a9bc505f668a6af598681a0eb1be64b484d869a48b5991107827a9f0052cff45

Analysis

max time kernel
130s
max time network
128s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 08:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DNSBench.exe
Size

147KB
MD5

af51a7986fb95093bb1d65a3b7ecb98a
SHA1

8a19710e3de2894e394484c08f777d997d02a5e5
SHA256

a9bc505f668a6af598681a0eb1be64b484d869a48b5991107827a9f0052cff45
SHA512

07895be0e31d6f91ad05a41fe8ae122ba5d7cd648a9714a5096d41501c85532e8c7b238af177efb79e2e35b5ae3507a7bad5da8b563f416429b0307a1508b0ff
SSDEEP

3072:GSww+ICvU0Qv8Z9yzvSh3gzaDKzHDa4cn2qTWM9gbYffa:GSwwPC08CzvSh3geOzm4cn2AWM9gb5

Score

7^/10

Malware Config

Signatures

Unexpected DNS network traffic destination 64 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	4.2.2.6
Destination IP	68.2.16.30
Destination IP	208.67.220.222
Destination IP	216.254.95.2
Destination IP	64.81.45.2
Destination IP	68.12.16.30
Destination IP	129.250.35.251
Destination IP	204.97.212.10
Destination IP	208.67.220.123
Destination IP	68.111.16.30
Destination IP	1.0.0.1
Destination IP	68.12.16.25
Destination IP	68.87.68.170
Destination IP	4.2.2.2
Destination IP	68.4.16.25
Destination IP	66.92.224.2
Destination IP	68.9.16.25
Destination IP	204.194.232.200
Destination IP	68.10.16.25
Destination IP	68.11.16.25
Destination IP	156.154.71.1
Destination IP	64.81.111.2
Destination IP	68.87.64.154
Destination IP	68.87.69.154
Destination IP	208.67.222.220
Destination IP	68.1.18.30
Destination IP	68.13.16.30
Destination IP	64.81.159.2
Destination IP	74.118.212.2
Destination IP	216.231.41.2
Destination IP	156.154.70.1
Destination IP	156.154.71.25
Destination IP	4.2.2.5
Destination IP	68.6.16.25
Destination IP	68.6.16.30
Destination IP	66.92.159.2
Destination IP	74.118.212.1
Destination IP	129.250.35.250
Destination IP	4.2.2.4
Destination IP	68.100.16.30
Destination IP	9.9.9.9
Destination IP	216.27.175.2
Destination IP	66.92.64.2
Destination IP	68.9.16.30
Destination IP	68.11.16.30
Destination IP	204.117.214.10
Destination IP	68.13.16.25
Destination IP	156.154.70.25
Destination IP	204.194.234.200
Destination IP	209.55.1.220
Destination IP	24.113.32.30
Destination IP	64.81.79.2
Destination IP	66.93.87.2
Destination IP	68.4.16.30
Destination IP	68.100.16.25
Destination IP	24.113.32.29
Destination IP	64.81.127.2
Destination IP	68.10.16.30
Destination IP	156.154.70.22
Destination IP	156.154.71.22
Destination IP	198.41.0.4
Destination IP	4.2.2.3
Destination IP	199.2.252.10
Destination IP	208.67.222.222

Modifies system certificate store 2 TTPs 2 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	DNSBench.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	DNSBench.exe

C:\Users\Admin\AppData\Local\Temp\DNSBench.exe
"C:\Users\Admin\AppData\Local\Temp\DNSBench.exe"
1⤵
- Modifies system certificate store
PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2260-1-0x0000000000020000-0x0000000000023000-memory.dmp

Filesize
12KB

Download
memory/2260-0-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2260-16-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2260-17-0x0000000000020000-0x0000000000023000-memory.dmp

Filesize
12KB

Download
memory/2260-18-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2260-19-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2260-20-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2260-21-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2260-22-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2260-23-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2260-24-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2260-25-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2260-26-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2260-27-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2260-28-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2260-29-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download