018a7076aca3d4baee25cf85eaa4b46147da354bf62d939773b126c78a2d6d6c

Analysis

max time kernel
126s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
04/03/2023, 09:13 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2012-54-0x0000000001D00000-0x0000000001E74000-memory.dll
Size

1.5MB
MD5

29ca66db117bba5c4614218930bd50a3
SHA1

5810f2287a572114712da4b23f1bfb3444505430
SHA256

018a7076aca3d4baee25cf85eaa4b46147da354bf62d939773b126c78a2d6d6c
SHA512

edb37ed6f5e85dfeab280e888374a5dd909c9f55ae225295de6f77bbee493643e5e899e3bb8aa84681beb21aaf4c038ac7cfd6d7f7005f7fb7ac67c57423776d
SSDEEP

24576:UJAx41SXU4LG5Vlcz8PBhNbJgwm9CEl9DAvOBddLfMVxpF3:20bG5Vyz8B9gwm95AAdhfUx

Score

1^/10

Malware Config

Signatures

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2012-54-0x0000000001D00000-0x0000000001E74000-memory.dll,#1
1⤵
PID:3680

Network

DNS

210.81.184.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.81.184.52.in-addr.arpa

IN PTR

Response
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

58.104.205.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.104.205.20.in-addr.arpa

IN PTR

Response
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

216.74.101.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

216.74.101.95.in-addr.arpa

IN PTR

Response

216.74.101.95.in-addr.arpa

IN PTR

a95-101-74-216deploystaticakamaitechnologiescom
DNS

151.122.125.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

151.122.125.40.in-addr.arpa

IN PTR

Response
DNS

2.36.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.36.159.162.in-addr.arpa

IN PTR

Response
DNS

226.101.242.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.101.242.52.in-addr.arpa

IN PTR

Response
DNS

233.141.123.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.141.123.20.in-addr.arpa

IN PTR

Response

40.79.141.153:443

322 B
7
20.54.89.15:443

260 B
5
173.223.113.164:443

322 B
7

8.8.8.8:53

210.81.184.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

210.81.184.52.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

58.104.205.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

58.104.205.20.in-addr.arpa
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

216.74.101.95.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

216.74.101.95.in-addr.arpa
8.8.8.8:53

151.122.125.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

151.122.125.40.in-addr.arpa
8.8.8.8:53

2.36.159.162.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

2.36.159.162.in-addr.arpa
8.8.8.8:53

226.101.242.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

226.101.242.52.in-addr.arpa
8.8.8.8:53

233.141.123.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

233.141.123.20.in-addr.arpa

Windows 7 deprecation

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.