a5a0aa24c7e1c63d05a88f8af07510ee439dcadbdea41756d6ad8e47819305ae | Triage

Analysis

max time kernel
140s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
22/09/2023, 04:31 UTC

Sharing

Report Analysis Logs

General

Target

a5a0aa24c7e1c63d05a88f8af07510ee439dcadbdea41756d6ad8e47819305ae.exe
Size

2.1MB
MD5

570703da32758e43f6e4b20b06edd703
SHA1

b8f709672a2b9b4cf63319aea8a10cf9b85b21fb
SHA256

a5a0aa24c7e1c63d05a88f8af07510ee439dcadbdea41756d6ad8e47819305ae
SHA512

7c25988ccca4fb78a8fb1dc0ee05cf69f53ed46e8260556477d3a26332f23c2aadc160ddfe434d8e67a2168c8da0e4ee0de65df66f61980b1137405603b12aea
SSDEEP

49152:J4ytJBvpsZPiJNxwFTU4ytJBvpsZPiJLxwFTd:J1JBRpwlU1JBRXwld

Score

1^/10

Malware Config

Signatures

C:\Users\Admin\AppData\Local\Temp\a5a0aa24c7e1c63d05a88f8af07510ee439dcadbdea41756d6ad8e47819305ae.exe
"C:\Users\Admin\AppData\Local\Temp\a5a0aa24c7e1c63d05a88f8af07510ee439dcadbdea41756d6ad8e47819305ae.exe"
1⤵
PID:1784

Network

DNS

74.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.32.126.40.in-addr.arpa

IN PTR

Response
DNS

108.211.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

108.211.229.192.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

1.208.79.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.208.79.178.in-addr.arpa

IN PTR

Response

1.208.79.178.in-addr.arpa

IN PTR

https-178-79-208-1amsllnwnet
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response
DNS

1.202.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.202.248.87.in-addr.arpa

IN PTR

Response

1.202.248.87.in-addr.arpa

IN PTR

https-87-248-202-1amsllnwnet
DNS

210.143.182.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.143.182.52.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

74.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

74.32.126.40.in-addr.arpa
8.8.8.8:53

108.211.229.192.in-addr.arpa

dns

74 B
145 B
1
1

DNS Request

108.211.229.192.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

1.208.79.178.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

1.208.79.178.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa
8.8.8.8:53

1.202.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

1.202.248.87.in-addr.arpa
8.8.8.8:53

210.143.182.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

210.143.182.52.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1784-0-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/1784-1-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download