51d03aad9e9f8ef2282daa338adc42d8ad0ae2ef67c09bfe384170901c869c36

Analysis

max time kernel
111s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2023, 14:46 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

blutooth_on.ico
Size

361KB
MD5

b7ffda6bf1092ba87bf794b2b74a9e93
SHA1

1729b8c58c755e1663cd994dd63d0d10bef8672d
SHA256

f5063ff5a72b51638fba116503dc7af314fc02fd4e4fa95d22856e236d431be3
SHA512

4ac6401876ffe64ad7cf652371de95dede570c313bd4f826bea428f7976b178ad0ace02c6653a436a79689cb2f7b79f077a2c4195758a1bd32664bc21eb6d3cc
SSDEEP

384:8FzvxNz+i8CRKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK4:tIG

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\blutooth_on.ico
1⤵
PID:716

Network

DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

8.3.197.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.3.197.209.in-addr.arpa

IN PTR

Response

8.3.197.209.in-addr.arpa

IN PTR

vip0x008map2sslhwcdnnet
DNS

121.252.72.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

121.252.72.23.in-addr.arpa

IN PTR

Response

121.252.72.23.in-addr.arpa

IN PTR

a23-72-252-121deploystaticakamaitechnologiescom
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

4.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.159.190.20.in-addr.arpa

IN PTR

Response
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

0.77.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.77.109.52.in-addr.arpa

IN PTR

Response
DNS

47.125.24.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

47.125.24.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

198.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.178.17.96.in-addr.arpa

IN PTR

Response

198.178.17.96.in-addr.arpa

IN PTR

a96-17-178-198deploystaticakamaitechnologiescom
DNS

134.121.24.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.121.24.20.in-addr.arpa

IN PTR

Response
DNS

191.94.239.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

191.94.239.20.in-addr.arpa

IN PTR

Response
DNS

177.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

177.178.17.96.in-addr.arpa

IN PTR

Response

177.178.17.96.in-addr.arpa

IN PTR

a96-17-178-177deploystaticakamaitechnologiescom

20.189.173.2:443

322 B
7
87.248.202.1:80

322 B
7
87.248.202.1:80

322 B
7
173.223.113.164:443

322 B
7
173.223.113.131:80

322 B
7
204.79.197.203:80

322 B
7

8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

8.3.197.209.in-addr.arpa

dns

70 B
111 B
1
1

DNS Request

8.3.197.209.in-addr.arpa
8.8.8.8:53

121.252.72.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

121.252.72.23.in-addr.arpa
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

4.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

4.159.190.20.in-addr.arpa
8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

0.77.109.52.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

0.77.109.52.in-addr.arpa
8.8.8.8:53

47.125.24.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

47.125.24.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

198.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

198.178.17.96.in-addr.arpa
8.8.8.8:53

134.121.24.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

134.121.24.20.in-addr.arpa
8.8.8.8:53

191.94.239.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

191.94.239.20.in-addr.arpa
8.8.8.8:53

177.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

177.178.17.96.in-addr.arpa

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.