Analysis Overview
SHA256
933f41c4bedba7e39a2dba6bc25fe3eaedafd9e01e800381fed0d111a24b050e
Threat Level: Likely benign
The file keystone-2_v2.0.4.zip was found to be: Likely benign.
Malicious Activity Summary
Checks CPU configuration
Reads CPU attributes
Reads runtime system information
Enumerates kernel/hardware configuration
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
System Location Discovery: System Language Discovery
Command and Scripting Interpreter: JavaScript
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-21 08:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
win7-20240903-en
Max time kernel
133s
Max time network
129s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc50000000000200000000001066000000010000200000007c02e5c7a08e820aa08cb8ad5b8533766d97504023f00938d77277852221a7c3000000000e8000000002000020000000cbd16343175a58fa4249de1f7cb78522bc14eef9f4128f136cd0cf71410c770f90000000c2450853a5ae3da43f6216fea351401532872989421725eaf6a398f63c49ea473793bc49d05f44812fcb96a294a53915f72710b04c703c2f6f5f59727fe8453e6272c3dbee3148fb96369271172c4494e457d364815b2af004c82119aca981d3cb3fee0007a7098c5c7bffe890266b87d3fef04c24ad90d50c663480d3fc78c5eac9d3cc7257e4c7ed20af61a21b4ffa400000008ec28f288189d6e0a024bbb215b990f4ce805af4b4612654d9b1cd5965eac9f2824d1c2fbfb5c1569db1c5bd41b1334b259835cb6eb6b7ca8f958766a29060c7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 707116b8f03bdb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438340136" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E3696A31-A7E3-11EF-AE85-F245C6AC432F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000945f829a14dc8ba1f91a3ab04acd090565203f6de81a7c2598cb46dd5bea6b4f000000000e8000000002000020000000de916a8c7e63876a746ce174fa8d1ab3103476ecd95ab0dec5d40a303123c3712000000047964eae9be5df74ca4b77e1e92c7b6f6e8170a17389acecc5829f731ae82e1440000000242cbb3de0d30474d60e0dd4dc732d5fca7af165db5c6b65639d0fd5b0be7488fb866386825d7ce1f24eccfc3a62a02a3f5b70a76af7237959d950fa875882ec | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2900 wrote to memory of 2780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2900 wrote to memory of 2780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2900 wrote to memory of 2780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2900 wrote to memory of 2780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\custom\about.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab7BC8.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar7C19.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cd14fdebc5e4bbc322868d826da5d4b |
| SHA1 | 098ca1fe3acc91450b2b248d2cf33d0536c600a0 |
| SHA256 | ae5b0d229fc8d6515ca719dafbe6f0385cedd92c80d923184695d410f6428d7f |
| SHA512 | 6560efc3d18857bd211ee1d6d1e2b72945e60be06dcebf2aa9421a56317c8142ec31569512ab36e249d9b75ffabfb04496a6e0d6e0ded846e22324c644145ecb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28ab109f8acf16f31bfdaa33b7dc25f0 |
| SHA1 | 4f39d2f67857d31c04ea4e2347d47f9dc95d02d7 |
| SHA256 | 3646beb640036afa0e996b6f4cdbe1903b678c33ea94658eec226edd10251355 |
| SHA512 | 20cb82b038a12980dca91a1a2eedc6658e805b47e32e8485ad2e7e3d14309d0f2f87c81017106cb88719500ac1ed7bc78a1bec30ebe7e5ced9c1e395b4735972 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0707de891c7ebf4a70189545125aec61 |
| SHA1 | 842516c25cb581416d43ae6f1e6cf125419306e8 |
| SHA256 | 061c2cbcf8885612271260e6359d5cb369306c481ca127db9e468fdc89fd77d5 |
| SHA512 | dbe864bafef61de094773039aeb1d6e3388494b597a870e203d3de8196dd1a112d84bd356823dd1ec153696f70f1429bd9204782d2724c10e8e54d5308dc7a88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90dc70f52b2c6c2f7aff8060909b59e6 |
| SHA1 | 3dcd4e2c31892caf21edfc85a818ace8d58c29c8 |
| SHA256 | e4768b76eee3f7e294c71954e2e60b84f8957dcbe7f77732abaac390ec468805 |
| SHA512 | 8c451c83c3979346c6287eca2e6aa81c2eb5f5c2f3cca874dfb51702fd5e1cdc720fccb78761d47c45be5839bae9b78d01b5bbe1e46eaec4a5f150fc98273c15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7be431d0edc6ddc19c34f7d13aaf725 |
| SHA1 | 0fd52b75e2be445b4f366a7c059770ee68540e46 |
| SHA256 | ef18b128c8cbe93c4471898407bf6cd6a28abb985ca981270c0af11703b45de6 |
| SHA512 | cd5fe303926ecec7818d805ef3908d04343d143aefe8c0bd7c51c71abf88048166bb71443da88fbbd1089ff2e9f23a9db303d1289ee392ececacaff379f9ed30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02cf353311c07d2bb4cef3510e8158dd |
| SHA1 | ed89e1349b43c46217fbc08e4abb0b698f6dd847 |
| SHA256 | 8954b6b667b4ba2febd42a4aa4f475d3847575af72b8f473db8aa16c64eacaf5 |
| SHA512 | 122efb2bc709b4404baf7340af099a4442f5feff2d2622536b3031165c43965daf3cd8f9e3720a021d855069d3e8b2f0f7d838ed53691454740e9b5fbf631ec1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bcdd9f4b02b256b871b7c7b75b1acf8 |
| SHA1 | 2b04e010d30fe447cbd5be74ceb02aaedc7d4325 |
| SHA256 | ccfb231e917e4336fa9decf22618ee7bcb94b3c2a4984dae75dbd509f3563ed4 |
| SHA512 | a4f3c246dcf74ac79bc8c81fbe905a5cd43aac280e09a92f04f80d85990bb36cb7f50b7199b75ebc0329c0376994cbb615e11ac2fbdd5aa458e8573ff6efe965 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed9409e6ede2227efd1a64075f1a2b99 |
| SHA1 | f7f9ffa835b731917dc6445a7018f34799ea902a |
| SHA256 | 748de0c4d658a0fbbd0411f873609a11d0a924efeda37554acedf3c49b24b527 |
| SHA512 | 25c458f08c21349b186e34c1c2e5911e45116d6b8dc4cc2393e9f5ded2bcf7dab70323666746032568bf8f3591d81198d3b955d0f2056213b114a30c0c25d3e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9771191a0791797edad206335b248e2a |
| SHA1 | e4e992ed488d8a44fdb4b064649079380778843f |
| SHA256 | f9ffb5f8be7234c38b64eceaca58721a26a160a1ab2ad9a71a4979887f9db1cc |
| SHA512 | e281ff32b65c6c4e6ebb1233b3587d138f1b95f87bc067775bf56fafe7e4a41a95211da34151e88816ee649418c7b5c69b63e1e2dbef8f94783e5b9f57200fc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e148e995351c8e3e612f6b85a89bf6a4 |
| SHA1 | e804e7b2b2e808b5aa5f5648c192a838287c42bf |
| SHA256 | bb55af20ae7433f82cc96aeb8aa565fb26b83cd47576a56ec9c41460ccf5b197 |
| SHA512 | 717adab05274becbc6b03c25c5a4ffaad44a6c88ef9bca2cc99ea8121f165479fe1a9626d393143704abe3c1cb57381c3474953a17edac198dc6d1585194b57a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc4e49124fd0d96bc79f6f9480000254 |
| SHA1 | 7b85e567263265aad354564bf93f195265895c4f |
| SHA256 | f276e76f2e674f4d168363fe0f27c27e3a6b2362e2887640dc1f9843db7273af |
| SHA512 | 44a1b0c2a5c981898ce04c458a9d9c16012252c533bd27dc37fba543ae35d8c575b594344a9403b513e806a2d327564405bf118325353159c1b2b409f0d052cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2812a22e30b160847dd3769412be21cc |
| SHA1 | 689e0f98e1997b7d806097f241576429683f24f5 |
| SHA256 | 0f3a59208fa7f4d623e21d117f4da07b795ebbc6b355174981d6a680504874ee |
| SHA512 | 22cb623e431dbddedfe25fa1139b217852da6da97a1851ef88db53c8921457350761763e4c36679f0d86bff7f3e60098901eb6278656625bbf5e728b0a52bdb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 520d87a629098023ebadcef0267873d3 |
| SHA1 | 7f39bd1aa5a9dae7467a0c279ea153ffd0b15b00 |
| SHA256 | f58d1f5813df09e5505baddbeed26576a1c3864f8429aabf8ab444fa5777d465 |
| SHA512 | 74e545ed298888bad1e0a6b2dc32f748847a2ba2310a489fed5b7c3e4cf9cd22ceeb594e5563d915004e7867d93cb86b12e5b4d7a6b601e8043711f51e80271d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2268a1410b489616ed0b8ce235d7c805 |
| SHA1 | f41446ab63dbadc16e873a7a34ec31ccac643323 |
| SHA256 | 29c930c3c882ef04e9e1e47c9561a18cf293cfd9b669f7b978363c13839873a8 |
| SHA512 | bd457ceea2cdd582778897754fcb94bc334c3e4cd2ddb902f7cd1d89063781319401c805c71047ec4a9f0b5d81cd31974f35642d9a93de43d9e861d4a4dcae8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d164b345003a65648c7e5b240cf55dd |
| SHA1 | c365dfec2a1432eef9373ba53e13093bb47e4ba8 |
| SHA256 | b4f40fc87dc8a4af6906829fc2f1983e6f8d228d97306adb4b52b500c1ecfa80 |
| SHA512 | 0bf2dc2b39f32d552396df07a3c4fbea9c5be64714818bb041fa8a957c643640fcf2e1c6cdf3d711386143824ab61f39025d7d2f92b84c686e8e0fa1255039d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 438b400bbb583228d940b22c84fa3ced |
| SHA1 | 2436238e804ff807171d2b7f8b6963e4c80dd5a5 |
| SHA256 | 62352df23036a9a77c50465f82bcaba48e98450b6cdeba21815a29a7cf9821ca |
| SHA512 | 4d8d64368f13b9eb98942018d451d95ac57044745e898571eea04105296dcbfc1fa6c7a598183559c6189154223fefbdf4e514c1320791ba49fb0ff0f8342d09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a2594ee88b63362f54953f0163165ee |
| SHA1 | a2b74e06d40f759e3ae35a136928f5e3724e365e |
| SHA256 | b4f0f8cc7e9dba6af82a8cf8960e4ec4f823a7dfbd365d327284d614b83ad431 |
| SHA512 | 2033734e1361c4d112d75f35fc5f4984951c079fff189b38c9927f9da1233b46336d7f0df2143337026478794a97631cc4cecee99dc52cc87cf1b86d6744fa73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fce979fdee2bbb086e5cce539028b1d |
| SHA1 | 16aa727fdc9efcabf75633ac75c78a4141b954fb |
| SHA256 | 35d13064ba611c3f68a793a5434980cf652983b7182290190e396f3acc4fd8c1 |
| SHA512 | cc3d28535fb6901b29ef939b09cf57f22e3b8875f74df205ea840df9f778b7cf22ac91697b2c00de96d7264d2c84e9ad9557e157b253af3f54f029e848cf256e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ea888053b191765bc764e5e9b8de7b0 |
| SHA1 | 5dfbd62182b56bc296cffac5f9dcd89912d95b3c |
| SHA256 | 6132f27123d81ceea0c371f2debbe19c537c22438793052b9a6f8a7b70c35a09 |
| SHA512 | c7c3daa481c3056171bd4fd4dfdd9d3d72844c4ba947fe0f7639161f98cf8b83df286951e298502b48c0cf0d907494ddc4412edf66b3eec6d6074552e9b95933 |
Analysis: behavioral12
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
debian9-armhf-20240729-en
Max time kernel
4s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/node | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/node | N/A |
Command and Scripting Interpreter: JavaScript
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/sbin/node | N/A |
| N/A | N/A | /usr/bin/node | N/A |
| N/A | N/A | /usr/local/sbin/node | N/A |
| N/A | N/A | /usr/local/bin/node | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/fs/cgroup/memory/memory.limit_in_bytes | /usr/bin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/meminfo | /usr/bin/node | N/A |
Processes
/tmp/node_modules/.bin/mkdirp
[/tmp/node_modules/.bin/mkdirp]
/bin/sed
[sed -e s,\\,/,g]
/usr/bin/dirname
[dirname /tmp/node_modules/.bin/mkdirp]
/bin/uname
[uname]
/usr/local/sbin/node
[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]
/usr/local/bin/node
[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]
/usr/sbin/node
[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]
/usr/bin/node
[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\node_modules\.bin\rimraf.cmd"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.72.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.179.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\balanced-match\README.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.250.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.72.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
win7-20240903-en
Max time kernel
120s
Max time network
129s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438340136" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0ff0ab8f03bdb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea220000000002000000000010660000000100002000000043dfd080681c3402846d5a6dd7599f22378701bf9ededad6ceaa70527ccc1ae6000000000e8000000002000020000000470058d96e3e42ca9d958a3555358b9fbe687d89cf14bfa1f29f9b0152e5a39790000000bbdb828b803fc4f3c495a04ae8703ea511a2ce240c9d87a708ca3703fa1251e5802b8ac3d5363b7968acd71f4ef2a850d992f383e35594d9856cf08da469bb5a2756282dee0b7ae37396958ecc992001f687fe099d63885e420ea505ae5b1b13aefdefec6c2e3162c57cd2475594e4755844b2a0e075a9a148013a59074950a8f765d4441a8214edd81d18399a65d71640000000c468f434da186199f0b80cb3371369bb3adb18ac2dc51afea3e1adc3e211bf10305214ababa11c76e2c9d56f597753fa2977be3c033f8b6e5ae7b61d8553b31d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E37A13D1-A7E3-11EF-87E3-523A95B0E536} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea22000000000200000000001066000000010000200000002e288633fac0a98a74f2617e7ad78560d8a43f05005fc5166a739fcb04ed73c9000000000e8000000002000020000000357b3b7ba24d36400c16c1cb31a8c723f1d5a714c2f4e24366c3412f5efd75d120000000efa5458b1b5c9ee4183bd0f96d8e5642b6fd85866223a70a14f86ff7b30720a740000000d590e00bcfb27f6795c267a211ff0e0caa9e3ca21844751e7fe68265f3267095fb2eec152e8dfa888ae56719a7d308246d4abd25ade369ae09bd32d2e0ba0c1e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2348 wrote to memory of 2088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2348 wrote to memory of 2088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2348 wrote to memory of 2088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2348 wrote to memory of 2088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dialog\dialog.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabE60D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarE6EC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1e345aae12d98274c7a27d311c903eb |
| SHA1 | 12e3aaa217216170d21de6740cd616f3b49b66f7 |
| SHA256 | b581bcc37520a73a8b41b1fa81fe4ec805fa2c41414474408705a611275e79d0 |
| SHA512 | 4bf6d032ddd9e42740ef1549c74628f1a46822ffad0d809e9a7551608c6d9a26b1c0e0a8fd4b7421892d1e1eb4cc9c01d09485da634483faff6e8e83a71e2be3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 819edb3eea3841797e3ee21864965ed1 |
| SHA1 | 252a47eedcfa64d95910b62ef0b4fbc99945d611 |
| SHA256 | 2a489055c866deaa20198ef714c734b2e2b13995e4ab69f5f18834947ceefcc8 |
| SHA512 | 296265cec3cd22852fa2ed910ee52cea067ef015a701a9e10220782eda3f0802b0c90b15154bde9fdd2bf9248722ed0fdb15b6782f7250fc0466efcbbbcd4ba1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a69c06c1781d38a9210eaf0b508d83c1 |
| SHA1 | 7d35df7f49a65b58017be694bcd8af6dd98cfc06 |
| SHA256 | d6d784af4597d6229c33aa6f2cb5bfd69fadbdb1705216dfe5f46f0d969ed568 |
| SHA512 | 61abded49432e24026affe3215e540af9fe5fd5dde815b6bec5989b99566068dc782cfee96e9ef5e93f7f665f1da076bd42e8a192284ecfa5566730f4dc036a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0eccbbd6ffcf04c02e7af0d2958f2ba8 |
| SHA1 | 2b6d94feaa107480ce30f5de1b62bd0e27d9415c |
| SHA256 | d78758e26caf6ff7b42265cb4b6fefb2af69e210e442775689979a083df71535 |
| SHA512 | f397225c54d803905cb5f300fcf14998d79abb48e83b5aea5278cae74963f61f25fceac9099a95ccb0cac9a2766cc8cba0bb76f5ae344a113ad5aeca6986aa92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fca749100ddacb79f36890bb37d8f8e8 |
| SHA1 | 9290e7ff69af2ddfbf0dfddfb64cf85b321491e4 |
| SHA256 | cfd29afe0a86be2974c27a27579e71d0bf03f09e5a1a073f1a6ca97c39f53b2d |
| SHA512 | 6d37780a9dc054a1e3b2c51debfd0f3266efc65c51774c510edde79120c9ea272aefedf5ce2970e20ce6cda9f815c5a5418e1354ba513d1b19f4f3215d0396fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12a02f332d50029697bfedf592c5c01d |
| SHA1 | 3174adb8c29064234bd914a7bcde3f4b28af682a |
| SHA256 | c14574a064452983a6e8e6f8cb11ad56c25c33084a2e5cde94bbd0539d90bb1b |
| SHA512 | 74778485e3bf6c16ea15200d08a7cb7beec0653cf54d1f8d23c552fac638eb6d3c840ab84636cc34d49de6cfa2f515d73b028f44cae186da94acfb1c134734d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4032bc66e530e3703691abbfa7accb78 |
| SHA1 | f1c528c277d7ec177209f4f8a25577cd09364fdc |
| SHA256 | 9077610f8f8bd8c861a3d348ebdde28c82bbcddf8c4d2afc7d460140f67fc243 |
| SHA512 | 187681f5b420b893101f0d5fc4f6a7098d4be53ffd1370930fc0e1757aefb4bb54704c5926252f91379e37f0e3f54759f3b63f325f4f85e87186fc8ca5c14c1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58ceaee7e527b28e9dcde2eeb110d9b4 |
| SHA1 | f053219bc45eb18f5e9dddcc7f78ad59ccf1f133 |
| SHA256 | e81eab20f9d94b7e4ad09340460f1ea5eea9dbf4a88162bd2bff455f43892288 |
| SHA512 | 14b3d0f75923f7069a2f596b77ade8abd24ab345e92b2dc43f94a904f9026134360dbeeda74aaf1aa8432ae726a6a227aa649e4d283db2ae63ffd8e13c89aa3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19de02c9124f74b8b1622abf9af30124 |
| SHA1 | f32bc9055eaf1259c19f3ff19880c82e5d3a4fc6 |
| SHA256 | 4ea574fb1ef25618cc8b26ae2939cc2ed3f9ac65aa568f37f2cdc59aface499d |
| SHA512 | 3b4a98d28fcd4269f1b7f0bf09f1b751f08eeaeeeb21e8619aac7bb2798abdf5f07ebd9509ac21cbd77c89e5b6d4cd427d597688ae6c19b2b76e4f31673e5b07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06a8e98c852599d94877b6c11f1960ac |
| SHA1 | 881699aec7ccee9ece068e75bf8430b50ed3bd90 |
| SHA256 | 8292376a27320de177d0119b0fb8e562aeb7b8a53e0e45501ca4a6b6b6514bde |
| SHA512 | 4f365d47ee2503aacf20de1858f247fb5b09dd252d2fbe675c6bc0d511ddc300a99fb6e1e6c341a724fade604e0b97c58743d0ad2697347d96f9d43add53a583 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c33e0cb7c343842eebbd60fed23b99ee |
| SHA1 | 7ec769651371588abfc47be85bebde0708e994db |
| SHA256 | 3d6abb4d4bc590cfc8f9599ba251a9498545c4233f88a473fe8e1c5c68609019 |
| SHA512 | 58e97fb375a60751e6b0af52719b987af3ec77b0bb56f0a27317ff122665b1899afe142a86af020a379520bb939f1800d99ab0f2aeb74ca34902f0a3c4ff068c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f06742582f8cd3fdb3d3620262fba02c |
| SHA1 | 95fd1098f2f701fba885f920a608055416c40789 |
| SHA256 | 7260b96f61477ad6cab46e4f83a24179b61bd1637d6892aa56928da700e6acbb |
| SHA512 | 0a698b09a20ab9e5f19e5dfd0baf5eddb076b31bd8b674a593bf3b7d1a2e87f20b281f744e2769925b079475aa8ead8fbc33821a5c6df5345fe23e62714f6839 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b43630f1979e353249e4ea013f7e5f7a |
| SHA1 | c7f8d1da084e534d992cd4477b10527afeff9831 |
| SHA256 | b9385532173354939bd8814c74cf4767ed7a3b89740cdef236def8d5544a2c3d |
| SHA512 | 029d4f79bd425d1f17323279f24df588f8dfa0b54d855e92b6b826f96aa95aba51b292b4428ed95043b3746a7941fd20f6d88ca0ad8d4f01a07b48dcbcfa3aef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 219c9f0b7f9f077d1fc2b8588f9ba0d7 |
| SHA1 | af8b87ca9bbf5d6790373d33a330eafa1ac72ccc |
| SHA256 | 153c86ce45684dff2f26fe69094f7de6b7d878cc8cebb59e44d85f45d47db7e5 |
| SHA512 | 87a51995bd79e57ebb6e24f785e525f2a27fad960b3ba97781f77b5e60566673314a922df8b76083cf5cb1720980c80d4d67dca8702962c106a9690616cf1ce4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6bfc5c5068db6918a92b2b5c835bbee |
| SHA1 | f3def90bb7be17e91e69b4876d56b861e5ed0e55 |
| SHA256 | 1bb3965c7f375f5b9dbbb28f661b19cc39403ff65f6999800487748fbd4518db |
| SHA512 | 7fa75ce225f23235afa32db116bae759c5eece21b2e05662997d98922e67c91cd0156508a5f2b77b244be02a766c74683f442b1f487db930ebedc317a0958472 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8840673edcf0114b3776f12f00b61e57 |
| SHA1 | 760e5a613ddad1ad3481dc5b0772edf2a3195142 |
| SHA256 | 52d2562bb0c960db467f1a8bb8f96bcae80510a1cea35420d82acd2635577ee8 |
| SHA512 | d40928a649fa17848b0acfb6e07f1e16f693571e887b99e5d0bc9cedf43ede791301498ccac67558eae3dd12bdc1cf8c24c81ece7fb6922de97feb2ac2c22238 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59c3cca5eaf573f4e32d8f5cc10336cb |
| SHA1 | 064cb836df8a8e2ea9650eae8598964ecfb7630c |
| SHA256 | 6a6beb6dfde1e39527e60aecda98d798dbf279a5c929eb9b2e716f06dad55c0e |
| SHA512 | f4b24f401bdd9006c1f7d5594083ecedc3d0084bc5492b599a8b2a1589678e85ba5e747eb4091315497c9d954cfc90f2109eefd50b64ba0ba951047f75ab7971 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccd206f0f244c25a14738988cba5c127 |
| SHA1 | ca5c30893274aa25aec3621243f71d38b15eb8ba |
| SHA256 | e3db61a73695145f42a28bdd166a8febc87255886908a8979382a2811e4a47de |
| SHA512 | 9666f4ccc8a6a508c50b2e6e17018c3e432bb25300f315684568a60c5a8bbc5c79b03f7e7bf05d22e579b082af3318b9e5c0004389d1d6fdebadbb59c9ae19d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16c55a1e6e358a10595137a45bd6b0ee |
| SHA1 | 61b2cf959bcc3564abb7aaa62c6be6ea97783c18 |
| SHA256 | 1429109f69e0f6d54972480eb7092d067b7489865c575b75f30df39c14e2699e |
| SHA512 | 70bf31b3ebdd67ff02f030f4cd69ea1e625249ef92713dfa92cafedaa505bf2e5649833851619529dcc431bf2850e8146f6c94967fda3a376e78a97d7515f716 |
Analysis: behavioral9
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
win7-20240903-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\dialog\js\dialog.js
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
147s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\node_modules\.bin\mkdirp.cmd"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.250.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
debian9-armhf-20240729-en
Max time kernel
5s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/node | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/node | N/A |
Command and Scripting Interpreter: JavaScript
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/local/sbin/node | N/A |
| N/A | N/A | /usr/local/bin/node | N/A |
| N/A | N/A | /usr/sbin/node | N/A |
| N/A | N/A | /usr/bin/node | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/fs/cgroup/memory/memory.limit_in_bytes | /usr/bin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/meminfo | /usr/bin/node | N/A |
Processes
/tmp/node_modules/.bin/rimraf
[/tmp/node_modules/.bin/rimraf]
/bin/sed
[sed -e s,\\,/,g]
/usr/bin/dirname
[dirname /tmp/node_modules/.bin/rimraf]
/bin/uname
[uname]
/usr/local/sbin/node
[node /tmp/node_modules/.bin/../rimraf/bin.js]
/usr/local/bin/node
[node /tmp/node_modules/.bin/../rimraf/bin.js]
/usr/sbin/node
[node /tmp/node_modules/.bin/../rimraf/bin.js]
/usr/bin/node
[node /tmp/node_modules/.bin/../rimraf/bin.js]
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
win7-20240903-en
Max time kernel
117s
Max time network
119s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\balanced-match\README.js
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
debian9-mipsbe-20240418-en
Max time kernel
1s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/sbin/node | N/A |
| N/A | N/A | /usr/bin/node | N/A |
| N/A | N/A | /sbin/node | N/A |
| N/A | N/A | /bin/node | N/A |
| N/A | N/A | /usr/local/sbin/node | N/A |
| N/A | N/A | /usr/local/bin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
Processes
/tmp/node_modules/.bin/mkdirp
[/tmp/node_modules/.bin/mkdirp]
/bin/sed
[sed -e s,\\,/,g]
/usr/bin/dirname
[dirname /tmp/node_modules/.bin/mkdirp]
/bin/uname
[uname]
/usr/local/sbin/node
[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]
/usr/local/bin/node
[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]
/usr/sbin/node
[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]
/usr/bin/node
[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]
/sbin/node
[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]
/bin/node
[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
debian9-mipsel-20240611-en
Max time kernel
26s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/node | N/A |
| N/A | N/A | /usr/local/sbin/node | N/A |
| N/A | N/A | /usr/local/bin/node | N/A |
| N/A | N/A | /usr/sbin/node | N/A |
| N/A | N/A | /usr/bin/node | N/A |
| N/A | N/A | /sbin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
Processes
/tmp/node_modules/.bin/mkdirp
[/tmp/node_modules/.bin/mkdirp]
/bin/sed
[sed -e s,\\,/,g]
/usr/bin/dirname
[dirname /tmp/node_modules/.bin/mkdirp]
/bin/uname
[uname]
/usr/local/sbin/node
[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]
/usr/local/bin/node
[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]
/usr/sbin/node
[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]
/usr/bin/node
[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]
/sbin/node
[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]
/bin/node
[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
debian9-armhf-20240729-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/node_modules/.bin/rimraf.ps1
[/tmp/node_modules/.bin/rimraf.ps1]
/usr/local/sbin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
/usr/local/bin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
/usr/sbin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
/usr/bin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
/sbin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
/bin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
win7-20240729-en
Max time kernel
134s
Max time network
131s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a963765939a79f49a264d21ed5ee43fc00000000020000000000106600000001000020000000e718f6178fcd62586e82baa55bd52739a8817483468cac07a6338dbdfed2f0f8000000000e8000000002000020000000f57313a7d119d2365fcd7e1a51b9dacc2ec6c1ea8185f4d67469ca1b6cedb50a20000000d4ef491c7b69a5c5494d81ee9f3f411494d0835ff9c04a2735a9f61008975ae240000000497b897b60bc79417e71f94a41dc9bb70243a27b34a2f3d475586628c6a5f7edcf9a765acbf08d79ade8f535d42cf930456bbe7407752b0372c559a4aeaad2e7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a963765939a79f49a264d21ed5ee43fc00000000020000000000106600000001000020000000873a1543f9cfc875d66a6ad0902fc70db7611ec76f8b7fd48550a7799cf97d84000000000e8000000002000020000000e1552261cde94e064adec3f02c91b9a3d65b009e4f9b8f6170da7600da9ec09d90000000b3f9b811365e8d31391cea77f261ec613b21cbf58f696cdd2625018f0f5fdb936e65f8fe349db938d99855c1d6c8c66078b139782d3c4e7c1a109b5a2bd81b4fa6fa062c2ba35638e5cc0a7190a3969f8a3c55d55c6a14fb299cdec9f10d36cd69fd6ec3c068b6cad18533218c78a9d37c50a3e84420a97bfc72484ca8a9dd3a82f4bfc8f15552625f538d0a78e5200840000000b9d0512d9dbbfb6f401e3367f0445293c52be0d0b660eeacfbf10db4ff716826e4244ed7eb5579b596c4b044d30f6ea2e946b09d771bd1b86821dde183a87a43 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438340140" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40cb09aaf03bdb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5D96091-A7E3-11EF-A5E9-FE7389BE724D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2628 wrote to memory of 2168 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2628 wrote to memory of 2168 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2628 wrote to memory of 2168 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2628 wrote to memory of 2168 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\custom\help.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | romaincousin.gitbook.io | udp |
| US | 172.64.147.209:443 | romaincousin.gitbook.io | tcp |
| US | 172.64.147.209:443 | romaincousin.gitbook.io | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| US | 172.64.147.209:443 | romaincousin.gitbook.io | tcp |
| US | 172.64.147.209:443 | romaincousin.gitbook.io | tcp |
| US | 172.64.147.209:443 | romaincousin.gitbook.io | tcp |
| US | 172.64.147.209:443 | romaincousin.gitbook.io | tcp |
| US | 8.8.8.8:53 | cdn.iframe.ly | udp |
| FR | 18.164.52.100:443 | cdn.iframe.ly | tcp |
| FR | 18.164.52.100:443 | cdn.iframe.ly | tcp |
| FR | 18.164.52.100:443 | cdn.iframe.ly | tcp |
| FR | 18.164.52.100:443 | cdn.iframe.ly | tcp |
| FR | 18.164.52.100:443 | cdn.iframe.ly | tcp |
| FR | 18.164.52.100:443 | cdn.iframe.ly | tcp |
| FR | 18.164.52.100:443 | cdn.iframe.ly | tcp |
| FR | 18.164.52.100:443 | cdn.iframe.ly | tcp |
| US | 8.8.8.8:53 | 1660550734-files.gitbook.io | udp |
| US | 104.18.40.47:443 | 1660550734-files.gitbook.io | tcp |
| US | 104.18.40.47:443 | 1660550734-files.gitbook.io | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 184.25.193.234:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.252.143:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabAEE7.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\k2[1].png
| MD5 | 987b7ee484247b9b8f963f876ebddeb1 |
| SHA1 | 29a18d2224d6535b21cc831f8a8ca3140007e6a0 |
| SHA256 | 85fd8dbf6a27fd691d8df7aab6eb0c2814eeb02b46bbdc3bfda4e24927c6faae |
| SHA512 | 2ed07bbca4bc7118ae0c1b931dea8641eaaf685e0a9291e609e6dcf3332e149c778e9a2be0eb46f53f433f79b86a4cdb21c52b139c09ba47bceb5ea808b0505c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\pzrzu69\imagestore.dat
| MD5 | bcaf7caa9159fc4df06efbe02c75ce43 |
| SHA1 | 9fcf5af9ba80cd8dc6ef589bafbd7fdcbe5b9155 |
| SHA256 | b5c45e0ebf0081bdc273ae134e5c32eb4d630792695b4f6df78ffc00977c26d7 |
| SHA512 | 2af1c34fe409a337e28a945321c89fd8f71bde53494d22a0d9fc46dc4cf565bccf2cc5972bf17cfd38c5cc1ca858ffa915e4fe81c7e70999fd2be9e10c9f54a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fce219e7684c66a091390329cd7cc735 |
| SHA1 | 3cb239645131332525620f6eaf3f31394d9ed825 |
| SHA256 | 50d2f048f13088c7e1f9663128c3a902d0e110c4d6edf189a4c8e58da2c4ba69 |
| SHA512 | ff2c0595ec28e00498bca3284fd86bd14c4645164dafd6615164ff961ab770f5ad48744f61057c6de9af7229db8d13e6479b68676f6b10d0d58f837c79d7e851 |
C:\Users\Admin\AppData\Local\Temp\TarC0E1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a21292577c0d40861a4059acd9066c5b |
| SHA1 | c77d674ae843548ea2fa8a7bae443f4f3c32862b |
| SHA256 | f6865c080d8ed5dc9b3cf2971cf017b912701af8d185c554661e434ad6fd2da4 |
| SHA512 | 4a639e4e59837ef01986121d696959f7196c8433bc6e0ba652176b13063c437ed29c169370851f72026eaf47118b5b0adbf255ae63e831d91076f6bf87b9dc11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91e2f0ec4d585260079cb0cc461fe841 |
| SHA1 | dbb2d0f42ea5311fe224bf37741ba3d375af4b77 |
| SHA256 | b14ced10b6697dfd276b32838cf6e4ed1f0b2b70d66186031b1ae7f63fbd3bb1 |
| SHA512 | 30189f216979163f4d7cbafbb245dcebc22fa21e4f546f518649fb24035b1ddd38832497979f093af5178db41ba36058897c257f404c634f5378115f6cc7f18b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 988adfcdfeec739826004239a15c1cbe |
| SHA1 | 4e4d868b4b767bbdc0494693e09990e566a77039 |
| SHA256 | d5129a34f4e58730cd4ad43c93d562299b455452e7af6ba374c4706a3890debf |
| SHA512 | 1c67edc1df6b3bde859d542d0e545c5dc9264ff08fe68f2303111f5c0fd2740a39293024bab8aad649c28e6a3b3343a90bea353cac3cc0392daed17427e78b2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6053c8d107830421adacaba7349df66 |
| SHA1 | d8e33a16c227a17f3f5b342ae0723b1258abddb2 |
| SHA256 | c5aa2e8fc3779dcf63adc92bb988e3c6fda652fa7d9a78bcdd00b370a4ddc0a2 |
| SHA512 | 372b8bb266f4af6ea114c853aa42b49448ae09387a1bcd584cad2205793270b742f2febcd1fe52a6a3a9cb1e7e464042b189f293505f0a110909424fe8688981 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a82fac521035ed7177f0108492cc728c |
| SHA1 | cc08bde6c682a7a03551ad066a4f06483f4d7eb5 |
| SHA256 | fa8220c1d54527adb575081cdce3587c9229392536ac703ec0617de4141dcd84 |
| SHA512 | 3284b820da244acb9ac2d8fb9b6747eb6c8112e7d942d36cfc3247a5156ad40eaaa6e2bb809f4adafa39d65deed06968cf6314b6a1ee53659d0b62c439427e9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e81991f0270b6d9ab08097496ce6f17 |
| SHA1 | 2c4aa5758c89439a06afad995651c479122171cf |
| SHA256 | 3e7df357dd2f9c616684d95643cdd768d0d906416a69e15265e24fd6eccc4382 |
| SHA512 | 3a0e1b9bd4ec3ac6bd049b3315cecf7a7a1dbd46dfc3b5b90f1289c58ac96da69a8e997a6af7805449d24eaca743e1988ad3d4d94d1564cf4d65dce603ef8a73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de4a4f980f979c68434c9778cd02c2c6 |
| SHA1 | 79bcc4a276fb32bbf62f7cea5c21a63ebe4a4d6c |
| SHA256 | 14acece7b3627c8da994425733c53409e50453f1c18ccbe7e6766c964c6b7788 |
| SHA512 | 322aff8da0f0dd58411dc53149cbbf12ca1ba4e6715b2b8f3930830742700d14952f814e6d3175f5a5a51fad7f3a9d5553a6ecd85c0e34926f078a98522d54d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0e9045570b90307e6df82e5d8b59b19 |
| SHA1 | 7887e87f85fcf911653c7aae869286290d1152f6 |
| SHA256 | 7746825a2c876c4efa6493d5ff2a03d9effa1162edb8e9f82e3fc09ad6248f4b |
| SHA512 | 660fd35df53f893e055b1de27a20b82f54ca2dbe48f03fefd4121d07410d8ef18c8de86556b5dc56148b5adbebd88e8b70e59e88c042c2085e8214befcbf9c98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 591e9cd9a5e27834660283a987452040 |
| SHA1 | 0ff2b8859b63659b9af8f5e8dcc7b94de9a51154 |
| SHA256 | b0a78e38e9e3e5beb153ec4fc0a7777bf048e396bb0908113bbf1c653e4bef07 |
| SHA512 | 407c401c100b35d3d3966131d3c52a8957d9f8af2d1b9d51def966c011ac6caf0d1c0d9ccf93ec5be67a3562622f204d4403fa805ed5fd72d4ddee9bd5bbed15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ddd75e505f2e92fc0a9ac97c448d339 |
| SHA1 | 9fdc4fd61cace7591962da4c6944be489d912e38 |
| SHA256 | f48c8d888e695dff3573e9d8125568a8c9e7ab94d71fe85f7db6c106731c1f20 |
| SHA512 | 46ecea53af898c9fa70ed627441b471800cb74622d6736df621b679f33d067c2d51d30e333ba67513e966a430c072d837b4404ac16ac2718ff77b0748f2d7289 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51a98419e9672284747a66cdb642b3ec |
| SHA1 | ff6576baf2a54c3293477e31f1f2f37d120959a3 |
| SHA256 | 58d77c991f985b0798c1d98ba4f303f3e0064c6efd7d808c76c3081da7811763 |
| SHA512 | 55e59a0b797bfb26a35aa17cfcacf5dbec80993c6f5076d9e422ebe58c8f1c39a2754591b3a2b6b6647bcf7d40735791edc9194b186616e5d346032fc2b0b1cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ae3e78d8cf99074e6415e59f368ccd3 |
| SHA1 | d772a4a69db59915e9f4176a8f8a7484459b4862 |
| SHA256 | 81cc6d721755356bbc4cf9fec1885ee754789f5e25dbee024d64c330f403a56a |
| SHA512 | d4f3589fc76edfa9bdf193f68adc9aff28c81245fe818e67588e42e4cee94212efe48366282d8651bd78333c11829439f8e702a0613401cf8f2e3ed03a2afcc1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 4d603d236f5a69d790c55ee13c04e097 |
| SHA1 | 969d7679f2cf20f6a5e751f32bc52e1d9a271817 |
| SHA256 | 6f61c0aee2754d1898780ca7c8f59ce334181dc8cbf787e785672e8c27931c4c |
| SHA512 | 5e50d8c5e5df417f64b8748e1590129987afa5b4c9ec6b5e6775ba0d6e2845d0013a0b5cc1f167300f285506ce829833f35b8f32f7ab6505f411f1aa598a6ad4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 786ef6c9260a0b513bb2f5444326e4f7 |
| SHA1 | cac7177534abc5e7a946a865de8745c92be24ce3 |
| SHA256 | d0da1bdb4bead709ac3cabc95553e7e3e4623f34869db30d9977094a7fc2c274 |
| SHA512 | 7d3cf2b6836ebdaca1cf438695aaaaf105cfa3292c95a6730290ed365a8de5131364a57ff52fe4dbea75a0f618f241ae8bee87c62bac878ebbbff8e6598564a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e67f7bb6b94b078083c85ad03ca9be1 |
| SHA1 | 71f356188d6511c19944b88a948e49ee7df6629b |
| SHA256 | be89d682e2459b6fa59675119876956f4817e6d4aecdd07c78e6e9599121b017 |
| SHA512 | 34260255e9d6e076b15262731307a8511533e4f19316f4016d95c8be79f7c5ee32e3265bf2f765cdef407fd44747e736aac4f6d65efd709fe0a64692178ffe37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4edb66dd5c5aaebb7f4934e3bbaca25b |
| SHA1 | 13eb98c5f55f747bb3470f85cb1e9ee497cd641e |
| SHA256 | ac21006003da29ab8defbf5da0100ee52206de88c11c8096660d287b4b67177b |
| SHA512 | 73a3efe116548a6e285a927656226cd9d5a70963aebd9d0d725d664d28b1b69a325b71ee081b724c3cd1fda337d31c343a816a9ecf4821ae5d75d0f84c3c1c52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c85abfe226f762ebd148eb4115899414 |
| SHA1 | 4bf7b7df62dce011a751caad3361736fe446f65d |
| SHA256 | 4cc93075e915c2fa909494fe2c8559c030320e0c0183b85e2dd819e0f9e44889 |
| SHA512 | 3780e9a81b8f30978d9556604f15550db0669f9bd60e65b45db1b38442680b131b9645e952a2a1b4c677d0fff98834d7ec6e48e9d5f63d2cabf8f5b0b5cf5e24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab59e4df4b36b557d9a3bcf453fcba9b |
| SHA1 | f6b9d2f19348ae123e48e3c70914a93427657462 |
| SHA256 | 710e388dc3329faeb240015eb74b4248318675edc7c9749267f2070ebbc080b6 |
| SHA512 | ac51076e433356f05ba0236f9bfd82ea1600a073528a23c4945c83570fdd09bc90b19bccaba8f7fcfe294d93932cf5369507406434c3a17b09a93878bfed541d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 6e3f3515b4de92aee999edc3db1c8585 |
| SHA1 | a6c10df54ffd21715171078420be107cde256f4a |
| SHA256 | f31b180e3281b486594a5df56c4a6a31eb74fb09b5486facecc00bb3120bca70 |
| SHA512 | c465c24b1785d1694ea5ee2cf7fcbb62c20b0f58beff6faa7fc46c91272c882b1dc1650b8db2544413afc9e0ec659006439f14771ad8dec48238a308e64c4c3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5e4b8ecfbdb5d4ea4d680ea7280f4b7 |
| SHA1 | 529a57aa281967001e20e2c2285eabc836a8217c |
| SHA256 | c94b3cc706ea9d6023f15b17ceca49f7887aab47fde5fe586d95bd37715d6d0c |
| SHA512 | b0d7147431aa087d592a85532ffe8b3511c0ccf98f519e99ac3dd4a3799fccb1034bf9926a390ab3c438b13e7a1e442c481dd4ad38700ec6b19b2e70615b1048 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d66b790f13b6f66b231347e5be38855a |
| SHA1 | 2b163ab5bfc128acf128bd1b76e94a09cd87c6f9 |
| SHA256 | be2e7ab56926832613f41b6150e35373092bbf1e9fffa250c28259129f8c7c65 |
| SHA512 | bb13cbce6e88530301acf8c1d33680f782df6320c830b4e817cb898c4be95e2ae3257427292580b5b5eb5a1e6f3683dfc9a528a0342ef3c294afa8f2c1753a4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e31ccef380cbf163de290dc4da46a06c |
| SHA1 | 326b980482f33a0a4c5a76b062b13053537dbddd |
| SHA256 | 4b4f396093fac76aa2d812d1af2cc3c3440fadd0b057822b0d9f911748e325cf |
| SHA512 | 32813772cb7d446b03015bacccb1c88bf324654e2955231c76031d0f58d95b8155453dff2c41ef8bd9abd4737600f8af1a933bdaad91667c088a53c8779b3370 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
145s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\custom\help.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b00e46f8,0x7ff9b00e4708,0x7ff9b00e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4276 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4276 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5808 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | romaincousin.gitbook.io | udp |
| US | 172.64.147.209:443 | romaincousin.gitbook.io | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.147.64.172.in-addr.arpa | udp |
| US | 172.64.147.209:443 | romaincousin.gitbook.io | tcp |
| US | 8.8.8.8:53 | api.gitbook.com | udp |
| US | 8.8.8.8:53 | cdn.iframe.ly | udp |
| US | 172.64.146.167:443 | api.gitbook.com | tcp |
| FR | 18.164.52.61:443 | cdn.iframe.ly | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 18.164.52.61:443 | cdn.iframe.ly | tcp |
| US | 8.8.8.8:53 | 167.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.52.164.18.in-addr.arpa | udp |
| FR | 18.164.52.61:443 | cdn.iframe.ly | tcp |
| US | 8.8.8.8:53 | app.gitbook.com | udp |
| FR | 3.164.163.87:80 | crt.rootg2.amazontrust.com | tcp |
| US | 104.18.41.89:443 | app.gitbook.com | tcp |
| US | 172.64.146.167:443 | app.gitbook.com | tcp |
| US | 8.8.8.8:53 | player.vimeo.com | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.201.222.52.in-addr.arpa | udp |
| US | 162.159.138.60:443 | player.vimeo.com | tcp |
| US | 8.8.8.8:53 | f.vimeocdn.com | udp |
| US | 8.8.8.8:53 | i.vimeocdn.com | udp |
| US | 8.8.8.8:53 | fresnel.vimeocdn.com | udp |
| US | 151.101.192.217:443 | i.vimeocdn.com | tcp |
| US | 151.101.194.109:443 | f.vimeocdn.com | tcp |
| US | 8.8.8.8:53 | csp-reporting.cloudflare.com | udp |
| US | 34.120.202.204:443 | fresnel.vimeocdn.com | tcp |
| US | 151.101.194.109:443 | f.vimeocdn.com | tcp |
| US | 151.101.194.109:443 | f.vimeocdn.com | tcp |
| US | 104.18.21.157:443 | csp-reporting.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 60.138.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.192.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.202.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | player-telemetry.vimeo.com | udp |
| US | 34.120.202.204:443 | player-telemetry.vimeo.com | tcp |
| US | 8.8.8.8:53 | 1660550734-files.gitbook.io | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.72.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ba6ef346187b40694d493da98d5da979 |
| SHA1 | 643c15bec043f8673943885199bb06cd1652ee37 |
| SHA256 | d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73 |
| SHA512 | 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c |
\??\pipe\LOCAL\crashpad_872_JMLEHAOGOKCBVMLL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b8880802fc2bb880a7a869faa01315b0 |
| SHA1 | 51d1a3fa2c272f094515675d82150bfce08ee8d3 |
| SHA256 | 467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812 |
| SHA512 | e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2d3ba8c86c62cca9385ec4748df921d2 |
| SHA1 | 331c4ca7e8a21f859abd79bd8630bca00c5da606 |
| SHA256 | c3156b7fda24f8eb97c26bb5f97c3a8cc01d87edebf5c60541d03d7c03e3ab88 |
| SHA512 | df676a10c01cc408afe47a10436ee5207f80b7daa6f902d48ddeb272b5b3993c9f0bae86dca7a7670bba9fd2a778afc968b236d8bbf1bcdca36b538bf369c776 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 04815a5d00c904d3d59b82d31bb8bcec |
| SHA1 | f6c7b133e4df138a4cdf9a177d656784b4b6fa31 |
| SHA256 | 923ab238b1f27ee1570d0053ae6b67d86d9426a4c45186b21add75cd9ca6692f |
| SHA512 | 0ce4a55822274854de5c08470a8c4640d28ea67132a324d8406552df21f815fc1ef1cbbb408ce360da9a1b91006379f403d5217e4cadcc2e508e7043877d075b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4d57ab875b58ec92a91e612b1a9e76fd |
| SHA1 | f867489c2f845431ebf0318b21108afc544c6f1b |
| SHA256 | 568bdcc3aaffc358ff829560d19b3cf01269573282593c7cf5ae51f8b841816f |
| SHA512 | b6bd2d4d59ba48561de0f09eb3eafffe1112b4665ed5ed9035181a5ce66c3c9d14ce3dd08334b3efaa0342a1575bad6cf040de0969805d4f557095b49902a608 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1ee38022f2ce85dfae408e4ce01670ae |
| SHA1 | 6434dea398c3abaa938385eb4fe4a3822ab37f54 |
| SHA256 | 73d0c2a18911eae525ad4c748013a15d463a98ee3dc6b71fb5aff717eded81ad |
| SHA512 | 92c93953b9365c53570d5c2b3f539f40a7fd2486d4a6cd7238bf780ae48f348f57acf33ea9713b51cc6e4109ca322c0cf287042f509f551346b5781b0aea3a0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 665d13f7e37c48c787a0fcb618677b78 |
| SHA1 | 501b0986dd493ce0c7081df943056109fb20594c |
| SHA256 | 941349af146261a2d031c1d836d4f3c0f1d97562b1df10164ce9f5aec0a7e159 |
| SHA512 | 0a1412adb9012b5d47e6105c25163fc9e66eaaa70aba4eebf99ba5302de0651e6d4c776c1457dd6e0854ab9e85d5c0822b176f4fe2572fef86faf487d4b67125 |
Analysis: behavioral15
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
win7-20241023-en
Max time kernel
119s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\node_modules\.bin\mkdirp.cmd"
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
debian9-mipsel-20240418-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/node_modules/.bin/mkdirp.ps1
[/tmp/node_modules/.bin/mkdirp.ps1]
/usr/local/sbin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
/usr/local/bin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
/usr/sbin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
/usr/bin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
/sbin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
/bin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
win7-20240903-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\node_modules\.bin\rimraf.cmd"
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\dialog\dialog.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1a8f46f8,0x7ffe1a8f4708,0x7ffe1a8f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3084 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.250.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f426165d1e5f7df1b7a3758c306cd4ae |
| SHA1 | 59ef728fbbb5c4197600f61daec48556fec651c1 |
| SHA256 | b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841 |
| SHA512 | 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6 |
\??\pipe\LOCAL\crashpad_3080_NYYIYBXSHVAGFUZN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6960857d16aadfa79d36df8ebbf0e423 |
| SHA1 | e1db43bd478274366621a8c6497e270d46c6ed4f |
| SHA256 | f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32 |
| SHA512 | 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6c732e1019fc41159736fe2d984757b6 |
| SHA1 | d280ae9f30afbef4fc5dea7dff3db75594f094a8 |
| SHA256 | a14f81af511902dc6c810edf3888af122a19114a04d7d1360085a3df47006cf5 |
| SHA512 | d294c64404a0865c99902950e8fdcd259cf306085b4e9a06ad9dfdce14b8e7313c4cbb1d78549d48fc52526a0f9270a3f045c00fa42d52115721aabed010db5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 01c01d30b35658a5c098bafcbe2114a1 |
| SHA1 | 7ba07f2954dcd64f4c8d65a97a72337dd6106f66 |
| SHA256 | cf0835fd5727ca7d625ecf836d083538a592c6caf4f9bfbb0c4ed04eb78aba20 |
| SHA512 | 98a3c4fe732992459a93e479d68b5c4d7babe14972d70f5b7bd58c006cd916149203cf38ab3888df3fc025f67e967d8e2123a161ffd2e9ca6e8688de69125663 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1968e6d38743c5d8b5e81e89ab655404 |
| SHA1 | 1137f14bd964e21d4e7e9021456e2b61520bcd67 |
| SHA256 | 48ca47a1aa365757f2c6b8e8a91fbc1c8a0a79948ec373bb7cc4f570ddec1044 |
| SHA512 | a9e1a051af8c9bf2c36c75dcee493660dfdd58e1c216d5c3db811f493a94a731b1a2f17c26edc8211a874545751d7adf6d0a47b6e74f8036577db41cf64c9a80 |
Analysis: behavioral10
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
145s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\dialog\js\dialog.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.250.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
debian9-mipsbe-20240611-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/node_modules/.bin/mkdirp.ps1
[/tmp/node_modules/.bin/mkdirp.ps1]
/usr/local/sbin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
/usr/local/bin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
/usr/sbin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
/usr/bin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
/sbin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
/bin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
debian9-mipsel-20240611-en
Max time kernel
1s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/local/sbin/node | N/A |
| N/A | N/A | /usr/local/bin/node | N/A |
| N/A | N/A | /usr/sbin/node | N/A |
| N/A | N/A | /usr/bin/node | N/A |
| N/A | N/A | /sbin/node | N/A |
| N/A | N/A | /bin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
Processes
/tmp/node_modules/.bin/rimraf
[/tmp/node_modules/.bin/rimraf]
/bin/sed
[sed -e s,\\,/,g]
/usr/bin/dirname
[dirname /tmp/node_modules/.bin/rimraf]
/bin/uname
[uname]
/usr/local/sbin/node
[node /tmp/node_modules/.bin/../rimraf/bin.js]
/usr/local/bin/node
[node /tmp/node_modules/.bin/../rimraf/bin.js]
/usr/sbin/node
[node /tmp/node_modules/.bin/../rimraf/bin.js]
/usr/bin/node
[node /tmp/node_modules/.bin/../rimraf/bin.js]
/sbin/node
[node /tmp/node_modules/.bin/../rimraf/bin.js]
/bin/node
[node /tmp/node_modules/.bin/../rimraf/bin.js]
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\custom\about.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc30df46f8,0x7ffc30df4708,0x7ffc30df4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2876 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.72.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 37f660dd4b6ddf23bc37f5c823d1c33a |
| SHA1 | 1c35538aa307a3e09d15519df6ace99674ae428b |
| SHA256 | 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8 |
| SHA512 | 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d |
\??\pipe\LOCAL\crashpad_4236_UQDUZWNYTLWJGDIX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d7cb450b1315c63b1d5d89d98ba22da5 |
| SHA1 | 694005cd9e1a4c54e0b83d0598a8a0c089df1556 |
| SHA256 | 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031 |
| SHA512 | df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7c0993ec2750a6af99967312da2b43c1 |
| SHA1 | da2d63528e21debd59f4363f145c2c4282b2c268 |
| SHA256 | c6a0c6b56eb20035fb25393756aa060cc9b2ff1add46a4f747df86fb2eff02bc |
| SHA512 | a1e53f093e9ff647397d915e2bc7e150a93a43b1f3f3cee86c3ecc29e19c5dcaed6141413cf7a22c15a356086f9c1e4b95eb351cf6a44c4bfd201e9b3aa5b3bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\53393ab7-c62b-41d9-ba3a-6ab3bb0c9ce2.tmp
| MD5 | 0def06cedb5df719389482eafbcf07f1 |
| SHA1 | 4d36944d937af5181d944574fe8088aadf6fed0a |
| SHA256 | 428e0778a6e3a158dd33f9059934a636fa70deb005eb97cd6920e46740daebb6 |
| SHA512 | 9b9c3c241af6e27d5fa9e95b52d9dbd896a6a835737d0ba0f61f828a39f0e5d839e3cf9bfe144ca56a8c41fc63a97dd10aa276f3bd7e551c2da432d4811e690d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d6a60aef9f267985d4512e2f0e17f69f |
| SHA1 | fbcd1f4317606fe8c1201cb4031109adab0913c7 |
| SHA256 | b78f879a72c6ee60440b6ca9472bdb1b16f530acc03aaf68c18b179fbe225341 |
| SHA512 | 0c597767ab6cd58945c48d60c253c72aecb9c209c5df8d1b7e635c3d29edbd35cb4545eaa01b34cdf28e1803045ca081e1316ea0ead1afcdbe8f7952106bb0bd |
Analysis: behavioral17
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
132s
Command Line
Signatures
Processes
/tmp/node_modules/.bin/mkdirp.ps1
[/tmp/node_modules/.bin/mkdirp.ps1]
/usr/local/sbin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
/usr/local/bin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
/usr/sbin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
/usr/bin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
/sbin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
/bin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
/snap/bin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| GB | 195.181.164.15:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 89.187.167.38:443 | 1527653184.rsc.cdn77.org | tcp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
debian9-mipsbe-20240418-en
Max time kernel
1s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/node | N/A |
| N/A | N/A | /sbin/node | N/A |
| N/A | N/A | /bin/node | N/A |
| N/A | N/A | /usr/local/sbin/node | N/A |
| N/A | N/A | /usr/local/bin/node | N/A |
| N/A | N/A | /usr/sbin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
Processes
/tmp/node_modules/.bin/rimraf
[/tmp/node_modules/.bin/rimraf]
/bin/sed
[sed -e s,\\,/,g]
/usr/bin/dirname
[dirname /tmp/node_modules/.bin/rimraf]
/bin/uname
[uname]
/usr/local/sbin/node
[node /tmp/node_modules/.bin/../rimraf/bin.js]
/usr/local/bin/node
[node /tmp/node_modules/.bin/../rimraf/bin.js]
/usr/sbin/node
[node /tmp/node_modules/.bin/../rimraf/bin.js]
/usr/bin/node
[node /tmp/node_modules/.bin/../rimraf/bin.js]
/sbin/node
[node /tmp/node_modules/.bin/../rimraf/bin.js]
/bin/node
[node /tmp/node_modules/.bin/../rimraf/bin.js]
Network
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
debian9-mipsbe-20240418-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/node_modules/.bin/rimraf.ps1
[/tmp/node_modules/.bin/rimraf.ps1]
/usr/local/sbin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
/usr/local/bin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
/usr/sbin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
/usr/bin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
/sbin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
/bin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
win7-20240729-en
Max time kernel
133s
Max time network
129s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001f2c456c20e79f48a04a617814c15f5000000000020000000000106600000001000020000000a5502ae68c471e02004ea5283007af59a0dbd7955b5e5b17575e48ecb4ac442f000000000e80000000020000200000006445db637663bae1792924b6cdeaed6f06d5a07a9b6a5f65b4cdaf21365a32a020000000a2ba415b9e2b42424f469356ecd462ad075630bddbec58c930d9472c99a00d0140000000bf731177fdf6daa6d5f078807af60309faa10fd2048b9e17910230bfbd67d9f7c50af91795ada2fd4e8b5adbb62832ffc217e34467fb5b74be5eeb7d9766ebdc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 800482b8f03bdb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438340137" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001f2c456c20e79f48a04a617814c15f5000000000020000000000106600000001000020000000e82e221e84d1a5983674b94e33a5e7599e32b425f12f08e4d48883b7a6d500a8000000000e80000000020000200000008c96408033d2969115b32358673209ed61bd8926868f46569840a284b6e3583d90000000c1664f770bbcc306c28a6858678062646ad898ec36deaa023f993b8efc251465b8b4ba2cf83a996428d1e9d2b8afe96278ae50ffd604e6c04a7641800158498a66f824266eddc64d5e578a6152edd1a18c40183f57b2b7f997feaf6ae7d661baeb0bc9ab744a34740aabaf22fa6d08446c1be88e4fcba0361d10a402fba473a634da1f8a524280789ef3f90fd3a2671940000000dfbec0de64ca3c87ab4818bcbbabb396cb648cae957799301fe270525a3a332ccd92f892e1859e3fb92ac5443da6b89a3329dbdcb52ef6bccb6513d1692367b8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E4091D01-A7E3-11EF-8B64-E6B33176B75A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2464 wrote to memory of 1780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2464 wrote to memory of 1780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2464 wrote to memory of 1780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2464 wrote to memory of 1780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\custom\header.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2464 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab9263.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar92E3.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 274bba4f6586f7ce767a8f308e30133c |
| SHA1 | 803bcbb9defdc674a03459b5ab843c3a10611046 |
| SHA256 | fdaa0713581f07fbc80307bc680d0d2ea918c99fb18670cae89d516d47dd971e |
| SHA512 | 8b6f2bea447b9c9223521b1931290190bd1cb887529ff66083b60ecb7859a0bbc4d1c3a9fbb418013ceb58e1a04366e222fd65feffcb3aa9a27d887b87bfadf5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b4a68bc40435e0452e9ef11f1ee50f4 |
| SHA1 | 7e7b34193d7a9c253e7a62412fc9fcef49138981 |
| SHA256 | cec473b6976129f9f14b95a3ebba37f9f775bc8ade75749976567b3d42048557 |
| SHA512 | 455e7ded677f1743b9f58c45942ae9881437963a96153709a61ff21cafd3421189df61f67169d5d0e86206a28956f18e6257a40a79be9abd3094c887b17b2fe7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb8a94dc8f78d4196d2e8cb565064662 |
| SHA1 | cb1f93a8ccc8aaeedbb641bb8531f53f115c30aa |
| SHA256 | bfcf4d2574f975f4e2ae610d97fa065c16028199797f2140c982d5431ac6d380 |
| SHA512 | 0901c680d4f2c6902ee0101a1da4f4010ce15c47caa3e10d2ebbb9a18cb805c3c2ebab800a92f2a9eb8359db1855584289b8246d25f48c3d55add05d3191fee1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7afba214d15b0fbfe83acbbec4e44d6f |
| SHA1 | e8eb0f38c35364a5cce20903870734a484603719 |
| SHA256 | 5ec45c2cdcaa44bf2b2c067cfaf7dabf310e1660d62fd36d8bea4d2196904692 |
| SHA512 | e0051fad3cc9ed4f826306fb2fd310cdde66e96f960b6b24f16e625a6780ca7fb81931bbd1c4f56662ee04a57008d16d3fbcacdee09b82159cde0eb279d44956 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c6fb13230df0856c8be70a65f703dd5 |
| SHA1 | c5a9d620bbf7545607f8e28be975572e95b9885f |
| SHA256 | 52b83e55542bff8c2eb1200bb944bd2c3d47430de0888b1574582960a34fc9b9 |
| SHA512 | 326d0d309bfe280bca0564edd09fd17a4ef82e463f00fa230fe154aff92f220a5259f6e7439600ce0121d440f42f22d31bf7c6fb5bb1ef159a9f5732c4783495 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afdd21f2a1b819309cab067ae5d6f687 |
| SHA1 | 8980ef69b582516ef5152a38eb17589755d8c5d0 |
| SHA256 | e21d84316f854dad82ae121e100e2c96baec3d1f6f7b1af1fa85b5dfedfe4305 |
| SHA512 | cf2acb8c6ddd308e217cdabebb277faa6ad08179387cdfdaa2f1d0c269107bd5855018ccc9bc90b61590291ce200fbeab4a44d72996ffaae31b79368d774cdeb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eba9a5ce022f0b823c75afc2b161c6c7 |
| SHA1 | 8361797fd40fd29fe59920b00a92b2802257b839 |
| SHA256 | c371c28400ed3ea7aa91e6234b99b3913eb2a4081582fe3e13a5041c9d96cce4 |
| SHA512 | eb1fb3d5624ecc0efd502d6d3e0cb2627fcc9e4581597d01d9a909d4f58328d9067b16c39b76142bb8dbb308c76f4a4017e0ebc84ee704badcbfcc7b968ca321 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 700c1f36cefb6a7c2c3c8822a3a59bb9 |
| SHA1 | b344736e7d80751ae8d7ce1acf721717b51c27c7 |
| SHA256 | c5c710747fd08639e615f839453626220aa501a647b7cf9e05fa91f28a801f07 |
| SHA512 | 6fb3dee6f3230b2ec2c2532f9ed6e989c17aa81bd40345d972cc35ec01e4168ae1095164b02d3751f6897f746a216c4a5ef4ffb517fea93326385e95536fcf19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bccd701b24cb4e8529a7c39d98f4754 |
| SHA1 | 585477015ae70c278e1602755da24b585619331f |
| SHA256 | 87f6ad37c56c2097a9fd851e03147be6aba37ae53e5cf14bf6ace38d86497909 |
| SHA512 | e9182b3f0a8f5b44c8dd27b00de613353e6e5891620d1bd2963198dc697ef5292c4d7f3ae9d741140f8b359a6810720afbc5e096355e77e582af89c68476ec15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a294c0a0d8c6595aba7d58fa3caa8169 |
| SHA1 | a31eff77cd279fec13f0dcddcd8cae0634233ed5 |
| SHA256 | 96d7a4f23ccbef8baf33d30841853100f5f141337636449e9f196512bb418113 |
| SHA512 | cd134a91476400c1e5378ac40e0e2220d335ceed0c2a3bac7b13c632ebba69c64d048d1da57a32092f8ccdaec73b3690c66472f18a7408bd2344f7f985093678 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ba0e62030212ee14e1a17ad9788836e |
| SHA1 | 2babf01b32d367810697a862f0d502d8967de867 |
| SHA256 | b6adb4c9480aef1d6606c320b35bf4bb7a799e5db134f809e1385e32954ea8f3 |
| SHA512 | 16573b2ce22a74067c9bc1a19bc59f1944d5567a9b468a16c48922495770f8e5c086449e54ba7147f5d27a6f3473af7d4c6b109c5703942dd7f44daf88197f4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c808dbe2c84cb96f66c59f0690d60484 |
| SHA1 | 14321519dba2eb16c959d3ef0106c10d2e51eeb7 |
| SHA256 | 095415d3b1721401861307755bfc34abaf412187532cd7fad52a335e75c35886 |
| SHA512 | 44180e0a04d3659bee50cf27bbaf34c54a2acb09f749d3e72b86e4c4f8517173239fbea4734115b051e5283b60ea93796af3aeb9a4f48baac3778dd69ed55018 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5441485b92b9d54cdb864c71e3fc0e4e |
| SHA1 | 305f6427bf8a3c3b3095760dd75da220065c92da |
| SHA256 | ba01049e781d51ec441cfc90611afbad6d83cff236820245788e6e3aca0ffa17 |
| SHA512 | adea5e82377cc396a8507bf4c530df42d709ddd5b46bd00386ef3d45352318359f633a81dc39bc30c6c3629e2099bd7eedc9bfed7141a2f1c41c8d2e58c0052a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b92980bdf0bc7bb7cdd5fcb2bc499b9 |
| SHA1 | 7f8700dc9a284e4aad49c93a8fdda8ce991e42de |
| SHA256 | 0bc28a32df7efdb6b1123ac6bd8bb0b7d4852038c2216612a961b1781991140f |
| SHA512 | fa50f3ff946a855af110930cbbd6d4104dc1641924847595ab022f6d9eaf56f4499f67c9b5853a6c0f0fa36cfbf1ba21fe271d8f5d64c40c2462852cda26f3b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00cb829bcfb54bd82358d1016d5ad310 |
| SHA1 | f8929b38bf536aba6ab901f1f1720d763fee9dc2 |
| SHA256 | aa1646ae2f2c05c71f096db32472c9b394c561098e023d82b33790a0e13d16be |
| SHA512 | ea4aad2f1f901b1b383dc4153fa5fb919a270358bf7f29ebad1d23e8d54e8b3d9345b3f3adece22531f607d352b17a102d165098e2d38ba9f4e384c6b98d077e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a8bf1006a5301e15fe8a33755ce3bf6 |
| SHA1 | d3f08de07b76befd86830416fb8ec343b53394e8 |
| SHA256 | d4e1cbd0071a409ef3ed8ebb023b1a1cf76a33ebbdfb25556e5f59b42a93ee29 |
| SHA512 | c94bc2a36362fa95f7579eb57eec695532c275ec7ff78961c2cbf3e9328a54f0f8818f7a7cd1771ca73448347f60882b9a20b5269fa81b8dae9c47702d5ec8ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ba957a1911dcd0e6fedbc9e3451eac1 |
| SHA1 | fe73f95dbc17a7d5157d707f9840a8539d5352f6 |
| SHA256 | e8e56654ac400002e90918450e1190bc62aad12a1505e722ef051ed9d4f8a7a4 |
| SHA512 | ef0f43a5dd5e608bbbd31900b8c59aae0ac5873c5ad301e988a60d11a50951b3048a9ad5fa4c82c3b0c0527917a364ec79bd1e01fb64c78b96abaf05c444d5b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e76fa33bd8cace75f42f53d7649b63b0 |
| SHA1 | 4f4ceaa442356d2035bea07723064be3e5458c62 |
| SHA256 | 84d5993f7e08e8f698ef64ee4e86cb4b747be6e0de5703670062848a7d1b1e79 |
| SHA512 | e550cf487a2c388ba1673a95df61d5f88ff0707ea314934baa3a6ac1af982304252ea9dedb1189f3c0339d09d2508c62b9d87236760dd6faa730f968d02c4d2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fae4df1cc69bb3b8996c1b378e924a93 |
| SHA1 | 327ad53c5483feb2393f30db608766b5d7fae001 |
| SHA256 | 7d3ab8d0fd6d617e53b8461771ede23d850549745b767be65a1d2f28fa8f0e16 |
| SHA512 | f5242598a77b4c8040cfd96aced89a315a21409418fa30f513fc8c02a617404194b9af18695e3e8f93af23a97d6a2951e81692505c83e91a163315a53cd87f26 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\custom\header.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xd8,0x110,0x7ffb91b646f8,0x7ffb91b64708,0x7ffb91b64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.116.69.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e443ee4336fcf13c698b8ab5f3c173d0 |
| SHA1 | 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a |
| SHA256 | 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b |
| SHA512 | cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd |
\??\pipe\LOCAL\crashpad_3312_HMPOKAIKCRKQDSDK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56a4f78e21616a6e19da57228569489b |
| SHA1 | 21bfabbfc294d5f2aa1da825c5590d760483bc76 |
| SHA256 | d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb |
| SHA512 | c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b28488ac991017557ffa3a35dc868dd7 |
| SHA1 | dcbcbcc704c1475ae698312783ae134f7e565b40 |
| SHA256 | 7fa4f9b75b4ebf1647fd6d9b32b460b365dd87fbf0512ea73660cbcec350363a |
| SHA512 | d9bfc6cb8c111e13c46bbdcf0ef4727587fab3bf06a5f9cd1a2f99f442647ee20dcd90501000a6eb102d038b400a98da09c18140553ac8f39bc691cb4b11aa16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d29b6574514f1dc5df5849c4c8a8e6f7 |
| SHA1 | 0e478471ec9d593213a102de86ef8f525f303073 |
| SHA256 | a40b20e8e90441892e9b969d3229aa54503993708efdf1ef82057abf969ad3d7 |
| SHA512 | a508a5c840ddf8b6bc2ff5c49a36410626ce06e31d74a67ccd47ed18678974eda95ee2a74548fb9fdbbc1ed26ef620e1162c5ca188402a3e727f58e7125d757e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7482a5862a05894c349557c3cc38f601 |
| SHA1 | beae87de5dda1e43a090509026c11bba6529e404 |
| SHA256 | 71787f5c2b7bd473dad47c1d12c2906577c78e2d594d9196e9e46276fb91fc79 |
| SHA512 | c09efd563a9cfebb69b2bb510ac732df7d83677b0895cd967bc702b072756708d20d5875677702638bf8ca46352332dc8e87a91309e2030c5b619b4d309efbaf |
Analysis: behavioral18
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
debian9-armhf-20240729-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/node_modules/.bin/mkdirp.ps1
[/tmp/node_modules/.bin/mkdirp.ps1]
/usr/local/sbin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
/usr/local/bin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
/usr/sbin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
/usr/bin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
/sbin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
/bin/pwsh
[pwsh /tmp/node_modules/.bin/mkdirp.ps1]
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
132s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/local/bin/node | N/A |
| N/A | N/A | /usr/sbin/node | N/A |
| N/A | N/A | /usr/bin/node | N/A |
| N/A | N/A | /usr/local/sbin/node | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/fs/cgroup/memory/memory.limit_in_bytes | /usr/bin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/meminfo | /usr/bin/node | N/A |
Processes
/tmp/node_modules/.bin/rimraf
[/tmp/node_modules/.bin/rimraf]
/bin/sed
[sed -e s,\\,/,g]
/usr/bin/dirname
[dirname /tmp/node_modules/.bin/rimraf]
/bin/uname
[uname]
/usr/local/sbin/node
[node /tmp/node_modules/.bin/../rimraf/bin.js]
/usr/local/bin/node
[node /tmp/node_modules/.bin/../rimraf/bin.js]
/usr/sbin/node
[node /tmp/node_modules/.bin/../rimraf/bin.js]
/usr/bin/node
[node /tmp/node_modules/.bin/../rimraf/bin.js]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 84.17.50.8:443 | 1527653184.rsc.cdn77.org | tcp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
131s
Command Line
Signatures
Processes
/tmp/node_modules/.bin/rimraf.ps1
[/tmp/node_modules/.bin/rimraf.ps1]
/usr/local/sbin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
/usr/local/bin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
/usr/sbin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
/usr/bin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
/sbin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
/bin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
/snap/bin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
129s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/local/sbin/node | N/A |
| N/A | N/A | /usr/local/bin/node | N/A |
| N/A | N/A | /usr/sbin/node | N/A |
| N/A | N/A | /usr/bin/node | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/fs/cgroup/memory/memory.limit_in_bytes | /usr/bin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/meminfo | /usr/bin/node | N/A |
Processes
/tmp/node_modules/.bin/mkdirp
[/tmp/node_modules/.bin/mkdirp]
/bin/sed
[sed -e s,\\,/,g]
/usr/bin/dirname
[dirname /tmp/node_modules/.bin/mkdirp]
/bin/uname
[uname]
/usr/local/sbin/node
[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]
/usr/local/bin/node
[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]
/usr/sbin/node
[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]
/usr/bin/node
[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-11-21 08:37
Reported
2024-11-21 08:40
Platform
debian9-mipsel-20240611-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/node_modules/.bin/rimraf.ps1
[/tmp/node_modules/.bin/rimraf.ps1]
/usr/local/sbin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
/usr/local/bin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
/usr/sbin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
/usr/bin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
/sbin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]
/bin/pwsh
[pwsh /tmp/node_modules/.bin/rimraf.ps1]