernel
149s
Max time network
128s
Command Line
Signatures
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Stealc
Vidar
Detects Windows executables referencing non-Windows User-Agents
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\VIDA.au3 | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1688 set thread context of 2484 | N/A | C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\Setup.exe | C:\Windows\SysWOW64\more.com |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\VIDA.au3 |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Users\Admin\AppData\Local\Temp\VIDA.au3
C:\Users\Admin\AppData\Local\Temp\VIDA.au3
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 148
Network
Files
memory/1688-0-0x0000000000B70000-0x0000000000B71000-memory.dmp
memory/1688-1-0x0000000000400000-0x0000000000B60000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\e748d98e
| MD5 | e9036df928c31d7ba3f8ed63275a9dc2 |
| SHA1 | d1effabbdb38682cf73f6ddb5f0170112efe6381 |
| SHA256 | f2516f2ea49297ceb88651eec0815035cf3961543891571f62a013df3a3400b2 |
| SHA512 | 841cfceda5f9cbbb2689e158918c3c44071928ef6c96f20651b8aeae1211c423a8ff6fd3f4d50b7e9ce01b1cc12bcb020cbe941430376c991521c93ca49afe6d |
memory/1688-7-0x000007FEF6BD0000-0x000007FEF6D28000-memory.dmp
memory/1688-8-0x000007FEF6BE8000-0x000007FEF6BE9000-memory.dmp
memory/1688-9-0x000007FEF6BD0000-0x000007FEF6D28000-memory.dmp
memory/1688-10-0x000007FEF6BD0000-0x000007FEF6D28000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\e9a5e509
| MD5 | 259a510140a5ca1fb7d8c620025947c8 |
| SHA1 | 77c23f8083a6872d16f9df3d25d0a7f00d3ab920 |
| SHA256 | fa920ff6ca68fd1db5d420266474232ec47af7ba185dcc99bc2656f4d88e9963 |
| SHA512 | ac3d5efec81919d1dd16ad76de24624c8ef8062d04a193336b6e7ed41385a691052f75709b0b0149b06f2310fc8146a6676077b1092ae2bfe6107b40d8692c53 |
memory/2484-14-0x0000000077500000-0x00000000776A9000-memory.dmp
memory/2484-16-0x0000000074E90000-0x0000000075004000-memory.dmp
memory/2484-17-0x0000000074E9E000-0x0000000074EA0000-memory.dmp
memory/2484-21-0x0000000074E90000-0x0000000075004000-memory.dmp
\Users\Admin\AppData\Local\Temp\VIDA.au3
| MD5 | c56b5f0201a3b3de53e561fe76912bfd |
| SHA1 | 2a4062e10a5de813f5688221dbeb3f3ff33eb417 |
| SHA256 | 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d |
| SHA512 | 195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c |
memory/2660-24-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp
memory/2660-23-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp
memory/2484-25-0x0000000074E90000-0x0000000075004000-memory.dmp
memory/2660-27-0x00000000005F0000-0x0000000000839000-memory.dmp
memory/2660-34-0x00000000005F0000-0x0000000000839000-memory.dmp
memory/2484-36-0x0000000074E9E000-0x0000000074EA0000-memory.dmp
memory/2660-37-0x00000000005F0000-0x0000000000839000-memory.dmp
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win10v2004-20240611-en
Max time kernel
147s
Max time network
152s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~114e7a4e2.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| BE | 23.41.178.51:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 51.178.41.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.112.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win7-20240221-en
Max time kernel
119s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~1e47f672e.js
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win10v2004-20240508-en
Max time kernel
49s
Max time network
52s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~1e47f672e.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
153s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~3fde5681b.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 52.111.229.48:443 | tcp | |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.112.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
157s
Command Line
Signatures
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Stealc
Vidar
Detect binaries embedding considerable number of MFA browser extension IDs.
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects Windows executables referencing non-Windows User-Agents
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\VIDA.au3 | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\VIDA.au3 | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3140 set thread context of 4972 | N/A | C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\Setup.exe | C:\Windows\SysWOW64\more.com |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\VIDA.au3 | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\VIDA.au3 | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\VIDA.au3 | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\VIDA.au3 | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\VIDA.au3 | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\VIDA.au3 | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\VIDA.au3 | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Users\Admin\AppData\Local\Temp\VIDA.au3
C:\Users\Admin\AppData\Local\Temp\VIDA.au3
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| BE | 23.41.178.51:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.178.41.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.249.124.192.in-addr.arpa | udp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| US | 8.8.8.8:53 | 214.251.201.195.in-addr.arpa | udp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | tcp | |
| DE | 195.201.251.214:9000 | tcp | |
| DE | 195.201.251.214:9000 | tcp | |
| DE | 195.201.251.214:9000 | tcp | |
| DE | 195.201.251.214:9000 | tcp | |
| DE | 195.201.251.214:9000 | tcp | |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| DE | 195.201.251.214:9000 | 195.201.251.214 | tcp |
| US | 8.8.8.8:53 | professionalresources.pw | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
memory/3140-0-0x00000000028C0000-0x00000000028C1000-memory.dmp
memory/3140-1-0x0000000000400000-0x0000000000B60000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ace27665
| MD5 | e9036df928c31d7ba3f8ed63275a9dc2 |
| SHA1 | d1effabbdb38682cf73f6ddb5f0170112efe6381 |
| SHA256 | f2516f2ea49297ceb88651eec0815035cf3961543891571f62a013df3a3400b2 |
| SHA512 | 841cfceda5f9cbbb2689e158918c3c44071928ef6c96f20651b8aeae1211c423a8ff6fd3f4d50b7e9ce01b1cc12bcb020cbe941430376c991521c93ca49afe6d |
memory/3140-7-0x00007FFD08960000-0x00007FFD08AD2000-memory.dmp
memory/3140-8-0x00007FFD08978000-0x00007FFD08979000-memory.dmp
memory/3140-9-0x00007FFD08960000-0x00007FFD08AD2000-memory.dmp
memory/3140-10-0x00007FFD08960000-0x00007FFD08AD2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\afbfc86b
| MD5 | a5c36660c5d69ecd8e796b65843f682e |
| SHA1 | 10e7176a897a1268d12686eccb0acc11553da82e |
| SHA256 | 61c8831a1d3b915cff6e933602881e1beeeca08d6bc87bfcfee1506cbcb52769 |
| SHA512 | fc804dbdef88ffd223259ecbf8b21832914e38a88d8e6a55fa08cf613fe25e420f333a1b291bc8e75b623436528d1457b106dd92aaf588b36380b4ecbe9f1019 |
memory/4972-14-0x00007FFD17AF0000-0x00007FFD17CE5000-memory.dmp
memory/4972-17-0x00000000756EE000-0x00000000756F0000-memory.dmp
memory/4972-16-0x00000000756E0000-0x000000007585B000-memory.dmp
memory/4972-18-0x00000000756E0000-0x000000007585B000-memory.dmp
memory/4972-23-0x00000000756E0000-0x000000007585B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VIDA.au3
| MD5 | c56b5f0201a3b3de53e561fe76912bfd |
| SHA1 | 2a4062e10a5de813f5688221dbeb3f3ff33eb417 |
| SHA256 | 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d |
| SHA512 | 195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c |
memory/4208-26-0x0000000000C90000-0x0000000000ED9000-memory.dmp
memory/4208-27-0x00007FFD17AF0000-0x00007FFD17CE5000-memory.dmp
memory/4208-37-0x0000000000C90000-0x0000000000ED9000-memory.dmp
memory/4208-41-0x000000001D5A0000-0x000000001D7FF000-memory.dmp
memory/4972-83-0x00000000756EE000-0x00000000756F0000-memory.dmp
memory/4208-82-0x0000000000C90000-0x0000000000ED9000-memory.dmp
memory/4208-84-0x0000000000C90000-0x0000000000ED9000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~00299a408.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
158s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~5303f55e9.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
151s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~57063afaa.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.17.178.52.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win7-20240221-en
Max time kernel
117s
Max time network
122s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~074e593a7.js
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win7-20240611-en
Max time kernel
118s
Max time network
132s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~13bdaad06.js
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win10v2004-20240611-en
Max time kernel
130s
Max time network
154s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~4611591fd.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| BE | 23.41.178.51:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.178.41.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win7-20240611-en
Max time kernel
119s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~5303f55e9.js
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win7-20240611-en
Max time kernel
118s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~05c32d390.js
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win7-20240508-en
Max time kernel
123s
Max time network
130s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~11d764003.js
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win10v2004-20240611-en
Max time kernel
146s
Max time network
150s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~11d764003.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| BE | 23.41.178.51:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| BE | 23.41.178.51:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 51.178.41.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win10v2004-20240226-en
Max time kernel
132s
Max time network
158s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~13bdaad06.js
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1852 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 216.58.212.202:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.112.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
156s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~2dcc5aaf7.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win7-20240508-en
Max time kernel
121s
Max time network
125s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~32b5733f1.js
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-06-29 01:51
Reported
2024-06-29 01:55
Platform
win10v2004-20240611-en
Max time kernel
133s
Max time network
154s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\!!fUlLSetup_3355_P@ssKeys!!\autocompletion\libraries\libraries~32b5733f1.js
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=2816,i,6522675234395427298,2952738987384583032,262144 --variations-seed-version --mojo-platform-channel-handle=4288 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 13.107.42.16:443 | tcp | |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 199.232.210.172:80 | tcp | |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |