Analysis
-
max time kernel
153s -
max time network
170s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
28/10/2022, 17:50 UTC
General
-
Target
8a12a06bce7a2512ed2297a744d750d0e04813c822fd1e843f1a7bd959406256.exe
-
Size
20KB
-
MD5
0bb78aa8ce4910e7f2ade2fe2db060a0
-
SHA1
0faf3ea9155f58a0696a65d39bed3af47ba990e9
-
SHA256
8a12a06bce7a2512ed2297a744d750d0e04813c822fd1e843f1a7bd959406256
-
SHA512
8e826867bb89441002f52faacb27be20aabd1973d797a94aae7f3a9c23acab2e2dde88c06ee3238462f68b9e8946df670c29ed1b90ef1801d75928adf8b99452
-
SSDEEP
192:lX3Mb3o2qQhChNbvtin8VoU2a+D94ZwVY:B3MM2qQheNbvtin8KXxD94yVY
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8a12a06bce7a2512ed2297a744d750d0e04813c822fd1e843f1a7bd959406256.exe"C:\Users\Admin\AppData\Local\Temp\8a12a06bce7a2512ed2297a744d750d0e04813c822fd1e843f1a7bd959406256.exe"1⤵
- Suspicious use of SetWindowsHookEx
Network
-
DNS96.108.152.52.in-addr.arpaRemote address:8.8.8.8:53Request96.108.152.52.in-addr.arpaIN PTRResponse -
DNSd.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpaRemote address:8.8.8.8:53Requestd.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpaIN PTRResponse
-
93.184.220.29:80
-
93.184.220.29:80
-
93.184.220.29:80
-
93.184.221.240:80
-
93.184.221.240:80
-
20.189.173.10:443
-
52.152.108.96:443
-
93.184.221.240:80
-
8.8.8.8:5396.108.152.52.in-addr.arpadns
DNS Request
96.108.152.52.in-addr.arpa
-
8.8.8.8:53d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpadns
DNS Request
d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa