Overview

overview

3

Static

static

3

BINDInstall.exe

windows7-x64

1

BINDInstall.exe

windows10-2004-x64

1

arpaname.exe

windows7-x64

arpaname.exe

windows10-2004-x64

bindevt.dll

windows7-x64

1

bindevt.dll

windows10-2004-x64

1

ddns-confgen.exe

windows7-x64

ddns-confgen.exe

windows10-2004-x64

dig.exe

windows7-x64

dig.exe

windows10-2004-x64

dnssec-dsfromkey.exe

windows7-x64

dnssec-dsfromkey.exe

windows10-2004-x64

dnssec-importkey.exe

windows7-x64

dnssec-importkey.exe

windows10-2004-x64

dnssec-key...el.exe

windows7-x64

dnssec-key...el.exe

windows10-2004-x64

dnssec-keygen.exe

windows7-x64

dnssec-keygen.exe

windows10-2004-x64

dnssec-revoke.exe

windows7-x64

dnssec-revoke.exe

windows10-2004-x64

dnssec-settime.exe

windows7-x64

dnssec-settime.exe

windows10-2004-x64

dnssec-signzone.exe

windows7-x64

dnssec-signzone.exe

windows10-2004-x64

dnssec-verify.exe

windows7-x64

dnssec-verify.exe

windows10-2004-x64

genrandom.exe

windows7-x64

genrandom.exe

windows10-2004-x64

host.exe

windows7-x64

host.exe

windows10-2004-x64

isc-hmac-fixup.exe

windows7-x64

isc-hmac-fixup.exe

windows10-2004-x64

Analysis

  • max time kernel
    3s
  • max time network
    8s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2023, 14:23 UTC

Sharing

Copy URL
Twitter E-mail

Errors

Reason
platform exec: image=C:\Users\Admin\AppData\Local\Temp\dnssec-revoke.exe command="C:\Users\Admin\AppData\Local\Temp\dnssec-revoke.exe" wdir=C:\Users\Admin\AppData\Local\Temp Payload error: The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.
Report Analysis Logs

General

  • Target

    dnssec-revoke.exe

  • Size

    84KB

  • MD5

    44f09856caf1c9f6ff10291c9919a974

  • SHA1

    0173691b2fe3911d7298bdcd5f75a5dc81581034

  • SHA256

    6babe13e62c99db701dae531ea0ed86f14af066fec4e7485b081ec901e21dd40

  • SHA512

    666eb27ad8a1e4b54e09f9987530937690f614a5a201208b837c72d6451f73b4aa9a32b29f3779ac12470e42f47808727cd9cc79f589dd640a7dfbca6ebb465e

  • SSDEEP

    1536:P9Bsrwt5P8VLmgMLJ7L4nXOZr0uBX1N5CmUfh1X:PnZgMLJ7IXOZr0uBX75CmUfh1

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\dnssec-revoke.exe
    "C:\Users\Admin\AppData\Local\Temp\dnssec-revoke.exe"
    1⤵
      PID:2800

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      208.194.73.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      208.194.73.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      208.194.73.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      208.194.73.20.in-addr.arpa

    • 8.8.8.8:53
      240.221.184.93.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      240.221.184.93.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2800-0-0x0000000000400000-0x0000000000425000-memory.dmp

      Filesize

      148KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.