Analysis
-
max time kernel
124s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
22-12-2023 04:16
Behavioral task
behavioral1
Sample
620a7bedc60e1cb2a3826c27d2ce9052.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
620a7bedc60e1cb2a3826c27d2ce9052.exe
Resource
win10v2004-20231222-en
General
-
Target
620a7bedc60e1cb2a3826c27d2ce9052.exe
-
Size
253KB
-
MD5
620a7bedc60e1cb2a3826c27d2ce9052
-
SHA1
11c44b49c1f9b14264ac47072b6411e1ca8001bc
-
SHA256
00c431f8f3bc927f935918e0eb8efba1b1f9e7e5fa0fcbe1856730e2e7c67337
-
SHA512
8dbc77a553e62ccd99c116d3279b166b53aa6ee746b03c2c341ee39b67b32f82983ae569ffea0f38e448be555681b1cbf0fe4c07e45fc905b9c83f8f5fe7f2d8
-
SSDEEP
3072:blN9RkkkkkkTLJ0Y6LFKab6lN9RkkkkkkTLJ0Y6LFy21tm9wxiK2J8G:5dkkkkkkZ6ZXAdkkkkkkZ6ZPkoB27
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4596-0-0x0000000000400000-0x0000000000423000-memory.dmp upx behavioral2/memory/4596-1-0x0000000000400000-0x0000000000423000-memory.dmp upx behavioral2/files/0x000800000002323b-6.dat upx behavioral2/memory/4596-20-0x0000000000400000-0x0000000000423000-memory.dmp upx behavioral2/memory/4596-21-0x0000000000400000-0x0000000000423000-memory.dmp upx behavioral2/memory/4596-22-0x0000000000400000-0x0000000000423000-memory.dmp upx behavioral2/memory/4596-23-0x0000000000400000-0x0000000000423000-memory.dmp upx behavioral2/memory/4596-24-0x0000000000400000-0x0000000000423000-memory.dmp upx behavioral2/memory/4596-25-0x0000000000400000-0x0000000000423000-memory.dmp upx behavioral2/memory/4596-26-0x0000000000400000-0x0000000000423000-memory.dmp upx behavioral2/memory/4596-27-0x0000000000400000-0x0000000000423000-memory.dmp upx behavioral2/memory/4596-28-0x0000000000400000-0x0000000000423000-memory.dmp upx behavioral2/memory/4596-29-0x0000000000400000-0x0000000000423000-memory.dmp upx behavioral2/memory/4596-30-0x0000000000400000-0x0000000000423000-memory.dmp upx behavioral2/memory/4596-31-0x0000000000400000-0x0000000000423000-memory.dmp upx behavioral2/memory/4596-32-0x0000000000400000-0x0000000000423000-memory.dmp upx -
Drops file in Windows directory 18 IoCs
description ioc Process File opened for modification C:\Windows\win32dc\Sims 2(trainer).exe 620a7bedc60e1cb2a3826c27d2ce9052.exe File opened for modification C:\Windows\win32dc\Silent Hill 4(crack).exe 620a7bedc60e1cb2a3826c27d2ce9052.exe File created C:\Windows\win32dc\Silent Hill 4_patch.exe 620a7bedc60e1cb2a3826c27d2ce9052.exe File created C:\Windows\win32dc\Silent Hill 4 + crack.exe 620a7bedc60e1cb2a3826c27d2ce9052.exe File created C:\Windows\win32dc\BattleField 1942_patch.exe 620a7bedc60e1cb2a3826c27d2ce9052.exe File opened for modification C:\Windows\win32dc\BattleField 1942_patch.exe 620a7bedc60e1cb2a3826c27d2ce9052.exe File created C:\Windows\win32dc\Half-Life 2 + fix.exe 620a7bedc60e1cb2a3826c27d2ce9052.exe File opened for modification C:\Windows\win32dc\BattleField 1942 + codes.exe 620a7bedc60e1cb2a3826c27d2ce9052.exe File created C:\Windows\win32dc\Counter-Strike crack.exe 620a7bedc60e1cb2a3826c27d2ce9052.exe File created C:\Windows\win32dc\Silent Hill 4 cheat.exe 620a7bedc60e1cb2a3826c27d2ce9052.exe File created C:\Windows\win32dc\Silent Hill 4(crack).exe 620a7bedc60e1cb2a3826c27d2ce9052.exe File opened for modification C:\Windows\win32dc\Silent Hill 4 + crack.exe 620a7bedc60e1cb2a3826c27d2ce9052.exe File opened for modification C:\Windows\win32dc\UT2004_cheat.exe 620a7bedc60e1cb2a3826c27d2ce9052.exe File created C:\Windows\win32dc\Sims 2(trainer).exe 620a7bedc60e1cb2a3826c27d2ce9052.exe File created C:\Windows\win32dc\UT2004_cheat.exe 620a7bedc60e1cb2a3826c27d2ce9052.exe File created C:\Windows\win32dc\BattleField 1942 + codes.exe 620a7bedc60e1cb2a3826c27d2ce9052.exe File opened for modification C:\Windows\win32dc\Silent Hill 4_patch.exe 620a7bedc60e1cb2a3826c27d2ce9052.exe File opened for modification C:\Windows\win32dc\Silent Hill 4 cheat.exe 620a7bedc60e1cb2a3826c27d2ce9052.exe
Processes
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request41.110.16.96.in-addr.arpaIN PTRResponse41.110.16.96.in-addr.arpaIN PTRa96-16-110-41deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request85.177.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request55.36.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request241.154.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request241.154.82.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Requestus.undernet.orgIN AResponseus.undernet.orgIN A45.58.183.18us.undernet.orgIN A199.71.214.87us.undernet.orgIN A104.152.54.52us.undernet.orgIN A172.83.156.122us.undernet.orgIN A23.228.66.219us.undernet.orgIN A186.233.185.155
-
Remote address:8.8.8.8:53Request155.185.233.186.in-addr.arpaIN PTRResponse155.185.233.186.in-addr.arpaIN PTRundernetspeakzorg
-
Remote address:8.8.8.8:53Request48.229.111.52.in-addr.arpaIN PTRResponse
-
529 B 755 B 8 7
-
483 B 715 B 7 6
-
484 B 716 B 7 6
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 237 B 5 4
-
432 B 277 B 6 5
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
432 B 197 B 6 3
-
472 B 407 B 7 5
-
432 B 277 B 6 5
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 237 B 5 4
-
570 B 197 B 6 3
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
432 B 277 B 6 5
-
570 B 197 B 6 3
-
380 B 237 B 5 4
-
380 B 197 B 5 3
-
380 B 237 B 5 4
-
570 B 197 B 6 3
-
622 B 197 B 7 3
-
380 B 277 B 5 5
-
570 B 197 B 6 3
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
570 B 197 B 6 3
-
570 B 197 B 6 3
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
426 B 302 B 6 4
-
432 B 197 B 6 3
-
432 B 197 B 6 3
-
380 B 277 B 5 5
-
570 B 197 B 6 3
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
426 B 302 B 6 4
-
668 B 209 B 8 3
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
570 B 197 B 6 3
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
426 B 302 B 6 4
-
432 B 197 B 6 3
-
380 B 277 B 5 5
-
380 B 237 B 5 4
-
432 B 197 B 6 3
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 237 B 5 4
-
432 B 277 B 6 5
-
380 B 237 B 5 4
-
380 B 237 B 5 4
-
622 B 197 B 7 3
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
426 B 302 B 6 4
-
432 B 277 B 6 5
-
380 B 277 B 5 5
-
432 B 197 B 6 3
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
426 B 302 B 6 4
-
622 B 197 B 7 3
-
380 B 197 B 5 3
-
380 B 237 B 5 4
-
432 B 197 B 6 3
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
426 B 302 B 6 4
-
432 B 277 B 6 5
-
760 B 197 B 7 3
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
668 B 92 B 5 2
-
432 B 277 B 6 5
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
570 B 197 B 6 3
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
806 B 209 B 8 3
-
380 B 277 B 5 5
-
760 B 197 B 7 3
-
432 B 277 B 6 5
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
570 B 197 B 6 3
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
484 B 249 B 7 4
-
478 B 92 B 4 2
-
380 B 277 B 5 5
-
426 B 302 B 6 4
-
806 B 209 B 8 3
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
570 B 197 B 6 3
-
380 B 197 B 5 3
-
622 B 197 B 7 3
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
426 B 302 B 6 4
-
432 B 277 B 6 5
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
720 B 261 B 9 4
-
806 B 209 B 8 3
-
380 B 277 B 5 5
-
478 B 92 B 4 2
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 237 B 5 4
-
432 B 277 B 6 5
-
380 B 197 B 5 3
-
380 B 237 B 5 4
-
812 B 197 B 8 3
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
432 B 197 B 6 3
-
380 B 197 B 5 3
-
432 B 277 B 6 5
-
380 B 197 B 5 3
-
478 B 92 B 4 2
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
570 B 197 B 6 3
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
432 B 197 B 6 3
-
380 B 237 B 5 4
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
426 B 302 B 6 4
-
432 B 277 B 6 5
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
674 B 249 B 8 4
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
812 B 249 B 8 4
-
380 B 197 B 5 3
-
616 B 302 B 7 4
-
432 B 197 B 6 3
-
380 B 237 B 5 4
-
432 B 277 B 6 5
-
380 B 237 B 5 4
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
432 B 277 B 6 5
-
478 B 92 B 4 2
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
570 B 197 B 6 3
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
760 B 197 B 7 3
-
380 B 277 B 5 5
-
380 B 277 B 5 5
-
380 B 197 B 5 3
-
380 B 277 B 5 5
-
478 B 52 B 4 1
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
41.110.16.96.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
85.177.190.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
55.36.223.20.in-addr.arpa
-
144 B 158 B 2 1
DNS Request
241.154.82.20.in-addr.arpa
DNS Request
241.154.82.20.in-addr.arpa
-
61 B 157 B 1 1
DNS Request
us.undernet.org
DNS Response
45.58.183.18199.71.214.87104.152.54.52172.83.156.12223.228.66.219186.233.185.155
-
74 B 107 B 1 1
DNS Request
155.185.233.186.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
48.229.111.52.in-addr.arpa
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
102KB
MD574681693cb1c17b3d33ad2c504e93a4d
SHA1752972ba104171498abdac0fde4d50ca7a2ffaa9
SHA256cfaf851aec57ea51122641bb925bea4cdb4765ac8dd1991929bdcef4ccad1f32
SHA5124498a12c1f7dfa97d208b65751724de31abaf5519406ea0cc5209bf550781a49042483dc93eb9faefc1ec3461451231a77ed18349b04da4d220dee054aeeaa08