Overview

overview

3

Static

static

3

e7bfc50ab3...6b.exe

windows7-x64

1

e7bfc50ab3...6b.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/11/2023, 04:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e7bfc50ab3f716b4a7cf0e37d61bc3baffaa71bde244e809b13d01f36f5c556b.exe

  • Size

    5.6MB

  • MD5

    889589ac8a0542d860885959c6dc9e00

  • SHA1

    a68d8d7ab1fba7c67f752d39f36aab59a23968ea

  • SHA256

    e7bfc50ab3f716b4a7cf0e37d61bc3baffaa71bde244e809b13d01f36f5c556b

  • SHA512

    f352d71e51f4f5e25c29a3465ae93aba0fb7bcbe9deff770fa478b338794fc3e71c1a8c502eb124499da8c2c00f9cebd16da4fd954e257b67dfbc4c21c16258c

  • SSDEEP

    98304:pMSvdjJqde3AX5C/9SfvbcAH5PIQL0LNiHVY0F0ZMJxBC147U3amSfK2fryPUXiG:ybcm5PIQL0LNiHVY0FyYxBC147U3amSP

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e7bfc50ab3f716b4a7cf0e37d61bc3baffaa71bde244e809b13d01f36f5c556b.exe
    "C:\Users\Admin\AppData\Local\Temp\e7bfc50ab3f716b4a7cf0e37d61bc3baffaa71bde244e809b13d01f36f5c556b.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:808

Network

  • flag-us
    DNS
    146.78.124.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.78.124.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    71.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    138.175.53.84.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    138.175.53.84.in-addr.arpa
    IN PTR
    Response
    138.175.53.84.in-addr.arpa
    IN PTR
    a84-53-175-138deploystaticakamaitechnologiescom
  • flag-us
    DNS
    1.202.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    1.202.248.87.in-addr.arpa
    IN PTR
    Response
    1.202.248.87.in-addr.arpa
    IN PTR
    https-87-248-202-1amsllnwnet
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    27.178.89.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    27.178.89.13.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    146.78.124.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    146.78.124.51.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    71.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    71.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    138.175.53.84.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    138.175.53.84.in-addr.arpa

  • 8.8.8.8:53
    1.202.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    1.202.248.87.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    27.178.89.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    27.178.89.13.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.