Analysis Overview
SHA256
74148c3575a944b44668549c4a25c9a02a822b464c70c20d91cef1866fd54e9c
Threat Level: Shows suspicious behavior
The file LK Rat.jar was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Enumerates connected drives
Adds Run key to start application
JavaScript
Resource Forking
System Network Configuration Discovery: Internet Connection Discovery
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious use of SetWindowsHookEx
Views/modifies file attributes
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Runs ping.exe
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-03 04:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-03 04:16
Reported
2024-11-03 04:46
Platform
win10ltsc2021-20241023-en
Max time kernel
1775s
Max time network
1800s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1730607381620.tmp" | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1730607382417.tmp" | C:\Windows\system32\reg.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\LK Rat.jar"
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\pULHfy895942203317978330.tmp
C:\Windows\SYSTEM32\attrib.exe
attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1730607381620.tmp
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1730607381620.tmp" /f"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1730607381620.tmp" /f
C:\Windows\SYSTEM32\attrib.exe
attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1730607382417.tmp
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1730607382417.tmp" /f"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1730607382417.tmp" /f
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c "REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /f"
C:\Windows\system32\reg.exe
REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /f
C:\Windows\SYSTEM32\cmd.exe
cmd /c ping localhost -n 6 > nul && del C:\Users\Admin\AppData\Local\Temp\pULHfy895942203317978330.tmp
C:\Program Files\Java\jre-1.8\bin\java.exe
"C:\Program Files\Java\jre-1.8\bin\java" -cp C:\Users\Admin\AppData\Local\Temp\pULHfy895942203317978330.tmp org.bridj.Platform$DeleteFiles C:\Users\Admin\AppData\Local\Temp\BridJExtractedLibraries6414967750426932588\bridj.dll C:\Users\Admin\AppData\Local\Temp\BridJExtractedLibraries6414967750426932588 C:\Users\Admin\AppData\Local\Temp\BridJExtractedLibraries6414967750426932588\OpenIMAJGrabber.dll
C:\Windows\system32\PING.EXE
ping localhost -n 6
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.ip.gl.ply.gg | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 19.221.185.147.in-addr.arpa | udp |
| CA | 64.39.174.60:23750 | tcp | |
| US | 8.8.8.8:53 | 60.174.39.64.in-addr.arpa | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 19.ip.gl.ply.gg | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 19.ip.gl.ply.gg | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| CA | 64.39.174.60:23750 | tcp | |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| CA | 64.39.174.60:23750 | tcp | |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 19.ip.gl.ply.gg | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| FR | 20.199.58.43:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 19.ip.gl.ply.gg | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
Files
memory/3636-2-0x0000024305380000-0x00000243055F0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pULHfy895942203317978330.tmp
| MD5 | ea32d3a9a0a4c7dd26bc75b770b8d6e6 |
| SHA1 | 79dd917e26e45af4e20a19592bbaa88c44629a76 |
| SHA256 | 68de0bf850720a72c68ea6cec582131b176222cfc90856b744c35bde551f57d3 |
| SHA512 | 6602ab5c0f36611e5ffec8f4f077d72f7b9858fec7104b0ad8ad0bf4b5c3ebf1d0fbf9ed53720c4dd0a6d288b3b1b050c2e9cc34f54361d811f49b19980a7a47 |
memory/4564-21-0x000002209AB10000-0x000002209AD80000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | e4fef829f55c5835f5b2080bbb1a5606 |
| SHA1 | 4e638a5cc62b5632eef009ca4879539b310fee1e |
| SHA256 | 76078661cc809e27745d1517647c6060f9cecf49b904ec5d59f74ca3f38963c5 |
| SHA512 | 11aa7d21d87fb601b710c4ae9d8790ec9debb273be88338eee0310ef61d932c2513e9a76ed53ceb8391ea8d2455d2dd14f1550598d2725291f560decf5bb2609 |
memory/3636-30-0x0000024305600000-0x0000024305610000-memory.dmp
memory/3636-29-0x00000243055F0000-0x0000024305600000-memory.dmp
memory/3636-41-0x0000024305640000-0x0000024305650000-memory.dmp
memory/3636-39-0x0000024305630000-0x0000024305640000-memory.dmp
memory/3636-38-0x0000024305620000-0x0000024305630000-memory.dmp
memory/3636-37-0x0000024305610000-0x0000024305620000-memory.dmp
memory/3636-45-0x0000024303B20000-0x0000024303B21000-memory.dmp
memory/3636-44-0x0000024305650000-0x0000024305660000-memory.dmp
memory/3636-50-0x0000024305660000-0x0000024305670000-memory.dmp
memory/3636-52-0x0000024305670000-0x0000024305680000-memory.dmp
memory/3636-55-0x0000024305680000-0x0000024305690000-memory.dmp
memory/3636-60-0x0000024305690000-0x00000243056A0000-memory.dmp
memory/3636-59-0x0000024305380000-0x00000243055F0000-memory.dmp
memory/3636-67-0x0000024305600000-0x0000024305610000-memory.dmp
memory/4564-73-0x000002209ADA0000-0x000002209ADB0000-memory.dmp
memory/3636-72-0x0000024305630000-0x0000024305640000-memory.dmp
memory/4564-77-0x000002209ADB0000-0x000002209ADC0000-memory.dmp
memory/3636-76-0x0000024305620000-0x0000024305630000-memory.dmp
memory/3636-75-0x0000024305610000-0x0000024305620000-memory.dmp
memory/3636-66-0x00000243055F0000-0x0000024305600000-memory.dmp
memory/4564-65-0x000002209AD90000-0x000002209ADA0000-memory.dmp
memory/4564-64-0x000002209AD80000-0x000002209AD90000-memory.dmp
memory/4564-63-0x000002209AB10000-0x000002209AD80000-memory.dmp
memory/4564-78-0x0000022099230000-0x0000022099231000-memory.dmp
memory/4564-82-0x000002209ADC0000-0x000002209ADD0000-memory.dmp
memory/3636-81-0x0000024305640000-0x0000024305650000-memory.dmp
memory/3636-87-0x0000024303B20000-0x0000024303B21000-memory.dmp
memory/4564-88-0x0000022099230000-0x0000022099231000-memory.dmp
memory/3636-105-0x0000024305650000-0x0000024305660000-memory.dmp
memory/4564-106-0x0000022099230000-0x0000022099231000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-870806430-2618236806-3023919190-1000\83aa4cc77f591dfc2374580bbd95f6ba_f8cb507d-35a1-48c2-aef3-a249a39aae63
| MD5 | c8366ae350e7019aefc9d1e6e6a498c6 |
| SHA1 | 5731d8a3e6568a5f2dfbbc87e3db9637df280b61 |
| SHA256 | 11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238 |
| SHA512 | 33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd |
memory/3636-116-0x0000024305660000-0x0000024305670000-memory.dmp
memory/4564-117-0x0000022099230000-0x0000022099231000-memory.dmp
memory/3636-119-0x0000024305670000-0x0000024305680000-memory.dmp
memory/4564-120-0x0000022099230000-0x0000022099231000-memory.dmp
memory/3636-121-0x0000024305680000-0x0000024305690000-memory.dmp
memory/3636-126-0x0000024305690000-0x00000243056A0000-memory.dmp
memory/4564-127-0x000002209AD80000-0x000002209AD90000-memory.dmp
memory/4564-128-0x000002209AD90000-0x000002209ADA0000-memory.dmp
memory/4564-129-0x000002209ADA0000-0x000002209ADB0000-memory.dmp
memory/3636-130-0x0000024303B20000-0x0000024303B21000-memory.dmp
memory/3636-131-0x0000024303B20000-0x0000024303B21000-memory.dmp
memory/4564-136-0x000002209ADB0000-0x000002209ADC0000-memory.dmp
memory/4564-137-0x000002209ADC0000-0x000002209ADD0000-memory.dmp
memory/3636-139-0x0000024303B20000-0x0000024303B21000-memory.dmp
memory/3636-150-0x0000024303B20000-0x0000024303B21000-memory.dmp
memory/3636-165-0x0000024303B20000-0x0000024303B21000-memory.dmp
memory/3636-167-0x0000024303B20000-0x0000024303B21000-memory.dmp
memory/3636-176-0x0000024303B20000-0x0000024303B21000-memory.dmp
memory/3636-175-0x0000024303B20000-0x0000024303B21000-memory.dmp
memory/3636-193-0x0000024303B20000-0x0000024303B21000-memory.dmp
memory/3636-205-0x0000024303B20000-0x0000024303B21000-memory.dmp
memory/3636-212-0x0000024303B20000-0x0000024303B21000-memory.dmp
memory/3636-218-0x0000024303B20000-0x0000024303B21000-memory.dmp
memory/3636-231-0x0000024303B20000-0x0000024303B21000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\imageio1649898983950272527.tmp
| MD5 | a3fd87970caee840ceece9d5f03705cd |
| SHA1 | 1ffab512b78568dbb851b1afd5a59aada4b9f517 |
| SHA256 | 96f81802a005cab4416fe2667a969d614b47fd51287ddb312d429b592554ddf3 |
| SHA512 | 551dfd67d9cf9057f69d884522169b39d2c0775cac08329829cb6c3691725c32f25be6ca75e6f116dbc2d248d46ebc276ac8fde0d51324cf709acbbfb0faf055 |
C:\Users\Admin\AppData\Local\Temp\imageio5178256615677831783.tmp
| MD5 | a849b8a304f12e6bbf2a28f81be42ca4 |
| SHA1 | d84561551274349e34df3bed6bdb141548057831 |
| SHA256 | 102e104b20b3ed98a8f2ef238f40b111f4a8edbba38be2314b23027e2878f51b |
| SHA512 | be3981bca6e57fd3acc21f37a0509e57524c3bb497fa75e67ebe896d3b254103fd943f8e7e10dd5cc24e168a195800041673b4f9cd2e3bc8915b5df56d87c7bd |
C:\Users\Admin\AppData\Local\Temp\imageio940787065608812075.tmp
| MD5 | cd0c2043597804c30094da08dbd2ec9a |
| SHA1 | ddc0fc70e620df19a150425f4d66ab930a58e98d |
| SHA256 | 1aaaa86dd3757d589325b3fd34a98948cb38c60d6ed6302380291a4600c01734 |
| SHA512 | a8a32c3194a725293165d065151b6d6c5ef8bc10a09dca5655df4d309a876f9f613ae51eccd42c47eaf510289f1626eecb02f6b80c19cd9287996022f07e1d19 |
C:\Users\Admin\AppData\Local\Temp\imageio1885075669698556530.tmp
| MD5 | 99f63bc3411fb5e0d8341d148e90728f |
| SHA1 | 8e93e18e223574d591b38d26d27ef6b76ec0e2de |
| SHA256 | 44a9b7b4c03a1d80bcf40103320be2e07af556a93117f2ff2cd4addc1e1cd92d |
| SHA512 | 5a244a2f966073ef644bb1f12662729ba82fee09b8fab112f91dc2c7c2f2145a163150a9a263df69cc7c96ba4e08ca5b38e5adfe54863ea1c49c97e54e82055f |
C:\Users\Admin\AppData\Local\Temp\imageio3204320663984823416.tmp
| MD5 | 7cf685211ab057057348162d17a3b241 |
| SHA1 | d0c9ad2894189714a2bd2dd771781033d77e4e55 |
| SHA256 | 6538a9e54498dc9bd08870ced04865d46d66d32640b18f8eb076a0df15c78d4d |
| SHA512 | 14e1c5deb8c359ab8eae8169596044d9f6a3099174cb379acb51af74a0c668a926dcc72fd69033416c1f64aa21dceb42c59d55ae62127fdd64259f94ec8cfe13 |
C:\Users\Admin\.plugins\.libraries\jna70
| MD5 | b22ef746fd14c702e5bd29b466c6312b |
| SHA1 | 19674f9167c56c0bbdaa3a4a48277b802e480000 |
| SHA256 | 121f7a1d3aa9f538fd4710fd3a2175a7f062e1260d3e2df83752512a28f290d6 |
| SHA512 | 0b1757fb6d17077b1046c73909623ddb180c6a02b872bcbb9aef40fceb9ed6ff268438e7cb62b9c5ce4c2fd944ea99cf4aa9d2d4b31d70806f1ba607fdb05b6e |
C:\Users\Admin\.plugins\.libraries\jnh40
| MD5 | de6cf300c801226d4b19e4fdc258975e |
| SHA1 | 49e72ddee45ca9cf332c50b4c716781ac0df07fd |
| SHA256 | 41565e543a043ee2073a0b3d93082b78614d2241aa2c6669e05385d94511851c |
| SHA512 | 1a152efe851bd1fb029924f4854a9374f0fbb8a78b5a73efd49b5807f45e7ffccac7ca780cc1bdf3090eda6e491b2e4afb57162efafba274196d92cb972fc05c |
C:\Users\Admin\AppData\Local\Temp\JNativeHook-2.1.0.x86_64.dll
| MD5 | 0285a117e67739776220c34ef08b2d43 |
| SHA1 | d32e6b1128407a7e59eff481c8643a116aa2f56a |
| SHA256 | 332c71776659988159f98e0e6621b1e37694a7a57f954e0c5ca2f95c939b8f59 |
| SHA512 | 7a967cb11d5bb80adda24cd966aa4d389a54cb156e0b74406dd09023c48a39490b8cb18d84fa840c107b73e7008981a049544248dbce8c9e43bba212ed8352d2 |
C:\Users\Admin\.plugins\.libraries\wbcm40
| MD5 | 4331bdf536b724b5c49cfa83e89f55cb |
| SHA1 | a9442345f3aa6f4e61fd9516b800f5fbb00d56b7 |
| SHA256 | 54a8a2f553e7448eb01c90ed5d40fa1d61be15706131206d155ea3a2f70593ab |
| SHA512 | 4fbf66406871873b508a516178fee2bd7cbff9a44942b1f86c8c874057a08402a89b56342dbe5d81ae35fff4624a7b32f294898b99ee50585455b928245c32ee |
C:\Users\Admin\AppData\Local\Temp\BridJExtractedLibraries6414967750426932588\bridj.dll
| MD5 | eb31babd3452d99aeab24f0655e7610a |
| SHA1 | 3250d3ffa350d0d41fec53d7cbd73d7351b958e7 |
| SHA256 | ab1c3d1211903f7cd938702d806c423fbc32414589a5a4f77b6d4f999a7b6c02 |
| SHA512 | f5f81648c5462d1b19d2eac414a7afe8898c69436ca153f04a4862d6e267a939ddc2bd46a6a8df89d46d7703f7ad25700b2360b4882d79a5510629014973431e |
C:\Users\Admin\AppData\Local\Temp\BridJExtractedLibraries6414967750426932588\OpenIMAJGrabber.dll
| MD5 | 85f770f1418eac0ce7ba2858af58e728 |
| SHA1 | 00dccd40f789ad5f3bff3954955f3c9f1b5eb0e0 |
| SHA256 | dc5671b2816a4c93d47193b9481aec9cad587414a5d5a3a51fc410abdef412cc |
| SHA512 | d24cef1bb8bba8f0baed8ab71f995b04176b601128a607d37ba5747539a0458d06083a507ed2e7c20a34585ca98d9e2a5881336ad971edb065c7f9dc865bfc4f |
C:\Users\Admin\.plugins\.libraries\pr60
| MD5 | 137a448313d5b6d19279833d841b3590 |
| SHA1 | 6ed5b437fb5c03879e8c1afcc0d97df4b7f1bbcd |
| SHA256 | de349716e627e245e4b17fd487dba4033dbc92e5e22fb950c25514700334f97e |
| SHA512 | 6cca760abb063e97404cdd43a633c19f4afe459a1b975857e24040f503a77ab812c4347b150f4f3410522002a3c4365161cf4508b1e9d8e53987e3799638f573 |
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna1349542195846350125.dll
| MD5 | 719d6ba1946c25aa61ce82f90d77ffd5 |
| SHA1 | 94d2191378cac5719daecc826fc116816284c406 |
| SHA256 | 69c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44 |
| SHA512 | 119152b624948b76921aa91a5024006ef7c8fdbfe5f6fe71b1ec9f2c0e504b22508ff438c4183e60fa8de93eb35a8c7ccdda3a686e3c2f65c8185f1dd2ef248b |
C:\Users\Admin\AppData\Local\Temp\sqlite-unknown-e2e5f399-3ace-4d02-875b-0278fa68c90a-sqlitejdbc.dll
| MD5 | 98eac6ad76d39e73967252542f6f40e4 |
| SHA1 | 76923dd88c42c2536e969009927282025be4e79d |
| SHA256 | 51cc105f172859e6866f3cad5c99188663be503cd4bb618c946b0c83faabf0b8 |
| SHA512 | 076bd432b21220f023b861b3d31aabb702386e073209b54d0401058f67aa3205938909a32637f48770e63c0ff512338248a8c1131cd5159daf8eec35249ca7ef |
C:\Users\Admin\AppData\Local\Temp\imageio1134102006538769684.tmp
| MD5 | cc8fbb4440ae04418928c8d42e4ccb21 |
| SHA1 | bbbeed8e96bcfa4dfd977441a83566dbc638e079 |
| SHA256 | cd899a1183aeeac6a4c6a0f17d8af1845d244896d7e9fd309b1f486d918f89c0 |
| SHA512 | 569892d513c1c56ceac24ee757e4868a14b4c3a5084c2b21192a36a171dd5240914621a203ebacb0ada0d65fc406c31be8346445fb3a86c0280515006376472c |
C:\Users\Admin\AppData\Local\Temp\imageio7269693736234604634.tmp
| MD5 | 3338aa57aaaded7c314425d22be5483e |
| SHA1 | b09b6bc78079488dba2112e92a5ca59388f0d382 |
| SHA256 | 6ec54458e0593bd19cb9437e7c778d913c8cdf942bb0396e34866fae1aa96767 |
| SHA512 | d3c3c6c1a4ea7bd6c68c502bc2c720ae79d54f31062a55aac280d05e4ce27224a42e092fc3b9d0639e575722825b071e7d52b1a284fc20a0d4a30dbbb5bbf3f2 |
C:\Users\Admin\AppData\Local\Temp\imageio8431991807119653724.tmp
| MD5 | 023126c0696b39485af6f57eb2911cdf |
| SHA1 | 60d74b4d1bc3b6f192b26c859bbafb23b8e4c9c9 |
| SHA256 | 3d3c6dddbc54af1b647adab3fd9e84731891df92fdca5ddc5925496f5197f40a |
| SHA512 | cb9c7ffb498855f3e5beace260029b860c9f22f35bc921e133574e1122c764ada17d0de5e6405a7e093ac48a8ff7f5c4ae0579af68bec8e0af1ecb32f640291b |
C:\Users\Admin\AppData\Local\Temp\imageio6483592888713931545.tmp
| MD5 | b04d66da7b58ca382de0823bb8289f83 |
| SHA1 | f1cda021b46b23b6dd492efc1b4836ec66ecfe8a |
| SHA256 | 2aeb1f880743aa3a8fadf54c21ddbeb03e8dc335aea4d51a7ff4125b36ff77dd |
| SHA512 | 78afe40dfe9c0a55442bd8744ee0471898058d3f7898167dc47183ab58e5d2453155983e1ce59271baac3c3995c0c9a561513fdfc0d523f7f9fe216876200dce |
C:\Users\Admin\AppData\Local\Temp\imageio7242620488406760401.tmp
| MD5 | 21c3facdf1026c2dd79f0110eb9f7f0f |
| SHA1 | 93e0449d1e8a845a6253762b2af0d57efe97e036 |
| SHA256 | fb88993dd5cab2af179a4d0818b1114f17b6dd07f122370ef03da6c88f14afa2 |
| SHA512 | 680ac6318c04416b26e3dc8192bdee5be269bd33ec422ca1700cc0b886f15e55a4d64dda0f0113cc3d7b7315b6cd61b37d2de4fec4fba5a04fc0a92f65c5761c |
C:\Users\Admin\AppData\Local\Temp\imageio101858737201356375.tmp
| MD5 | c6545ac56e958270088b4842f484756b |
| SHA1 | f6381b020b0e2e6d8e26babfb0b65aa19522c527 |
| SHA256 | b2483dd24cc16817588d7fa3d9ab0c18d710e806c81bec419e7b918b4b07564c |
| SHA512 | 135e8bc052a56de4ddacb9fafea36657b09ed6a5e41d9ddb94a53adfe89ef0f6aeb9d41036949329c6a3d6f0d4375cbbcf8c09d0de4626ef14dc5a02edcb4e95 |
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/4564-5296-0x000002209AD90000-0x000002209ADA0000-memory.dmp
memory/4564-5297-0x000002209AD80000-0x000002209AD90000-memory.dmp
memory/4564-5298-0x000002209AB10000-0x000002209AD80000-memory.dmp
memory/4564-5301-0x000002209ADC0000-0x000002209ADD0000-memory.dmp
memory/4564-5300-0x000002209ADB0000-0x000002209ADC0000-memory.dmp
memory/4564-5299-0x000002209ADA0000-0x000002209ADB0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\imageio8391449983481194295.tmp
| MD5 | 8de294160f203eb55b8b5501ba785a48 |
| SHA1 | 12726c32898647770a9a9ca3c5a89c8c203fa06b |
| SHA256 | 5768f893300d7260542dd79dad6ba7f17581559f902a72348079458c2e3f2490 |
| SHA512 | bdb8ac4c9497ca0725dbb6b92f83f254465737c383e27e611f39a859a5ec9f1e6bdd9a44b97ff2899e661d625a4a12862780fc23abb7a4b1ebfece48709f16d6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-03 04:16
Reported
2024-11-03 04:32
Platform
win11-20241007-en
Max time kernel
873s
Max time network
967s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000\Software\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1730607380598.tmp" | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000\Software\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1730607381239.tmp" | C:\Windows\system32\reg.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\LK Rat.jar"
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\pULHfy60799363049740799.tmp
C:\Windows\SYSTEM32\attrib.exe
attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1730607380598.tmp
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1730607380598.tmp" /f"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1730607380598.tmp" /f
C:\Windows\SYSTEM32\attrib.exe
attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1730607381239.tmp
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1730607381239.tmp" /f"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1730607381239.tmp" /f
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\RepairRedo.xlsx"
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19.ip.gl.ply.gg | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| CA | 64.39.174.60:23750 | tcp | |
| US | 8.8.8.8:53 | 19.221.185.147.in-addr.arpa | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| IE | 52.109.76.243:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| CA | 64.39.174.60:23750 | tcp | |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| CA | 64.39.174.60:23750 | tcp | |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
Files
memory/1288-2-0x000002143E510000-0x000002143E780000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pULHfy60799363049740799.tmp
| MD5 | ea32d3a9a0a4c7dd26bc75b770b8d6e6 |
| SHA1 | 79dd917e26e45af4e20a19592bbaa88c44629a76 |
| SHA256 | 68de0bf850720a72c68ea6cec582131b176222cfc90856b744c35bde551f57d3 |
| SHA512 | 6602ab5c0f36611e5ffec8f4f077d72f7b9858fec7104b0ad8ad0bf4b5c3ebf1d0fbf9ed53720c4dd0a6d288b3b1b050c2e9cc34f54361d811f49b19980a7a47 |
memory/1572-21-0x0000024A6AE80000-0x0000024A6B0F0000-memory.dmp
memory/1288-27-0x000002143E790000-0x000002143E7A0000-memory.dmp
memory/1288-26-0x000002143E780000-0x000002143E790000-memory.dmp
memory/1288-36-0x000002143CD20000-0x000002143CD21000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | d475ad3f3e32d0c0ac429ccbe2a70582 |
| SHA1 | b3124dbb48c42d35b94712614963f93514d40cbb |
| SHA256 | c1d34fe5ced03ab025ce20043f030149c522d73496791660f5df7110550575ba |
| SHA512 | a0a2760ab868e7b4efc118bea1a6def4d3e878687789f61ea0e8bea9a60e0e163b9e4ca19b8595927aeab77aa03c9c87125216ca30a0ea6e438ee4eba1edb766 |
memory/1288-41-0x000002143E7C0000-0x000002143E7D0000-memory.dmp
memory/1288-47-0x000002143E7F0000-0x000002143E800000-memory.dmp
memory/1288-46-0x000002143E7E0000-0x000002143E7F0000-memory.dmp
memory/1288-45-0x000002143E7D0000-0x000002143E7E0000-memory.dmp
memory/1288-40-0x000002143E7B0000-0x000002143E7C0000-memory.dmp
memory/1288-39-0x000002143E7A0000-0x000002143E7B0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1730607380598.tmp
| MD5 | 8c65d5456bcd4e07d64e87b856ffb2b2 |
| SHA1 | 81ec28c78875d17f08603b427b7783c0cc55bb80 |
| SHA256 | 74148c3575a944b44668549c4a25c9a02a822b464c70c20d91cef1866fd54e9c |
| SHA512 | 6b3a424eb3f83308400007020bd81d71b60b7c6b15cdf5a1e45d53ab7cc343eb66de5077492686f582025c790a496804b8e6a36d49574ed9292fb3be0cf1178e |
memory/1572-72-0x0000024A695C0000-0x0000024A695C1000-memory.dmp
memory/1572-79-0x0000024A695C0000-0x0000024A695C1000-memory.dmp
memory/1288-83-0x000002143CD20000-0x000002143CD21000-memory.dmp
memory/1572-97-0x0000024A695C0000-0x0000024A695C1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4249425805-3408538557-1766626484-1000\83aa4cc77f591dfc2374580bbd95f6ba_02510207-a8a1-401b-a8b2-969e44fe3fef
| MD5 | c8366ae350e7019aefc9d1e6e6a498c6 |
| SHA1 | 5731d8a3e6568a5f2dfbbc87e3db9637df280b61 |
| SHA256 | 11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238 |
| SHA512 | 33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd |
memory/1572-106-0x0000024A695C0000-0x0000024A695C1000-memory.dmp
memory/1288-107-0x000002143E510000-0x000002143E780000-memory.dmp
memory/1572-110-0x0000024A695C0000-0x0000024A695C1000-memory.dmp
memory/1572-111-0x0000024A6AE80000-0x0000024A6B0F0000-memory.dmp
memory/1288-115-0x000002143CD20000-0x000002143CD21000-memory.dmp
memory/1288-118-0x000002143E780000-0x000002143E790000-memory.dmp
memory/1288-119-0x000002143E790000-0x000002143E7A0000-memory.dmp
memory/1572-122-0x0000024A695C0000-0x0000024A695C1000-memory.dmp
memory/1288-126-0x000002143E7A0000-0x000002143E7B0000-memory.dmp
memory/1288-128-0x000002143E7C0000-0x000002143E7D0000-memory.dmp
memory/1288-127-0x000002143E7B0000-0x000002143E7C0000-memory.dmp
memory/1288-136-0x000002143E7E0000-0x000002143E7F0000-memory.dmp
memory/1288-137-0x000002143E7F0000-0x000002143E800000-memory.dmp
memory/1288-166-0x000002143CD20000-0x000002143CD21000-memory.dmp
memory/1572-172-0x0000024A695C0000-0x0000024A695C1000-memory.dmp
memory/1288-181-0x000002143CD20000-0x000002143CD21000-memory.dmp
memory/1288-185-0x000002143CD20000-0x000002143CD21000-memory.dmp
memory/1288-187-0x000002143CD20000-0x000002143CD21000-memory.dmp
memory/1288-195-0x000002143CD20000-0x000002143CD21000-memory.dmp
memory/1288-198-0x000002143CD20000-0x000002143CD21000-memory.dmp
memory/1288-200-0x000002143CD20000-0x000002143CD21000-memory.dmp
memory/1288-210-0x000002143CD20000-0x000002143CD21000-memory.dmp
memory/1288-209-0x000002143CD20000-0x000002143CD21000-memory.dmp
memory/1288-222-0x000002143CD20000-0x000002143CD21000-memory.dmp
memory/1288-221-0x000002143CD20000-0x000002143CD21000-memory.dmp
memory/4280-227-0x00007FFEF8230000-0x00007FFEF8240000-memory.dmp
memory/4280-229-0x00007FFEF8230000-0x00007FFEF8240000-memory.dmp
memory/4280-228-0x00007FFEF8230000-0x00007FFEF8240000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | b20aad2670a5609512adb693ed6d378a |
| SHA1 | d73f1650fc40c5e821d739a0cb1dfa39a7260832 |
| SHA256 | 09797f593ff738891a54b2a55caed74038493183cbe4ca0249df85edb3b3479c |
| SHA512 | 1a49d7fe03e6652491f4e8d6f23a3360db6e030644f3a71ad23c058ac7a945a67c247b6f2d4ab3e37344c8ca9566b63f5181a9e1ef9a406d3d40b5add64fe22e |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
| MD5 | e7e25fd019cc589ec80081ae3eb1cd69 |
| SHA1 | 5fd0baeee4a375c85c4ed1b226599b128892fe19 |
| SHA256 | 82d59717a7755000c265d77e1adbd5d74b17d1fc86a391daa5fd0ad09efd4911 |
| SHA512 | b0be3e8a7802cacd413485adf2e4fb70a0b77678cf217165614044a2b79c487b04c07523bd9fcc2436d9bf4ed3b88ca9778307f08268e7d0d0938528e4c764ea |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
| MD5 | cabcf08a53dbb4e5ad107d23d12c791f |
| SHA1 | 1ff2298d7aeb346c85e67b2190c16c02e5ea99dd |
| SHA256 | 52dac7eaec9958c28454f6c94d81e0609cb4a5faff119045131db29c6b60ae89 |
| SHA512 | c9e568e25af15308d192c015eb6bf32f9881302d39c486a22bb4aebd11407157a9dc3cc16ee897ad0e477a7ce2358b7416771a5a08f72539aa800f90837d8fa2 |
C:\Users\Admin\AppData\Local\Temp\imageio8114762163680020574.tmp
| MD5 | 814f5bbbce5210fc68661e8887ea8844 |
| SHA1 | 69272975cc1b86b6bd2190de7df5a8cde859578a |
| SHA256 | 72f8fdc0bbf00859b5cc9a0e585fd56c98012229adc83b7c242acaba89600e84 |
| SHA512 | 37c47173c0373c72d58f35b38d75688be4b7ecaa2792bb827cb724da87528c3abbdcf645c9d8418afac9ac4ac44fd3df329d26c1a1c7bc63e93e733c1af5dcb6 |
C:\Users\Admin\AppData\Local\Temp\imageio3081979267321781896.tmp
| MD5 | 50affb41a526e6d58b24afc6664a8f33 |
| SHA1 | 6d4c60a5965dd9f0df868c3def14625c56eb4a73 |
| SHA256 | f8307cf2f5bb19216e089bc23371f414ed3a299569e0c92e5daf1b3d76197e0a |
| SHA512 | 653bd409b83a845a5384e05fe2be659660b52f6b2bb95ba004d08af581833278367f70c0a01e45c18881cc8c70b9ff29f8f7d08086a3cdf49f1bb3c33dbaa32a |
C:\Users\Admin\.plugins\.libraries\jna70
| MD5 | b22ef746fd14c702e5bd29b466c6312b |
| SHA1 | 19674f9167c56c0bbdaa3a4a48277b802e480000 |
| SHA256 | 121f7a1d3aa9f538fd4710fd3a2175a7f062e1260d3e2df83752512a28f290d6 |
| SHA512 | 0b1757fb6d17077b1046c73909623ddb180c6a02b872bcbb9aef40fceb9ed6ff268438e7cb62b9c5ce4c2fd944ea99cf4aa9d2d4b31d70806f1ba607fdb05b6e |
C:\Users\Admin\AppData\Local\Temp\imageio8051290321402650827.tmp
| MD5 | 7ae9e5ab7be7e000e3130959b10fd41f |
| SHA1 | 75ea22029f4e7b34cf7cb11846ccbcf952343c11 |
| SHA256 | 15b62421835d8f439eb11095d522544a43de58f157e868c25eca080f96b0e951 |
| SHA512 | c7a3a3cb9bfa72319ece066b9ab3d0fa7606d61ae8919d5aa389593382f25960b64bd57e5002663b538a2a20a34a4da24f006a6d84224187e487a0c5c651764b |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-03 04:16
Reported
2024-11-03 04:46
Platform
macos-20240711.1-en
Max time kernel
839s
Max time network
1800s
Command Line
Signatures
JavaScript
| Description | Indicator | Process | Target |
| N/A | "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" -jar "/Users/run/LK Rat.jar" | N/A | N/A |
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer | N/A | N/A |
| N/A | "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck | N/A | N/A |
Processes
/usr/libexec/xpcproxy
[xpcproxy com.apple.gkreport]
/usr/libexec/xpcproxy
[xpcproxy com.apple.systemstats.daily]
/usr/libexec/gkreport
[/usr/libexec/gkreport]
/bin/sh
[sh -c sudo /bin/zsh -c "open /Users/run/LK\ Rat.jar"]
/bin/bash
[sh -c sudo /bin/zsh -c "open /Users/run/LK\ Rat.jar"]
/usr/bin/sudo
[sudo /bin/zsh -c open /Users/run/LK\ Rat.jar]
/usr/bin/xar
[/usr/bin/xar -c -f dslocal-backup.xar dslocal]
/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged
[/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged]
/usr/libexec/pkreporter
[/usr/libexec/pkreporter]
/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
[/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd]
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
[/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer]
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
[/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck]
/bin/zsh
[/bin/zsh -c open /Users/run/LK\ Rat.jar]
/usr/bin/open
[open /Users/run/LK Rat.jar]
/usr/libexec/xpcproxy
[xpcproxy com.apple.JarLauncher.1532]
/System/Library/CoreServices/Jar Launcher.app/Contents/MacOS/Jar Launcher
[/System/Library/CoreServices/Jar Launcher.app/Contents/MacOS/Jar Launcher]
/usr/libexec/xpcproxy
[xpcproxy com.apple.metadata.mdwrite]
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java
[/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java -jar /Users/run/LK Rat.jar]
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/jspawnhelper
[24:27]
/usr/bin/java
[java -jar /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/pULHfy922491553974830248.tmp]
/usr/libexec/xpcproxy
[xpcproxy com.apple.java.InstallOnDemand]
/System/Library/Java/Support/CoreDeploy.bundle/Contents/Download Java Components.app/Contents/MacOS/Download Java Components
[/System/Library/Java/Support/CoreDeploy.bundle/Contents/Download Java Components.app/Contents/MacOS/Download Java Components]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.diagnosticd]
/usr/libexec/diagnosticd
[/usr/libexec/diagnosticd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.newsyslog]
/usr/sbin/newsyslog
[/usr/sbin/newsyslog]
Network
| Country | Destination | Domain | Proto |
| GB | 184.85.51.234:443 | tcp | |
| US | 8.8.8.8:53 | 12-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | itunes.apple.com | udp |
| GB | 23.219.192.23:443 | itunes.apple.com | tcp |
| US | 8.8.8.8:53 | 19.ip.gl.ply.gg | udp |
| US | 8.8.8.8:53 | 19.ip.gl.ply.gg | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 36-courier.push.apple.com | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 20.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 49-courier.push.apple.com | udp |
| GB | 2.18.109.84:443 | tcp | |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 44-courier.push.apple.com | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 50.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 46-courier.push.apple.com | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 41-courier.push.apple.com | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 31-courier.push.apple.com | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 25.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 48.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 0-courier.push.apple.com | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 47.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 50.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 13-courier.push.apple.com | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 14.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 33-courier.push.apple.com | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 20.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 42-courier.push.apple.com | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 7.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 3-courier.push.apple.com | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 12.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 26-courier.push.apple.com | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 46.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 32.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 28-courier.push.apple.com | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 4-courier.push.apple.com | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 46.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 19-courier.push.apple.com | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 6-courier.push.apple.com | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 24-courier.push.apple.com | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 39.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 28.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 27-courier.push.apple.com | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 44.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 8.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 7.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 11.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 19.ip.gl.ply.gg | udp |
| US | 8.8.8.8:53 | 19.ip.gl.ply.gg | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 0.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 39.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 29-courier.push.apple.com | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 10-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 19.ip.gl.ply.gg | udp |
| US | 8.8.8.8:53 | 19.ip.gl.ply.gg | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 30-courier.push.apple.com | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 7.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 44.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 25.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 11.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 0.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 27.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 17.courier-push-apple.com.akadns.net | udp |
| GB | 17.57.146.154:5223 | 0.courier-push-apple.com.akadns.net | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 34.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 5-courier.push.apple.com | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 19.ip.gl.ply.gg | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 19.ip.gl.ply.gg | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 19.ip.gl.ply.gg | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | local | udp |
| US | 8.8.8.8:53 | 19.ip.gl.ply.gg | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 19.ip.gl.ply.gg | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 19.ip.gl.ply.gg | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 19.ip.gl.ply.gg | udp |
| US | 147.185.221.19:45197 | 19.ip.gl.ply.gg | tcp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-03 04:16
Reported
2024-11-03 04:16
Platform
ubuntu2004-amd64-20240611-en
Max time kernel
0s
Max time network
1s
Command Line
Signatures
Processes
/tmp/LK Rat.jar
[/tmp/LK Rat.jar]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |