98e176603a5ce4a3f16fd4c952635c663061a73c6482a8ea25f385519e71691b

Analysis

max time kernel
128s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2023, 14:15 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UniversalUE4Unlocker.dll
Size

1.1MB
MD5

0192098d333ee0456668a94ff75dd866
SHA1

519b9f6af3bb7430c9672ec390ac46ef73a1aafa
SHA256

fbe25869c37522651cd1f0dde264a0c3cb035fd70200b55028501b0986f19519
SHA512

9b0b0baa5e6ef5a998d29cd76c0cacf540ca6aaa60902d6d4ea58283a0ad53023069e3692943f297a962047a93594845f0d1b04ccb63b8de5abca3fbd02a1d31
SSDEEP

12288:5PMZsCVf6cXFRwTEhBzWJtMmi2q9MxQ5RZr4EuFww560Vu7pPJh4vRy+aEFX+ecY:lMZ/NJdYd+ecxq1xD0ps8VuYdeICycs

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4660	rundll32.exe
4660	rundll32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4660	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\UniversalUE4Unlocker.dll,#1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:4660

Network

DNS

64.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.159.190.20.in-addr.arpa

IN PTR

Response
DNS

126.133.255.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

126.133.255.8.in-addr.arpa

IN PTR

Response
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

11.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.227.111.52.in-addr.arpa

IN PTR

Response
DNS

6.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.173.189.20.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

64.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

64.159.190.20.in-addr.arpa
8.8.8.8:53

126.133.255.8.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

126.133.255.8.in-addr.arpa
8.8.8.8:53

57.169.31.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

57.169.31.20.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

11.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

11.227.111.52.in-addr.arpa
8.8.8.8:53

6.173.189.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

6.173.189.20.in-addr.arpa

Windows 7 deprecation

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.