4c51d056f6f71d3e3fd3cbafdbbc842a5f9443fe2158a22e81135073f70d9515 | Triage

Analysis

max time kernel
127s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2023, 10:24 UTC

Sharing

Report Analysis Logs

General

Target

4c51d056f6f71d3e3fd3cbafdbbc842a5f9443fe2158a22e81135073f70d9515.dll
Size

114KB
MD5

68c07b0dd73267ef597ce7d062da9ef4
SHA1

92f5b78c36844f590a1174e119c08f60c23daf6a
SHA256

4c51d056f6f71d3e3fd3cbafdbbc842a5f9443fe2158a22e81135073f70d9515
SHA512

9ff3880ca8f0ef41447e77df2f669f0114e6975ab6392fb843ee041daf7660d3ba940707ff21b6de6150c84de411e85ce3ee903f0f6b2799bb74f27c3004cd8f
SSDEEP

1536:3MFTOGAts6/Y3eJW1OWpDGg/g7HDSzyz7XMIJbGLOzzuFbY/IYoVSK:8IBseYB1OWW5gKnu+noVx

Score

1^/10

Malware Config

Signatures

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c51d056f6f71d3e3fd3cbafdbbc842a5f9443fe2158a22e81135073f70d9515.dll,#1
1⤵
PID:2656

Network

DNS

138.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.32.126.40.in-addr.arpa

IN PTR

Response
DNS

1.202.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.202.248.87.in-addr.arpa

IN PTR

Response

1.202.248.87.in-addr.arpa

IN PTR

https-87-248-202-1amsllnwnet
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

254.22.238.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.22.238.8.in-addr.arpa

IN PTR

Response
DNS

1.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.173.189.20.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

138.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

138.32.126.40.in-addr.arpa
8.8.8.8:53

1.202.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

1.202.248.87.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

254.22.238.8.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

254.22.238.8.in-addr.arpa
8.8.8.8:53

1.173.189.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

1.173.189.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads