Overview

overview

3

Static

static

3

conHost.exe

windows7-x64

conHost.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    103s
  • max time network
    115s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    06/06/2023, 12:42 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    conHost.exe

  • Size

    847KB

  • MD5

    17a7131db3e37157c6d3c09a0bae95d3

  • SHA1

    edd3f649f5f0556d2edc8b19265adb6b93465721

  • SHA256

    a26a1ffb81a61281ffa55cb7778cc3fb0ff981704de49f75f51f18b283fba7a2

  • SHA512

    cb225a3cea0b8e00b6c6ebc91366cc5fe47264660b097073127ec6a61fe026b72421982b8f7f536815cfd3b592162c39580b649b19b0cb971c04fe2fd3005d7b

  • SSDEEP

    12288:CEA9haaJkvmZOxGVG7/55aJhDXAfZGzq1OtURAOQJIkR:zA9harvSOxV7xMD2Mq1O8AjJIU

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\conHost.exe
    "C:\Users\Admin\AppData\Local\Temp\conHost.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3536
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe
      2⤵
        PID:4720

    Network

    • flag-us
      DNS
      228.249.119.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      228.249.119.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      74.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      74.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      76.38.195.152.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      76.38.195.152.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      72.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      72.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      149.220.183.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      149.220.183.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      62.13.109.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      62.13.109.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      58.55.71.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      58.55.71.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      26.165.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.165.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.232.18.117.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.232.18.117.in-addr.arpa
      IN PTR
      Response
    • 40.125.122.176:443
      276 B
       6
    • 40.125.122.176:443
      208 B
       4
    • 40.125.122.176:443
      260 B
       5
    • 40.125.122.176:443
      260 B
       5
    • 20.189.173.12:443
      322 B
       7
    • 8.238.20.126:80
      322 B
       7
    • 40.125.122.176:443
      260 B
       5
    • 8.238.20.126:80
      322 B
       7
    • 173.223.113.164:443
      276 B
       6
    • 8.8.8.8:53
      228.249.119.40.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      228.249.119.40.in-addr.arpa

    • 8.8.8.8:53
      74.32.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      74.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      76.38.195.152.in-addr.arpa
      dns
      72 B
       143 B
       1
      1

      DNS Request

      76.38.195.152.in-addr.arpa

    • 8.8.8.8:53
      72.32.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      72.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      149.220.183.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      149.220.183.52.in-addr.arpa

    • 8.8.8.8:53
      62.13.109.52.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      62.13.109.52.in-addr.arpa

    • 8.8.8.8:53
      58.55.71.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      58.55.71.13.in-addr.arpa

    • 8.8.8.8:53
      26.165.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      26.165.165.52.in-addr.arpa

    • 8.8.8.8:53
      240.232.18.117.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      240.232.18.117.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.