871761e2556c306e5507c278fee29c3f507d4eb0efac36cb98dc432daa15784f | Triage

Resubmissions

23/04/2023, 17:07 UTC

230423-vm2waagc9v 7

23/04/2023, 17:03 UTC

230423-vkr83aeg34 7

23/04/2023, 16:56 UTC

230423-vf3h8sef88 7

Analysis

max time kernel
60s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23/04/2023, 17:07 UTC

Sharing

Report Analysis Logs

General

Target

Hexa v1.5/Hexa/Community/Scripts/ScriptMaker.dll
Size

111B
MD5

07dcc6ab899f8bab6294f402f0e8050b
SHA1

8aed7860954031f41561c29f33eaf57dcaf6f0f0
SHA256

6b9f598b3f655cc079c4534e65aa097209cafa6b158e766f1ab654be4cf13a9b
SHA512

4b8e19676cb4e300d40a5a83d7cf1fa034e78ab01230bf78d70dc9d4408d0c0578b98bf73ab3ad5d2ffb1b142609ae83fa96164fca92def4b52ad4274975c42c

Score

1^/10

Malware Config

Signatures

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Hexa v1.5\Hexa\Community\Scripts\ScriptMaker.dll",#1
1⤵
PID:2452

Network

DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

131.17.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.17.126.40.in-addr.arpa

IN PTR

Response
DNS

76.38.195.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.38.195.152.in-addr.arpa

IN PTR

Response
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

1.77.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.77.109.52.in-addr.arpa

IN PTR

Response
DNS

2.36.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.36.159.162.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response

209.197.3.8:80

260 B
5
40.77.2.164:443

260 B
5
93.184.220.29:80

322 B
7
93.184.220.29:80

322 B
7
93.184.220.29:80

322 B
7
209.197.3.8:80

322 B
7
173.223.113.164:443

322 B
7
173.223.113.131:80

322 B
7
131.253.33.203:80

322 B
7

8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

131.17.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

131.17.126.40.in-addr.arpa
8.8.8.8:53

76.38.195.152.in-addr.arpa

dns

72 B
143 B
1
1

DNS Request

76.38.195.152.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

1.77.109.52.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

1.77.109.52.in-addr.arpa
8.8.8.8:53

2.36.159.162.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

2.36.159.162.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads