1654fa1be1a0a2a731cc223fea55af926325b6db1675373e9cf4a15fc4128ae9

Analysis

max time kernel
62s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2023, 19:27 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

(v0.1.29) HoleHouse [Windows]/HoleHouse v0.1_Data/Managed/UnityEngine.ImageConversionModule.dll
Size

22KB
MD5

1889b1e46b02189662cb174d7b6b8dde
SHA1

de2fbfe196e14614fa216fd0aa061e7831ef7224
SHA256

b245d2dbb7a983d2382a1cd875a47fa77d8f822943ec20284e491961b2d5b400
SHA512

33cb176af95fe00cd1a746b252fc9bd5f3c49199f16e4b06a1ea616c00defb7a2b362a1e76b50d3ee2e080019e6b822e0fdbf4180c351e317cc1b21589a18ab4
SSDEEP

384:++NoMDuqohdxpCqfbAUANl8tlz2hjMX+cjORaV8E9VF6IYia4idnkq2wbO:OwxohdxYqfbAUANl8KhjMX+hRHEpYiaM

Score

1^/10

Malware Config

Signatures

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\(v0.1.29) HoleHouse [Windows]\HoleHouse v0.1_Data\Managed\UnityEngine.ImageConversionModule.dll",#1
1⤵
PID:4316

Network

DNS

97.97.242.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.97.242.52.in-addr.arpa

IN PTR

Response
DNS

176.122.125.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

176.122.125.40.in-addr.arpa

IN PTR

Response
DNS

164.2.77.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

164.2.77.40.in-addr.arpa

IN PTR

Response
DNS

2.36.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.36.159.162.in-addr.arpa

IN PTR

Response
DNS

164.2.77.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

164.2.77.40.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

240.232.18.117.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.232.18.117.in-addr.arpa

IN PTR

Response
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

210.81.184.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.81.184.52.in-addr.arpa

IN PTR

Response
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

37.146.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

37.146.190.20.in-addr.arpa

IN PTR

Response

37.146.190.20.in-addr.arpa

IN CNAME

37.0-26.146.190.20.in-addr.arpa
DNS

154.239.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.239.44.20.in-addr.arpa

IN PTR

Response
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

86.8.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.8.109.52.in-addr.arpa

IN PTR

Response
DNS

151.122.125.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

151.122.125.40.in-addr.arpa

IN PTR

Response
DNS

226.101.242.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.101.242.52.in-addr.arpa

IN PTR

Response
DNS

97.238.32.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.238.32.23.in-addr.arpa

IN PTR

Response

97.238.32.23.in-addr.arpa

IN PTR

a23-32-238-97deploystaticakamaitechnologiescom

52.242.97.97:443

tls

1.6kB
9
20.189.173.14:443

322 B
7
8.247.211.254:80

322 B
7
8.247.211.254:80

322 B
7
173.223.113.164:443

322 B
7

8.8.8.8:53

97.97.242.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.97.242.52.in-addr.arpa
8.8.8.8:53

176.122.125.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

176.122.125.40.in-addr.arpa
8.8.8.8:53

164.2.77.40.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

164.2.77.40.in-addr.arpa
8.8.8.8:53

2.36.159.162.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

2.36.159.162.in-addr.arpa
8.8.8.8:53

164.2.77.40.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

164.2.77.40.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

240.232.18.117.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.232.18.117.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

210.81.184.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

210.81.184.52.in-addr.arpa
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

37.146.190.20.in-addr.arpa

dns

72 B
168 B
1
1

DNS Request

37.146.190.20.in-addr.arpa
8.8.8.8:53

154.239.44.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

154.239.44.20.in-addr.arpa
8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

86.8.109.52.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.8.109.52.in-addr.arpa
8.8.8.8:53

151.122.125.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

151.122.125.40.in-addr.arpa
8.8.8.8:53

226.101.242.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

226.101.242.52.in-addr.arpa
8.8.8.8:53

97.238.32.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

97.238.32.23.in-addr.arpa

Windows 7 deprecation

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.