Analysis Overview
SHA256
29687fd74f91709046335eccc4c796904903c36b8595f4d134366e243bca72b0
Threat Level: Known bad
The file 29687fd74f91709046335eccc4c796904903c36b8595f4d134366e243bca72b0 was found to be: Known bad.
Malicious Activity Summary
SystemBC
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-04-09 14:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-04-09 14:19
Reported
2023-04-09 14:22
Platform
win7-20230220-en
Max time kernel
141s
Max time network
136s
Command Line
Signatures
SystemBC
Processes
C:\Users\Admin\AppData\Local\Temp\29687fd74f91709046335eccc4c796904903c36b8595f4d134366e243bca72b0.exe
"C:\Users\Admin\AppData\Local\Temp\29687fd74f91709046335eccc4c796904903c36b8595f4d134366e243bca72b0.exe"
Network
| Country | Destination | Domain | Proto |
| DE | 148.251.236.201:443 | tcp |
Files
memory/1220-55-0x0000000000230000-0x0000000000233000-memory.dmp
memory/1220-56-0x0000000000400000-0x0000000002BBD000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-04-09 14:19
Reported
2023-04-09 14:22
Platform
win10v2004-20230220-en
Max time kernel
144s
Max time network
138s
Command Line
Signatures
SystemBC
Processes
C:\Users\Admin\AppData\Local\Temp\29687fd74f91709046335eccc4c796904903c36b8595f4d134366e243bca72b0.exe
"C:\Users\Admin\AppData\Local\Temp\29687fd74f91709046335eccc4c796904903c36b8595f4d134366e243bca72b0.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| DE | 148.251.236.201:443 | tcp | |
| US | 8.8.8.8:53 | 201.236.251.148.in-addr.arpa | udp |
| US | 20.189.173.12:443 | tcp | |
| US | 8.8.8.8:53 | 63.13.109.52.in-addr.arpa | udp |
| US | 93.184.220.29:80 | tcp | |
| NL | 87.248.202.1:80 | tcp | |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 95.101.143.170:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.143.101.95.in-addr.arpa | udp |
Files
memory/1120-134-0x0000000002D50000-0x0000000002D53000-memory.dmp
memory/1120-135-0x0000000000400000-0x0000000002BBD000-memory.dmp