d38178bcf1349b6cf6f0a136e56065093ed7f97ef10f8324b3967d1e957a274c

Analysis

max time kernel
95s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2023, 06:35 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

en-US/wmplayer.exe.dll
Size

3KB
MD5

e014a64965519e5e8c58ad240367f4cb
SHA1

e1691a787d7370cb8e6d9af96454608444fec9e8
SHA256

dab6446112b3a5d6ecb90978058d1b927db5e00d826298b5f5e65667cf6f682c
SHA512

4ef280a6193da69b82adb8fd188242aa9c4f19310d195893867689c46ff25ca6bd02bdf6c8083b2a9022a51cbb4d277e56bc6711af7936ea56e822c17f2cd7ba

Score

1^/10

Malware Config

Signatures

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\en-US\wmplayer.exe.dll,#1
1⤵
PID:3292

Network

DNS

8.3.197.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.3.197.209.in-addr.arpa

IN PTR

Response

8.3.197.209.in-addr.arpa

IN PTR

vip0x008map2sslhwcdnnet
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

Remote address:

93.184.220.29:80

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Age: 1619
Cache-Control: 'max-age=7200'
Content-Type: application/ocsp-response
Date: Thu, 25 May 2023 06:35:47 GMT
Last-Modified: Thu, 25 May 2023 06:08:48 GMT
Server: ECS (amb/6B71)
X-Cache: HIT
Content-Length: 471
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

62.13.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

62.13.109.52.in-addr.arpa

IN PTR

Response
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

2.36.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.36.159.162.in-addr.arpa

IN PTR

Response

93.184.220.29:80

http

656 B
989 B
9
6

HTTP Response

200
52.242.101.226:443

260 B
5
52.242.101.226:443

260 B
5
52.242.97.97:443

260 B
5
93.184.220.29:80

322 B
7
84.53.175.11:80

322 B
7
173.223.113.164:443

322 B
7
173.223.113.131:80

322 B
7
204.79.197.203:80

322 B
7

8.8.8.8:53

8.3.197.209.in-addr.arpa

dns

70 B
111 B
1
1

DNS Request

8.3.197.209.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

62.13.109.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

62.13.109.52.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

2.36.159.162.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

2.36.159.162.in-addr.arpa

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.