Analysis Overview
SHA256
c21127aadac9b81dd678971dc27c4bcace5682fa2c8fe08caade0a75cf464d21
Threat Level: Shows suspicious behavior
The file xera (1).rar was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obfuscated with Agile.Net obfuscator
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Unsigned PE
Browser Information Discovery
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-21 20:04
Signatures
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral5
Detonation Overview
Submitted
2024-09-21 20:04
Reported
2024-09-21 20:05
Platform
win11-20240802-en
Max time kernel
44s
Max time network
29s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3761892313-3378554128-2287991803-1000\{26019532-F1DE-4E6E-9358-344E327DB95D} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\xerav1.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\xerav1.exe
"C:\Users\Admin\AppData\Local\Temp\xerav1.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/TzsNVCW2Nw
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff942943cb8,0x7ff942943cc8,0x7ff942943cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,10264560391659878422,10772976570456359521,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,10264560391659878422,10772976570456359521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,10264560391659878422,10772976570456359521,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10264560391659878422,10772976570456359521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10264560391659878422,10772976570456359521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10264560391659878422,10772976570456359521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,10264560391659878422,10772976570456359521,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1916,10264560391659878422,10772976570456359521,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,10264560391659878422,10772976570456359521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,10264560391659878422,10772976570456359521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10264560391659878422,10772976570456359521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10264560391659878422,10772976570456359521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 162.159.133.234:443 | discord.gg | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 127.0.0.1:6463 | tcp | |
| N/A | 127.0.0.1:6464 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 127.0.0.1:6465 | tcp | |
| N/A | 127.0.0.1:6466 | tcp | |
| N/A | 127.0.0.1:6467 | tcp | |
| N/A | 127.0.0.1:6468 | tcp | |
| N/A | 127.0.0.1:6469 | tcp | |
| N/A | 127.0.0.1:6470 | tcp | |
| N/A | 127.0.0.1:6471 | tcp | |
| N/A | 127.0.0.1:6472 | tcp |
Files
memory/1900-0-0x00007FF931153000-0x00007FF931155000-memory.dmp
memory/1900-1-0x0000000000B50000-0x0000000000E08000-memory.dmp
memory/1900-2-0x0000000003250000-0x0000000003318000-memory.dmp
memory/1900-3-0x00007FF931150000-0x00007FF931C12000-memory.dmp
memory/1900-4-0x000000001BDB0000-0x000000001BEFE000-memory.dmp
memory/1900-5-0x00000000016A0000-0x00000000016B4000-memory.dmp
memory/1900-6-0x00007FF931150000-0x00007FF931C12000-memory.dmp
memory/1900-7-0x00007FF931150000-0x00007FF931C12000-memory.dmp
memory/1900-8-0x00007FF931150000-0x00007FF931C12000-memory.dmp
memory/1900-9-0x00007FF931150000-0x00007FF931C12000-memory.dmp
memory/1900-10-0x00007FF931153000-0x00007FF931155000-memory.dmp
memory/1900-11-0x00007FF931150000-0x00007FF931C12000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c4a10f6df4922438ca68ada540730100 |
| SHA1 | 4c7bfbe3e2358a28bf5b024c4be485fa6773629e |
| SHA256 | f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02 |
| SHA512 | b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c |
\??\pipe\LOCAL\crashpad_2936_ZTWBGJOSWCKDNKST
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4c3889d3f0d2246f800c495aec7c3f7c |
| SHA1 | dd38e6bf74617bfcf9d6cceff2f746a094114220 |
| SHA256 | 0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4 |
| SHA512 | 2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6d9e6e5dca579ec8552c5772158a4fdf |
| SHA1 | 5c060eb5524121bdf6103f8ab2fb7abb0e4b2acc |
| SHA256 | 871d4eb6f9be1ac426c6a884f0030b3caf3e41f96acb6ae5d50b905ff9f14f41 |
| SHA512 | 9c9d162a666673f06cd1c9dff857472a2f2ac4a8a4380768d9e9b98e5e4e72ac97424d28e45951bb1617794d387fe186dae60fc3b9ecc223f8ed9940492c177b |
memory/1900-34-0x00007FF931150000-0x00007FF931C12000-memory.dmp
memory/1900-43-0x00007FF931150000-0x00007FF931C12000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cfcaacd4b040b740cc0ec411220286d3 |
| SHA1 | 09afe0ff23336a2679e883d82e61140c62a67ff1 |
| SHA256 | 02179f54d4d4cb4e010165abc19914ec1879631d20f51c1ce6d007374e5ce548 |
| SHA512 | 96fddffa685fab68cbcccf9cf5475bfe1f3b1b6247cf1fd592f3e34171af1b17248777f8b486e9410819d18fc3e529deaeabc6e698fa4747e3630acca6f2543d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 65f710d6e2925e37670823749e199d97 |
| SHA1 | fa5d29c8bf77a4b0a8b14c4474469d541b4414a7 |
| SHA256 | 76962b0f510cb43f4b093b9d853f602061a138ef90e707d3123d0e89b4aa6a18 |
| SHA512 | 189a500d64e04a3e82b41736ca4f812cc6f6e80d0732726ec92ca2a640441969f9293b5bf08be5185cfcc9f051142952d7acbc5d028c8fc3b9ad6c4663b9709d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
memory/1900-164-0x000000001F0A0000-0x000000001F1BA000-memory.dmp
memory/1900-165-0x000000001CE20000-0x000000001CE86000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fe38378266e6b44fd54b14f65bb0f797 |
| SHA1 | 45f35808f9e729da205e5670cedcb31a3438159a |
| SHA256 | 96b8434ce58646dcb10a8516dc44db1f762036adcf65f3a0c26272f2e9d591d7 |
| SHA512 | c818014b69a359c1520104d6d906a51717566ed81c3b2df3101fd562176ac123c8b4b107f474bb21dbc07c5cfb40b41fbca3d0c9f6fdf662bf879d81a36c7550 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1fcbbf6365016023610906cef995bf20 |
| SHA1 | b465ab82109e1f60af545a759d3b796ec4063003 |
| SHA256 | f60c82566aa0fc6ccb60915eaae6348ff3226e45d36c225ae2a225d38ab16d05 |
| SHA512 | 40592633ad2046cb97231be3547fa6d3f90dbd18808c1da792b30644cbe698f2e0393ca3369a57b88207f576c938331b87a2b0b907b2e1024f9649c9c747c6a6 |
memory/1900-190-0x00007FF931150000-0x00007FF931C12000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-21 20:04
Reported
2024-09-21 20:34
Platform
win11-20240802-en
Max time kernel
438s
Max time network
1161s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\xera (1).rar"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-21 20:04
Reported
2024-09-21 20:34
Platform
win11-20240802-en
Max time kernel
435s
Max time network
1160s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Guna.UI.dll,#1
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-09-21 20:04
Reported
2024-09-21 20:34
Platform
win11-20240802-en
Max time kernel
442s
Max time network
1163s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Guna.UI2.dll,#1
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-09-21 20:04
Reported
2024-09-21 20:34
Platform
win11-20240802-en
Max time kernel
437s
Max time network
1158s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Siticone.UI.dll,#1