a8c0236c98449cbca8097ca4923fe0b5b878944796e240f64595fc85b99092e4

Analysis

max time kernel
92s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2023, 09:44 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ecb8a22e5831fafcbaf0392b5b617c3.exe
Size

870KB
MD5

2ecb8a22e5831fafcbaf0392b5b617c3
SHA1

ebd35d45d8ec1779f57457b7383da40c6ad8b77e
SHA256

7208422887eda7041fb87c8d836a31d41b9d74c8ee724c179a795bd83ce29ab9
SHA512

f261f99301b8c0e94a58feda80560e144cffe07073c1c5ae065f308338de04c3ac57d727bc5c70ed83b59ab670afb82f647d6d288777dff2065087e992524f73
SSDEEP

24576:zFzruKzEV3L2bTvWX5CnthV+2qRcExFn:zF/zEVbk7DnthwRc4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5076-140-0x0000000000150000-0x00000000003D3000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\2ecb8a22e5831fafcbaf0392b5b617c3.exe
"C:\Users\Admin\AppData\Local\Temp\2ecb8a22e5831fafcbaf0392b5b617c3.exe"
1⤵
PID:5076

Network

DNS

solar.huawei.com

2ecb8a22e5831fafcbaf0392b5b617c3.exe

Remote address:

8.8.8.8:53

Request

solar.huawei.com

IN A

Response

solar.huawei.com

IN CNAME

solar.huawei.com.c.cdnhwc1.com

solar.huawei.com.c.cdnhwc1.com

IN CNAME

solar.huawei.com.cdn20.com

solar.huawei.com.cdn20.com

IN A

163.171.140.79
GET

http://mva.microsoft.com/encdata

2ecb8a22e5831fafcbaf0392b5b617c3.exe

Remote address:

163.171.140.79:80

Request

GET /encdata HTTP/1.1
Connection: Keep-Alive
Host: mva.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/527.16
DNS

79.140.171.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.140.171.163.in-addr.arpa

IN PTR

Response
DNS

79.140.171.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.140.171.163.in-addr.arpa

IN PTR

Response
DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
DNS

254.210.247.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.210.247.8.in-addr.arpa

IN PTR

Response
DNS

33.18.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.18.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

28.143.109.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.143.109.104.in-addr.arpa

IN PTR

Response

28.143.109.104.in-addr.arpa

IN PTR

a104-109-143-28deploystaticakamaitechnologiescom
DNS

1.208.79.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.208.79.178.in-addr.arpa

IN PTR

Response

1.208.79.178.in-addr.arpa

IN PTR

https-178-79-208-1amsllnwnet

163.171.140.79:80

http://mva.microsoft.com/encdata

http

2ecb8a22e5831fafcbaf0392b5b617c3.exe

337 B
132 B
3
3

HTTP Request

GET http://mva.microsoft.com/encdata
20.189.173.9:443

322 B
7

8.8.8.8:53

solar.huawei.com

dns

2ecb8a22e5831fafcbaf0392b5b617c3.exe

62 B
156 B
1
1

DNS Request

solar.huawei.com

DNS Response

163.171.140.79
8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.249.119.40.in-addr.arpa
8.8.8.8:53

79.140.171.163.in-addr.arpa

dns

146 B
146 B
2
2

DNS Request

79.140.171.163.in-addr.arpa

DNS Request

79.140.171.163.in-addr.arpa
8.8.8.8:53

254.210.247.8.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

254.210.247.8.in-addr.arpa
8.8.8.8:53

33.18.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

33.18.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

28.143.109.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

28.143.109.104.in-addr.arpa
8.8.8.8:53

1.208.79.178.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

1.208.79.178.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5076-133-0x0000000140000000-0x000000014004C000-memory.dmp

Filesize
304KB

Download
memory/5076-139-0x00007FFB269D0000-0x00007FFB26BC5000-memory.dmp

Filesize
2.0MB

Download
memory/5076-140-0x0000000000150000-0x00000000003D3000-memory.dmp

Filesize
2.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.