Analysis

  • max time kernel
    487s
  • max time network
    492s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-06-2023 09:47

General

  • Target

    Mono.Cecil.Rocks.pdb

  • Size

    8KB

  • MD5

    4c98b54bf658db95dfb4d1ae6bed2565

  • SHA1

    c5a0035a75f52addeb730102fd67d3c63fe1c815

  • SHA256

    5fcf9491b8d73f1f90a83ee7bda9097043903ba18822f1f22eacf92338b0d619

  • SHA512

    72cf714bc20660f2ab18fbcd74b84e9aa7d85fe77482ebd3b135c5c6db0dc7ab2523c418ca3ff44f301eec66742cea3c11e6c9575bf9cec90906d60a156291b0

  • SSDEEP

    192:bAHD2V/OLaMD04CRS68yhpMqxauyKixCEyKKJA5es:bOC02bHR7ZpMqxnyZx90A0s

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Mono.Cecil.Rocks.pdb
    1⤵
    • Modifies registry class
    PID:432
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1880

Network

  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    54.120.234.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    54.120.234.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    45.8.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    45.8.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    47.125.24.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    47.125.24.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    216.74.101.95.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    216.74.101.95.in-addr.arpa
    IN PTR
    Response
    216.74.101.95.in-addr.arpa
    IN PTR
    a95-101-74-216deploystaticakamaitechnologiescom
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    27.178.89.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    27.178.89.13.in-addr.arpa
    IN PTR
    Response
  • 52.182.141.63:443
    322 B
    7
  • 87.248.202.1:80
    322 B
    7
  • 87.248.202.1:80
    322 B
    7
  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    54.120.234.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    54.120.234.20.in-addr.arpa

  • 8.8.8.8:53
    45.8.109.52.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    45.8.109.52.in-addr.arpa

  • 8.8.8.8:53
    47.125.24.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    47.125.24.20.in-addr.arpa

  • 8.8.8.8:53
    216.74.101.95.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    216.74.101.95.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    27.178.89.13.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    27.178.89.13.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.