2f9428fcf12b9d8a677d433062ebc720e6ae7685a36184aef06b91e55833c890 | Triage

Analysis

max time kernel
125s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2023, 01:18 UTC

Sharing

Report Analysis Logs

General

Target

rev_3286/WinCal.xml
Size

1KB
MD5

bede56a7aef6b3db49ab7d2eb3f2870a
SHA1

bc18289b953a8ac6c0c8e519f72e6adee933ff98
SHA256

1fc29fc668043aa03ffeb2d61868d3369479c3cef2c4725d162cf5344dcbdcfa
SHA512

2bde0a5f1983b08379c262f86aadf8635834674981faf7feb3ebc39b12ece95b21203be82fde2fe88f6a662836374a7ac3d6fb8057d5273923259b3af206a3a6

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5044	4888	WerFault.exe	87

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\rev_3286\WinCal.xml"
1⤵
PID:4888
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4888 -s 448
  2⤵
  - Program crash
  PID:5044

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 408 -p 4888 -ip 4888
1⤵
PID:4976

Network

DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR

Response
DNS

254.7.248.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.7.248.8.in-addr.arpa

IN PTR

Response
DNS

4.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.159.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

218.240.110.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

218.240.110.104.in-addr.arpa

IN PTR

Response

218.240.110.104.in-addr.arpa

IN PTR

a104-110-240-218deploystaticakamaitechnologiescom
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

59.128.231.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

59.128.231.4.in-addr.arpa
8.8.8.8:53

254.7.248.8.in-addr.arpa

dns

70 B
124 B
1
1

DNS Request

254.7.248.8.in-addr.arpa
8.8.8.8:53

4.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

4.159.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

218.240.110.104.in-addr.arpa

dns

74 B
141 B
1
1

DNS Request

218.240.110.104.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4888-134-0x00007FFA8C0F0000-0x00007FFA8C2E5000-memory.dmp

Filesize
2.0MB

Download
memory/4888-133-0x00007FFA4C170000-0x00007FFA4C180000-memory.dmp

Filesize
64KB

Download
memory/4888-135-0x00007FFA8C0F0000-0x00007FFA8C2E5000-memory.dmp

Filesize
2.0MB

Download
memory/4888-136-0x00007FFA8C0F0000-0x00007FFA8C2E5000-memory.dmp

Filesize
2.0MB

Download
memory/4888-137-0x00007FFA8C0F0000-0x00007FFA8C2E5000-memory.dmp

Filesize
2.0MB

Download
memory/4888-138-0x00007FFA4C170000-0x00007FFA4C180000-memory.dmp

Filesize
64KB

Download
memory/4888-139-0x00007FFA8C0F0000-0x00007FFA8C2E5000-memory.dmp

Filesize
2.0MB

Download
memory/4888-140-0x00007FFA898A0000-0x00007FFA89B69000-memory.dmp

Filesize
2.8MB

Download