Overview

overview

7

Static

static

3

191b3a4837...6e.exe

windows7-x64

7

191b3a4837...6e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    117s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 12:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    191b3a4837f774703e49bc80d712386e.exe

  • Size

    433KB

  • MD5

    191b3a4837f774703e49bc80d712386e

  • SHA1

    8ff14a6b3ee50a7606a8749b2881730f0b24b487

  • SHA256

    22ca645ea3258edb0bd1a204a8d31eebcb02020f07e2dd7973792a69782ff194

  • SHA512

    277ffac0f6da01b2c164770e5879d239c5ac00e98657ba89a8dc82c4edfd0f0c78f6e844e79cc7b74a2a53a2cd58c6a498ddbf7df4b16bce0a08752ed41c83f7

  • SSDEEP

    12288:TKeLZscAG7VIA8xyHWFLQSYyAOh45IHmZRakMgy/j:2NCguAEWGIHeak+j

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\191b3a4837f774703e49bc80d712386e.exe
    "C:\Users\Admin\AppData\Local\Temp\191b3a4837f774703e49bc80d712386e.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    PID:2864

Network

  • flag-us
    DNS
    17.53.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    17.53.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    torntvz.net
    Remote address:
    8.8.8.8:53
    Request
    torntvz.net
    IN A
    Response
  • flag-us
    DNS
    torrntvz.com
    Remote address:
    8.8.8.8:53
    Request
    torrntvz.com
    IN A
    Response
  • flag-us
    DNS
    data.infopackinst.com
    Remote address:
    8.8.8.8:53
    Request
    data.infopackinst.com
    IN A
    Response
  • flag-us
    DNS
    data.infopackinst.com
    Remote address:
    8.8.8.8:53
    Request
    data.infopackinst.com
    IN A
    Response
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.a-0001.a-msedge.net
    g-bing-com.a-0001.a-msedge.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
    Response
    0.205.248.87.in-addr.arpa
    IN PTR
    https-87-248-205-0lgwllnwnet
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
  • flag-gb
    DNS
    Remote address:
    96.17.178.210:80
    Response
    HTTP/1.1 206 Partial Content
    Cache-Control: public, max-age=17280000
    Accept-Ranges: bytes
    X-AspNetMvc-Version: 5.2
    MS-CorrelationId: 109db4c0-4020-4910-9a33-b50fc482bfa5
    MS-RequestId: 15b02fe7-1fdd-411d-97bf-4acd8b288dfb
    MS-CV: JSoXw8DG40uXIcEU.1.0.2.1.1.0.0.20.1.1.6.1.1.1.0
    Content-Disposition: attachment; filename=Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x64__8wekyb3d8bbwe.Msix
    X-AspNet-Version: 4.0.30319
    X-Powered-By: ASP.NET
    X-Powered-By: ARR/3.0
    X-Powered-By: ASP.NET
    X-Azure-Ref-OriginShield: Ref A: 5FA6B13DFB4E4840971617AD80AFBDEF Ref B: MNZ221060607023 Ref C: 2023-03-15T18:24:31Z
    X-MSEdge-Ref: Ref A: A2AF8FDEBAA0471B8728CAB368EA24B9 Ref B: MEX30EDGE1207 Ref C: 2023-03-15T18:24:31Z
    Last-Modified: Wed, 15 Mar 2023 18:19:22 GMT
    ETag: "zz/eo+4uyTK7KXfTFIC318u927g="
    Date: Wed, 03 Jan 2024 13:48:55 GMT
    Content-Type: multipart/byteranges; boundary=6311D6B0A39E5CA4
    Connection: close
    X-CID: 2
    X-CCC: GB
  • 204.79.197.200:443
    g.bing.com
    tls
    2.2kB
     9.4kB
     23
    19
  • 96.17.178.210:80
    http
    4.4kB
     141.1kB
     73
    102

    HTTP Response

    206
  • 96.17.178.210:80
    46 B
     1
  • 8.8.8.8:53
    17.53.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    17.53.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    219 B
     144 B
     3
    1

    DNS Request

    95.221.229.192.in-addr.arpa

    DNS Request

    95.221.229.192.in-addr.arpa

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    torntvz.net
    dns
    57 B
     130 B
     1
    1

    DNS Request

    torntvz.net

  • 8.8.8.8:53
    torrntvz.com
    dns
    58 B
     131 B
     1
    1

    DNS Request

    torrntvz.com

  • 8.8.8.8:53
    data.infopackinst.com
    dns
    67 B
     140 B
     1
    1

    DNS Request

    data.infopackinst.com

  • 8.8.8.8:53
    data.infopackinst.com
    dns
    67 B
     140 B
     1
    1

    DNS Request

    data.infopackinst.com

  • 8.8.8.8:53
    g.bing.com
    dns
    112 B
     158 B
     2
    1

    DNS Request

    g.bing.com

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    142 B
     157 B
     2
    1

    DNS Request

    2.136.104.51.in-addr.arpa

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    140 B
     156 B
     2
    1

    DNS Request

    9.228.82.20.in-addr.arpa

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    0.205.248.87.in-addr.arpa

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
     106 B
     1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    213 B
     3

    DNS Request

    26.35.223.20.in-addr.arpa

    DNS Request

    26.35.223.20.in-addr.arpa

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    73 B
     1

    DNS Request

    103.169.127.40.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.