Analysis Overview
SHA256
52c2a5490cbfa4780940b18d6a288453e9115af91f8c10c4c99dbcf1eeda03e8
Threat Level: Known bad
The file XWorm 5.6 Edition Cracked.zip was found to be: Known bad.
Malicious Activity Summary
StormKitty payload
Xworm family
Stormkitty family
Detect Xworm Payload
Contains code to disable Windows Defender
Legitimate hosting services abused for malware hosting/C2
Unsigned PE
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-26 16:16
Signatures
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Stormkitty family
Xworm family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win10v2004-20241007-en
Max time kernel
90s
Max time network
139s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Newtonsoft.Json.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win7-20240903-en
Max time kernel
117s
Max time network
119s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Clipboard.dll,#1
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win10v2004-20241007-en
Max time kernel
92s
Max time network
140s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Cmstp-Bypass.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.209.201.84.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win10v2004-20241007-en
Max time kernel
147s
Max time network
153s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HiddenApps.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win10v2004-20241007-en
Max time kernel
92s
Max time network
140s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NAudio.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win7-20240708-en
Max time kernel
117s
Max time network
120s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HVNC.dll,#1
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win7-20241010-en
Max time kernel
122s
Max time network
131s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HiddenApps.dll,#1
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win10v2004-20241007-en
Max time kernel
92s
Max time network
141s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\ActiveWindows.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HVNC.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HVNCMemory.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.150.79.40.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win10v2004-20241007-en
Max time kernel
92s
Max time network
149s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Keylogger.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win7-20241023-en
Max time kernel
121s
Max time network
124s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Newtonsoft.Json.dll,#1
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
140s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Chat.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win7-20241010-en
Max time kernel
62s
Max time network
19s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\FileManager.dll,#1
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win7-20240903-en
Max time kernel
118s
Max time network
120s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Chromium.dll,#1
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win7-20240903-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HBrowser.dll,#1
Network
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win7-20240903-en
Max time kernel
118s
Max time network
120s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Informations.dll,#1
Network
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
156s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Informations.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.79.70.13.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win7-20240903-en
Max time kernel
105s
Max time network
152s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NAudio.dll,#1
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x46c
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6369758,0x7fef6369768,0x7fef6369778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1004,i,118227967167887488,8010345966421526191,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1576 --field-trial-handle=1004,i,118227967167887488,8010345966421526191,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1004,i,118227967167887488,8010345966421526191,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2144 --field-trial-handle=1004,i,118227967167887488,8010345966421526191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2156 --field-trial-handle=1004,i,118227967167887488,8010345966421526191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1428 --field-trial-handle=1004,i,118227967167887488,8010345966421526191,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1500 --field-trial-handle=1004,i,118227967167887488,8010345966421526191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3728 --field-trial-handle=1004,i,118227967167887488,8010345966421526191,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3716 --field-trial-handle=1004,i,118227967167887488,8010345966421526191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2552 --field-trial-handle=1004,i,118227967167887488,8010345966421526191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 --field-trial-handle=1004,i,118227967167887488,8010345966421526191,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 --field-trial-handle=1004,i,118227967167887488,8010345966421526191,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3824 --field-trial-handle=1004,i,118227967167887488,8010345966421526191,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3972 --field-trial-handle=1004,i,118227967167887488,8010345966421526191,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2056 --field-trial-handle=1004,i,118227967167887488,8010345966421526191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2348 --field-trial-handle=1004,i,118227967167887488,8010345966421526191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4172 --field-trial-handle=1004,i,118227967167887488,8010345966421526191,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4332 --field-trial-handle=1004,i,118227967167887488,8010345966421526191,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.180.14:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | udp |
| US | 8.8.8.8:53 | cdn.prod.website-files.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn.localizeapi.com | udp |
| GB | 172.217.16.234:443 | ajax.googleapis.com | tcp |
| US | 104.18.160.117:443 | cdn.prod.website-files.com | tcp |
| US | 104.22.20.64:443 | cdn.localizeapi.com | tcp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| FR | 52.222.153.158:443 | d3e54v103j8qbb.cloudfront.net | tcp |
| US | 104.18.160.117:443 | cdn.prod.website-files.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 104.18.160.117:443 | cdn.prod.website-files.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.245.199.73:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.73:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.73:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.73:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.73:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.73:443 | css.rbxcdn.com | tcp |
| GB | 2.22.144.84:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.90:80 | crt.rootg2.amazontrust.com | tcp |
| FR | 3.164.163.90:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| GB | 88.221.134.171:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| FR | 13.32.145.6:443 | images.rbxcdn.com | tcp |
| FR | 18.245.199.73:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | tcp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r3---sn-5hne6nzy.gvt1.com | udp |
| NL | 172.217.132.168:443 | r3---sn-5hne6nzy.gvt1.com | udp |
Files
\??\pipe\crashpad_2804_DKMTQUWMNVOIFOOG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9a8db5f410da111060e334e8a1e8ba20 |
| SHA1 | 6d725e6a18ee19558fc8b0637370849c87fed4e7 |
| SHA256 | 0140a0583a6522856e43bc92f23da65e463c9f769c40e7e47c87bba0ce602551 |
| SHA512 | e4ff3522714a9144d38c0a198dd488adbfaff71ee87d02ce4a46908245b5f6bd02b08833f1dc5aa2d5fb4ae2938ec94adb7ef09f0c54a2327bd63a1a13528c7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ebb72a209516b297d7b4086812344f63 |
| SHA1 | 1ccb2d90bd05467da9b5538a317ef40c7c0da7f7 |
| SHA256 | 6c52ccd3082219566ff99fa8a657586902af8d54c06df920958eaa582f9a56b9 |
| SHA512 | e7bf9a8b5354fabc41c58dbffd0ea5779418453497587d5b0d3d21363f44b53e4f42bfefb9b6b0a2258a16e69b050ee16aea5f00012ef71c3445df8c7c59962f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4acc6f241723a2708fea911e67ff1365 |
| SHA1 | 6c2da237a7620849ca212271c7bf3fe2abd50ebb |
| SHA256 | 29fda415163124cc2bd6c4ecfe6dc532a20cb2fff57042c34e2849ece9e33615 |
| SHA512 | 24c1466efb75a39e38e4670a2bfe30437a52ef9f6395184e7f7ea999b9023d339eb66eb488fa6017b11fc193d46c3e5c1b4fd80887205e8721739ee6de962d94 |
C:\Users\Admin\AppData\Local\Temp\CabFD83.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarFDA5.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 515248095556c0bff65ed503aa72dd27 |
| SHA1 | 957a4754e1d57a8ae6a79ca16939b66625dd905d |
| SHA256 | fbae1236c4d452990579480c6d3b4e8c7f99ea652dcf6bfddec30abcd7f1ad6d |
| SHA512 | 78cdb382699780413c1a5e4e192ec556b9b494138ff8ace5df8a7adb9f5596317095761c547ff4cb4c525803d2f9dcc553e8fa4ab0da6dfde6940ecac442acdc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a0fa28255affca2610d1ade57ee34aa4 |
| SHA1 | 81b8a7aa9d7a12ffad5d6c60ad8ccfe2596edb85 |
| SHA256 | c6fe80ad04d244c10e0161c6193987008e865ee4eafeefc3b6819e5a0f9d02eb |
| SHA512 | 7d175f79f51e55663edc35351592b0c646b0a0c341009c1824b8377a39a6850ae0668e70b23b537811744ca9be969ce72c74bd318171e27a6cc65f9de778d88a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c897d1d2ab6d431abc5d672b43134b4d |
| SHA1 | a8f18daf801b509ddd1d7c70ac7c9eac09f11c71 |
| SHA256 | c4b00c2de3739340f5cf9b44fcde43065c5a5c7e89b433bfdce4b44d24a6db0c |
| SHA512 | ac9b0194a1ccca62fbcfd97e0d6131b2f667d47a6846e8b31d4ab46f23301c1a3297175e78c5f8082683291d745fe35c1ae75847c758452fff0b870c0f3c2c8e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4be10d09bf62c70a017be8188675181d |
| SHA1 | 4889197f735bcfe3a2d5c98028bee1bb9ae35cc7 |
| SHA256 | 56372460b86b20449af1538b8e324518729882c23aaa08a8647b8cd2b319a47e |
| SHA512 | 39a78e7fd5fc53f1855ff967da116ef8a8b2db0a20fc267d9c2aaae02fcd122dc4eab61ff02a8a95c8ac40d93e6d5e2e1ed0cc0a51061cb77597009e4bf39a78 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a2865a960b1cc02b573b3dd8c17de9a0 |
| SHA1 | a29abd972a32d33436c709d89dd1eb7ebd98a728 |
| SHA256 | 299f81b21d404ccdac01e10b250191142c2d8bb3217fb4c418ddbfeacaa01248 |
| SHA512 | 69489751064c47d04d2e059922223e5c23b8e93cb9a6d8d9552b0308f6e46cf65833524638f03a5c04c3bb9caa964b400ef15680a8a02959b80aa6f0e7f661a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 082b3cf8fc48236fec7bcb688fcb6416 |
| SHA1 | 2e81d91f0b66a0ca13e611eb2cf9ff03a69c5d19 |
| SHA256 | 3693d1318738ef570505cfbaf4eaf77566871c840b98982993c6e9a2f18130a6 |
| SHA512 | b16dd4cddf8e370f0a84adc3f3d7a7a53bb03f2fb66689e6ec4243979ce56d8fd2e25982b3308217e0864f8ab71e4ee3c7bab4ca323041cee66bed2988d540db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e2c4d9c16301ee1aa48337017f3b29c4 |
| SHA1 | 38b630fbb6e0caf18f60f5f62920eed6ce162fdf |
| SHA256 | 5e93ad5d4a073939317a136d5c4bf0e5e215e3b95b1eee671bad1c1fd6166e2f |
| SHA512 | 12df10a23027db1f6e61cc5267e9c2fead4e2e9908782a830c2922c30eb34356e04241b6cd1ffdcb244c9c1a94fa20102457c079864d64c45a0718069a8e4f10 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win7-20240903-en
Max time kernel
117s
Max time network
120s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\ActiveWindows.dll,#1
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Chromium.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
136s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Clipboard.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win10v2004-20241007-en
Max time kernel
92s
Max time network
138s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\FilesSearcher.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win7-20240903-en
Max time kernel
118s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HRDP.dll,#1
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HRDP.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.143.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win7-20240903-en
Max time kernel
122s
Max time network
124s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HVNCMemory.dll,#1
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win7-20240903-en
Max time kernel
117s
Max time network
119s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Chat.dll,#1
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win7-20240903-en
Max time kernel
122s
Max time network
124s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Cmstp-Bypass.dll,#1
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\FileManager.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win7-20240903-en
Max time kernel
118s
Max time network
120s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\FilesSearcher.dll,#1
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HBrowser.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-11-26 16:16
Reported
2024-11-26 16:21
Platform
win7-20240903-en
Max time kernel
119s
Max time network
124s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\Keylogger.dll,#1