Analysis

  • max time kernel
    142s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-07-2023 02:32

General

  • Target

    2924-71-0x0000000000400000-0x0000000000465000-memory.exe

  • Size

    404KB

  • MD5

    80cc442eb653559d9ffa32fb28c07160

  • SHA1

    be7c5f27350ceae8004b4f19fb0fd17ab35743e7

  • SHA256

    30d294a32a2256eef72f8e24b3dba3d5fe9b2d78bf46ca3124634d65ea1a07fe

  • SHA512

    c01a9381f470b7247791c370d63caa84e6fc91b119ad401ffff8839a8cff98977e1a30d755aa7f8ea61e6984833cf9345bbc219ad0908f0c2180aa12cb8c416b

  • SSDEEP

    1536:vTTy+C/J9jTXFQ/KL3TmA2KisLQOTqEbvze2pX:rT5C/JZTFQiLWKxLXTH/pX

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2924-71-0x0000000000400000-0x0000000000465000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\2924-71-0x0000000000400000-0x0000000000465000-memory.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1764

Network

  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    8.3.197.209.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.3.197.209.in-addr.arpa
    IN PTR
    Response
    8.3.197.209.in-addr.arpa
    IN PTR
    vip0x008map2sslhwcdnnet
  • flag-us
    DNS
    136.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    136.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    216.74.101.95.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    216.74.101.95.in-addr.arpa
    IN PTR
    Response
    216.74.101.95.in-addr.arpa
    IN PTR
    a95-101-74-216deploystaticakamaitechnologiescom
  • flag-us
    DNS
    27.73.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    27.73.42.20.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    8.3.197.209.in-addr.arpa
    dns
    70 B
    111 B
    1
    1

    DNS Request

    8.3.197.209.in-addr.arpa

  • 8.8.8.8:53
    136.32.126.40.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    136.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    216.74.101.95.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    216.74.101.95.in-addr.arpa

  • 8.8.8.8:53
    27.73.42.20.in-addr.arpa
    dns
    70 B
    156 B
    1
    1

    DNS Request

    27.73.42.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.