Analysis Overview
SHA256
5cb43536a90c4a993cf7e2d156c3fca001923bc2a6e48a4b37d8c93cbfe00807
Threat Level: Shows suspicious behavior
The file Zenith (Updated).zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
Drops desktop.ini file(s)
Enumerates connected drives
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Embeds OpenSSL
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Modifies registry class
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 18:56
Signatures
Embeds OpenSSL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral26
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win10v2004-20241007-en
Max time kernel
142s
Max time network
153s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\package\dev\vs\basic-languages\markdown\markdown.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
156s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\package\dev\vs\basic-languages\msdax\msdax.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
153s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\ace.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd679e46f8,0x7ffd679e4708,0x7ffd679e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,6457699801418917583,15569533535459163559,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,6457699801418917583,15569533535459163559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,6457699801418917583,15569533535459163559,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6457699801418917583,15569533535459163559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6457699801418917583,15569533535459163559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,6457699801418917583,15569533535459163559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,6457699801418917583,15569533535459163559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6457699801418917583,15569533535459163559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6457699801418917583,15569533535459163559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6457699801418917583,15569533535459163559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6457699801418917583,15569533535459163559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,6457699801418917583,15569533535459163559,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d22073dea53e79d9b824f27ac5e9813e |
| SHA1 | 6d8a7281241248431a1571e6ddc55798b01fa961 |
| SHA256 | 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6 |
| SHA512 | 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413 |
\??\pipe\LOCAL\crashpad_2396_EPUHAATXIWLXISIM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bffcefacce25cd03f3d5c9446ddb903d |
| SHA1 | 8923f84aa86db316d2f5c122fe3874bbe26f3bab |
| SHA256 | 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405 |
| SHA512 | 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 336961e495054ec3e438edc921184dcb |
| SHA1 | 2715dc2e6c1990bd7eece1f9ca995dbbe2059eac |
| SHA256 | 9db80bbba4958431f9dec210c9a33e0e3431e97f1d36110ff1bb92f5e26630b7 |
| SHA512 | ae1f8003067aac3df26fc514c16fcfe570e2a6fcaa0b93a407ab5b2c8396cf2742053a324c5d83127968d153665303fd202cfdf4739ad6b2326773393883af22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9919f4120a4c86d529ce1d226da0dac3 |
| SHA1 | ba3cd403647e0b61f806687291747986f4969f05 |
| SHA256 | f209c2a63d5094f1d7ba228a0cee224cb8f003a4edb86418e50b95a227e3d7f4 |
| SHA512 | bbc8e5ee9fa07cab1e3063248445eae5f102899e3be2e0849082c068ae24bab9d32fce41d7a23af174a337946691b7b320059f81f4b9f7dbf48b44e32cc2b081 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ee34e1637704b37d7d0941afde8a4169 |
| SHA1 | 617a4781e8ad787e473f754d352c627b8ef71570 |
| SHA256 | 2f1f5dda73af23bfad4be1541e7a2d9e48680239744a4586f0e60549f3b4e0ad |
| SHA512 | 220710a57773939debfa5106e0912d4226b93bff33b9483fc91414e3613a30ddbfa48cd269ad8f0264f589ed710214b0114f57cfa9dd71dff9114e22acc1c55b |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win10v2004-20241007-en
Max time kernel
90s
Max time network
152s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\js\ace\ext-beautify.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win7-20240903-en
Max time kernel
119s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\js\ace\ext-options.js"
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
157s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\js\ace\ext-settings_menu.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win7-20240903-en
Max time kernel
120s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\package\dev\vs\basic-languages\kotlin\kotlin.js"
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\package\dev\vs\basic-languages\kotlin\kotlin.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win7-20240903-en
Max time kernel
119s
Max time network
130s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\package\dev\vs\basic-languages\mysql\mysql.js"
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 19:00
Platform
win10v2004-20241007-en
Max time kernel
209s
Max time network
203s
Command Line
Signatures
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133759979261126030" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\js\ace\ext-emmet.js"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbf340cc40,0x7ffbf340cc4c,0x7ffbf340cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1756,i,5757849017020781385,7018796193861263110,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1788 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,5757849017020781385,7018796193861263110,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,5757849017020781385,7018796193861263110,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2452 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,5757849017020781385,7018796193861263110,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,5757849017020781385,7018796193861263110,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4580,i,5757849017020781385,7018796193861263110,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4556 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5000,i,5757849017020781385,7018796193861263110,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4408 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,5757849017020781385,7018796193861263110,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4064 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4700,i,5757849017020781385,7018796193861263110,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4708 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5180,i,5757849017020781385,7018796193861263110,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5184,i,5757849017020781385,7018796193861263110,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4496 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4784,i,5757849017020781385,7018796193861263110,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5128 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5036,i,5757849017020781385,7018796193861263110,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4776 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 100.201.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 216.58.204.78:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 142.250.179.225:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
Files
\??\pipe\crashpad_656_YPLWWBYOEITSJQLX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\scoped_dir656_1170322317\40e50512-938d-4ac1-a451-1638d3ceb070.tmp
| MD5 | da75bb05d10acc967eecaac040d3d733 |
| SHA1 | 95c08e067df713af8992db113f7e9aec84f17181 |
| SHA256 | 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2 |
| SHA512 | 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef |
C:\Users\Admin\AppData\Local\Temp\scoped_dir656_1170322317\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 528fca967a2d64d605b2c41288315bcb |
| SHA1 | 5dac878ecb3a138af4f1362aec73837f95c86160 |
| SHA256 | 0dc09b6b821372a46382f29e3d47595b4663d73d7c700120b30238d36af929c9 |
| SHA512 | 18a30de2dc8dd7b5402aa68012a808c76b7356d169df4fbe4f332ccf5a71de276f543d8e5398444b4f275d78f8a99e8ddd256d5fb006f59f29715e43f7ce2865 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 52375e0841441c2a25aab769d5f1c596 |
| SHA1 | b615815cff3ab9a997bcee44317ed47602d7f8e1 |
| SHA256 | 92efd58ad544158bba420b7bf7460fa997bb19b63af0c9927dde295ad30e73a4 |
| SHA512 | 0ef8c1a47cb861d44a2155db74ffcb2399555233d43320cb2d4c4887a954ae1ed9fdb99f8b21903524ac5c22d414d02087669d15f3826f1e441d52424c2c1d24 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8f68a014ecae4fb77ac6cb2039866cb5 |
| SHA1 | 990605b3f7b92fe7f3cb98a31e1f2b4990ac55a4 |
| SHA256 | 539a4e49754ca292e2779d2529f27b16809ac7ad537b80c2dbd89144e9d0618c |
| SHA512 | 2762135089b6d2677f8374491bf78362f2eb478bf9680757fc023d063cba039e0da710454740844a8a04dbdc369f24924c6b7755becfc56691485d852d8d1fc1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 72081b4784d4c102e9c363a8e22439aa |
| SHA1 | ba99c4f734cf5416e1cfe96233355c37d5b05ae7 |
| SHA256 | e4e2d149e1dffcf8d2607a74c263b5b1f3c9bd5f41cfc9fd8274176aa872f724 |
| SHA512 | aef3c6d7481b8f589184b94131bf186573668ea6440c070781be091940d8447f9ae3462aebde77bf6cd1dec2d36a7b30287fb2c690ce14734264a83361e357aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | f96dd6e18b3c4a229eb636f0b9e93878 |
| SHA1 | 124f22553db3e101e948e5f46f9268c3e51309e2 |
| SHA256 | 51ec3042f50769261570ed1cca0398735daed6fe5ef4b8445fc350257d9b1da7 |
| SHA512 | 89a3c844730bb544173882a8560006be5a711ad7c6bc1cec828d013d88e9109e604eb722ef035a20eb60a9f1ea6a2be4e8558f4eb7ec6922e039bb93ed830e1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 8eb9c664c73e86e31393c37ffe8b1e1f |
| SHA1 | 2c55e8dc717682496800a3aef8ff362d2d7efa4c |
| SHA256 | 32f6d87a96d08ab298a6803ced897085ade0e72ea3c6381d9752cc89b6e3bf5e |
| SHA512 | 6b7c49e6f08c0c22d7f06608d9ae69dd24927ec258d4eb5257d081c98dbce778588b10da639f86900847a04454a89acd643c76785cd8c4e28c6dc4b61b09af2b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 89179d106ba86a4cf3cadf5559e7abca |
| SHA1 | e1e870cb8703399bb05d6236201694fe3104dab7 |
| SHA256 | 235d4dc30999bc8b3583db5d00e10c31a2847387224e7aaa7f842f2995577a02 |
| SHA512 | b4473c0ec5c3d412c1e3466020db416c1d6651b46e34c73ace9848cb7cb1f27d0eb15a7acaa417a71d31e1ece53f8eb47236375a9ea00019647bdf832e4e4191 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5049466f11d9aa7a804da7769707cc77 |
| SHA1 | 488ea709e3f7a1701b2c8066114dc72ff76e51fb |
| SHA256 | 9775e4e8eff8aff7436293ef2bb273530b10a878c0de4a5d5a4dd1f04c8f3cf8 |
| SHA512 | 7bd852be797eee5c613ccb2f4db0849fcb58e20ab97e981fcb5ba280e3df3df26197b15482df2bca27ea58613e52ae4bf623a45912a761525ceed149b4a6952e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 83cd1b05c3c400e6a5f08fa33d568943 |
| SHA1 | 3951427af969c5d44a112dd49349f324eeeffb67 |
| SHA256 | 626fe68d72a1dab676a50ab3181c290d3d60734d45bfb044471d6da4b24d97b8 |
| SHA512 | 3952ad905612354a805da456af4c9a7e30caf668d2f9c2fd630d9ac71350e85fc3a333de14f428dd7791564b5d816a9e3eea0b902a152ed3ed3d5e2d97eec32d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | abdba792a0ce2c32318fc762fdb26aa8 |
| SHA1 | a6a0d37924d1d7b6f1a52d1df0059b09d6840c01 |
| SHA256 | 74c96ebf8a23364770f3fa6d5fbe9b35e4fac9d30f43dbf29dc1b7fc2b1450d0 |
| SHA512 | 2c38bdf50e014bbb997997e4aac60bb05114007a279db68f71df321c94c6b486925f73209ae2b0213581afbcfe2fb11ff191272b416f90bec23bb63dcd79d300 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6ca7a479cf92ee8619fa2b0df05f33f9 |
| SHA1 | 922a8beac37722e92e2190d10c425b52e7dfa521 |
| SHA256 | bcdd53e4fa48d3589cd8d19960388b3a2034531112666731aa4ad9690b71c9ac |
| SHA512 | 5c464c2b344abdc922fb1b41b9e14d3eb505bc1f43aba684c5799989616465dd639f0f9bbe9bc3e98c84f308d0acffb3732bc5b3dcd2ef378216e6c367acd9d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\ab7394fd-7d2d-4404-92fa-f9292e3dec1c.tmp
| MD5 | 7b30808528e9a517351a943537da3d1e |
| SHA1 | f2a19cf4659725d9dfae4f638b274862eae1337d |
| SHA256 | e7d43e7e3b1f8f6fd5914ab69eb700a2e58e364b12893d3d72e383b2e5bb4fd8 |
| SHA512 | cb71ba77b11dfcd2dacc7226da7d51d58623457c2743ec9f0c9a16339bd676efbfc046b09b425efb0af03b0b49d86be86d42b511381116b078c8be1cfb995fb1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 66fd8fa612b2d5c96353b904bf8fb14a |
| SHA1 | 3d08a77bc0f023fa506e7b5fed13cc094cc0073d |
| SHA256 | 7d96731f6d6b2996ac49e1e7947f8d5182fd4e4dee824556af6d39b93eac9555 |
| SHA512 | 979b14798490538d6ba17115394ef7092b72642030371892e1d71e9a4c94ef7c1f542bc6e44e6104eaa68431eb3d80049a53031215120492489b1efcdb415622 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c5596d624376e39ea3a2225f641dc526 |
| SHA1 | 9d05ec72ce4eed01c1cb26afb2db439e0219ecae |
| SHA256 | b04753885dadee39b85ad054c36ea7ee24c422f21198fb969a5bce2095db6031 |
| SHA512 | 950a2d3341c3c3911fc4db4aa98de86dbbc573d68c9e950a6c0cb988382ffcccfa797fa6999195170216d011f83e2778ef1e5787c0a2e76078605957d7ba7d5e |
Analysis: behavioral24
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win10v2004-20241007-en
Max time kernel
147s
Max time network
153s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\package\dev\vs\basic-languages\m3\m3.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win7-20240903-en
Max time kernel
119s
Max time network
125s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\js\ace\ext-beautify.js"
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win7-20241010-en
Max time kernel
66s
Max time network
19s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\js\ace\ext-emmet.js"
Network
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win10v2004-20241007-en
Max time kernel
91s
Max time network
153s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\package\dev\vs\basic-languages\less\less.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win7-20241023-en
Max time kernel
121s
Max time network
125s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\package\dev\vs\basic-languages\lexon\lexon.js"
Network
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
154s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\package\dev\vs\basic-languages\mysql\mysql.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win7-20241010-en
Max time kernel
122s
Max time network
146s
Command Line
Signatures
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Enumerates connected drives
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Windows Media Player\wmpshare.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a03165eafd35db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000931735931868ce3cfef37b9f24ef3e01c02f5f61f115162928ef2b05b1fc0c70000000000e80000000020000200000007f09a99b3b2be0880dac1b1494db9b94db23a4711f9968d678f9ac1338229b4020000000555095adf538331f4e66ad00a7d9febf41a691829a7af5d670b4f791417cb1ec40000000590b56f1cee8493acd52c905145e4767917f8308835cd840487313d7e3def2daa80651ec6c0f8053c97974ce7e19c34da7977a01ea26ae8a6a0a28b8a772dd1f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b1319000000000200000000001066000000010000200000007cb6d1c1d8e96f0e23c54e0663b16f7f3fc3657a17917e36038c7ce1fdec4db2000000000e80000000020000200000005a61803fd6fb8ff3bf7ff35909c947febd9603c05febef764407322c9b58d11b900000006b187e4d2c25d8175e95c3799b69c3cc873ec5af2ad3433caf268ac90e9bc3e8ee552bfcefc4ad88775f5dc075a18e5c6ad8a59f0c09ca43ca82c6b023a7d011ed63c722977eacadd9be0b88c54115a4544ad180f0e9c998b1e110bba153eacb0594314afce7cd553422452de2daf6a455c92bb7f7020f7983d099f019b84bdd22a435ca40261a70ef07ea50070c40e940000000445e2929fd22aaac606b5ed5de843d6d5930b0096709907d14d52a936a7c43124849aa371318d8e12d0250aef9a83fb3cbd3506f67a420b694bafc97eb29764a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437686098" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{15591A71-A1F1-11EF-B4EC-5E7C7FDA70D7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-wmplayer | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-wmplayer\CLSID = "{cd3afa96-b84f-48f0-9393-7edc34128127}" | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\ace.html"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Program Files (x86)\Windows Media Player\wmpshare.exe
"C:\Program Files (x86)\Windows Media Player\wmpshare.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x5c8
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | redir.metaservices.microsoft.com | udp |
| GB | 2.19.252.152:80 | redir.metaservices.microsoft.com | tcp |
| US | 8.8.8.8:53 | onlinestores.metaservices.microsoft.com | udp |
| GB | 2.19.252.153:80 | onlinestores.metaservices.microsoft.com | tcp |
| US | 8.8.8.8:53 | images.windowsmedia.com | udp |
| GB | 2.19.252.159:80 | images.windowsmedia.com | tcp |
| GB | 2.19.252.159:80 | images.windowsmedia.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab7A9E.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar7B7D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80ff74c49a84e12eacd682a9a4862d6b |
| SHA1 | 9b761fb4ace71ae82643a6d8aa6c13bcfaeda14d |
| SHA256 | 6b6d841a56b32fe1bfd70a0fc92df8b27de0d81672de4cdcb380ba6d8bb692e7 |
| SHA512 | 4309b3db0ae909662cee59b8d26721abb9775aa1e1ae11d9b1ae37aec3440642279bb7c917b0e2ee1ea623e1cfd5c81cc054cf023aa138b6f7cc779d8b581bfb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e25d7617007b8c364d4e22448f2032b |
| SHA1 | 182f2e967c53f296af25c0baae53b2e3c7365e63 |
| SHA256 | 9a1bfdfb859016ef5e8638b8a1cad36a9ea390e4b6d6db1009ecdd44ad32a056 |
| SHA512 | ff477ad5eb8ec866fa4865bc2ce6c78bb46a7b69a0869098f5f47669ef21ec70e8328289249839fd7c2f7cf7f545aee5dfb64ab0a4f9f511577bed46465efa2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5dc4857caaddba83396e44a134fae9a3 |
| SHA1 | a0603e10f95afba96c71fd6d8c43ea07691b81d5 |
| SHA256 | d35ae13888b5b64f5f7f7c2967250a3c883222084b4ed1a7ab99c207969a5b56 |
| SHA512 | eac8249b4cd868094704d67162d874d1ead2c8ef79cbd8a5f37995aa4933768fd49ac9b31f8673d1f4eb5062aba85cecf68ea13c3550184b60610cc0946aea6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a5624f51fd7d25e81b2f44ccc56a197 |
| SHA1 | 091ca307b2618f783e0890bdd313fd2571acac63 |
| SHA256 | ab7de1b1ef88c1ee6e089fbce5b7eab599db8be13b07acc65841ed3a5c37f2cd |
| SHA512 | 053ff80b63a870006602a508385dba0f3c68a7133a08283571234b2a044c9223539858baeb7626afdd6624f975bd13ffb229cb49df93e875cf9ba6c39dec2cc1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b655d2cfe14671001bca85e5d3db767e |
| SHA1 | eb7ead37555bfbe421f0d0714701e344c7adc1ca |
| SHA256 | b71857d477a22fa6050030ee04dcbb951cd2f447c62bf749b48ce620f181ec04 |
| SHA512 | a85eea5981e8fb2c4fe4e7fc51b6df94bcf10b2d67097ec72c16ed742f2101ba1a0bc78564e4196e8233677bbd5f173a82a2c528169fa5bcb3cdd21fa4e0e52b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f46ee1c17953a7ecc99877218aca2430 |
| SHA1 | a08aa2ab7a917e39279d82fef4f903323277508a |
| SHA256 | 5cc68193bb4ca10e0a9fdcd8ab6b18a1b43a740cbfb5c25ffdd9c3382869cada |
| SHA512 | 0b7db81b209ec0e6b167c8e48e3464ea71acec0a0041b1c363fa536490573d5fcd793166c9ab99ece80aaa1231fae06f0c59177b7d7e30a3cf4254ca41ffc2a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e82cb224ed15d208ab399c59c3e059b |
| SHA1 | 367b8030c494f498cff8a7d38b5c87ae66d420b7 |
| SHA256 | a97f19fc0275513881124da445d5a797b6f3b8e6932cc91e918dde09057d6cbd |
| SHA512 | 87814c43892c07679eb1a29e79921d4ece79b9751f388bd8c3317433773732cbfc591831b1f276b175e58aa7a5d8a133538dd4e3dd5fc1292537878d7c2c0c8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bad7380cb42431c15e190e5d88cb06f0 |
| SHA1 | 2ccf79dc40a93f66f9c89d06446f1ca06c0d6df5 |
| SHA256 | 245dde49e4e89d75650b02c1db0016070dc971b63c4350144f928150ca633492 |
| SHA512 | 4b1c33831bffbdab92806257a13022633b094ddf7e7a3839f3cb1f9084871a4379cb71a2cc19ceb9717f26bcac5e878e430402580601a1f6711972e4b7934bc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 181b49c437fdce79b8c4ec571175de84 |
| SHA1 | 1b4b7e7eb3c1ce34d90db8ac9c38adeebe56332e |
| SHA256 | 2d4f422be8d2ddabb7d21da63f058a1272e718528d6f0b1569aa25f4bfb69dee |
| SHA512 | 75f4f686e1f1b59e175be152090b8c03a75f34d4fb825b7e5786af05ee6a0329a476d3568319eb2f8d5168bad13ac310ec4d5826b66713d94242ab885425838e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd22a160e77f284a53140688c6b7acf2 |
| SHA1 | 00fbf8f4b5fef8da115e5a88ccb676a935d90989 |
| SHA256 | 33d2d29c6b4ba5ceb0ce435189f911750b9018e8ca03136589e9d636cbec694b |
| SHA512 | e77f28a966a658c8f1f0bfe1331d5e4d8d59cc5b286d14048f8b357770f3131ffeb22595a44d8440bf43eeeded666ad574e28b60703833a95daab5e3206e1d3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aca10086b58108f5081548ef9c3cd18f |
| SHA1 | f0e473c7e9b100907a187ace81021b60e977821c |
| SHA256 | 1c25cf244de36c93d47a0d1458b1a2e991c32f15df81c1cafb3fa7bd6b6ace95 |
| SHA512 | 3dc50bf42f6ab29b5a586a8c97436c503076ca3f018f87b57bc7542b9186b805530a3b03e0a4fc3f3dde2d479e6d97ed4f3af7dfe3e8a5c94884c63f02705e6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bb85ecc37ebc9f2d3d5344b9df49e81 |
| SHA1 | f278b88c689622f221abe367024ca5675c26f8b8 |
| SHA256 | f4cd25672550eaf98c55046eb8d59abcdf56d53ac5673f0c9c44310bb1425bd4 |
| SHA512 | 46338c3fb661fa0d77d078975ad769794e8b02bb826fdc4d1690aded8e412246fdcdc77b7f89fc83d74a6c315363c59ee00608875ac38cc2a417429ccee64abd |
memory/2552-441-0x00000000000D0000-0x00000000000D1000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd63e6ba2532f8aedeb41a6a6b3b7a5e |
| SHA1 | 26bb28da32df3c94734618d916999862e846666c |
| SHA256 | e5b71efd51f25c8a40593716050661ebf40a606f9843ee520d168b92ef9637c1 |
| SHA512 | faaf864a199e4d0395f5947fec726348f8db40a4ae024ca7e68664763a467a830204d07bbff2359412ddd2f38393eccc578088b9b74950ff1606ffa446c77c93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d1da4f6c9f9bcfd509fb94bedd0cf1c |
| SHA1 | 18eb6e6c3fc4c987828f7c3c9d2e9d5fffbee567 |
| SHA256 | fb3256a4b9f70d86f4992f71291e1a1e4c45e9d2eb8a4dd2ac7a7b58e61ad05b |
| SHA512 | 89334e0c6b4f8d05652202eaba1cc7cedf2528275e07697dae3cf8e3c308792a8f4f6641a191a3840cefc031bab5eb28da92ede6e72c726b60060e1c94c36b63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22f081fbe3998ba140de27ffc7996e2e |
| SHA1 | c046378de9ccd3edf725d69f88487a4fc564b6f2 |
| SHA256 | 0ae3f63b9709070d9d0df71e0b74fac77d2f4a917674b9d11f7cfd9d51edff88 |
| SHA512 | 13c864d8aa10b8bdccfd23229334628ec8d0e9762fb12d094a35775566de2b5b2a66e363f8d1ec97602f1b33818a66cf1ad8736a91acfe5815ed2dc60a7f69e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ce1ccf3f66c372fb90df710025594be |
| SHA1 | 94a24819208c6373ccae7fb1dc412d9bdc1a72e2 |
| SHA256 | 1ae03faf787fc28869b005b2fd0c54d49f7d509e3775860843829f864625151c |
| SHA512 | 4791406f6e52d513eb7eef0b036b2c73aafc844dd1a4c48cb6708a540e03c18afee47a912016bcdf04a02a5318d6d1e8b2b68125ddc4227489a2a0fcb66a68b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bde57a8d6ddcad729729ba9ce5f9ac56 |
| SHA1 | 898fc5f548c00bb5c93a51b04d6353f11ae79e01 |
| SHA256 | d40218b5e7357018eca595864c6368db8f4f9ddd4c2836c0b60bdcc451375c81 |
| SHA512 | 15825e232d3cce37f12562bb1391971dc8b5f1275f4a709c1ce0d944084c14aae5c3778901906abc156df910b9f260c8952373dad6144337a75c7b6262e0bdff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca40b5dec5677c285fc87e44b554df39 |
| SHA1 | bd0f1e582cc35484f464a6bb19e9bc1e729af519 |
| SHA256 | 0f4e46db1678ff1942613778ad7b3e7e0a33352bf118e47986e7bcabb0b0015b |
| SHA512 | 12e9fac8d713af00ba699096a5bdb150f1e42877da1999dafbb76378261ea57cabe577fdf2543297776e453e07eded164b4dc3d4179819f51950af185652575b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60655a28cbbd73c64d6b5eeed0e3f336 |
| SHA1 | 3ad2fe4ef677bdc7d0121fd8267a6e8a4d352e34 |
| SHA256 | f81668880588836400b7d15bbc8d0b154967c15bb2cb4c029960a395ba58cae9 |
| SHA512 | 4759736cfe8abd3794cdfe7964f03557ec43c0e2a7db4e17ec3fbe9847768b563cf971a6833966f4727686685a6f5ad2ee91d06f4859e87039634572bc09abd6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e3896fd4a27c29f7858ee2513fa3787 |
| SHA1 | fdbc5d76c711fa7bea9190b42add1c1402a75fcf |
| SHA256 | d3d48ea4e6e8f8190451d3c0fc4bff5bb54fbf0c330d2d653505bc308184a039 |
| SHA512 | 00ccf07dde6a4b9b7f745f8f1a5def20f542a2670a52fb8172069119a3322c5ed3b8cf4e08048e53ad2ce766b3a99147290f2ae7dc9283adf0a91206b078f400 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8afc7c11f646ae091e2de5c53309641b |
| SHA1 | ae331c7c14e66d4cc3952e55393e9f41be4035c9 |
| SHA256 | 0b24c7715f042cc6798b2b4623ca669e05c79397f5e651d6ee6de387b58e626c |
| SHA512 | 64024ce12265b437a30eb903d6a7eb1a17591c99d043560009ea8382064e2126e2de4b8489a256679dd8ac349da3896716ec51dbe3efe5715e40c4cb143b4881 |
C:\Users\Public\Music\Sample Music\AlbumArt_{5FA05D35-A682-4AF6-96F7-0773E42D4D16}_Large.jpg
| MD5 | 84bba83cfbc0233517407678bb842686 |
| SHA1 | 1c617de788de380d28c52dc733ad580c3745a1c1 |
| SHA256 | 6ecf98adb3cd0931ec803f3a56a9563c7d60bb86ec1886b21e3d0f7eb25198d9 |
| SHA512 | a6a80c00a28c43c1c427018e6fb6dac4682d299d2f50202f520af0b1bca803546c850f04094ed2f532ff8775f6d45f2a40e4f5e069937bcaa0326a80bd818e0e |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{96955857-DEAB-48D0-8A98-C63CBD274EAF}.jpg
| MD5 | 35e787587cd3fa8ed360036c9fca3df2 |
| SHA1 | 84c76a25c6fe336f6559c033917a4c327279886d |
| SHA256 | 98c49a68ee578e10947209ebc17c0ad188ed39c7d0c91a2b505f317259c0c9b2 |
| SHA512 | aeec3eed5a52670f4cc35935005bb04bb435964a1975e489b8e101adfbce278142fd1a6c475860b7ccb414afe5e24613361a66d92f457937de9b21a7a112e1f9 |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{A8BBE8F8-EADD-42E3-81BC-0756317E0154}.jpg
| MD5 | fd5fd28e41676618aac733b243ad54db |
| SHA1 | b2d69ad6a2e22c30ef1806ac4f990790c3b44763 |
| SHA256 | a26544648ef8ceffad6c789a3677031be3c515918627d7c8f8e0587d3033c431 |
| SHA512 | 4c32623796679be7066b719f231d08d24341784ecfd5d6461e8140379f5b394216e446865df56e05b5f1e36962c9d34d2b5041275366aeabcd606f4536217fe4 |
memory/2552-939-0x00000000000D0000-0x00000000000D1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms~RFf789d39.TMP
| MD5 | dff7da2fbcaea89f0930847a34b22dda |
| SHA1 | 76000cbee0633ae99982585abec1416e94c4c969 |
| SHA256 | 53c6e99d420ae1b81232a28b200f029ef79bcf5935f0534d98bc56a59c02a1a4 |
| SHA512 | 9d3bd403476304d11294bd67e8dc387aa5b18284fe614cfbb070415f3696418f5f1bec5c79a6f9995983f9085431d8b42896515f913ce42baa99dd282bae6a23 |
Analysis: behavioral13
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win7-20240708-en
Max time kernel
121s
Max time network
126s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\package\dev\vs\basic-languages\julia\julia.js"
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win7-20241010-en
Max time kernel
120s
Max time network
133s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\package\dev\vs\basic-languages\less\less.js"
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win10v2004-20241007-en
Max time kernel
142s
Max time network
153s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\package\dev\vs\basic-languages\lexon\lexon.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
154s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\js\ace\ext-keybinding_menu.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
159s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\js\ace\ext-options.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win7-20240729-en
Max time kernel
14s
Max time network
17s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\js\ace\ext-keybinding_menu.js"
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win10v2004-20241007-en
Max time kernel
90s
Max time network
155s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\package\dev\vs\basic-languages\lua\lua.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win7-20240903-en
Max time kernel
121s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\package\dev\vs\basic-languages\m3\m3.js"
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win7-20240903-en
Max time kernel
119s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\package\dev\vs\basic-languages\lua\lua.js"
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win7-20240903-en
Max time kernel
117s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\package\dev\vs\basic-languages\markdown\markdown.js"
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win7-20241010-en
Max time kernel
118s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\package\dev\vs\basic-languages\mips\mips.js"
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win7-20240903-en
Max time kernel
121s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\js\ace\ext-settings_menu.js"
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win10v2004-20241007-en
Max time kernel
146s
Max time network
154s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\package\dev\vs\basic-languages\julia\julia.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.117.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win10v2004-20241007-en
Max time kernel
90s
Max time network
153s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\package\dev\vs\basic-languages\mips\mips.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-11-13 18:55
Reported
2024-11-13 18:59
Platform
win7-20240903-en
Max time kernel
118s
Max time network
122s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Zenith (Big update)\Monaco\package\dev\vs\basic-languages\msdax\msdax.js"