6e4434e1e24599d384b0a1c4f2ab958c4d72fc7c2aa8a959d8987b39685620ff

Analysis

max time kernel
130s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/12/2023, 13:08 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e4434e1e24599d384b0a1c4f2ab958c4d72fc7c2aa8a959d8987b39685620ff.dll
Size

11.3MB
MD5

1c8939ba6da7a93e5759955ff6ce2a9d
SHA1

ed9ea31c8c858b28702894c2aa87b345d3817005
SHA256

6e4434e1e24599d384b0a1c4f2ab958c4d72fc7c2aa8a959d8987b39685620ff
SHA512

a4c8337dbf3d47c93e5641e808353206d0082d9a7b5df0dfce074f55b9a2d79407d58ad2e6786a10d3b9c297feb139e0ffe70fcc27fcf68032d04142afc2bbcc
SSDEEP

196608:EfJ0F5aWDtp4OrNDweIJygTfiCBA/4OT1QO28XLELK8t:/aAtp4AFwcOi/gOT1QO28XLEu8

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4372	rundll32.exe
4372	rundll32.exe
4372	rundll32.exe
4372	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 4372	1028	rundll32.exe	89
PID 1028 wrote to memory of 4372	1028	rundll32.exe	89
PID 1028 wrote to memory of 4372	1028	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e4434e1e24599d384b0a1c4f2ab958c4d72fc7c2aa8a959d8987b39685620ff.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e4434e1e24599d384b0a1c4f2ab958c4d72fc7c2aa8a959d8987b39685620ff.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4372

Network

DNS

147.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

147.177.190.20.in-addr.arpa

IN PTR

Response
DNS

180.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

180.178.17.96.in-addr.arpa

IN PTR

Response

180.178.17.96.in-addr.arpa

IN PTR

a96-17-178-180deploystaticakamaitechnologiescom
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR

Response
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom
DNS

29.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.243.111.52.in-addr.arpa

IN PTR

Response
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

10.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.173.189.20.in-addr.arpa

IN PTR

Response

20.231.121.79:80

260 B
5

8.8.8.8:53

147.177.190.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

147.177.190.20.in-addr.arpa
8.8.8.8:53

180.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

180.178.17.96.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

57.169.31.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

57.169.31.20.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

217.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

217.135.221.88.in-addr.arpa
8.8.8.8:53

29.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

29.243.111.52.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

10.173.189.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

10.173.189.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4372-0-0x0000000073B20000-0x0000000074E1C000-memory.dmp

Filesize
19.0MB

Download
memory/4372-1-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/4372-2-0x0000000073B20000-0x0000000074E1C000-memory.dmp

Filesize
19.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.