Analysis

  • max time kernel
    105s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-04-2023 13:40

General

  • Target

    dlllist.txt

  • Size

    53B

  • MD5

    f1d3aa9d77f8bddba4088b16d3bb85b5

  • SHA1

    283e541f4831ac0bae0027bd1bf13a1ba5d48237

  • SHA256

    17edddef3831bd0556fcb546420b65f771ec483bb05db72e71567ca044642b91

  • SHA512

    8f97c29e52ae611250d8685de025959267cb2110b035fe080412cae0582572dbbabcb5ac29d4025cc00414f2d099890f3e1b82c033158c69c9f714354a74383b

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 1 IoCs

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\dlllist.txt
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:2032

Network

  • flag-us
    DNS
    196.249.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.249.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    108.211.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    108.211.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    233.141.123.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    233.141.123.20.in-addr.arpa
    IN PTR
    Response
  • 93.184.221.240:80
    260 B
    5
  • 13.78.111.198:443
    322 B
    7
  • 93.184.221.240:80
    322 B
    7
  • 93.184.221.240:80
    322 B
    7
  • 173.223.113.164:443
    322 B
    7
  • 8.8.8.8:53
    196.249.167.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    196.249.167.52.in-addr.arpa

  • 8.8.8.8:53
    108.211.229.192.in-addr.arpa
    dns
    74 B
    145 B
    1
    1

    DNS Request

    108.211.229.192.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
    159 B
    1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    233.141.123.20.in-addr.arpa
    dns
    73 B
    159 B
    1
    1

    DNS Request

    233.141.123.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.