Malware Analysis Report

2025-01-23 14:51

Sample ID 240831-yjyw1asbnd
Target Add%20GCC11%20and%20VS2022%20support%20source%20code.zip
SHA256 00d59ad72f75e0c6160df0c2134ac102e67f60b8ccf185a05816f7e62811c63c
Tags
execution antivm
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

00d59ad72f75e0c6160df0c2134ac102e67f60b8ccf185a05816f7e62811c63c

Threat Level: Likely benign

The file Add%20GCC11%20and%20VS2022%20support%20source%20code.zip was found to be: Likely benign.

Malicious Activity Summary

execution antivm

Checks CPU configuration

Writes file to tmp directory

Unsigned PE

Command and Scripting Interpreter: JavaScript

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-31 19:49

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

debian9-armhf-20240611-en

Max time kernel

0s

Command Line

[/tmp/mono-CppSharp-20950c5/build/premake.sh]

Signatures

N/A

Processes

/tmp/mono-CppSharp-20950c5/build/premake.sh

[/tmp/mono-CppSharp-20950c5/build/premake.sh]

/usr/bin/dirname

[dirname /tmp/mono-CppSharp-20950c5/build/premake.sh]

/bin/uname

[uname -s]

/tmp/mono-CppSharp-20950c5/build/premake/premake5

[/tmp/mono-CppSharp-20950c5/build/premake/premake5]

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

win10v2004-20240802-en

Max time kernel

134s

Max time network

107s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\examples\SDL\SDL.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\examples\SDL\SDL.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

win7-20240704-en

Max time kernel

120s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\src\AST\Class.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\src\AST\Class.js

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

debian9-mipsel-20240611-en

Max time kernel

13s

Max time network

19s

Command Line

[/tmp/mono-CppSharp-20950c5/build/build.sh]

Signatures

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/filesystems /bin/tar N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/sh-thd.poRb9u /bin/bash N/A
File opened for modification /tmp/mono-CppSharp-20950c5/build/premake-5.0.0-beta2-linux.tar.gz /usr/bin/curl N/A

Processes

/tmp/mono-CppSharp-20950c5/build/build.sh

[/tmp/mono-CppSharp-20950c5/build/build.sh]

/usr/local/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/usr/local/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/usr/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/usr/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/usr/bin/dirname

[dirname /tmp/mono-CppSharp-20950c5/build/build.sh]

/bin/uname

[uname -m]

/usr/bin/tr

[tr [:upper:] [:lower:]]

/bin/uname

[uname -s]

/usr/bin/curl

[curl -L -O https://github.com/premake/premake-core/releases/download/v5.0.0-beta2/premake-5.0.0-beta2-linux.tar.gz]

/bin/tar

[tar -xf premake-5.0.0-beta2-linux.tar.gz -C /tmp/mono-CppSharp-20950c5/build/premake ./premake5]

/usr/local/sbin/gzip

[gzip -d]

/usr/local/bin/gzip

[gzip -d]

/usr/sbin/gzip

[gzip -d]

/usr/bin/gzip

[gzip -d]

/sbin/gzip

[gzip -d]

/bin/gzip

[gzip -d]

/bin/chmod

[chmod +x /tmp/mono-CppSharp-20950c5/build/premake/premake5]

/bin/rm

[rm premake-5.0.0-beta2-linux.tar.gz]

/tmp/mono-CppSharp-20950c5/build/premake.sh

[/tmp/mono-CppSharp-20950c5/build/premake.sh --file=/tmp/mono-CppSharp-20950c5/build/llvm/LLVM.lua download_llvm --os=linux --arch=x86 --configuration=Release]

Network

Country Destination Domain Proto
US 1.1.1.1:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 1.1.1.1:53 objects.githubusercontent.com udp
US 185.199.109.133:443 objects.githubusercontent.com tcp

Files

/tmp/sh-thd.poRb9u

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

/tmp/mono-CppSharp-20950c5/build/premake-5.0.0-beta2-linux.tar.gz

MD5 40415c662cd30bdc27f17b89faf181f1
SHA1 4059b9b4c0ff931fb1f2b0c9272c43bb5827ef99
SHA256 4186b8fd66b55df935280f55663c6e46fd568799d89b7ff6a3cfb20d58ff6224
SHA512 dca77bff24a64dc5bc7e6b2af122e5b35ecc25df67e8a4e472c7373a49c1def66236f914e6484b1ccb9d1ed34ac3e9c22f43e292e72317a22d1c75498e5a8dca

/tmp/mono-CppSharp-20950c5/build/premake/premake5

MD5 13c953b2e6a138b0707d41710aa73d29
SHA1 f5dc6fe29e8d55807ddffea351f49f557574680f
SHA256 8955d5bec667bc75fe45b2753ee52e0632d0b56a6aa5e63b7f4a404b4a2dd9f9
SHA512 27c2408779a82879bd72bf452af751eaba749638a57e9bbba7babe78473d87ab7e2622f14f76d5dcbf97d7477cce06a21b37bc9a5bdde640a8e62dd0e3df8f0e

Analysis: behavioral19

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

debian9-mipsbe-20240611-en

Max time kernel

28s

Command Line

[/tmp/mono-CppSharp-20950c5/build/test.sh]

Signatures

N/A

Processes

/tmp/mono-CppSharp-20950c5/build/test.sh

[/tmp/mono-CppSharp-20950c5/build/test.sh]

/usr/local/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/usr/local/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/usr/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/usr/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/usr/bin/dirname

[dirname /tmp/mono-CppSharp-20950c5/build/test.sh]

/tmp/mono-CppSharp-20950c5/build/build.sh

[/tmp/mono-CppSharp-20950c5/build/build.sh test]

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

win10v2004-20240802-en

Max time kernel

149s

Max time network

154s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\examples\Parser\Parser.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\examples\Parser\Parser.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 42.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

win10v2004-20240802-en

Max time kernel

149s

Max time network

158s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\src\AST\ASTVisitor.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\src\AST\ASTVisitor.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 41.173.79.40.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

debian9-mipsbe-20240418-en

Max time kernel

9s

Max time network

12s

Command Line

[/tmp/mono-CppSharp-20950c5/build/build.sh]

Signatures

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/filesystems /bin/tar N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/sh-thd.fiC65N /bin/bash N/A
File opened for modification /tmp/mono-CppSharp-20950c5/build/premake-5.0.0-beta2-linux.tar.gz /usr/bin/curl N/A

Processes

/tmp/mono-CppSharp-20950c5/build/build.sh

[/tmp/mono-CppSharp-20950c5/build/build.sh]

/usr/local/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/usr/local/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/usr/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/usr/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/usr/bin/dirname

[dirname /tmp/mono-CppSharp-20950c5/build/build.sh]

/bin/uname

[uname -m]

/usr/bin/tr

[tr [:upper:] [:lower:]]

/bin/uname

[uname -s]

/usr/bin/curl

[curl -L -O https://github.com/premake/premake-core/releases/download/v5.0.0-beta2/premake-5.0.0-beta2-linux.tar.gz]

/bin/tar

[tar -xf premake-5.0.0-beta2-linux.tar.gz -C /tmp/mono-CppSharp-20950c5/build/premake ./premake5]

/usr/local/sbin/gzip

[gzip -d]

/usr/local/bin/gzip

[gzip -d]

/usr/sbin/gzip

[gzip -d]

/usr/bin/gzip

[gzip -d]

/sbin/gzip

[gzip -d]

/bin/gzip

[gzip -d]

/bin/chmod

[chmod +x /tmp/mono-CppSharp-20950c5/build/premake/premake5]

/bin/rm

[rm premake-5.0.0-beta2-linux.tar.gz]

/tmp/mono-CppSharp-20950c5/build/premake.sh

[/tmp/mono-CppSharp-20950c5/build/premake.sh --file=/tmp/mono-CppSharp-20950c5/build/llvm/LLVM.lua download_llvm --os=linux --arch=x86 --configuration=Release]

Network

Country Destination Domain Proto
US 1.1.1.1:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 1.1.1.1:53 objects.githubusercontent.com udp
US 185.199.109.133:443 objects.githubusercontent.com tcp

Files

/tmp/sh-thd.fiC65N

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

/tmp/mono-CppSharp-20950c5/build/premake-5.0.0-beta2-linux.tar.gz

MD5 40415c662cd30bdc27f17b89faf181f1
SHA1 4059b9b4c0ff931fb1f2b0c9272c43bb5827ef99
SHA256 4186b8fd66b55df935280f55663c6e46fd568799d89b7ff6a3cfb20d58ff6224
SHA512 dca77bff24a64dc5bc7e6b2af122e5b35ecc25df67e8a4e472c7373a49c1def66236f914e6484b1ccb9d1ed34ac3e9c22f43e292e72317a22d1c75498e5a8dca

/tmp/mono-CppSharp-20950c5/build/premake/premake5

MD5 13c953b2e6a138b0707d41710aa73d29
SHA1 f5dc6fe29e8d55807ddffea351f49f557574680f
SHA256 8955d5bec667bc75fe45b2753ee52e0632d0b56a6aa5e63b7f4a404b4a2dd9f9
SHA512 27c2408779a82879bd72bf452af751eaba749638a57e9bbba7babe78473d87ab7e2622f14f76d5dcbf97d7477cce06a21b37bc9a5bdde640a8e62dd0e3df8f0e

Analysis: behavioral14

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

debian9-mipsel-20240418-en

Max time kernel

0s

Command Line

[/tmp/mono-CppSharp-20950c5/build/premake.sh]

Signatures

N/A

Processes

/tmp/mono-CppSharp-20950c5/build/premake.sh

[/tmp/mono-CppSharp-20950c5/build/premake.sh]

/usr/bin/dirname

[dirname /tmp/mono-CppSharp-20950c5/build/premake.sh]

/bin/uname

[uname -s]

/tmp/mono-CppSharp-20950c5/build/premake/premake5

[/tmp/mono-CppSharp-20950c5/build/premake/premake5]

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

win10v2004-20240802-en

Max time kernel

139s

Max time network

129s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\src\AST\ASTContext.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\src\AST\ASTContext.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

win7-20240704-en

Max time kernel

117s

Max time network

121s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\build\llvm\LLVM.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\build\llvm\LLVM.js

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

win10v2004-20240802-en

Max time kernel

133s

Max time network

155s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\docs\GeneratingBindings.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\docs\GeneratingBindings.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
NL 52.111.243.31:443 tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

debian9-armhf-20240729-en

Max time kernel

148s

Max time network

7s

Command Line

[/tmp/mono-CppSharp-20950c5/build/build.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/sh-thd.o80bQb /bin/bash N/A

Processes

/tmp/mono-CppSharp-20950c5/build/build.sh

[/tmp/mono-CppSharp-20950c5/build/build.sh]

/usr/local/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/usr/local/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/usr/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/usr/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/usr/bin/dirname

[dirname /tmp/mono-CppSharp-20950c5/build/build.sh]

/bin/uname

[uname -m]

/usr/bin/tr

[tr [:upper:] [:lower:]]

/bin/uname

[uname -s]

/usr/bin/curl

[curl -L -O https://github.com/premake/premake-core/releases/download/v5.0.0-beta2/premake-5.0.0-beta2-linux.tar.gz]

Network

Country Destination Domain Proto
US 1.1.1.1:53 github.com udp

Files

/tmp/sh-thd.o80bQb

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Analysis: behavioral6

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

debian9-armhf-20240611-en

Max time kernel

0s

Command Line

[/tmp/mono-CppSharp-20950c5/build/generate.sh]

Signatures

N/A

Processes

/tmp/mono-CppSharp-20950c5/build/generate.sh

[/tmp/mono-CppSharp-20950c5/build/generate.sh]

/usr/bin/dirname

[dirname /tmp/mono-CppSharp-20950c5/build/generate.sh]

/tmp/mono-CppSharp-20950c5/build/build.sh

[/tmp/mono-CppSharp-20950c5/build/build.sh generate]

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/mono-CppSharp-20950c5/build/premake.sh]

Signatures

N/A

Processes

/tmp/mono-CppSharp-20950c5/build/premake.sh

[/tmp/mono-CppSharp-20950c5/build/premake.sh]

/usr/bin/dirname

[dirname /tmp/mono-CppSharp-20950c5/build/premake.sh]

/bin/uname

[uname -s]

/tmp/mono-CppSharp-20950c5/build/premake/premake5

[/tmp/mono-CppSharp-20950c5/build/premake/premake5]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.129.91:443 tcp
US 151.101.129.91:443 tcp
GB 195.181.164.14:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 89.187.167.39:443 1527653184.rsc.cdn77.org tcp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

debian9-mipsbe-20240611-en

Max time kernel

0s

Command Line

[/tmp/mono-CppSharp-20950c5/build/premake.sh]

Signatures

N/A

Processes

/tmp/mono-CppSharp-20950c5/build/premake.sh

[/tmp/mono-CppSharp-20950c5/build/premake.sh]

/usr/bin/dirname

[dirname /tmp/mono-CppSharp-20950c5/build/premake.sh]

/bin/uname

[uname -s]

/tmp/mono-CppSharp-20950c5/build/premake/premake5

[/tmp/mono-CppSharp-20950c5/build/premake/premake5]

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

ubuntu1804-amd64-20240729-en

Max time kernel

0s

Max time network

132s

Command Line

[/tmp/mono-CppSharp-20950c5/build/test.sh]

Signatures

N/A

Processes

/tmp/mono-CppSharp-20950c5/build/test.sh

[/tmp/mono-CppSharp-20950c5/build/test.sh]

/usr/local/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/usr/local/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/usr/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/usr/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/usr/bin/dirname

[dirname /tmp/mono-CppSharp-20950c5/build/test.sh]

/tmp/mono-CppSharp-20950c5/build/build.sh

[/tmp/mono-CppSharp-20950c5/build/build.sh test]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.129.91:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.129.91:443 tcp
GB 89.187.167.38:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 84.17.50.8:443 1527653184.rsc.cdn77.org tcp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

win7-20240708-en

Max time kernel

118s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\examples\Parser\Parser.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\examples\Parser\Parser.js

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

debian9-mipsbe-20240611-en

Max time kernel

1s

Command Line

[/tmp/mono-CppSharp-20950c5/build/generate.sh]

Signatures

N/A

Processes

/tmp/mono-CppSharp-20950c5/build/generate.sh

[/tmp/mono-CppSharp-20950c5/build/generate.sh]

/usr/bin/dirname

[dirname /tmp/mono-CppSharp-20950c5/build/generate.sh]

/tmp/mono-CppSharp-20950c5/build/build.sh

[/tmp/mono-CppSharp-20950c5/build/build.sh generate]

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

debian9-mipsel-20240611-en

Max time kernel

1s

Command Line

[/tmp/mono-CppSharp-20950c5/build/test.sh]

Signatures

N/A

Processes

/tmp/mono-CppSharp-20950c5/build/test.sh

[/tmp/mono-CppSharp-20950c5/build/test.sh]

/usr/local/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/usr/local/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/usr/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/usr/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/usr/bin/dirname

[dirname /tmp/mono-CppSharp-20950c5/build/test.sh]

/tmp/mono-CppSharp-20950c5/build/build.sh

[/tmp/mono-CppSharp-20950c5/build/build.sh test]

Network

N/A

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

158s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\src\AST\Class.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\src\AST\Class.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

win10v2004-20240802-en

Max time kernel

136s

Max time network

157s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\build\llvm\LLVM.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\build\llvm\LLVM.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 43.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

win7-20240729-en

Max time kernel

16s

Max time network

17s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\build\scripts\Vagrantfile.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\build\scripts\Vagrantfile.vbs"

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

debian9-armhf-20240611-en

Max time kernel

1s

Command Line

[/tmp/mono-CppSharp-20950c5/build/test.sh]

Signatures

N/A

Processes

/tmp/mono-CppSharp-20950c5/build/test.sh

[/tmp/mono-CppSharp-20950c5/build/test.sh]

/usr/local/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/usr/local/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/usr/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/usr/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/test.sh]

/usr/bin/dirname

[dirname /tmp/mono-CppSharp-20950c5/build/test.sh]

/tmp/mono-CppSharp-20950c5/build/build.sh

[/tmp/mono-CppSharp-20950c5/build/build.sh test]

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

win7-20240705-en

Max time kernel

121s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\examples\SDL\SDL.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\examples\SDL\SDL.js

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

win7-20240704-en

Max time kernel

119s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\src\AST\ASTContext.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\src\AST\ASTContext.js

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

win7-20240708-en

Max time kernel

120s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\src\AST\ASTVisitor.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\src\AST\ASTVisitor.js

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

149s

Max time network

133s

Command Line

[/tmp/mono-CppSharp-20950c5/build/build.sh]

Signatures

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/sh-thd.CrErMg /bin/bash N/A

Processes

/tmp/mono-CppSharp-20950c5/build/build.sh

[/tmp/mono-CppSharp-20950c5/build/build.sh]

/usr/local/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/usr/local/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/usr/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/usr/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/sbin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/bin/bash

[bash /tmp/mono-CppSharp-20950c5/build/build.sh]

/usr/bin/dirname

[dirname /tmp/mono-CppSharp-20950c5/build/build.sh]

/bin/uname

[uname -m]

/usr/bin/tr

[tr [:upper:] [:lower:]]

/bin/uname

[uname -s]

/usr/bin/curl

[curl -L -O https://github.com/premake/premake-core/releases/download/v5.0.0-beta2/premake-5.0.0-beta2-linux.tar.gz]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 github.com udp
US 1.1.1.1:53 github.com udp
US 151.101.193.91:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
GB 195.181.164.14:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 84.17.50.8:443 1527653184.rsc.cdn77.org tcp

Files

/tmp/sh-thd.CrErMg

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Analysis: behavioral5

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

132s

Command Line

[/tmp/mono-CppSharp-20950c5/build/generate.sh]

Signatures

N/A

Processes

/tmp/mono-CppSharp-20950c5/build/generate.sh

[/tmp/mono-CppSharp-20950c5/build/generate.sh]

/usr/bin/dirname

[dirname /tmp/mono-CppSharp-20950c5/build/generate.sh]

/tmp/mono-CppSharp-20950c5/build/build.sh

[/tmp/mono-CppSharp-20950c5/build/build.sh generate]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 195.181.164.14:443 tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

debian9-mipsel-20240729-en

Max time kernel

1s

Command Line

[/tmp/mono-CppSharp-20950c5/build/generate.sh]

Signatures

N/A

Processes

/tmp/mono-CppSharp-20950c5/build/generate.sh

[/tmp/mono-CppSharp-20950c5/build/generate.sh]

/usr/bin/dirname

[dirname /tmp/mono-CppSharp-20950c5/build/generate.sh]

/tmp/mono-CppSharp-20950c5/build/build.sh

[/tmp/mono-CppSharp-20950c5/build/build.sh generate]

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

win10v2004-20240802-en

Max time kernel

129s

Max time network

126s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\build\scripts\Vagrantfile.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\build\scripts\Vagrantfile.vbs"

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-08-31 19:49

Reported

2024-08-31 19:52

Platform

win7-20240708-en

Max time kernel

119s

Max time network

121s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\docs\GeneratingBindings.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\mono-CppSharp-20950c5\docs\GeneratingBindings.js

Network

N/A

Files

N/A