Overview

overview

3

Static

static

1

SecuriteIn...05.exe

windows7-x64

3

SecuriteIn...05.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    129s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/04/2023, 00:27 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Heuristic.HEUR.AGEN.1333029.12009.12205.exe

  • Size

    36KB

  • MD5

    bc7155d6025688a593035333417ce62c

  • SHA1

    ec077a7e519aa603a5a8cb8a136cc7f5853c8136

  • SHA256

    de44f12d5b907cf5de360929b9d359aa75a4763ee4168336854f95051ae3bbc9

  • SHA512

    8ea1d995394f3e485fd2015b5c2376569a3891392f3f50ed444304c49d5946fcf8e4b743c1b7c0d911e153de562b0de92abc2751ed07ce366cc87df1a62ab040

  • SSDEEP

    96:Y6E4Dg6n5fWi0+WWDNhWCutxkAWyxePgMZVJjS20jSB9/ZSPIT:RvDsTiNhWPtxkSEPgwZhgIT

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Heuristic.HEUR.AGEN.1333029.12009.12205.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Heuristic.HEUR.AGEN.1333029.12009.12205.exe"
    1⤵
      PID:4564
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 224
        2⤵
        • Program crash
        PID:1412
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4564 -ip 4564
      1⤵
        PID:1464

      Network

      • flag-us
        DNS
        241.150.49.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.150.49.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        0.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        0.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        250.108.137.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        250.108.137.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        177.17.30.184.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        177.17.30.184.in-addr.arpa
        IN PTR
        Response
        177.17.30.184.in-addr.arpa
        IN PTR
        a184-30-17-177deploystaticakamaitechnologiescom
      • flag-us
        DNS
        58.55.71.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        58.55.71.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        39.146.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        39.146.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        206.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        206.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        62.13.109.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        62.13.109.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        2.36.159.162.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        2.36.159.162.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        103.169.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        103.169.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        18.31.95.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.31.95.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        99.113.223.173.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        99.113.223.173.in-addr.arpa
        IN PTR
        Response
        99.113.223.173.in-addr.arpa
        IN PTR
        a173-223-113-99deploystaticakamaitechnologiescom
      • flag-us
        DNS
        42.220.44.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        42.220.44.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        119.110.54.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        119.110.54.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        250.255.255.239.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        250.255.255.239.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        240.232.18.117.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        240.232.18.117.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        1.208.79.178.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        1.208.79.178.in-addr.arpa
        IN PTR
        Response
        1.208.79.178.in-addr.arpa
        IN PTR
        https-178-79-208-1amsllnwnet
      • flag-us
        DNS
        254.139.241.8.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        254.139.241.8.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        1.202.248.87.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        1.202.248.87.in-addr.arpa
        IN PTR
        Response
        1.202.248.87.in-addr.arpa
        IN PTR
        https-87-248-202-1amsllnwnet
      • 52.152.108.96:443
        260 B
         5
      • 52.152.108.96:443
        260 B
         5
      • 20.189.173.5:443
        322 B
         7
      • 93.184.220.29:80
        322 B
         7
      • 8.8.8.8:53
        241.150.49.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        241.150.49.20.in-addr.arpa

      • 8.8.8.8:53
        0.159.190.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        0.159.190.20.in-addr.arpa

      • 8.8.8.8:53
        250.108.137.52.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        250.108.137.52.in-addr.arpa

      • 8.8.8.8:53
        177.17.30.184.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        177.17.30.184.in-addr.arpa

      • 8.8.8.8:53
        58.55.71.13.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        58.55.71.13.in-addr.arpa

      • 8.8.8.8:53
        39.146.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        39.146.190.20.in-addr.arpa

      • 8.8.8.8:53
        206.23.85.13.in-addr.arpa
        dns
        71 B
         145 B
         1
        1

        DNS Request

        206.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        62.13.109.52.in-addr.arpa
        dns
        71 B
         145 B
         1
        1

        DNS Request

        62.13.109.52.in-addr.arpa

      • 8.8.8.8:53
        2.36.159.162.in-addr.arpa
        dns
        71 B
         133 B
         1
        1

        DNS Request

        2.36.159.162.in-addr.arpa

      • 8.8.8.8:53
        103.169.127.40.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        103.169.127.40.in-addr.arpa

      • 8.8.8.8:53
        18.31.95.13.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        18.31.95.13.in-addr.arpa

      • 8.8.8.8:53
        99.113.223.173.in-addr.arpa
        dns
        73 B
         139 B
         1
        1

        DNS Request

        99.113.223.173.in-addr.arpa

      • 8.8.8.8:53
        42.220.44.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        42.220.44.20.in-addr.arpa

      • 8.8.8.8:53
        119.110.54.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        119.110.54.20.in-addr.arpa

      • 8.8.8.8:53
        250.255.255.239.in-addr.arpa
        dns
        74 B
         131 B
         1
        1

        DNS Request

        250.255.255.239.in-addr.arpa

      • 8.8.8.8:53
        240.232.18.117.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        240.232.18.117.in-addr.arpa

      • 8.8.8.8:53
        1.208.79.178.in-addr.arpa
        dns
        71 B
         116 B
         1
        1

        DNS Request

        1.208.79.178.in-addr.arpa

      • 8.8.8.8:53
        254.139.241.8.in-addr.arpa
        dns
        72 B
         126 B
         1
        1

        DNS Request

        254.139.241.8.in-addr.arpa

      • 8.8.8.8:53
        1.202.248.87.in-addr.arpa
        dns
        71 B
         116 B
         1
        1

        DNS Request

        1.202.248.87.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.