696431978daadd33a28841320659835ba8db8080a535b8f35e9e60701ab8b491

Resubmissions

29/06/2023, 14:46 UTC

230629-r5stjsdf66 5

29/06/2023, 14:43 UTC

230629-r3tm3aed4y 5

Analysis

max time kernel
109s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2023, 14:46 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cmdline-tools/bin/lint.bat
Size

2KB
MD5

5976e9007acd24b391b8f74d604c928b
SHA1

826fea8f25bd31ba02cbb0a8dfd1a0791e577d04
SHA256

1ed541dff732ab5afc03902044c5e986f848686ba329168e5a8f143ce0741ec0
SHA512

3aaf8e2a3ff965bbf8680633fd9a4564460b673c0d095433ae108b9be0c525103d8ebf6eb0f1aa3f228f56cd63f04b95899cc511b3772356076068dd71f21a20

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 636 wrote to memory of 1352	636	cmd.exe	84
PID 636 wrote to memory of 1352	636	cmd.exe	84
PID 636 wrote to memory of 556	636	cmd.exe	88
PID 636 wrote to memory of 556	636	cmd.exe	88

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\cmdline-tools\bin\lint.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:636
- C:\ProgramData\Oracle\Java\javapath\java.exe
  java.exe -version
  2⤵
  PID:1352
- C:\ProgramData\Oracle\Java\javapath\java.exe
  "java.exe" -Xmx1024m -Dcom.android.tools.lint.bindir=C:\Users\Admin\AppData\Local\Temp\cmdline-tools\bin\\.. -classpath "C:\Users\Admin\AppData\Local\Temp\cmdline-tools\bin\..\lib\lint-classpath.jar" com.android.tools.lint.Main
  2⤵
  PID:556

Network

DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

1.202.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.202.248.87.in-addr.arpa

IN PTR

Response

1.202.248.87.in-addr.arpa

IN PTR

https-87-248-202-1amsllnwnet
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

105.104.123.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

105.104.123.20.in-addr.arpa

IN PTR

Response
DNS

164.113.223.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

164.113.223.173.in-addr.arpa

IN PTR

Response

164.113.223.173.in-addr.arpa

IN PTR

a173-223-113-164deploystaticakamaitechnologiescom
DNS

54.120.234.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

54.120.234.20.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR

Response
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

240.81.21.72.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.81.21.72.in-addr.arpa

IN PTR

Response

104.208.16.90:443

322 B
7

8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

1.202.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

1.202.248.87.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

105.104.123.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

105.104.123.20.in-addr.arpa
8.8.8.8:53

164.113.223.173.in-addr.arpa

dns

74 B
141 B
1
1

DNS Request

164.113.223.173.in-addr.arpa
8.8.8.8:53

54.120.234.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

54.120.234.20.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

59.128.231.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

59.128.231.4.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

240.81.21.72.in-addr.arpa

dns

71 B
142 B
1
1

DNS Request

240.81.21.72.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
8af24af3e27917d514665bf08bc42f9f

SHA1
dd6431ec3a15e70442cf6010fe5abf58e61d95bf

SHA256
3e89cfc128add40e795d71526b08efe8e502e1ce268ad90af4ca01a3e0e69161

SHA512
3baa198bce334bc3e431fedf41eb8513ad2a3ce7d00be5f368767f3f5077e0d9b8e1ded298524473f89f2c154ea73ae0efc76933486eb287bb00853d673e284d

Download Submit
memory/556-157-0x0000000002290000-0x0000000002291000-memory.dmp

Filesize
4KB

Download
memory/1352-144-0x0000000001240000-0x0000000001241000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.