Analysis Overview
SHA256
d079571973a6fafa5267570cdf2bd8fda075553b2f0bfd5c644b214286595b26
Threat Level: Shows suspicious behavior
The file Hone - Installer.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
ACProtect 1.3x - 1.4x DLL software
UPX packed file
Executes dropped EXE
Loads dropped DLL
Command and Scripting Interpreter: JavaScript
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 19:46
Signatures
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win7-20240903-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | analyticsnew.overwolf.com | udp |
| NL | 13.227.219.10:80 | analyticsnew.overwolf.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\nsoB0E9.tmp\UserInfo.dll
| MD5 | 1dd4ca0f4a94155f8d46ec95a20ada4a |
| SHA1 | 5869f0d89e5422c5c4ad411e0a6a8d5b2321ff81 |
| SHA256 | a27dc3069793535cb64123c27dca8748983d133c8fa5aaddee8cdbc83f16986d |
| SHA512 | f4914edc0357af44ed2855d5807c99c8168b305e6b7904dc865771ad0ee90756038612fe69c67b459c468396d1d39875395b1c8ec69e6da559fb92859204763e |
\Users\Admin\AppData\Local\Temp\nsoB0E9.tmp\System.dll
| MD5 | 51bd16a2ea23ae1e7a92cedc6785c82e |
| SHA1 | a9fbaeb9a695b9f2ba8a3ed8f0d95d2bf6a3d36c |
| SHA256 | 4dbc79d2b1c7987cc64bb5d014db81bb5108bdd6d8bf3a5f820fac1ded62be33 |
| SHA512 | 66ffc18b2daf6c4cba01aef0e4af2f006a51aa218eab0f21dc66e47eea0389d2b1748ef0e30d2ec9f0123fd7f38ed3aee964dd6bde5779aaee19ebf55369af79 |
\Users\Admin\AppData\Local\Temp\nsoB0E9.tmp\uac.dll
| MD5 | 861f7e800bb28f68927e65719869409c |
| SHA1 | a12bfcd2b9950e758ead281a9afbf1895bf10539 |
| SHA256 | 10a0e8cf46038ab3b2c3cf5dce407b9a043a631cbde9a5c8bcf0a54b2566c010 |
| SHA512 | f2bf24a0da69bbe4b4a0f0b1bfc5af175a66b8bcc4f5cc379ed0b89166fa9ffe1e16206b41fca7260ac7f8b86f8695b76f016bb371d7642aa71e61e29a3976eb |
\Users\Admin\AppData\Local\Temp\nsoB0E9.tmp\utils.dll
| MD5 | c6b46a5fcdccbf3aeff930b1e5b383d4 |
| SHA1 | 6d5a8e08de862b283610bad2f6ce44936f439821 |
| SHA256 | 251ab3e2690562dcfcd510642607f206e6dcf626d06d94b74e1fa8297b1050a0 |
| SHA512 | 97616475ef425421959489b650810b185488fcb02a1e90406b3014e948e66e5101df583815fd2be26d9c4d293a46b02ba4025426f743e682ed15d228f027f55c |
\Users\Admin\AppData\Local\Temp\nsoB0E9.tmp\INetC.dll
| MD5 | 87050902acf23fa5aa6d6aa61703db97 |
| SHA1 | d5555e17151540095a8681cd892b79bce8246832 |
| SHA256 | 0ecf8b76a413726d2a9c10213ad6e406211330e9e79cfde5024968eedc64a750 |
| SHA512 | d75d3fc84a61887ee63bad3e5e38f6df32446fd5c17bedce3edca785030b723b13134b09a9bbbbaca86d5ea07405b8c4afd524cc156a8c1d78f044a22dee9eab |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\cmp.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcad9f46f8,0x7ffcad9f4708,0x7ffcad9f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,18308076656601322309,7574099371898510613,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,18308076656601322309,7574099371898510613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,18308076656601322309,7574099371898510613,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18308076656601322309,7574099371898510613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18308076656601322309,7574099371898510613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,18308076656601322309,7574099371898510613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,18308076656601322309,7574099371898510613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18308076656601322309,7574099371898510613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18308076656601322309,7574099371898510613,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18308076656601322309,7574099371898510613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,18308076656601322309,7574099371898510613,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,18308076656601322309,7574099371898510613,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content.overwolf.com | udp |
| NL | 18.239.83.121:443 | content.overwolf.com | tcp |
| NL | 18.239.83.121:443 | content.overwolf.com | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d22073dea53e79d9b824f27ac5e9813e |
| SHA1 | 6d8a7281241248431a1571e6ddc55798b01fa961 |
| SHA256 | 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6 |
| SHA512 | 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413 |
\??\pipe\LOCAL\crashpad_3676_QELVGNZUVOIKBGDM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bffcefacce25cd03f3d5c9446ddb903d |
| SHA1 | 8923f84aa86db316d2f5c122fe3874bbe26f3bab |
| SHA256 | 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405 |
| SHA512 | 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 07633be3ebd6c7e73830e0937f98fab2 |
| SHA1 | e97825fde68231daaf8df8b97d414b45e466d65f |
| SHA256 | 17b4f094cd36ef1a21dac1fe6335532cab60da7ada739e944df716cf751c1461 |
| SHA512 | 5b8d67197f8eeab64d928f32b7944352b5784079aa24537218f2b5aa69e96b32b86fc593a5550325b7de0f3b508591b0238c76504bf1abd85803854a6efa35f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d9798409555305a31cfc1deb05cab4c9 |
| SHA1 | 0f9b4ea892f154fa68849fb40c0de8ba8badfeee |
| SHA256 | 923ce37b880445731f9213f85f7c128c6b9be7a1a0f52914d81f35ec64a304d0 |
| SHA512 | 21bdc67cbd56e726bc35e2f018f22cbe9e6c3b652aa943c24f4fe801038943e4065b5cc464abebc9675f4907f47bd8f2ea76ebc332295365332344488f2a0d5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f7c5ff945b12500314acfebe93f03d63 |
| SHA1 | 52aa30dde47976824d7e805bc3096439afe4b177 |
| SHA256 | d2cf6453975f04a07b5a0cbbffa4aae307b13bfda885ea027294c0fee421d650 |
| SHA512 | 2ef5886c47b56d522d770160d0e98cd19006c508570e3a854d73452bcce236b53fbd243cd64d5c0660a0852c657555b131c2c3608c22bd368e24309df2da34d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a1bf09d566266dbeb07a439a860cc06a |
| SHA1 | 9a24485fe5ec2f33c62e1c5ab915270d0458d530 |
| SHA256 | ee8f0225d27c1b6c8debb0bfdbbc31340b0f1ac020128d205f21648ecc9d788c |
| SHA512 | bc06e5b1b2b231e84659e43a5b5b09c86513be43de143ed779d34b8d2739635aeb7b5907e9b45e96d9ee88027ce0c377528ede0b63a50cf972562c651e00ec06 |
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win7-20240903-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\app.js
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
140s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\libs\jquery-1.10.2.min.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win10v2004-20241007-en
Max time kernel
95s
Max time network
135s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\analytics.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win7-20240903-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\utils.js
Network
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win7-20241010-en
Max time kernel
73s
Max time network
19s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\cri\cri-controller.js
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win7-20240708-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\block_inputs.js
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win7-20241010-en
Max time kernel
13s
Max time network
19s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\models\notifications.js
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win7-20240708-en
Max time kernel
121s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\analytics.js
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win7-20241010-en
Max time kernel
117s
Max time network
132s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b960000000002000000000010660000000100002000000050b3f9e17257659cbcc9767e78781e6e3aa8246ff8dfbf161f43ec96e5181403000000000e800000000200002000000091184ab45bc6e3e83365fb91ed88016c4803c3dd13233db4e26d182606394b8a200000007832db38259d80d8373dc14ea9d60fd6c53b996d27b92eaac1c6223ca17869aa400000002392e3e4edf4ee281b85d22025e2891834e9fff207ed4918f3aaa1b3083d714abbcdba8c86600a07299b40d202d565332b8134dbfc956a5b6a64718363788785 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{548CC371-9ED3-11EF-807F-4E1013F8E3B1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b9600000000020000000000106600000001000020000000636f99c99d851f544c31de99ae75a741cdf1ce498e2c183005c03150763e8479000000000e8000000002000020000000857248d6195f4b7a3c76306e41ba0bc7b2c64f732612b47bf7a4c4d2074fe3279000000013709b76388ec69f09fc9614dd1f771a7afda129ca31ba68cb8bca7889838291d369161d52825afe2113af9785d6bcfda8909bf5dae475faac6331fa7a544529f05ad8c4d908de02f362c72c5cbfe2ec057fbe7e9213d055317cad57f6af61055f66dc92dc39c37c46c6404d38c40728ed1dbea7aab575ddba19b894d0db054632b3df76e9b1dcf62de3d9ad94447e2c4000000019e3b45340a2161a7e2593d9c5b81ae3322a20e3fd11d00329d122735280c0911adaa192023cc757b124ba978e81bcd70c1269c34c54171a5011747acc4cfbd0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0470229e032db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437343465" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2744 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2744 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2744 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2744 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\cmp.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | content.overwolf.com | udp |
| NL | 18.239.83.76:443 | content.overwolf.com | tcp |
| NL | 18.239.83.76:443 | content.overwolf.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 216.58.212.227:80 | o.pki.goog | tcp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| GB | 216.58.212.227:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | ocsp.rootca3.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.rootca3.amazontrust.com | udp |
| NL | 18.65.41.80:80 | ocsp.rootca3.amazontrust.com | tcp |
| NL | 18.65.41.80:80 | ocsp.rootca3.amazontrust.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab29F0.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2A8F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a343d27be6415fa8fd01df7551a552fb |
| SHA1 | 4c8a352c0808df1c58c95b6effc7e7621eeb2d48 |
| SHA256 | c182fe622268088fec7a973e728ee87c4ad86a2cc762e61f2d1df90efdc81697 |
| SHA512 | c07647d4c9d456a4814895e79d7e837c11bb5d7c3c5af703b880c7bdb9e4d3dd37cc1e9326b59d21f6b0a325f32d64c8553c0b61fb86b1ea2ee15b0eae62c64f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d72461723a7b2c2ab30e458eca5d32d6 |
| SHA1 | 14745a376067c8ff60afbed86ba1aef983a4da92 |
| SHA256 | e59574217525938b2c726f4ec69d7a5bda2a0283121e48ff18885237e5385862 |
| SHA512 | 446a3e1511d0821333ed3cb73454e0e2eb246cfe9e49b8eff7cf950ddf4f2b6b0a4d77c8c2bbc7f87d34f06d74fefe6a72cf05d9834523d524108a77994bb524 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8bc4f245f74564ded01756fe1452b84 |
| SHA1 | 3903a79f6455d622b0d7b3e549e678c0cd1c8721 |
| SHA256 | 063428c8581fd44d7320a8e33913b8eb0c4b2987ff6bb0b3405487c6cbd84dd2 |
| SHA512 | a5dac027e8a2ca388bdc8eb3f8955b4c2a60df03ccb32dd281b37adabf01de6723a15c6ce60b1518ea2d1d9f72a4fc89aad1b67872e2f0353e117f3a8e322a35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e000166988f25fb20c1a4debc0e7bcb9 |
| SHA1 | 4f0a9e85d9b13f792920fd9ec692b262258d3ffa |
| SHA256 | d996b28870da643ca38bcb78998e8b7bb161b73aa28bae64030a9d7b3aeae63a |
| SHA512 | 09e6d622b40d8d76bf7d13dbef3ef16db3704092c955c05c41698f697237b882d0c5d5809e2e27ae87371b9c9bbbe289e47de63878c4944f74e24d1002e3472e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b3921cb48bb45f1c8b7f77efb60396e |
| SHA1 | 04f1f79ea0da74feeec80f6a228b5d197bea8be7 |
| SHA256 | 8ed2406dffa74eb224a174ceddf549a0dfb3c62a2592b72da922ce8c1503d34f |
| SHA512 | 934fad7e1a51b2b4ce95fcbe82c0a8a37a91c8b860157228930f19dd3c8a3f238857b89b5a0b97e539a8499d1d782d57d717660136aabe973051c3e4822793fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a68db56ecf35a2c330a6f70903a0adf0 |
| SHA1 | f7094a4929fc28a0f19779fa70b032e2c04f71a1 |
| SHA256 | 19e33caba3f56d0b1c86354782a1606e217e44799d6d35fe05f3eb208fb136b8 |
| SHA512 | a4ac41964acb5bcb0e1aa35ca7107637edd56c254b63eba769f727605a1db8a4e6c3f7b2487c1c165282de6d7109e3c81a95c964a1a57c5aa96b9d2f2b008000 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47807d933a5933f03b802efeb7beb448 |
| SHA1 | 0a55205f206aff64b479ebc89a0fa07ac4edbe2f |
| SHA256 | 10a347133fa1d0f4049f8956b4d8e019fb9a414eeb2d606a119cde5feba771d6 |
| SHA512 | 7209d57bd2d99d6bcaf695a4b96c516dca657929200673fd66d8f4bf96a634047051f6cc72f0e24853b47c3c848cdfd08f7faf0cec3d9308c5921a030453c0d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 854e5db739845b0086c36fa7ed65f9c4 |
| SHA1 | 028e1075333ef7d8160d62c5231235f3a2854190 |
| SHA256 | e50d8ebace7605b5e502f1542df3c5f9d20413d06d3e759a1534e5ff22e1f612 |
| SHA512 | 0f1149673e6c260eaf1f578f39b29abf8ded50511f7d8a2de99961a8930f76cac2783346c06b81694ee7123acc56c6ba2cca099435b2892a1705b1f7ea01af0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9721433027386b8e125c602d295f746d |
| SHA1 | 173b0aa0d59bf7eae8687eecc6b090544a167e40 |
| SHA256 | fea3d6a5d659d4a64c2b0a9e3469e0f4554173a54fd39d0e538bb39e3b07cb62 |
| SHA512 | 466b3f2dfe8c29ca20c3b5e4c5c899a57d3bfcaac2790a4ab64bd917e194402b66612f4eed13a5ecc0b8d7dc7457dcdadad9da3772b416d167dd7d38b645a34a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5765c180ee702365bf26eb10f643a2e |
| SHA1 | 17cc7662ea98e75c896f566a0fe1aee42f3b249e |
| SHA256 | 2174dcc6375175635d488bd1d7dc0da7fa451241d59c0ace4c483cb2f30112b6 |
| SHA512 | 02eb39a6c90b335a74519689ef851c41511a3009089e53e2248c9bba9118a069c4d32b9f23d1227f8c49a18990e731b5bacd46c4ca18a7878666c390b3ef8fc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d508ddc391e4959b5b46ba4895026ba |
| SHA1 | 0e6539f1f9402b9ba15388dc46d08dfb1ee6cd1e |
| SHA256 | d95d6e5eea2b052d2f18321c2c8a6a327e7fe369572868db7da266797a012c0c |
| SHA512 | 73739bf001d0d6aa8d400316d8be45d389d977a649352d6e988fec8ceb290ffbc5849debceb06bcd0231cf79a4afb81c42ab4c5722900035cb7b66f21c0b6c26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 644be64be026e177530e4c9cd9ec5f86 |
| SHA1 | 53ef7467d8acdd4b0cb06fed00ec18a56a87c298 |
| SHA256 | 69ba7416e2ffe1f79bd7d16c564a8d2949b99316f31bfbbe301ed09bd68d98f5 |
| SHA512 | 134e48d317c3e29c6fe87f12871aa42926f33db21813e4dd5077659b2c3ba9846113f80976a6dbec6edd5476847ac48785892fcc117701cf39ac0c944f3ebbef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e56a42803a18bf7182de7af03f7c802 |
| SHA1 | cbb77be6e6409761a0b4f525d41327cf817e3514 |
| SHA256 | bbb37c72625cb24851a91a98364b996577792e7286f611a5886dbbd7a09e4c81 |
| SHA512 | b0883ddc03e668e9992991724881ea05fdfe97aac1e1b20b7468a6113fde065417c0e83380602f924aab23b512e02bd2349af0f3608f6362179338d2a4e8ee98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27c0d4f65e037dda7995eb490da3435b |
| SHA1 | 96c8a25c9a46c19f944deee0f7f4a54a2f83999b |
| SHA256 | 90601f3747c97e63eeb3408d7b4a0a338fffca02d4d642e4e6d0beda349a153c |
| SHA512 | 09a85d6abb91dc6987c910f175689258f65ed42f67bdfaafa41cdb1a1c376d91c1ff806edac076225976a0a9bc9aa6b011289187d7438f6b2dc79cbabc981120 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad017123c6b0d39f230e488083538583 |
| SHA1 | c271892fc1090a20a29724ff1200f5b60dcdd9e5 |
| SHA256 | eb0aceaa7fbf02e546bcf708b138ead92a3909a286f694e1510936feaa73b3b4 |
| SHA512 | 6037518f47e97d198fb0f3ee4527d59402c1ee038badb9ac0ce0a6b3cdfcd847e03a9c841b209f3f5f25c9f53d8d4c31a72abb2f242f050e1167eb749c04e0ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c6876e402d2f4c9e852a04fb39aec22 |
| SHA1 | 18efb052ea0b54321cacfa7d133af01d029e9821 |
| SHA256 | 880905cd2cb43829173d59c558f5e956649fafd4d6e5c739177be07863e96c1e |
| SHA512 | d40ff5e77a6f9c265736ed7e090534505bd97d3d6b1e51920810b7955d333bcb708eb2c069196289fb465312791c160a9b95064c0f2af86264a18eb8fdda59a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e6844c610a7357a8a4f5cc9a1b93c31 |
| SHA1 | 95528e342005a6624d338e757196017ea62e0d2a |
| SHA256 | e1f180bca3193f5866adda2d3017529a7ae2da5e59426efc0f6662ce4ed028ce |
| SHA512 | 084d7bb2977597ef537a6406a59ce28df0f413a29b7b476128ba3f82284ca9bf8ebc5a66fcb6560b5eb6f61afc096d05111dac8b225bed90efa7d58de6e8ec1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 2dfcb2ac1952afdcb4a83f6f340dd90e |
| SHA1 | 11614da59a573309ffd3ae5e307144edaa49cc49 |
| SHA256 | c782776bce5ceff0fc371e976da2c8e559d84695709d88d023150357a5690864 |
| SHA512 | 2aaf3da88c5f1adbee0c6f001a7bf22a376cf11e2285272687de117766e9fdcd77bb4d2c8d6f2aa50f6a475ab109cdc9614afdab0b828264c1a316e4ebbe4865 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70b17c77310aeeda1637bdfd45468c94 |
| SHA1 | 23d2c0bdb7b188b748c0e7bca615728121c466ce |
| SHA256 | 8cc57f104b9cf273bbd89a13f326ccdc54e8826f05b74e49e7a5ced6a92a3e1f |
| SHA512 | 7091e850da5da3e9bd0789449dae536c52e7f4f25f9833e517b0f901b329850ed6ed4377bae6de4f11fa8caeb5785cd905eee975fa814a0fb83c89070e48925d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 226462fa2fefbd1060b19bea628f835c |
| SHA1 | bb2c7caee6cf46bd743625105fbd41f31938ec85 |
| SHA256 | 69f06a47893c7d67d80fb032f90935631dc41cd0ce4cc0c80dcf2bfaec2675c0 |
| SHA512 | a1f75805fcee8e38515baa610cb4b1331de26864818c2b5423ff06a19ba9305f9b04b7ab9b7358671c9b17ea3a3e731d16d781df113454df26e2553035625dba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cea6d1eaa493bdfeafc1a2c5e2f092d |
| SHA1 | b9c9778c9acfa891ab58420e9390642e377f65ed |
| SHA256 | 0931254dd421a34cb4b4066028dee684b9d3e2cad6d78ece1951e421736f0b9a |
| SHA512 | 35b4c7bbb3514cf95c9a5078df8e9f9b96f394f05773929c92caea774a532221b2bab92a2e39c3aa1542ce7cb66ffc91debdc7eda4a680fb7324ac7e94d6c83e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2829afda6e60937ed7db29c3b0f1a28a |
| SHA1 | 797d8cd0c8a87cca3bcfb9867080aca68d5ca7a7 |
| SHA256 | ccf6b4a68a7c2db9f852527329536f1b07ce616c2760a6dc3f21a48b5012f857 |
| SHA512 | d70af2ac50b7f695c530fc457e73627260c48550f42e3226ea5d5048c13e34b88b55c770287ad5314543faa50a3a046abe953bca5741e310f37b2c041f1aaca3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c79705ebf97bb6856212b1afec1e307 |
| SHA1 | 3977eb095617545b427243c3004d5d02cfd83995 |
| SHA256 | e5926162be659bbd934bb7c7a92842e7e4e77a1cef423f85afe1781d42687853 |
| SHA512 | 8c12fbe1117aeb98d4c0d4f80fd59b2d89f6cbdc712720d6da69655faf688ff5ad67e7e395eee99813928b704b556d1f41a3f25a5c9bd06190e774e6573a3926 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 1535b3870fca38637fbc40a9bd8ce346 |
| SHA1 | 88319c0399864c18a07a2c2cac52f371ef539dc1 |
| SHA256 | 33827a61f919b1a98a4e9e3685b703140875603fcae32759d629da735ec2a7f0 |
| SHA512 | e3e7dc3fab5211f178bd9719f625050425111f68ef18c680465c2338897abc0172a7306d1b651ce5cb525393aa5475e939bd9f5d9c8576d7930d68ecc4d6bf93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c937c8ef83c1f9dfc95e7635926f669e |
| SHA1 | 37fab0974f1928b785fb0167907b474eee9bfbeb |
| SHA256 | 93febeb266ae1e394b80720ffe70c8959e05cff3dbfab90cf1353ac91d21f12b |
| SHA512 | 483269318aa59a714caa9636a7bb2cde4c759c8406fe2e30efb94d328010f17e7bd57ac2bdb3592f4db5321776bcc1c4f63fb2cd810a3a0bc95311110dca4e4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee42ff1180668ac20eec644c2bc8228d |
| SHA1 | f6a5c2c3b746748712bea9dfbd01fe1cf0518b21 |
| SHA256 | 24e956678d788ec9fb4910d4d6b22d135cb5dd1d156b99b33729fde14d97b22a |
| SHA512 | 5630109a4c948e330a5916ac7be9a39c1bc7270e1ac5ec6b7e6d4272a5b09345a890262c4ac954ee1e25b89bdb7dabbe017d79e7f0a7e3209cf161656ad111c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b04fd59897282958ffa499dc8e6f73f |
| SHA1 | 97b2ba65d1e1f6fb7bc2bf3c6498db5b6ff376f3 |
| SHA256 | d4bb87cbdb4bd9592246800e1cc860977fbaa361cff8070da57eea7fa07402a4 |
| SHA512 | abaec1f9b2e2b02fa710df2de846ba0e184da0836acb9e563d44224bda263f54b4f9cc0f143db723bbc8bdb6baf6487a5dda350a7308a948f8b72352a450b89e |
Analysis: behavioral8
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\app.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win7-20240903-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\libs\jquery-1.10.2.min.js
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win7-20240903-en
Max time kernel
121s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\cookies.js
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\modal-events-delegate.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
136s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\cri\cri-controller.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win7-20240903-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\cri\template.js
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
134s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\models\notifications.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\cookies.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\utils.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
140s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\OWinstaller.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\OWinstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\OWinstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\OWinstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\OWinstaller.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\OWinstaller.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\OWinstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\OWinstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\OWinstaller.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 5020 wrote to memory of 3856 | N/A | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\OWinstaller.exe |
| PID 5020 wrote to memory of 3856 | N/A | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\OWinstaller.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe"
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\OWinstaller.exe
"C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\OWinstaller.exe" Sel=0&Extension=mgkabooemhaamambocobpeoeelpadcjhjgbcfhlc&Name=Hone&Referer=hone.gg&Browser=firefox -partnerCustomizationLevel 1 -customPromoPages --owelectronUrl=https://download.overwolf.com/setup/electron/mgkabooemhaamambocobpeoeelpadcjhjgbcfhlc --disable-change-location --disable-ow-shortcut-ui --disable-app-shortcut-ui --enable-app-shortcut --eula-url=https://hone.gg/terms --privacy-url=https://hone.gg/privacy --silent-setup --app-name="Hone" --auto-close -exepath C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | analyticsnew.overwolf.com | udp |
| NL | 13.227.219.10:80 | analyticsnew.overwolf.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| NL | 13.227.219.10:443 | analyticsnew.overwolf.com | tcp |
| GB | 142.250.187.238:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\UserInfo.dll
| MD5 | 1dd4ca0f4a94155f8d46ec95a20ada4a |
| SHA1 | 5869f0d89e5422c5c4ad411e0a6a8d5b2321ff81 |
| SHA256 | a27dc3069793535cb64123c27dca8748983d133c8fa5aaddee8cdbc83f16986d |
| SHA512 | f4914edc0357af44ed2855d5807c99c8168b305e6b7904dc865771ad0ee90756038612fe69c67b459c468396d1d39875395b1c8ec69e6da559fb92859204763e |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\System.dll
| MD5 | 51bd16a2ea23ae1e7a92cedc6785c82e |
| SHA1 | a9fbaeb9a695b9f2ba8a3ed8f0d95d2bf6a3d36c |
| SHA256 | 4dbc79d2b1c7987cc64bb5d014db81bb5108bdd6d8bf3a5f820fac1ded62be33 |
| SHA512 | 66ffc18b2daf6c4cba01aef0e4af2f006a51aa218eab0f21dc66e47eea0389d2b1748ef0e30d2ec9f0123fd7f38ed3aee964dd6bde5779aaee19ebf55369af79 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\uac.dll
| MD5 | 861f7e800bb28f68927e65719869409c |
| SHA1 | a12bfcd2b9950e758ead281a9afbf1895bf10539 |
| SHA256 | 10a0e8cf46038ab3b2c3cf5dce407b9a043a631cbde9a5c8bcf0a54b2566c010 |
| SHA512 | f2bf24a0da69bbe4b4a0f0b1bfc5af175a66b8bcc4f5cc379ed0b89166fa9ffe1e16206b41fca7260ac7f8b86f8695b76f016bb371d7642aa71e61e29a3976eb |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\utils.dll
| MD5 | c6b46a5fcdccbf3aeff930b1e5b383d4 |
| SHA1 | 6d5a8e08de862b283610bad2f6ce44936f439821 |
| SHA256 | 251ab3e2690562dcfcd510642607f206e6dcf626d06d94b74e1fa8297b1050a0 |
| SHA512 | 97616475ef425421959489b650810b185488fcb02a1e90406b3014e948e66e5101df583815fd2be26d9c4d293a46b02ba4025426f743e682ed15d228f027f55c |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\INetC.dll
| MD5 | 87050902acf23fa5aa6d6aa61703db97 |
| SHA1 | d5555e17151540095a8681cd892b79bce8246832 |
| SHA256 | 0ecf8b76a413726d2a9c10213ad6e406211330e9e79cfde5024968eedc64a750 |
| SHA512 | d75d3fc84a61887ee63bad3e5e38f6df32446fd5c17bedce3edca785030b723b13134b09a9bbbbaca86d5ea07405b8c4afd524cc156a8c1d78f044a22dee9eab |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\OWInstaller.exe
| MD5 | 96b9f5a2097f2b1ae676451aa710c8de |
| SHA1 | 9b722af7cc2bf69216c79b01b6a498853d501baf |
| SHA256 | 51e86163bbddbba889feb7c5e3eda87042bc0d193cd187f094730ab767245a66 |
| SHA512 | 19905d581f71cbc176198d75b36e5cffd3ec5d2382a1e1582d478c0ff73d073fbef39d7ad79d708285dd4db4e56faa789cfa25e65f74011b0d786aeebdec9df7 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\OWinstaller.exe.config
| MD5 | 82d22e4e19e27e306317513b9bfa70ff |
| SHA1 | ff3c7dd06b7fff9c12b1beaf0ca32517710ac161 |
| SHA256 | 272e4c5364193e73633caa3793e07509a349b79314ea01808b24fdb12c51b827 |
| SHA512 | b0fb708f6bcab923f5b381b7f03b3220793eff69559e895d7cf0e33781358ec2159f9c8276bf8ba81302feda8721327d43607868de5caaa9015d7bb82060a0b9 |
memory/3856-134-0x00007FFC7BA43000-0x00007FFC7BA45000-memory.dmp
memory/3856-136-0x000001CB2CB90000-0x000001CB2CBDC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\OverWolf.Client.CommonUtils.dll
| MD5 | cc208a83fdf244bf8bd73c163dac39f0 |
| SHA1 | 5ffdd23728051c20850cdce7cc4d5970b5321323 |
| SHA256 | 6bb4b0ec3d131f212d0f0ded7788feefa1dce1c312ae1aaceaa0db3e73acac79 |
| SHA512 | 6cb09449120bcf76e144dce74efd54f88fda7c1f7c25ed61e1bf4127607bb312bc020c0ba29fc70ab001a886949e0faa67bdd609fd38bba8e119e218e9fba46a |
memory/3856-140-0x000001CB47030000-0x000001CB470D4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\CommandLine.dll
| MD5 | 42b8558275c6838bf25616b05f5b1cc2 |
| SHA1 | 352cb161808e3cc360ef5ef67d3559d258f23448 |
| SHA256 | d98011873f275393db4810ca9ffe5a066c66cd157fa1c2d46a312824e86fa6f6 |
| SHA512 | 38266c98b3a86ef373298479c8b585ebbb66f52099812e29faf25a7e6e2d12b3896d69db72a9f65becbf8e2b643c2664a3c09275265a1e15622076de70d0afc7 |
memory/3856-142-0x000001CB2E870000-0x000001CB2E884000-memory.dmp
memory/3856-143-0x000001CB47610000-0x000001CB47B38000-memory.dmp
memory/3856-144-0x00007FFC7BA40000-0x00007FFC7C501000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\log4net.dll
| MD5 | f15c8a9e2876568b3910189b2d493706 |
| SHA1 | 32634db97e7c1705286cb1ac5ce20bc4e0ec17af |
| SHA256 | ae9c8073c3357c490f5d1c64101362918357c568f6b9380a60b09a4a4c1ff309 |
| SHA512 | 805cd0a70aba2f1cf66e557d51ad30d42b32fbafcfbc6685ec204bc69847619479f653f4f33a4e466055707880d982eb1574ddab8edfa3c641e51cda950e2a0e |
memory/3856-146-0x000001CB47230000-0x000001CB47276000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\SharpRaven.dll
| MD5 | 96e7c0177c15bc7a157c51612f3369bf |
| SHA1 | 1e89f4bc3fdb3cb1724ab0c283195b6aebb1532e |
| SHA256 | 50532b392723aeff6f3e20c5196a8c4bb5865d1ff7d537fc9c27af6aa24d6e2e |
| SHA512 | 929b0b6b60bc0734a9858943af4645bb1bcf95a3f00fad01434997f89c7a2e816d5d8b612744dcb62fff354e5253abfe4c11c252e1fa825cef4a764559c0d432 |
memory/3856-150-0x000001CB471E0000-0x000001CB471F8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ow-electron\InstallerTrace_2024-11-09_19-46_3856.log
| MD5 | bb56f6b2ceae0db8a237568cea436d46 |
| SHA1 | 3750018aee9bf16afbcdf7008c02eda89da6d4b7 |
| SHA256 | 95796ce4456d09f17c819e89d5c022afb3810d55a6eeed4c5c1fc858727391bd |
| SHA512 | 0431261475deaab8569f1b2b1fa01e737c1e0d92c7015c4a23377c8dc12739f01e07c3950c4e9c818537bd34cac3cb5d1563fc92b0e821169c16f3c47e521cd7 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\Newtonsoft.Json.dll
| MD5 | 98cbb64f074dc600b23a2ee1a0f46448 |
| SHA1 | c5e5ec666eeb51ec15d69d27685fe50148893e34 |
| SHA256 | 7b44639cbfbc8ddac8c7a3de8ffa97a7460bebb0d54e9ff2e1ccdc3a742c2b13 |
| SHA512 | eb9eabee5494f5eb1062a33cc605b66d051da6c6990860fe4fd20e5b137458277a636cf27c4f133012d7e0efaa5feb6f48f1e2f342008482c951a6d61feec147 |
memory/3856-161-0x000001CB47480000-0x000001CB47530000-memory.dmp
C:\Users\Admin\AppData\Local\Overwolf\Settings\SettingsPageBasic.xml
| MD5 | 74bd16020b3525f67ae551d0e3098519 |
| SHA1 | 8de8092e87d6fc3ea4f724fcab25185e4783a0d7 |
| SHA256 | 2b00ef73cd9d76c17fcd76edbf3916c513cfdba12f949cc3c447e682936092c1 |
| SHA512 | 4f3b545a5c2ce7ea21584a72894ca2a06b61d379d7d11f7ded7b4feedf52918c4d130f2de3b6e127828b827c9fbdb21cc4dd1054ed67693c117605c38c21bb24 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\manifest.json
| MD5 | ffd488977307f71e9444b598d3a22e07 |
| SHA1 | 1e4b34b1ff3a838ccb765089d904f9c9076f91f7 |
| SHA256 | 37e4f5ecaa49a064560abd3b4d6b680c42715287a0140a8920d2bfb147ff1f38 |
| SHA512 | ab9b93a76090665ab03002dd448bc6542e6fa647f92f64703a618d34b4fa845b80ffd93038c825373f85eabcf0b6beb6bf436ac0feb872e9025d39daf4b0e1f4 |
memory/3856-179-0x000001CB47400000-0x000001CB47422000-memory.dmp
memory/3856-182-0x00007FFC7BA40000-0x00007FFC7C501000-memory.dmp
memory/3856-184-0x00007FFC7BA40000-0x00007FFC7C501000-memory.dmp
memory/3856-187-0x00007FFC7BA40000-0x00007FFC7C501000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\images\icon.ico
| MD5 | 9a03fbfd56d8e501797359aac3d72ed1 |
| SHA1 | b31e87a87486c00f9266559707e2cae4831f9d44 |
| SHA256 | 81c69b545c347e1708603fb912511d8eddf755cb27f37fdc6a6fd959c6cfb94e |
| SHA512 | 29eb96fe4bdded257f3330672b1f9f2086c28e1e863a093a6fb750b6e59210b47b5ed481e3828442f38c5c6d63ef37709716af1e3913afdf37bf8e574f976fb4 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\index.html
| MD5 | 6d8c9edde0ce101ce0abd73be45c684a |
| SHA1 | ce6d94d2d1a7f4761438781affd3aa991018e4f5 |
| SHA256 | f15c54f4ac4f55bcfa281b668220eb144e63b9de2292e970095a4dc566209682 |
| SHA512 | 06f35ece48e4e19174da18ecc5dcac3a7e4d7ffbb102c4859221c7c569027ca72e40c9ed945872bf4396bc02ced7ae46655c88e3ec40d0a2f2e3bd0fcec80203 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\windows\main\main-controller.js
| MD5 | 15b665a5c915004e1aa7e9e11a710f7e |
| SHA1 | 7821924e42bb19d60c572ff80bbaaa04d7aaeefb |
| SHA256 | 84dc33e2eb3118fc77a38b0ca53af42c53f6eb85cfb1e8737dbe39fa03515653 |
| SHA512 | dd47f7bac0dbaac714e6d2fc91b4c24756ca4acb70bdbc4b54cd5216552d6bb85ba2e1c3c8445c5fb40d116dfab6569945cd74730bb7c8f3cf46e8d08f8afa02 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\app.js
| MD5 | de88fce9253d26e0c61daa1783baa775 |
| SHA1 | 07c5848354a247056baad369059aac9d3c940ecc |
| SHA256 | 993f140f9f4e5cdbdcc657a3c159328bf58b3483dbc27c451516a556763a79ba |
| SHA512 | 71ddd47ef7ed7c02fb31e8ffa2ea6d1b5178dbda2ab37bac208e088c8ba2127e0cf5eaa74ee7ad5809fa69e534853312c6c8775c68aeda63bf0e4a5caefa39b7 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\windows\main\template.js
| MD5 | a118c7724c208f12083240cafccfd10b |
| SHA1 | f89c676a215b869626737862a08c9eb07d440211 |
| SHA256 | 63a43bb08403972d0f4b0e381bd264af14e826e0035242bc1baa9a815956b8fc |
| SHA512 | 9fede79044ae5de7baf5bfba0d5a515ce462a25420026ff45bcf1751e57510023cb40df42d08e880114f62b38ddb218355d5357b725df32a41ae4e6a18414cb3 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\windows\finish-with-recommended-app\finish-with-recommended-app-controller.js
| MD5 | eb6d6bd7e05d4477e2704dd87b57ca35 |
| SHA1 | f42672ec1e23a3f4bcc2952746d87ba8deff44be |
| SHA256 | 5ca97132a258ed1f36e401d70ccb95be2c9e18395e6010c40f61172914477de5 |
| SHA512 | 1402d611f910cf5078e804175fa4693b591348d3e7cf6d0a6bbe026c259eb9e0bc285233c80cb2f4690674c3e927bc72fbdcbe758826b98fd02ecb3ed82e339a |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\windows\finish-with-recommended-app\template.js
| MD5 | d1cb34b57cef7e28b9286454b197b712 |
| SHA1 | f3a964b319bab82d4eda07e126bbfd6dec35c349 |
| SHA256 | b61dfc304b46e8cd95d7b15bb93c6160b30523a1a093397a84fc8b8bed00ac42 |
| SHA512 | 3a07de9c58134edbb7998f85e6d037a0cd066e32c4daa07594a949a7574f5693153bbcdb59739e1a92e847ab1128e2369fb30ba76a7b9cdfa9a37a409db691c1 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\windows\finish\finish-controller.js
| MD5 | 138240ea22084428e9e25583e9156568 |
| SHA1 | e8bef7eab5b6e7040b996ec9504436e073444bd9 |
| SHA256 | 4cb4e1aa25c15ae5f2e63fa4658a8acff0ce63e0f59cb6eb634df2dfe336e2ec |
| SHA512 | e97b81b0ecd964e6e909019353efe4f5582f65763ac4197d754f1c4eea19cfc249900ae597fd33e29f531bb0d1c7e0f010793c59a2b0099fa75ad0b7d01ce8a7 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\windows\finish\template.js
| MD5 | f092de7ea66d8e920b345f38537fa35d |
| SHA1 | 82d107a409f18878307ae0cefe24074db64937c4 |
| SHA256 | b05f111369e12ecb4cdc6526dd554061eb31097aa0de4bd126ddc185b69d922f |
| SHA512 | 14942c0122f216c07595cbaae498f9c4d37a2d0fd95f262c332502befdf4566c7a042c4d85702c1d82a111123dde677096195e9efeb1d74eb1dfd4df84d01a23 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\windows\progress\progress-1-controller.js
| MD5 | 82f0b997ed552c52a510a9f2ab29dc3a |
| SHA1 | 92aec3a656053c71eccdde610130f5d8008fa96f |
| SHA256 | 838bab990ce38372dfedb50eb0a270db705811729630ab8557c08bd1e9e8e105 |
| SHA512 | ecf67f877002d746eff8af3a50155aa381513ddafd17b6bff0188c85f0765579fea0112e82e1371f962b1f5decc94b65e6120f21fb516533dac35a2d541065bf |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\windows\progress\template.js
| MD5 | 92b145e6649ba0add3dee9a69d3fa91e |
| SHA1 | 4db1a45392ec973cc8a7eecf3a30a9a7ecc7a64d |
| SHA256 | a7128a08bca53dd919cab3e5cb4dab31ded7ae2dafc957209b9fdd23f3b944ab |
| SHA512 | 747a087dffdba5c92d9f4c8923615d388b9c4c79d3b71d3cb90487aa37c132290a4f5107eef3055c03eadcb9614e20d4655393dc9251fab7e0ee2438f0d95751 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\windows\privacy\privacy-controller.js
| MD5 | 15bbec339f5046f525e3aa96d36c30ec |
| SHA1 | f73d40bf06584737fe327f1eec6f4b0446545226 |
| SHA256 | 14d9c60cd97f18e74fee2dd80b6a190eaccc526085991f356feb6b4d330a0fc3 |
| SHA512 | 2b0edfd2d5efb3f739e56eb6f3bcfae4789af3e1639f5f8e5f7530f5af10eb1a61464d665c9d9b2f4eb3796f2445108599d8bea75f1709aa562feebee519da4e |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\windows\privacy\template.js
| MD5 | cf8d2c26520d7c84e560dfa79e31dcd3 |
| SHA1 | 716f2ec17480d5cc9c145bc147833fbfc39d36f0 |
| SHA256 | 95c459eae0edccdb94702aea603a097e461daa0e5f37dcd0e30de7df665433a8 |
| SHA512 | d466dcf7e86a4295857020feea281fc89f519f6bf1e79c3b5e1046d0745c9c9010377b1941e06c9a9b2c78a4173ed9909332d5d6c39b05f460e8a863086c895b |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\windows\settings\settings-controller.js
| MD5 | 378c18dd7d5cee6ca7c4ddd0396b535b |
| SHA1 | d5f81d4fab29201fd1629dc4d8e6f918c0c30479 |
| SHA256 | b5c5dc5e0684fd97eb4c45896dc1c2de8a6a6fdc63b6aa83a99103c15787ef35 |
| SHA512 | c29416b3f0245f4826d857dc8c52c969071d2410c945bda96f38f59a9bc7137ee534d84865e5ac55a1e3cea6bb705c5d592725af709cd97e7f38ff05dbaafe5b |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\windows\settings\template.js
| MD5 | 28513de0830383a516028e4a6e7585a0 |
| SHA1 | d31fc3a6f4a3ce6c4afb82ff2342a1ed718809e5 |
| SHA256 | 8014a7c919da249ba2f2196d9c9b62639d20851be426f3ffaef161cbe477c45f |
| SHA512 | 0f7321c2ae13145bb694368dae1b74e6fe20e6b09712da2178bc46e6aa65223ab84c38abbf0ed074c85b42dba1a238a5f3f8d1ae060a0af6df748c5befe11b61 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\windows\welcome\welcome-controller.js
| MD5 | 50f676754862a2ab47a582dd4d79ecf3 |
| SHA1 | 1cb2f4b11f9f8cfc8dc57ff29d0256dec4811158 |
| SHA256 | 6155691dbdd66290109afb91617f9cf68af6bd912991d5d27b922f5faa7f530b |
| SHA512 | ccfc89e08fd36f0a694fcda17efb84ca285b6c62afe2e3a794fdad19b6882a4b618645f4d9171673ba56fb4c55fce336d6b8d26dec3a5cc11293ae2b211f499f |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\windows\welcome\template.js
| MD5 | 17f54fca6723b983875d940d931e0afb |
| SHA1 | 01774cd5cea36bd74c80a708d6f77567e8091024 |
| SHA256 | 42c546e9da748ef76fdab56b96fd511eb607617a9ba37b3dc420148b769d8acb |
| SHA512 | 401df9a54cd14c19227d91bd08b4775a7b437644b4ca0d1d636d3e07b04591f9c5516e80040ae6a79ba400457d15e3d80aa148a63de870a64664fc5a02f7a038 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\windows\cri\cri-controller.js
| MD5 | 4e4b4a9e2d86ae3c108105078db6d730 |
| SHA1 | 826946be793c999316af6c1db10523950b18ea2c |
| SHA256 | cee7fc5a36a01a439125be031923d7e7415ec56194255048098169a0108034b7 |
| SHA512 | 1420065cd000ce9b9c39d27b5dc5f4055f67146e06573a03184649851c9745f0c0af2b5e35b41b5923703dd74e32f9ed95fc59a43db25f854584e319950beffe |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\windows\cri\template.js
| MD5 | 76c1ef0cb437db144c2bed53a5a8a5d7 |
| SHA1 | aaab8fff649f8e46d1e9510018118ee9abe01498 |
| SHA256 | 505d3c4de7d9cf8f0155b5b1a3c8792bc0ca2eda6781b441bd85455f144be22e |
| SHA512 | 822bf9feda91c89539d263c6c9053163e8dfa3c511195bc61a9b608b4687fb4048733323f03dd30a7ab661a4be4acf6c8d8ae7bb6723771122540a9551899c3e |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\windows\modal\modal-controller.js
| MD5 | b04bdfd1c7d09bdbdb94a2455fdd677b |
| SHA1 | f000ba4866ff16d75bfd6cf446763498e19b12b1 |
| SHA256 | 4565ee81ffe222b31982088b1c18850076e3acf59198ebce08118e12cbd87ea1 |
| SHA512 | 3cb6ef0a16309046e7f407e7321eb12212b0eec09ec1a04b1d813f6c7a04546714865c3b398a93985041f598156ed905ebd23a64260801281b29ada9bc19ec5c |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\utils\modal-events-delegate.js
| MD5 | 117e4fdbdb0ecf211c8bd909efd337d1 |
| SHA1 | 9f8684d856b7c95bdffb139217dfd89f41373187 |
| SHA256 | 267661f932a2ea78d8c7a98cc03d1b18d7cb8132deb84636772ecd1fcfbe4857 |
| SHA512 | f474ee20b59d3d0c11f9f6aee6b6e2b66f7025beaec9841f88455e60533dc96cb4e27910be0dae92b0028c5578932b7f459fdb91d594ad010f72a3b3af6addb1 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\models\notifications.js
| MD5 | 85afdf9897bb1236eff3afa40d15ece6 |
| SHA1 | 4362bdd139458eaf4a2dcb34294b43e2d53f4a26 |
| SHA256 | 9dd03dfc92bcb74f3725aae60e904c0a56cc84f299bbb8e863a869719f6fdd32 |
| SHA512 | 4ab86c6bafba18f53f01ca913ceaa80f14900107069a1d5f65b108d35690bd8b50b1a6cdf1563fc5775909f69208dabebd139f3cf3d8576269d560d57cf9994c |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\utils\cookies.js
| MD5 | 6c60e675f8c8c68c0174b644d3a63a2a |
| SHA1 | 3635a3fe07ccc4a6f33a986ddb690522d0611abb |
| SHA256 | 9d3cb3822e20d6f5157faa02dc69bdaef44576c3fb5523e00aa152107ce30287 |
| SHA512 | 1dc9ec7b139bcf37107ecd673c01e4fcc606332ea1645a4a1b4e5d95f817d4c99d5964cd3d941a6a526689341d9623b17b4efc002cdf4c73404299d52b1be452 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\utils\commands.js
| MD5 | a25b49d085333ece9aadd1f285795925 |
| SHA1 | 53341dcca297a969a8ff37265935488f1790307e |
| SHA256 | acbf59ce6aa668880f65aab2bfe62305415c76301b40bc7f72777f0b08840b71 |
| SHA512 | 0a2cb6f4e1af0c4205e38ba1e12c208e6ea4f8f8e3956c9d10b312aa9a6929b99ec967aee7aa1f54da97ca6ea354f8bd7f624359cfd05c6241a5f4bf59843b68 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\utils\analytics.js
| MD5 | 525281e9959af4c1c0d11b9243c798a1 |
| SHA1 | 237a84c5b57bd132f48446d718b20640cb28c263 |
| SHA256 | c37f0699cf8ba7d9e3e0f73f1b2af65f4bdc2a31f44594ffc8c73e98b6c2fd1d |
| SHA512 | fe5bafda7773e69c65dd63270e0306abcd39cb2d886b675ab8c714ae0833efde963b69623d468551a1ab37f1db1a1d457f1568f7a29d9cf0bb23bb0edcab5fc4 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\utils\strings-loader.js
| MD5 | 9c94eb933d8a43dd3825e67a7e30c980 |
| SHA1 | 7ec7b16af6f399219209ba5967d377040486a11b |
| SHA256 | 96445709fde2613af50f4b8908296d4bfccdccb2d9db9febc34a9bf4dcc70ecf |
| SHA512 | a662a299e31633f71a9b9675970359430fdac06dcc284fd7ce92919f244c7f921639f97a42356e993a95865e6c9f198dcba82c126f82065bf2009a31ec9b02f5 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\utils\utils.js
| MD5 | a0952ebeab701c05c75710c33d725e7e |
| SHA1 | 1da8a2e889f1213d481ae3cd5571670c01e64adc |
| SHA256 | b4f0c48cbfeaf8141fd44b12031e3f0410cb0cdc313888ffdb14fdf1d2341246 |
| SHA512 | 5e5ae616d3fded7d2bf47a326242c4477ca3119fb52897bfb41de0be230ccbd6c3da2c00268b3973e9bf7b4f2886aba64fd9719b448662e4130ee66d87913389 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\block_inputs.js
| MD5 | b5b52c92b90f4283a761cb8a40860c75 |
| SHA1 | 7212e7e566795017e179e7b9c9bf223b0cdb9ec2 |
| SHA256 | f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544 |
| SHA512 | 16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\libs\cmp.bundle.js
| MD5 | deb60b40df89edecd35ea3d1410ef7a6 |
| SHA1 | 9899f48d1b29c6a51e4b80ce0579ec4f51b72c74 |
| SHA256 | 2eed337a035bfcba83bdf00686f236319bfdcdc5c5b4d57541cf855bfe4fd67a |
| SHA512 | 484daa9e6423c4aa90b310f7c957f850109afd4ef30ff0dc57e05d7ea30f9ae12dbed862197ac9f1ee99b26a7204ba14d1a95d8a8a6f5064a825e5d861fb8705 |
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\js\libs\jquery-1.10.2.min.js
| MD5 | 44e3f0db3e4ab6fedc5758c05cf27591 |
| SHA1 | 2d408aa1d35661019c95adcc60b78c0727ed25b4 |
| SHA256 | bc44d3631ffef1df7960e359f02002d3ada45ee05205c2cf1edd85da2f518144 |
| SHA512 | 4d4844e53e686fc59a52e86588f328dca3ed6fdad7195c58942a98c51755a24981b903ee7c7b27785375eaad5a7d9501cf74b999674b79f214e66103bad9efdc |
memory/3856-219-0x000001D34BA70000-0x000001D34C216000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsrB046.tmp\app\assets\fonts\lato\LatoLatin-Regular.eot
| MD5 | 6cfad5881181ae658a6efdd68889a690 |
| SHA1 | 5b54f6ccc20ed3a078fbdf94d7a68ac80002624d |
| SHA256 | c6c970b103b3c3aa83f7a45172619a4451ea5f015f9f3ef4fd08c9a4aa895cbc |
| SHA512 | ddd3d43540eb3d4eef48d0834136de1e7bf23a52f286d0a666cf57c7d685aadf1cea6d37c88f9d7ce5ad6143d7c3213f54b16a11f616b7dce154bba50997bbe7 |
memory/3856-221-0x00007FFC7BA40000-0x00007FFC7C501000-memory.dmp
Analysis: behavioral10
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\block_inputs.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win7-20240903-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\libs\cmp.bundle.js
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\commands.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\cri\template.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win7-20241010-en
Max time kernel
71s
Max time network
138s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{56603381-9ED3-11EF-82FE-DEA5300B7D45} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437343470" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b13190000000002000000000010660000000100002000000009d2818e990f7171650d07ada5091a1f883e59fe1a192db7aaa81eddda8d6b8a000000000e8000000002000020000000881f6394cfef12620899e06b64c569129f2e21f46fc6ab912d9fd715bdb3982a20000000ebc87d1637a204172c33b632bcc4153ebb602946b13f618aeb21342d7350834a400000000f1b81121a296859ad6b9ec689ab3034fa06c14c4d5a58fba9e2d93aa4e14560d30e39553622569e24e4a20910df3e83c14b49d43343d4915166e68197c69052 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b13190000000002000000000010660000000100002000000006aec8d7d341be768af9b2ba595738ab68a85532455b2b560fa01706063ff07e000000000e800000000200002000000065b0f72113b0ebd5b25e7be88034f2185962997bc092622d6300609878875e8e900000006cb35f3c8f7dc0bee5b10c4cd135e62df4a6b17db572aaf3c6c616ff90039a67419bffde19aff8fe0a13f4f7f5f383be3750e85b3492cd40573895e7d359b3159a2af577449b358012af9b5c949db1ffb58397e382c7fa9d1c47fcb250322037c83a81fd8f4f09aa301a41752354daa1f11d0b2b0a38c3807aaed737768f57309dc115da7e12056a85a74b5e5ee4b75f40000000972e6ce6f9a71c5a9a19091d964ec329cc07202125a21818673886541c3c8226a2cb25f1d33eb0dff0c20fd56e09fcc56a46e414f956f3aefe5297d354dc550e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80c6292ce032db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2736 wrote to memory of 2464 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2736 wrote to memory of 2464 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2736 wrote to memory of 2464 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2736 wrote to memory of 2464 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\index.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2736 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | content.overwolf.com | udp |
| NL | 18.239.83.76:443 | content.overwolf.com | tcp |
| NL | 18.239.83.76:443 | content.overwolf.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 216.58.212.227:80 | c.pki.goog | tcp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 216.58.212.227:80 | o.pki.goog | tcp |
| GB | 216.58.212.227:80 | o.pki.goog | tcp |
| GB | 216.58.212.227:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | ocsp.rootca3.amazontrust.com | udp |
| NL | 18.65.41.80:80 | ocsp.rootca3.amazontrust.com | tcp |
| NL | 18.65.41.80:80 | ocsp.rootca3.amazontrust.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabCCF0.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarCDC0.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bc0bc6520da3224b91aa7398ee48cc7 |
| SHA1 | c7263db1615d9771248ca94fda504f18a4b97d41 |
| SHA256 | ecaf718086912718c1049323525e6d561f98ae118a3c9392daed2acb9378b840 |
| SHA512 | 127824002e60e4f45bca5274a721c3e7818130ccff0d93f1cfe29045e5e766c5c5f268efee31aa84efde4f9849562b7638cd91b35c72c0a1c5b97a6528da3e34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84b1b94c120f9e7f1951072816bc3edc |
| SHA1 | e307ba91b5740b2fa1afaaff47546e14fae3b1d3 |
| SHA256 | 3de2d1be7c7d6ddd069d197733a6051ad5664c5f0110a677d4fcc47515ac5bc1 |
| SHA512 | 78641cf798ff525fa60c6e867676c5626fb0b06b6fcccd4d8d4832128b14593067b2ca7271b5096e3a920f4b8d7e5d24675722eb443fda788fb32201a7c03ff6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5e73057a928ad7208c9d8c8a1b3a399 |
| SHA1 | b966c1735cd913edf067293c59a2163007cac80b |
| SHA256 | a78eb7d700427e1920a779de4e18288a3c731e9f1d397b65517029c35f4ad604 |
| SHA512 | ddbaf13a5fa40036a46d132bae5d3a16a8bdd4c63c9a8da969fbca860c3dbe36a79f899314f6025576f1b780eca6181e0e8265037f5e56ddfa438fe7e3c6c424 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43808b721d7e6dd3a8e0529958470bd1 |
| SHA1 | eb4934e631af7b6d221cac8aff7322679eea03e5 |
| SHA256 | 50101ad7f709a45ed38296637e0ba7d33d63d3a17afb9f632f14afbd6a42c0dc |
| SHA512 | 59e17f0cb9f2c617a1aa0b00de759dbd4586bd5abe9039cf42bc6e0a6121e837ef5d09aed9f76e25a48d6147d34209edf566c69aafda7dbb367bee13f20e8a90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | c48f8e022c3682e0e4585b817b79688e |
| SHA1 | bbcade87ca32e50d5c188b4c9fb2220632e461f0 |
| SHA256 | ddd4960a714c82e0947462be9681227f05741050b246d7aa9c27139800296a35 |
| SHA512 | 382098aaec8886e8f2e29f04ac27b82e7f2438c252fc78144387903e9a89a54d1d9e71570bf29a98394d1272bb8d47fabd236e74facef416beaad8c88767dcbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 924e7724988a7c027833676d60d5452c |
| SHA1 | 3917f8ac7b203d4e26d4d594c264aed6e14b1a51 |
| SHA256 | 82b1a0597cb47e7fa6b22f14669f4ba8af5905ccf789ea367936bc138a210c86 |
| SHA512 | ec5043b33d8bb1e8f4002918e29daa3ea5c7c79b2d527a9fa6f1fbc040d9440f0ced875785f446e7c4c34bc5c702d91730ac38711933574e94cb06b618dac7ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c61423c9b29f987655c6cf56541b8fee |
| SHA1 | df650b39becf2d509f2269b4e87f8d634df8baba |
| SHA256 | 729db74f7122294d489464764caf8366b5af4b9353c9c66803e9f85cf9ce5974 |
| SHA512 | 72fa3b67129aea9baa6bf685bea6019c18179d920336ef865d9c3171a8e66fa075a50bed01fe40aa542d8ec820233cbf104f20e0ecc28fd9578054bed4830292 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2fc32c75808959da8df52b31809e95f |
| SHA1 | a39666ea6b1ffc1eba6dded7c97fdb708589ad30 |
| SHA256 | afe9e34b2bd2f8ce4267481c1780049184f29ac5b231082987cd2af12bc3cdac |
| SHA512 | 160149272071dd5c4d5bc699079f4487cbdbbc81208f23f60ad62997a940c3a9ecbd10326609878e28a49cdc0e8b0387fcb4bd1a6435e3b04e3c58e08cc40f47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07fae5a84de7dfc7a000b12413a70352 |
| SHA1 | b528e7e0b87224fde5f9cecb18a089d52e0308ba |
| SHA256 | ece5a34e156b8505e587cfc3be6bc4c8235eedf4ea43fd4c067747743987b2f0 |
| SHA512 | 6e4d8f95d6f820e8f4e67b2c316408994e9f8723eae20aec073ffdbe8dc45947192b764d3f8cd20e44c7faf5d1708517e3874bcefd1adc59ff0eec9beab4c399 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89ccbc55d454b157ce9135fbcb5e453b |
| SHA1 | 00643f9115ad2616176890d521ffadbe1de2b4d1 |
| SHA256 | c23faefd32912afdea31bfeb160c5d0c4a9a408230a0007ee8eaa820482d5387 |
| SHA512 | 841909ccd93b3b7576355db50bf334eba2f7343a97fa3fcf6d6e6663402cb551106f46f253be1168e6bd06239413124dd83bee43834da37de9110d72299deda5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08be9f02461b66b5ddb3770ec99ed413 |
| SHA1 | f5d8135ce5415aed7ac370a5c555eeeae29670b3 |
| SHA256 | ac23c3a1576af7fdee8004a3ec1d64203267691769a745db0749b96366ea8bea |
| SHA512 | 93bab5b5c5ec5f031a5996113dcfb58408ddf7b720b03bcabc68e6ac9d4f024d44c7e4dbd0e3ddf676b5bee33a3f20946e4f35daca48a877afcf1967a17c5e10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b7cf5392d87cbde3904c3902e120764 |
| SHA1 | 9f927bf26cd5887a0b5aa39a7c12d0168a29773a |
| SHA256 | 740aa2051139a6263c757cfc9efd3b2fc550dd405bb4736529023e3f85d39b8d |
| SHA512 | f13aa41c2684ec92e567fbc9eac9c86c5765bd3f1dcab3177bb65e5709f02a503463c22d1946c98b92c336d10c24849dca8108490e5da75bcd1e02617d937087 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05320bec1c7918c59044fadb1d0bb921 |
| SHA1 | c1a1332dca17ce88bfca5d28e6c21e81f55607d6 |
| SHA256 | 0f31919f8817f7b79bb4b07840f4d24c3fd3c752567e7fca29dacde09214baa0 |
| SHA512 | a37066eca5e9925565a45a1d139d0fa2f51dca7d160f05f33cec77db207c5f597caeb2c98a3fe27502d05290b311d1162a87d08334fda1ac4fcb519ab6ad81c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e628fa3fb0c1543260108e34c29475f |
| SHA1 | 1179a322ffba0d38708ece6af83bdcbb5293959e |
| SHA256 | 248f426633455bbf7417295caa73e239dc945aea2790cf8f13113b68d9387f82 |
| SHA512 | e5a7ff1e8a9c2438583a8834fb70b4d13a3e5424d3489c094eae5b55d6bd8788add2a65fc9b75624c83734510127bf4757d0d0d00da83dc1e93205b5b5d313d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5e7775e48ca115993fbdb1972968165 |
| SHA1 | f471818ab62fe5f1d637d116c474a3b26e25bb88 |
| SHA256 | ba2672c60d4bc7d26393d309427d46fb78df9b8f440ddf69741383ecdf0402b5 |
| SHA512 | 4feac5a9866da1c1d1fd18aa24fac8992c106905be5aa048886c760e8d97eac21b316190fd5b0c99b159dd56d1e0b3a314928b64a5116294b528f1339aadb608 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c2e96f2120ac35f1e4d3c137f203408 |
| SHA1 | 83f588bd59bbf77b234dd60642570601cf40355a |
| SHA256 | 8a58f22525ec5f9e7edc7672403eb44826fe4d9fc34f6020de1afd698ec09c45 |
| SHA512 | dad0a158301957908c134fec5d49ee7d9d0a6b9ef1156c84abdb7ecfa97322a652771ab0780d07d0d00ed229dc14f8cb1e29e51abb6032f038c2d179dbc8e7d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 356c8c86a7eb3fc69412bb4524260649 |
| SHA1 | 1b92d0087dedd5eb892ab2a9ee69209bf987717a |
| SHA256 | 668ef033cb3d199f6e23e13213cd37f43c070a12635b45450e78cd380c1b8036 |
| SHA512 | 2027af20d7bcc72585900ecf580f260ed01922f0e340ab2b6f9bf16e5daeb952b764a94f11ab0693df1497d0650a62e730684a82d96b33138931b0ba08cf3428 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 56c8bf746a3890af7166c5f5b999a502 |
| SHA1 | b0e840172268aadb13cabf5b5f2384976dfdcdac |
| SHA256 | df77aea8fb1f97e652a9c11deeb006a873341db93ef6316d193ecab7acba9b35 |
| SHA512 | 50b9a182340a2295a307cd1f801378781778e29fc6a795e532cbbe4400ef1996be1dd9aafdfe6fa47bab2d25728dc70355f289f47240b43734270ce4f3b2021f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd073c9e1f1bace25d3556dabdf4ab09 |
| SHA1 | 6546281ee9d66624ab1dec038950e1c3fd12be98 |
| SHA256 | 9b58b22edbcc2136c0e378668d6c42f323eb1e998b41ca1dca02888dcd83a8ad |
| SHA512 | 86cde4e530f177e4f10698eb4b3c6f7b90f9c19e61c202f69578635d8115557a885db14506091fdd9f9ec383c8dd7f644908e6d50c6483093e5970f6f9ad1288 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de0254f555948a6fc2ed4ce19754de59 |
| SHA1 | 0c8f9f36a5d38da7986ce12ee8388ee5bfab6ed0 |
| SHA256 | ee66cb5016305a66106ec61e54f7933f7acffbbb15256b0990f22152320c65fa |
| SHA512 | 2841f6f5313fd9a6cf5dbe858461046e5cee52e2eb4ddfc2e999be56b4bac5aae56682e5a08facfb95d384f6d3949c3c5aa8e0486286103079553ea961702fb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c02b755fcbe462283083026fcb3d5fb9 |
| SHA1 | 1d8c3819b8a2e5b489f08914d26a883150d6198f |
| SHA256 | b056a19b4aada5099ab1b7fc24056d71ea3bf310bf0c7e6c48718e3ace984dd6 |
| SHA512 | 6afde0a17e5ec43ad9feb64bbdbc1ca4a85096a56cf0641995c19964396aedf8c51ba8149ade563273544fe402388ed4462405b142950b820140b45d52e05371 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ef7a9faaa0a1459dc54dd4a65448a1a |
| SHA1 | fbeba65b7c10208dd3fa09bb6ddc44a4533f0608 |
| SHA256 | 26203b514da38630a8416721f065800944baf5d68ccef3510a2744cdf20214cb |
| SHA512 | f531f5582db90d1043b8a3a77e4ac4c72c01b01f698d2ca86a657328dfcd39d0c6ef216951568238f032380a15c7404f80b96e3456e664dea8433889020b31f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f62189ad0218c5c9cb6e26e259c81cdc |
| SHA1 | 924ae7f690297d11b4fc1900614619c983c84e5d |
| SHA256 | 57b302ca4d16c58a2151b4f8abfe6914f138ee8d2ffc84c916179a746170fbd5 |
| SHA512 | 5359d0d3b209817ade9c32619f7999f5e4e245fc5a2bf5474146404feacb57e58a6df2be109381e511b60479a0995c6d2be168f6662421d566b92d545649bdaa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 379579145720a9aca22476384b412e41 |
| SHA1 | c6d37b813a41cc903cd227ca2ae435373d7b453a |
| SHA256 | 1e0ee5e4edce202389b8a2518e87f5a90799eec6d3677437b30af7131ad81d4d |
| SHA512 | bcae9c32a71e117ac0f2bccdef411d2e240ea68145e34737f1d973f7ff92628d4e7316d57bccccf4aba6d35b93b7eac9fc54d903312ad038a91758eaefb9871b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af3a9a14d5c167e18dfcb160a86a5af6 |
| SHA1 | a53ca699a08a3d4021c732c573b344630a593312 |
| SHA256 | 4e07610d14bcffd61cfd4b3829503eaedca7475b75b3409d1c4249db4094eaf5 |
| SHA512 | f893e9abad794e2306575170fd5fe70a325a0c0f07425270b47e753058be93cdd398f524157a4af5e86ab2c633e5a1ba8ca994bd2482adaa68b2010b9ea3bf7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 1cea5bf4f51cb814c696f4ac6824087c |
| SHA1 | cd99d2b1091203851e878aa86a8f990c3c99d4ec |
| SHA256 | 3d12037bdae9f543158e46fc284c4715aa78d7e1d5a38b70cca2e30a0f7c6dc1 |
| SHA512 | ff0821b7896badd8c7a6b32b048511bd8b973b37d0e102730facbcd1ad2c69bbefdda41ea1af61342e3346ef7951fb29e4019fd1681bd477b2f6736e0a8bdd49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71878d6d7c7dfa03e6294dfefd975f5d |
| SHA1 | c660ea1f8950d2d14354ee7e7b86b54d86e48586 |
| SHA256 | 6e40c46ed4e58c054ccc2db736f078ee266ac4a9e50eb22cba0b1174f3803e58 |
| SHA512 | 3045f17d37b71b8c14e95524675678b66d93e99c67a411ba2b34b7615a8567bc76c6b7921243d88c4888ced5834a2daba693f24722cee16a4b481f000a20b4ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce81c82133e0f1555b8d3e83e49c2602 |
| SHA1 | da4ef3b57312a44300d1660252cae79410b58c0c |
| SHA256 | 6236a0627969ec81f58b5af9e591fd120498a7d40ac663498787bc52641c9ea5 |
| SHA512 | 4eec9731c6504664783c51d4fc52302a3f42d7e203a15ebdbc8c8f7c73993c501a49c8973ff31c371cadc5cc847041fac5e4ed9917f07704758fa99424649274 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 659f312d404785daaf000c63efca8010 |
| SHA1 | 02a9ba4cf2c5b8177da297fb792f14084d2ce995 |
| SHA256 | 8dbaaf86dd7406dad6a142da0cbb035412c4e1513547684cef41befdcaa54fce |
| SHA512 | 01c11833cad286edb785f19a0fb4fedddfa6c54d4112de13e0bbb7439c95c44a3008d19296bb4dc06ea8318d2c2a276d9e92a3a32a52ed764ea5b0962da12399 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\index.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3e7f46f8,0x7ffd3e7f4708,0x7ffd3e7f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7264706866656733932,3454846948746372960,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,7264706866656733932,3454846948746372960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,7264706866656733932,3454846948746372960,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7264706866656733932,3454846948746372960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7264706866656733932,3454846948746372960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,7264706866656733932,3454846948746372960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,7264706866656733932,3454846948746372960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7264706866656733932,3454846948746372960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7264706866656733932,3454846948746372960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7264706866656733932,3454846948746372960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7264706866656733932,3454846948746372960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7264706866656733932,3454846948746372960,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2808 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content.overwolf.com | udp |
| NL | 18.239.83.76:443 | content.overwolf.com | tcp |
| NL | 18.239.83.76:443 | content.overwolf.com | tcp |
| US | 8.8.8.8:53 | 101.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.209.201.84.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c2d9eeb3fdd75834f0ac3f9767de8d6f |
| SHA1 | 4d16a7e82190f8490a00008bd53d85fb92e379b0 |
| SHA256 | 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66 |
| SHA512 | d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd |
\??\pipe\LOCAL\crashpad_1000_GEIEEVDFYIUOWOVU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e55832d7cd7e868a2c087c4c73678018 |
| SHA1 | ed7a2f6d6437e907218ffba9128802eaf414a0eb |
| SHA256 | a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574 |
| SHA512 | 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7e3757441230523dd5de829416b5dfbf |
| SHA1 | 4826d6282fd2c84a4d355a36e62d5d303051ce6d |
| SHA256 | 86fa37a7c59cec8793991a1073b51f15c7a90b8f61210712a5c5800acc2a47dc |
| SHA512 | 1f378147f07c79529c0073ed4e54991b8f078e5692596d1f7c0ca44e042128b548e3475e41782f2e294ff719b1668b053d5cf414daf76d5e79bb8f6fe334b2e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 76f1827752990ef3bcaf43ed3834152b |
| SHA1 | e0fe714b922d63506ef16e34b085f32588938451 |
| SHA256 | 3bfcd9ac90ecd3c4b35ab9a31370220c708dbd898d5da1a752f5a5efe91921db |
| SHA512 | e226c0e40729c5b711a6804d72347c27ab312cacbc558a89a31b7d0242dae6bd4c883875917d6e079aa890304548c459634e2080f773c96404257b4b024f58b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6a26a0066d6c0bc7c398343683692a79 |
| SHA1 | b29ddb7918e0d7986a9923641f0ab2666a25ca39 |
| SHA256 | df0235bcba9f2b13909cfd58dc493aed6949b6dd0f42333fdfbd8e49752deddf |
| SHA512 | 6b3dcd61cb018e17865f706bd313ffb867d45d4af96216b76ebc27fe1c3f2f0ca9de5d9bcfe50e3653f0cc0506b5e00208fd6cae653be2cc8c89c4dd7949e3ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3f1578bfc0a66bb6723512f28a2f5b1a |
| SHA1 | ccfe3369c487531a5e51cfa3fe207daf25d386ac |
| SHA256 | 6252f3bfab44cf9c6f7144520ab22e0fd3b3b659aa068c5f15e993ef01078b59 |
| SHA512 | 467d6568aed1ef641079973bb141bc5827568f7e778490ca2eaea979688ae925464323eb60d50641a24a8cf1a6d1accb0215dfa659a98d476537ecbab347c6a2 |
Analysis: behavioral12
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
149s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\libs\cmp.bundle.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win7-20240903-en
Max time kernel
119s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\modal-events-delegate.js
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win7-20241010-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\commands.js
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win7-20240903-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\strings-loader.js
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-11-09 19:46
Reported
2024-11-09 19:49
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
143s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\strings-loader.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |