Malware analysis Bunny.Black(GamingBeasts.com).zip Malicious activity

Add for printing

File name:	Bunny.Black(GamingBeasts.com).zip
Full analysis:	https://app.any.run/tasks/dab22267-1935-4dc8-83bc-45bc84078526
Verdict:	Malicious activity
Analysis date:	July 30, 2024, 11:07:11
OS:	Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME:	application/zip
File info:	Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:	B9B082CF820D099FF31604F95C46C1A2
SHA1:	58CAF354DD799B5392193C87327E7A9989632B24
SHA256:	1E710D00AFB02A8644840C5DD98BB2288EF2DD9F654D1882DCAD05A7A77ED690
SSDEEP:	192:cqxp2fDQsYwMSDJ0gJvalHSGM2pc7q6v9Wh4IMhVxNYwm3BBI1xUV44pH/lykVxc:XxpGQsYR6SgqSPSx6v9hnVxoj6VWm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - WinRAR.exe (PID: 3280)
- Scans artifacts that could help determine the target
  - Bunny Black Installer.exe (PID: 6036)
SUSPICIOUS
- Reads security settings of Internet Explorer
  - WinRAR.exe (PID: 3280)
  - Bunny Black Installer.exe (PID: 6036)
- Reads Microsoft Outlook installation path
  - Bunny Black Installer.exe (PID: 6036)
- Checks Windows Trust Settings
  - Bunny Black Installer.exe (PID: 6036)
- Reads Internet Explorer settings
  - Bunny Black Installer.exe (PID: 6036)
INFO
- Executable content was dropped or overwritten
  - WinRAR.exe (PID: 3280)
- Reads the machine GUID from the registry
  - Bunny Black Installer.exe (PID: 6036)
- Reads the computer name
  - Bunny Black Installer.exe (PID: 6036)
  - identity_helper.exe (PID: 7828)
- Checks supported languages
  - Bunny Black Installer.exe (PID: 6036)
  - identity_helper.exe (PID: 7828)
- Checks proxy server information
  - Bunny Black Installer.exe (PID: 6036)
- Creates files or folders in the user directory
  - Bunny Black Installer.exe (PID: 6036)
- Process checks Internet Explorer phishing filters
  - Bunny Black Installer.exe (PID: 6036)
- Reads the software policy settings
  - Bunny Black Installer.exe (PID: 6036)
- Reads Microsoft Office registry keys
  - Bunny Black Installer.exe (PID: 6036)
  - msedge.exe (PID: 5040)
- Application launched itself
  - msedge.exe (PID: 5040)
- Reads Environment values
  - identity_helper.exe (PID: 7828)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.zip	\|	ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion:	20
ZipBitFlag:	-
ZipCompression:	Deflated
ZipModifyDate:	2021:07:15 08:49:16
ZipCRC:	0x502aabf9
ZipCompressedSize:	10785
ZipUncompressedSize:	25088
ZipFileName:	Bunny Black Installer.exe

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

172

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

132

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3828 --field-trial-handle=2364,i,9464089416555814772,16850940548459011666,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1080

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x300,0x304,0x308,0x2f8,0x310,0x7ffeff5f5fd8,0x7ffeff5f5fe4,0x7ffeff5f5ff0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1964

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4432 --field-trial-handle=2364,i,9464089416555814772,16850940548459011666,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1992

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2360 --field-trial-handle=2364,i,9464089416555814772,16850940548459011666,262144 --variations-seed-version /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

2736

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=2364,i,9464089416555814772,16850940548459011666,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

3280

"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\Bunny.Black(GamingBeasts.com).zip

C:\Program Files\WinRAR\WinRAR.exe

explorer.exe

User:

admin

Company:

Alexander Roshal

Integrity Level:

MEDIUM

Description:

WinRAR archiver

Version:

5.91.0

Modules

Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll

4152

C:\WINDOWS\System32\slui.exe -Embedding

C:\Windows\System32\slui.exe

—

svchost.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Activation Client

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll

5040

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gamingbeasts.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Bunny Black Installer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

5592

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2532 --field-trial-handle=2364,i,9464089416555814772,16850940548459011666,262144 --variations-seed-version /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

6036

"C:\Users\admin\AppData\Local\Temp\Rar$EXa3280.45076\Bunny Black Installer.exe"

C:\Users\admin\AppData\Local\Temp\Rar$EXa3280.45076\Bunny Black Installer.exe

WinRAR.exe

User:

admin

Integrity Level:

MEDIUM

Description:

Gaming Beasts

Exit code:

Version:

1.0.0.0

Modules

Images
c:\users\admin\appdata\local\temp\rar$exa3280.45076\bunny black installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll

Add for printing

Total events

14 899

Read events

14 825

Write events

Delete events

Modification events


(PID) Process:	(3280) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:	write	Name:	ShellExtBMP
Value:
(PID) Process:	(3280) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:	write	Name:	ShellExtIcon
Value:
(PID) Process:	(3280) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:	write	Name:	1
Value: C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:	(3280) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:	write	Name:	0
Value: C:\Users\admin\AppData\Local\Temp\Bunny.Black(GamingBeasts.com).zip
(PID) Process:	(3280) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	name
Value: 120
(PID) Process:	(3280) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	size
Value: 80
(PID) Process:	(3280) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	type
Value: 120
(PID) Process:	(3280) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	mtime
Value: 100
(PID) Process:	(3280) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(3280) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
3280	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa3280.45076\Bunny Black Installer.exe		executable
		MD5:6163F6D7AA17421C16346DC3F1BEF50D	SHA256:F3AB3E5022E13C6D3CF356FD1F62E4C88311C47908C6EC9F4EFDC642E95184FC
6036	Bunny Black Installer.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8		binary
		MD5:6CF82C0C72A2F5406F903D26996C9DFB	SHA256:9B3774D9879C92413877DC06A3A2AC5641C7739DE36ED3D8EC1DF6148690831D
6036	Bunny Black Installer.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\pc[1].htm		text
		MD5:FDA44910DEB1A460BE4AC5D56D61D837	SHA256:933B971C6388D594A23FA1559825DB5BEC8ADE2DB1240AA8FC9D0C684949E8C9
3280	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa3280.45076\Instructions.txt		text
		MD5:4D8CDC04F8199FF3AD6EB17C7216A6DA	SHA256:A5E018AE24D5EF89725887754762B1EF47A70A3A77841C4FBC66143B99647679
6036	Bunny Black Installer.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\blocks.style.build[1].css		text
		MD5:2DD885288733D604E8ADBCC83986399B	SHA256:A0DA2AEE6CC32A9BC1DC66CFBA7518A6D47D1337202D6EE94A6174F25C720E94
6036	Bunny Black Installer.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\index[1].htm		text
		MD5:FDA44910DEB1A460BE4AC5D56D61D837	SHA256:933B971C6388D594A23FA1559825DB5BEC8ADE2DB1240AA8FC9D0C684949E8C9
6036	Bunny Black Installer.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\blocks.style.build[1].css		text
		MD5:3C345ECB9B839EC6C76CED932B551231	SHA256:6A7B8E6114A188DC39B494543D3B15AE1BBC036B63E8FBFE10A7572AFFAD8E09
6036	Bunny Black Installer.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\pc-building-simulator-2-download[1].htm		html
		MD5:3F34D27E13F4EE57687FD236AED13BAE	SHA256:2C1D043DDE2419462B4398074A81F68F743005AE7BDAD21AA34A63AE1D32D6DC
6036	Bunny Black Installer.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\mediaelementplayer-legacy.min[1].css		text
		MD5:2B0DD7EECEA03B4BDEDB94BA622FDB03	SHA256:B7908A015A567EC2363011DF2475368DBFF34360E9DA3FDFF50604D6395FB646
6036	Bunny Black Installer.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\wp-mediaelement.min[1].css		text
		MD5:EA958276B7DE454BD3C2873F0DC47E5F	SHA256:2E10D353FF038C2CAD3492FC17801AF3E6EF2669C9E9713BDB78B1DCB104C4FE

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
6036	Bunny Black Installer.exe	GET	200	142.250.185.163:80	http://c.pki.goog/r/gsr1.crl	unknown	—	—	whitelisted
4132	OfficeClickToRun.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D	unknown	—	—	whitelisted
6036	Bunny Black Installer.exe	GET	200	104.18.38.233:80	http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D	unknown	—	—	whitelisted
6036	Bunny Black Installer.exe	GET	200	104.18.38.233:80	http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D	unknown	—	—	whitelisted
6036	Bunny Black Installer.exe	GET	200	104.18.21.226:80	http://ocsp2.globalsign.com/rootr3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCEQCATgA6JyvFGONNpLH8m3gz	unknown	—	—	whitelisted
6036	Bunny Black Installer.exe	GET	200	95.101.54.121:80	http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgMcfLVQc1c929GWjgQVi4cb5w%3D%3D	unknown	—	—	whitelisted
6036	Bunny Black Installer.exe	GET	200	65.9.89.120:80	http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkpLy9ROx7U76vGUhC06D6E%3D	unknown	—	—	unknown
6036	Bunny Black Installer.exe	GET	200	142.250.185.163:80	http://c.pki.goog/r/r4.crl	unknown	—	—	whitelisted
6036	Bunny Black Installer.exe	GET	200	142.250.185.163:80	http://c.pki.goog/r/r1.crl	unknown	—	—	whitelisted
6036	Bunny Black Installer.exe	GET	200	216.58.212.131:80	http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDZbx4xmOITAwnH%2BD3Jq2tK	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
3392	svchost.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
5368	SearchApp.exe	131.253.33.254:443	a-ring-fallback.msedge.net	MICROSOFT-CORP-MSN-AS-BLOCK	US	unknown
5368	SearchApp.exe	2.23.209.175:443	www.bing.com	Akamai International B.V.	GB	unknown
6012	MoUsoCoreWorker.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
4648	slui.exe	20.83.72.98:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
5800	RUXIMICS.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
3952	svchost.exe	239.255.255.250:1900	—	—	—	whitelisted
488	slui.exe	20.83.72.98:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	51.124.78.146 51.104.136.2	whitelisted
a-ring-fallback.msedge.net	131.253.33.254	unknown
www.bing.com	2.23.209.175 2.23.209.174 2.23.209.171 2.23.209.173 2.23.209.176 2.23.209.170 2.23.209.179 2.23.209.178 2.23.209.169 92.123.104.10 92.123.104.9 92.123.104.7 92.123.104.8 92.123.104.5 92.123.104.12 92.123.104.67 92.123.104.6 92.123.104.66 2.23.209.177 2.23.209.180 2.23.209.186 2.23.209.181 2.23.209.185 2.23.209.183	whitelisted
google.com	142.250.181.238	whitelisted
gamingbeasts.com	188.114.96.3 188.114.97.3	unknown
c.pki.goog	142.250.185.163	whitelisted
fonts.googleapis.com	142.250.184.202	whitelisted
ajax.googleapis.com	172.217.18.10	whitelisted
stats.wp.com	192.0.76.3	whitelisted
o.pki.goog	216.58.212.131	whitelisted

Threats

No threats detected

Add for printing

No debug info

General Info

Bunny.Black(GamingBeasts.com).zip

B9B082CF820D099FF31604F95C46C1A2

58CAF354DD799B5392193C87327E7A9989632B24

1E710D00AFB02A8644840C5DD98BB2288EF2DD9F654D1882DCAD05A7A77ED690

192:cqxp2fDQsYwMSDJ0gJvalHSGM2pc7q6v9Wh4IMhVxNYwm3BBI1xUV44pH/lykVxc:XxpGQsYR6SgqSPSx6v9hnVxoj6VWm

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Scans artifacts that could help determine the target

SUSPICIOUS

Reads security settings of Internet Explorer

Reads Microsoft Outlook installation path

Checks Windows Trust Settings

Reads Internet Explorer settings

INFO

Executable content was dropped or overwritten

Reads the machine GUID from the registry

Reads the computer name

Checks supported languages

Checks proxy server information

Creates files or folders in the user directory

Process checks Internet Explorer phishing filters

Reads the software policy settings

Reads Microsoft Office registry keys

Application launched itself

Reads Environment values

Malware configuration

Static information

TRiD

EXIF

ZIP

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings