Overview

overview

7

Static

static

3

581f8428d8...c7.exe

windows7-x64

7

581f8428d8...c7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/05/2023, 15:51 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    581f8428d878f327176c24c378fd2e0e660bdfde9afa550e920164240049b9c7.exe

  • Size

    19.0MB

  • MD5

    b8e7c5bb7a9669ef1bb8cad24fe1ba6a

  • SHA1

    fae9bec58b12eb25db995fd6701442ed8f24a46b

  • SHA256

    581f8428d878f327176c24c378fd2e0e660bdfde9afa550e920164240049b9c7

  • SHA512

    3655a27a93be07e789afd2dde75cede5e114835583e01f71c51d27a7929f4e17b089d58fcf408e989bb3d88e542cab33398c21d4eec45a90dcdcc649f875abaf

  • SSDEEP

    393216:fGZiYKGtAeGFiYKGtAeGFi0KGtAeGFi0K6tAjGFi0j8YY+:eZNH+FNH+FZH+FZrTFZDV

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\581f8428d878f327176c24c378fd2e0e660bdfde9afa550e920164240049b9c7.exe
    "C:\Users\Admin\AppData\Local\Temp\581f8428d878f327176c24c378fd2e0e660bdfde9afa550e920164240049b9c7.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1436
    • C:\Users\Admin\AppData\Local\Temp\is-KRLNT.tmp\581f8428d878f327176c24c378fd2e0e660bdfde9afa550e920164240049b9c7.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-KRLNT.tmp\581f8428d878f327176c24c378fd2e0e660bdfde9afa550e920164240049b9c7.tmp" /SL5="$501C0,19098918,780800,C:\Users\Admin\AppData\Local\Temp\581f8428d878f327176c24c378fd2e0e660bdfde9afa550e920164240049b9c7.exe"
      2⤵
      • Executes dropped EXE
      PID:3884

Network

  • flag-us
    DNS
    196.249.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.249.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    76.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    76.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    73.254.224.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.254.224.20.in-addr.arpa
    IN PTR
    Response
  • 20.189.173.15:443
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 173.223.113.164:443
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 8.8.8.8:53
    196.249.167.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    196.249.167.52.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    76.32.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    76.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    73.254.224.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    73.254.224.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-KRLNT.tmp\581f8428d878f327176c24c378fd2e0e660bdfde9afa550e920164240049b9c7.tmp
    Filesize

    2.9MB

    MD5

    e1db7b0b4f4da66444fecc8484101a30

    SHA1

    15138fa43fbe820fa1d0bd0548f921623f5b0e3c

    SHA256

    faf45ece49adb213d5afd54808d51cfa794b19935f3e1b148392cb0ae1e19a59

    SHA512

    76bc4ce9c9db01598ff0e6bd38b013f642bd4ae4bf85c2fd1fd71bf513808980c7f5d92ea6fd235f7e37194d58f5e3c08c15829b002233367034ed58b367b5e2

    Download Submit

  • memory/1436-133-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/1436-140-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/3884-139-0x00000000027C0000-0x00000000027C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3884-141-0x0000000000400000-0x00000000006EE000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/3884-142-0x00000000027C0000-0x00000000027C1000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.