Overview

overview

3

Static

static

3

BINDInstall.exe

windows7-x64

1

BINDInstall.exe

windows10-2004-x64

1

arpaname.exe

windows7-x64

arpaname.exe

windows10-2004-x64

bindevt.dll

windows7-x64

1

bindevt.dll

windows10-2004-x64

1

ddns-confgen.exe

windows7-x64

ddns-confgen.exe

windows10-2004-x64

dig.exe

windows7-x64

dig.exe

windows10-2004-x64

dnssec-dsfromkey.exe

windows7-x64

dnssec-dsfromkey.exe

windows10-2004-x64

dnssec-key...el.exe

windows7-x64

dnssec-key...el.exe

windows10-2004-x64

dnssec-keygen.exe

windows7-x64

dnssec-keygen.exe

windows10-2004-x64

dnssec-revoke.exe

windows7-x64

dnssec-revoke.exe

windows10-2004-x64

dnssec-settime.exe

windows7-x64

dnssec-settime.exe

windows10-2004-x64

dnssec-signzone.exe

windows7-x64

dnssec-signzone.exe

windows10-2004-x64

genrandom.exe

windows7-x64

genrandom.exe

windows10-2004-x64

host.exe

windows7-x64

host.exe

windows10-2004-x64

isc-hmac-fixup.exe

windows7-x64

isc-hmac-fixup.exe

windows10-2004-x64

libbind9.dll

windows7-x64

1

libbind9.dll

windows10-2004-x64

1

libdns.dll

windows7-x64

1

libdns.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    1s
  • max time network
    6s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2023, 13:42

Sharing

Copy URL Twitter E-mail

Errors

Reason
platform exec: image=C:\Users\Admin\AppData\Local\Temp\dnssec-revoke.exe command="C:\Users\Admin\AppData\Local\Temp\dnssec-revoke.exe" wdir=C:\Users\Admin\AppData\Local\Temp Payload error: The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.
Report Analysis Logs

General

  • Target

    dnssec-revoke.exe

  • Size

    84KB

  • MD5

    92987de16a4a63cc4ebae4bfba54d86e

  • SHA1

    fbc6282a57900c27aeb0065ef42c7fede065b542

  • SHA256

    5bc078b82f5d2f4351a37d8caf96c844b7c7dec3dde478396151a5c6525808d7

  • SHA512

    a31efdbee4c6f55919f232c0054229fc05dae54e8d5d2194abfa934dd9e65cc28f6f0603f5b855952ca7abf22078268c6db61699c795ef6c0d8b3a331f4d8770

  • SSDEEP

    1536:C360EKjmf+G6K6SfwffGmOZjnMMtfk7mUsyY:0602+Gn6SfwWmOZjnMGk7mUsy

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\dnssec-revoke.exe
    "C:\Users\Admin\AppData\Local\Temp\dnssec-revoke.exe"
    1⤵
      PID:2068

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2068-0-0x0000000000400000-0x0000000000425000-memory.dmp

            Filesize

            148KB

            Download