Analysis Overview
SHA256
bc1cb519cb55bd1063779aafd3349c15457ad1ee2ce53608b4238b0276eace6e
Threat Level: Known bad
The file s_443.zip was found to be: Known bad.
Malicious Activity Summary
SystemBC
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-04-17 05:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-04-17 05:32
Reported
2023-04-17 05:34
Platform
win7-20230220-en
Max time kernel
100s
Max time network
74s
Command Line
Signatures
SystemBC
Processes
C:\Users\Admin\AppData\Local\Temp\s_443.exe
"C:\Users\Admin\AppData\Local\Temp\s_443.exe"
Network
| Country | Destination | Domain | Proto |
| NL | 45.15.159.230:443 | tcp |
Files
memory/1236-55-0x0000000000220000-0x0000000000223000-memory.dmp
memory/1236-56-0x0000000000400000-0x00000000007EF000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-04-17 05:32
Reported
2023-04-17 05:34
Platform
win10v2004-20230220-en
Max time kernel
100s
Max time network
103s
Command Line
Signatures
SystemBC
Processes
C:\Users\Admin\AppData\Local\Temp\s_443.exe
"C:\Users\Admin\AppData\Local\Temp\s_443.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.17.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.37.195.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.220.44.20.in-addr.arpa | udp |
| US | 52.152.110.14:443 | tcp | |
| NL | 45.15.159.230:443 | tcp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.159.15.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 95.101.143.242:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 242.143.101.95.in-addr.arpa | udp |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 8.8.8.8:53 | 203.151.224.20.in-addr.arpa | udp |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp |
Files
memory/3520-134-0x0000000000940000-0x0000000000943000-memory.dmp
memory/3520-135-0x0000000000400000-0x00000000007EF000-memory.dmp