3af83782daf2e205fac324b184ebd6913149703000657bcaff3c7016951392fb

Analysis

max time kernel
145s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
27/08/2023, 00:08 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3af83782daf2e205fac324b184ebd6913149703000657bcaff3c7016951392fb.dll
Size

899KB
MD5

b6e75a38ee6f670075600c597462e6b3
SHA1

62bc0ccf71b18c3683ac73931663e63b603c7c9f
SHA256

3af83782daf2e205fac324b184ebd6913149703000657bcaff3c7016951392fb
SHA512

2b4681efe215c75143aebaba88f031cb04c75dbb21d984cfbcbd7409d261c8c0d8c8ded4f86dc4c18b66cb55969b2c5301adf303b2e1e86950c778951a96e87e
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXF:7wqd87VF

Score

1^/10

Malware Config

Signatures

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4508	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3900 wrote to memory of 4508	3900	rundll32.exe	81
PID 3900 wrote to memory of 4508	3900	rundll32.exe	81
PID 3900 wrote to memory of 4508	3900	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3af83782daf2e205fac324b184ebd6913149703000657bcaff3c7016951392fb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3af83782daf2e205fac324b184ebd6913149703000657bcaff3c7016951392fb.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:4508

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

254.5.248.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.5.248.8.in-addr.arpa

IN PTR

Response
DNS

138.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.32.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR

Response
DNS

240.81.21.72.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.81.21.72.in-addr.arpa

IN PTR

Response
DNS

2.77.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.77.109.52.in-addr.arpa

IN PTR

Response
DNS

27.73.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

27.73.42.20.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

254.5.248.8.in-addr.arpa

dns

70 B
124 B
1
1

DNS Request

254.5.248.8.in-addr.arpa
8.8.8.8:53

138.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

138.32.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

59.128.231.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

59.128.231.4.in-addr.arpa
8.8.8.8:53

240.81.21.72.in-addr.arpa

dns

71 B
142 B
1
1

DNS Request

240.81.21.72.in-addr.arpa
8.8.8.8:53

2.77.109.52.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

2.77.109.52.in-addr.arpa
8.8.8.8:53

27.73.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

27.73.42.20.in-addr.arpa

Windows 7 deprecation

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.