82462ee487a7cdb9c070fb4cf30086b5afd3c603a093e0d51b5f2208d5b27e5f | Triage

Analysis

max time kernel
61s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22/04/2023, 04:41 UTC

Sharing

Report Analysis Logs

General

Target

82462ee487a7cdb9c070fb4cf30086b5afd3c603a093e0d51b5f2208d5b27e5f.exe
Size

1.1MB
MD5

73c5684d220fed5e359df381d8f11536
SHA1

210c65a6999ef4c6139c78b43bf51e32c8cfeadf
SHA256

82462ee487a7cdb9c070fb4cf30086b5afd3c603a093e0d51b5f2208d5b27e5f
SHA512

ac2675a15c6c3c7c6e159e1b314042e83ad73e2dc2a9673d0e69470699d29c9aefc77dccd9093516981248c56c917dcd96dea65cd1124c9682a25c9e3da1d7f6
SSDEEP

24576:O39Q2Yqs16aF9sY7SDr2Z8hqvs9J0s/zYTHEfc793rKnCHD+uvIWEv:k8sY7SOZ8h4PAzqHUc7deCHKuNs

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\82462ee487a7cdb9c070fb4cf30086b5afd3c603a093e0d51b5f2208d5b27e5f.exe
"C:\Users\Admin\AppData\Local\Temp\82462ee487a7cdb9c070fb4cf30086b5afd3c603a093e0d51b5f2208d5b27e5f.exe"
1⤵
PID:2196

Network

DNS

123.108.74.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

123.108.74.40.in-addr.arpa

IN PTR

Response
DNS

8.3.197.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.3.197.209.in-addr.arpa

IN PTR

Response

8.3.197.209.in-addr.arpa

IN PTR

vip0x008map2sslhwcdnnet
DNS

33.18.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.18.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

62.13.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

62.13.109.52.in-addr.arpa

IN PTR

Response

192.229.221.95:80

46 B
40 B
1
1
193.3.19.154:80

46 B
40 B
1
1
20.189.173.5:443

322 B
7
88.221.25.155:80

322 B
7
173.223.113.164:443

322 B
7
173.223.113.131:80

322 B
7
204.79.197.203:80

322 B
7
178.79.208.1:80

322 B
7

8.8.8.8:53

123.108.74.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

123.108.74.40.in-addr.arpa
8.8.8.8:53

8.3.197.209.in-addr.arpa

dns

70 B
111 B
1
1

DNS Request

8.3.197.209.in-addr.arpa
8.8.8.8:53

33.18.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

33.18.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.249.119.40.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

62.13.109.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

62.13.109.52.in-addr.arpa

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads