Analysis Overview
SHA256
831da316eb96ce781e5c7936473c08a318fd919ec985a39179550a5719ed9dfb
Threat Level: Likely benign
The file Tut PT.5.zip was found to be: Likely benign.
Malicious Activity Summary
System Network Configuration Discovery: Internet Connection Discovery
Command and Scripting Interpreter: JavaScript
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Opens file in notepad (likely ransom note)
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 20:20
Signatures
Analysis: behavioral30
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
152s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\mysql\mysql.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win7-20240729-en
Max time kernel
117s
Max time network
122s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\csp\csp.js"
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win7-20240903-en
Max time kernel
117s
Max time network
122s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\dockerfile\dockerfile.js"
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
144s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\fsharp\fsharp.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
156s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\ini\ini.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
142s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\markdown\markdown.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win10v2004-20241007-en
Max time kernel
92s
Max time network
149s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\css\css.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win10v2004-20241007-en
Max time kernel
134s
Max time network
141s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\go\go.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win7-20240903-en
Max time kernel
120s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\handlebars\handlebars.js"
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win10v2004-20241007-en
Max time kernel
92s
Max time network
158s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\msdax\msdax.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win7-20240729-en
Max time kernel
120s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\mysql\mysql.js"
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win7-20241010-en
Max time kernel
119s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\html\html.js"
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:24
Platform
win7-20241023-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\lua\lua.js"
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win7-20240903-en
Max time kernel
126s
Max time network
143s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\fontview.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000e6e5cf732e976acd8f933656e3df9624776dd9bc0303482e873818c7c8277b3d000000000e8000000002000020000000818fe8559609b4cde311fc172cb0409f991256a2d70c183c60d6a72d4337d4cc20000000a7099bb3723b23e86ff8632ceb1fb6ec8076edc4bdb58445d08a47b1602c1e584000000058c5b521ae7f5a736d7b2970f6b6aa7de31b17c5f770b7bbbc9c575d2452c553cec666cfbccd84f69ef70f6857138254d45b57689acec2166d18e869f54c819a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3153E911-9ED8-11EF-928D-EE9D5ADBD8E3} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc50000000000200000000001066000000010000200000005024d60fd0ce5f785b4f457ecfc5f6c1758939ac78f214959f7e6404244b99f6000000000e800000000200002000000032ac005f2d83aa6e950f577bd5dd065733f828f4e118889742cc0f315bd7545490000000dad7f32b5203d32440325d55e0eac7064390acfbe0a5ac4f8c262043a02dc0ba9db0f598ae9d1d7058e9a6b15990147bae1633397cf56dff23dae920a6b53775ae2bd3cb4464416b70e692719dc0884d3feca24f811fc118f6d12909b3c8ef121c4375ea2c31aeb3abc88151553ea58ea39564b3062ab0b946c28a19f9d58b4df74ea6a5b7454cfde1c6ba8b7a7f0d7340000000cf88dbe53616969b1fad99fe8b473ed93cc33fd9a7f4189549db6e528f1f1f62703c1d010f6c646d819ce1fc2f68c03a7a928f2fbb904712dc8d44a8278da58e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437345552" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f02bd005e532db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Tut PT.5.zip"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7zOC28AE0C6\index.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3012 CREDAT:275457 /prefetch:2
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\7zOC280EA27\loader.js"
C:\Windows\System32\fontview.exe
"C:\Windows\System32\fontview.exe" C:\Users\Admin\Desktop\PingRestart.ttf
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zOC28B5897\CODES.txt
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\7zOC2818658\xml.js"
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\7zOC28AE0C6\index.html
| MD5 | b867a373e2082f0d800d1561eea8db21 |
| SHA1 | 251a4f39dd0266a6f3ebbb87c805ac2521617b5c |
| SHA256 | 10b8551148fef60a1fa1c65f9ef38e4e8275ecf592b0ec6c873a41bbf37544ce |
| SHA512 | c500b6bf3062c8630408d1443360e21ac9e5928970d2f523d10d2838265fb4ff6381ba92af2c245de0f8a04385c19f0730a81392a15e611cc5797e460e9839af |
C:\Users\Admin\AppData\Local\Temp\Cab6D7.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar776.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad50236baf9715b80d396d904278b647 |
| SHA1 | 7a0f6c89d4887e2fc99f03a7e8fd86a36a444e4c |
| SHA256 | e37eebfe63c5286d68cec71f8a0be9aa182d09dea49f170b49950c28559b1845 |
| SHA512 | dfa9725fbeec90e638f9d53e84e6a54fd3ebf1e6c5e8970a6cc4d79e0076f5acaa16f091e980c74c31a9a219a21187ed55d641909f916cbe1993a4e1888a46f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81ac1a0c5b89f8c9162da5c49105fbbe |
| SHA1 | f99ad7a14513b8dec6b33bca3b1fba93392be1f6 |
| SHA256 | 7929f0250e0f34e61ca393fb485123b345f65e5ca3cdfd005d06f03e8c44f31a |
| SHA512 | f08c1cb973c57bdbf3912678caeee48277b6cda73c6599f35f621d13f9efd7a3d32ab5c0b25bb235d6dfc92d2b3530777403ee99dc8a679b8982d9828d3b5827 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 604f644f4b3a7484f808390f264914a5 |
| SHA1 | 6a49769deda92b0a4946cf3b89d329a1be821698 |
| SHA256 | 3a0d37baac98c986ccef2d184ee95b842d8fe7069e6454550a2b69609985de61 |
| SHA512 | fe083a29e48f374ff761141cc8687253602bc6749bdccfe0ba9c4f723c304f7ac74650659708d64fd90229eeac970103fa3763b3230e045f23563991ba3c8240 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 430262c7ee0d86da8dc46c5447600196 |
| SHA1 | bd203dd65f2e331be4d7f19dbb0caefac1f40e5b |
| SHA256 | 431bc479183943335eaac3897e456eaa5ae7cdaa1757835b0915ef7a35e3dbf9 |
| SHA512 | 6159fc018fba8a0f15005f8c20c4206cdf92f045f095d34ff19d305c8124a1f324b293bdbe84a1e5ad70d0e8ddf7221159a476adab315437c39efee34e0d3ff6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 284de2b3f8bba9e3a2b68853a27bdc68 |
| SHA1 | 5d5e08cb2c8d66650629602b9e3dcea41b0b0023 |
| SHA256 | a583f8f640dea1777e3eeb7805a80fa98591462e9219cbf11ab6011346465441 |
| SHA512 | aeb3f650ac36a9c9de1e8807893eb3722cf9a8b8d8c0febf3394b2f9a10d6782d8a34d06a9de07a94a0603fb73749a81541fe877870b74f48c0e33861e693ab2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63e196bfc3176d57bdf599adeb4be2b6 |
| SHA1 | 25f77c7433ae0c8492f03c465b6cea18b8e48244 |
| SHA256 | f90801e625a8ec0322ab450dde5f22751bacc4af0f00bf8f4db91dfdc2f4c0cf |
| SHA512 | 003bed04ebc703e45fa7a6642ab47cde5402ceaa82c12ab617d61fb1aa2297ca7715c503be3e52c5d46e0dead9aed0d6d18ccd430d6744d1fa253de15490253c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5a2d7894b8e8c36becc683734038dac |
| SHA1 | 5a5b30df30a1047a53f562dea7dd3913a09168bc |
| SHA256 | 57b13a7f4835fd73f7ca92cd7d09b98e87796e5902eae559688fcd87b364a0bf |
| SHA512 | dd96e9d84c08e2e29085a911bfd41c73c73e9765167adb5ff9a431f90965e6afd1a01c7084b22000eaba25aab346e6e009717307d711b7e65c83560ca721420e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5655c7d467ad30acb66d44265d5b8cc2 |
| SHA1 | 3f1c11df81e6acfe1492c2876209a388a291bc58 |
| SHA256 | 3fb6b0e2116c4b70336719b429600562863a311eed4bdbd872bc675f1cc3c45b |
| SHA512 | ba5a26b5d993a44c78d865f3a0935fb15b50afea5ff0386d866c5de687d694d1a225e81279eee226ccbc2a3be74ece0e12f14c7a30bada469efa8c97d601a4cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8960476b385e13497693f4c10b0279a6 |
| SHA1 | 17b4cd2736d7a9afb2e2647295859c28a30fc045 |
| SHA256 | 70524d173c1621b27d7005b358e618f89a85e9562afe4427fa11550c5f893ff9 |
| SHA512 | 7498e1fc463957e6cba3b7fff0071a7d5ee2e22ff03ab6642e87451ebbf55e2d7a7f7b010df1f8a7c8df5a83406e3ad107d7e36a5011b8af4d2bdb8af9cce9a8 |
C:\Users\Admin\AppData\Local\Temp\7zOC280EA27\loader.js
| MD5 | 8a3086f6c6298f986bda09080dd003b1 |
| SHA1 | 8c7d41c586bfa015fb5cc50a2fdc547711b57c3c |
| SHA256 | 0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9 |
| SHA512 | 9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017 |
C:\Users\Admin\AppData\Local\Temp\7zOC28B5897\CODES.txt
| MD5 | b61e8c32f52675a15d4f91bd13550e5e |
| SHA1 | 3634966ef64a37015fc7a125f1dd478f34bcc920 |
| SHA256 | 3b1e2c242bfeceba9068ed0094e41acbf062f54bcb652b367de393951f57007d |
| SHA512 | e533c2ca4006ebe8b46bdf4f4dc8dc07c3b5fc3ee04d68c9686ac859a1634aa0f042f019b08a7e13ee9b810149844feb23b9cb7f0dd7074e4b9d00c7e374f827 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14c7dc19845a2d39fc0f6b2653f29a9c |
| SHA1 | 23cac18bf79957be38eb19600d5e7c0c0c8672ee |
| SHA256 | 872231397b0849cad9ea75773d2df15fe2b1177b40e00fb5dd3f41ee4ea32dc7 |
| SHA512 | 97e05d0ff4d7743f0be31687fcd4ecc92ac34e1ef66a081e63088d0917a112581dbf5397a1020afd3734826dc9a5d43796cfe93286bc6f7e33257a3cb6720f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 572a9356cd23d631752689c8ffc01c00 |
| SHA1 | 70237fc845331743940102fe929a6803789b8c37 |
| SHA256 | 915978cc1f92bb438a2da30715578f850b6d5f8e717f7ee41cbe3365fd918e26 |
| SHA512 | 3e210811b657d13dc3e4cfbe6bfb9b84943fc79984fbbd061b6bed39205636597b9977b6b4158aadb8f836be9cec89eee09ce3526b314c0205f8dadd95a5194a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 357203f805de8de28080970ff25cf635 |
| SHA1 | 71f470d26cf24308d7d81c367cc1bc20aa241f6e |
| SHA256 | b186f80ddbb1984ac0777faa93cc793fcaec9d51ba04f4d030fe57d8539d2ac3 |
| SHA512 | f9da48b9d56cb92247b6035f91c5955ccca008a7ef2e310b150192d90ae9e86687d91612f1bfdcaa8fc5bf1b74cc3409cdda5752ae8f0e6b1ea33d8d32963e0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3959093a4660952df277a09452cb9d7a |
| SHA1 | 24fb6acfc7a4bfe8dc5ddb9b815dd697ea58fcd1 |
| SHA256 | b3a2f3ccb6bf9f8267cfdfcb189b757ea9249ae5edfd27bcb49e9a268df59ba9 |
| SHA512 | 443a3e3cf574e0f0537bc39d06a54f99ceb37c2515f2c5a14ee57a8eff53a4f4812f643b4dd9726001e42e35162a4fbe317d4e63368eb05d5decdef4f7c6e1b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea441a4a3a8d42213239ad540e0dee82 |
| SHA1 | 8466f4decffb2290213863761674b8f6422d8bdd |
| SHA256 | 58897b4d6a9735a2b1bb63fd6afbbb3dcbe17a2dae8db49af6165cdc1c3ec187 |
| SHA512 | b119073188b647fe2154d352f66d0038f4637b82ec6dd632c09c14ecd813e02e02aac77e65313570a76d6ed4452cdd467de332b527ad48b95d69a8b576279aa2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c840997883b0cd102ba5a3b9804f2a3e |
| SHA1 | 35665f03b27c46c0275cefdad94d4e10e5ce1736 |
| SHA256 | 2ce47bb96d135a21fc7b6afe5a92f900000c29820b18f3b4b9d0a6093d1b666b |
| SHA512 | 92b85cefbe35a36f71acfa8b940a916839a0512f0cf78613556b7cbc37514c7b932b155cab2283798e308c2610d69c009f46a389da3572af6e32d44f593acd94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9271353caad08572b04701b50d6c28d0 |
| SHA1 | a2db05c526eba9f2bad28c4b174902ed5868eb17 |
| SHA256 | f653619ebb91fd5cc1d785c5074212b22d44100b09ec7e9f095c5e22f47558e0 |
| SHA512 | eeee85d4470cbfb7f4d911ff146dc62e023ca2e62c8eb61eb8b27e4e0428cfd44e97ed797bd2bd7a92fe3347e1c52c72662a24b239d245951a8bf6ae72772b62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95f03ac7c92db35e5424b0133aef662c |
| SHA1 | ef6c3d99ba4c4d09bfe87781bda2ffd5d3ff9dd6 |
| SHA256 | 80937bc517be947a54c3cb9684d2d9d9a03c1a0e713624e2570319cf0379f0a7 |
| SHA512 | 1cdc92773c206e71488d09980d38e201d8b478961fe9f58e91ccce088b7dc024902740a998da2495897e615183c387be60bc892ac376bf2459917d82321a30e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59113491ee7a480a55710ef4311130e3 |
| SHA1 | 4d3b4da56e50c847de523f13e19c63faa78cb6d8 |
| SHA256 | 2ef8877d072b00bc001b5eac1521382700ada01ee76c7faf8606ce1317401e7a |
| SHA512 | 7b0f1764a6b84cab09533af22a28e783d4c0f4b85261027b85704db9b9ae06731f82ac7cdf1e5774f1fbda70365ba64a2cb4de9be706ef2274e043e0399ab555 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18b0198006c0804068c16c9f255ceff3 |
| SHA1 | efd9452dc5d9093f0938605acb8c6d1f0e1f1f61 |
| SHA256 | ede19b0b3f4052450274493f9a89af03980fec49ea2588692522b03cb9f5be70 |
| SHA512 | 4f045ab08061a9d4b75b54350b9072b6eb1e5a117a7b9ae35b603c98ef789c21bb78fd561ed0624d8d792faa80a3465cd1fb166737ff21710e750312b2f5ae1c |
C:\Users\Admin\AppData\Local\Temp\7zOC2818658\xml.js
| MD5 | 837efa6cbae0c226509b3f496c20660d |
| SHA1 | 1a6263d04cd8eea94e31583611a9c7246351482a |
| SHA256 | 01896b21ba9fe9106316197da8118596101b966d4597aa794720f2561cbe15d8 |
| SHA512 | a2787c69cd3989d239cce372fe141dde121caf8a637843413d590f4ff77941f10d8a8f8590bbfdb2255e97528289a7673e5377e469bedd8f63135ef70c12a46a |
Analysis: behavioral8
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win10v2004-20241007-en
Max time kernel
92s
Max time network
145s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\dockerfile\dockerfile.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
156s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\csp\csp.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
144s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\html\html.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win7-20240708-en
Max time kernel
121s
Max time network
128s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\ini\ini.js"
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win7-20241010-en
Max time kernel
122s
Max time network
128s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\java\java.js"
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win7-20240903-en
Max time kernel
118s
Max time network
122s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\less\less.js"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Tut PT.5.zip"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
145s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\handlebars\handlebars.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
158s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\less\less.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
148s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\lua\lua.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win7-20241023-en
Max time kernel
122s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\markdown\markdown.js"
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win7-20240903-en
Max time kernel
119s
Max time network
125s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\msdax\msdax.js"
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win7-20240903-en
Max time kernel
119s
Max time network
127s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\objective-c\objective-c.js"
Network
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
137s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\objective-c\objective-c.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win7-20240903-en
Max time kernel
122s
Max time network
126s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\css\css.js"
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win7-20240903-en
Max time kernel
118s
Max time network
125s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\fsharp\fsharp.js"
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win7-20240903-en
Max time kernel
118s
Max time network
120s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\go\go.js"
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-11-09 20:20
Reported
2024-11-09 20:23
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
154s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tut PT.5\Monaco\Monaco\vs\basic-languages\java\java.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |