Overview

overview

3

Static

static

3

72bf2744ae...4c.exe

windows7-x64

3

72bf2744ae...4c.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 23:11 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    72bf2744ae314c1065877bbb497e3844a27573bf74a3b7fddca3b6866d542c4c.exe

  • Size

    12.6MB

  • MD5

    38849b459d6cd415d32e19a84a670bb1

  • SHA1

    876d4385f45a0700957061f109b8ad9ac62b308d

  • SHA256

    72bf2744ae314c1065877bbb497e3844a27573bf74a3b7fddca3b6866d542c4c

  • SHA512

    723b8184b40c71408e83f9c4937c903c9e47c1fec2dd5ba2f878ba55ecbdc71cb9d8f6d9c7115db07bdb8dc645997e21438a8eb47a42833ffdbdd58e7b6e16c6

  • SSDEEP

    393216:9qJ0/HapC8Wqn57M6rpTi3bh0WJkTJPAX:w6iC8jn57cLht

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\72bf2744ae314c1065877bbb497e3844a27573bf74a3b7fddca3b6866d542c4c.exe
    "C:\Users\Admin\AppData\Local\Temp\72bf2744ae314c1065877bbb497e3844a27573bf74a3b7fddca3b6866d542c4c.exe"
    1⤵
      PID:4804
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 648
        2⤵
        • Program crash
        PID:2012
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4804 -ip 4804
      1⤵
        PID:4236

      Network

      • flag-us
        DNS
        8.8.8.8.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        8.8.8.8.in-addr.arpa
        IN PTR
        Response
        8.8.8.8.in-addr.arpa
        IN PTR
        dnsgoogle
      • flag-us
        DNS
        2.136.104.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        2.136.104.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        254.21.238.8.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        254.21.238.8.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        86.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        86.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        68.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        68.32.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        108.211.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        108.211.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        18.31.95.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.31.95.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        35.35.21.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        35.35.21.2.in-addr.arpa
        IN PTR
        Response
        35.35.21.2.in-addr.arpa
        IN PTR
        a2-21-35-35deploystaticakamaitechnologiescom
      • flag-us
        DNS
        59.128.231.4.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        59.128.231.4.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        9.173.189.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        9.173.189.20.in-addr.arpa
        IN PTR
        Response
      No results found
      • 8.8.8.8:53
        8.8.8.8.in-addr.arpa
        dns
        66 B
         90 B
         1
        1

        DNS Request

        8.8.8.8.in-addr.arpa

      • 8.8.8.8:53
        2.136.104.51.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        2.136.104.51.in-addr.arpa

      • 8.8.8.8:53
        254.21.238.8.in-addr.arpa
        dns
        71 B
         125 B
         1
        1

        DNS Request

        254.21.238.8.in-addr.arpa

      • 8.8.8.8:53
        68.32.126.40.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        68.32.126.40.in-addr.arpa

      • 8.8.8.8:53
        86.23.85.13.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        86.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        108.211.229.192.in-addr.arpa
        dns
        74 B
         145 B
         1
        1

        DNS Request

        108.211.229.192.in-addr.arpa

      • 8.8.8.8:53
        18.31.95.13.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        18.31.95.13.in-addr.arpa

      • 8.8.8.8:53
        35.35.21.2.in-addr.arpa
        dns
        69 B
         131 B
         1
        1

        DNS Request

        35.35.21.2.in-addr.arpa

      • 8.8.8.8:53
        59.128.231.4.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        59.128.231.4.in-addr.arpa

      • 8.8.8.8:53
        9.173.189.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        9.173.189.20.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4804-0-0x0000000000400000-0x00000000015AF000-memory.dmp

        Filesize

        17.7MB

        Download

      • memory/4804-1-0x0000000000400000-0x00000000015AF000-memory.dmp

        Filesize

        17.7MB

        Download

      • memory/4804-3-0x0000000004D40000-0x0000000005102000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/4804-2-0x0000000004D40000-0x0000000005102000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/4804-5-0x0000000004D40000-0x0000000005102000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/4804-8-0x0000000004D40000-0x0000000005102000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/4804-12-0x0000000004D40000-0x0000000005102000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/4804-16-0x0000000004D40000-0x0000000005102000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/4804-20-0x0000000004D40000-0x0000000005102000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/4804-24-0x0000000004D40000-0x0000000005102000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/4804-27-0x0000000004D40000-0x0000000005102000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/4804-28-0x0000000004D40000-0x0000000005102000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/4804-29-0x0000000004D40000-0x0000000005102000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/4804-30-0x0000000004D40000-0x0000000005102000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/4804-31-0x0000000000400000-0x00000000015AF000-memory.dmp

        Filesize

        17.7MB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.