aecad675efd1e945a63d7854bca237b76b3deee96333a344d7d737a110d00384

Analysis

max time kernel
2s
max time network
8s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 18:58 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6147359b5dc9aef6b8b948aee2518010.exe
Size

355KB
MD5

6147359b5dc9aef6b8b948aee2518010
SHA1

e505ffe55c7182bf8c5bb16c04f36bc6a997fbde
SHA256

aecad675efd1e945a63d7854bca237b76b3deee96333a344d7d737a110d00384
SHA512

e350b4184cf41deb94c45c384bf6e8c588aa7c3b2beba995b4544fcf66716f7c06f5814f7e5a5da6e86d171e7d8a2665bfd8132f24648e28edd434bfcba0bb2e
SSDEEP

6144:AmSxoGPeQ+tIOrOgFtFlBooGV8JI9PTdCfhS7rk2IEuFXV3WATRZ8HqRL8:lSxJ2OcDi2i9PjftuFXVGAMqF8

Score

1^/10

Malware Config

Signatures

C:\Users\Admin\AppData\Local\Temp\6147359b5dc9aef6b8b948aee2518010.exe
"C:\Users\Admin\AppData\Local\Temp\6147359b5dc9aef6b8b948aee2518010.exe"
1⤵
PID:1232
- C:\Users\Admin\AppData\Local\Temp\xobyf.exe
  "C:\Users\Admin\AppData\Local\Temp\xobyf.exe"
  2⤵
  PID:3200
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_uinsey.bat" "
  2⤵
  PID:4252

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR
DNS

16.53.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.53.126.40.in-addr.arpa

IN PTR

Response
DNS

16.53.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.53.126.40.in-addr.arpa

IN PTR
DNS

16.53.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.53.126.40.in-addr.arpa

IN PTR
DNS

194.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.178.17.96.in-addr.arpa

IN PTR

Response

194.178.17.96.in-addr.arpa

IN PTR

a96-17-178-194deploystaticakamaitechnologiescom
DNS

194.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.178.17.96.in-addr.arpa

IN PTR
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

198 B
66 B
3
1

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

216 B
158 B
3
1

DNS Request

146.78.124.51.in-addr.arpa

DNS Request

146.78.124.51.in-addr.arpa

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

16.53.126.40.in-addr.arpa

dns

213 B
157 B
3
1

DNS Request

16.53.126.40.in-addr.arpa

DNS Request

16.53.126.40.in-addr.arpa

DNS Request

16.53.126.40.in-addr.arpa
8.8.8.8:53

194.178.17.96.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

194.178.17.96.in-addr.arpa

DNS Request

194.178.17.96.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_uinsey.bat

Filesize
276B

MD5
fdfe19a40f3e2e90f890d270479322bc

SHA1
51ed20d60b23c2f0a7d0424e53dad6c8cc14e65e

SHA256
0de1b591baff98956c3750cd02e21c21746e72d06c47a37d7ed047ada0f65b5a

SHA512
24bce47412ff4a70eec9c63cd07ee6b5f41702648105f683d02d37c20cd7795ac00bf9af581ff4d3d0f6430a633f55e8ed0b64c1492c31ffc8a8b41d14b83c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\golfinfo.ini

Filesize
512B

MD5
4271b7a0c0a9f17d1fcf8c44d450b780

SHA1
51236d77b8549df50859d890dc4eb6957349d4d3

SHA256
8ed36be20b9e4a83f7e7eec9b337bb52a6e1656bd5bf845131721b55d8ed2722

SHA512
70498044f5ba06e49d5d7381ce529277c86a20fb24aac2f72a11ffaec67343a3c997c82249f60029ebd43917e150a407e85f9f3196ada331d3511776b1939000

Download Submit
C:\Users\Admin\AppData\Local\Temp\xobyf.exe

Filesize
14KB

MD5
bdf5bd1c76654b17e8ed8c77923218b3

SHA1
6e30b01e27f9129ad512d30944e38153c83f1945

SHA256
d326f679efd6af25893285e477177aadabda474ec8f5eb9a790552eddf57ef7a

SHA512
4753e878ce670a73787fe989874aff45a360dc58522af911754260280dc8a1a1d668fd936ee933778925443c69b9243b839cbe41f14f4307908779c179fb471f

Download Submit
C:\Users\Admin\AppData\Local\Temp\xobyf.exe

Filesize
26KB

MD5
50b7c4f891d7a20369ae4fb6aad3a2b8

SHA1
2c0c90a375c8d9371b383f48a71be7f226e21992

SHA256
bff672daf1a65239e618c5a8fe8f906b283057002e94b2f726cf6ef57636c9ca

SHA512
e6a4a8487fde0ddf1d309f80796315f0f19a08a8993ec6b6713e9ad4c2d2f4f200a441f6c6ca2e1518721a35b3f44dcfb2381f11fdaa55367eb0b1503b5c5fe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\xobyf.exe

Filesize
22KB

MD5
63fb5083e3644b5badd34daa15daa157

SHA1
113b83b6e3e0f406dabf442899395aed99621d27

SHA256
b0e6ec2474ae0f3267c3034406051f291e36294c3ad46740a257f39c373e0380

SHA512
59d015da795cac844da284a63ae24eadcf483b52c0d625f393ea93c34be006c5d091b92587a142e664cc72cc00278fa04eda3f20a7411660b8bf9ed48a9a7fb7

Download Submit
memory/1232-0-0x00000000000B0000-0x0000000000136000-memory.dmp

Filesize
536KB

Download
memory/1232-1-0x00000000000B0000-0x0000000000136000-memory.dmp

Filesize
536KB

Download
memory/1232-16-0x00000000000B0000-0x0000000000136000-memory.dmp

Filesize
536KB

Download
memory/3200-15-0x0000000000B80000-0x0000000000C06000-memory.dmp

Filesize
536KB

Download
memory/3200-13-0x0000000000B80000-0x0000000000C06000-memory.dmp

Filesize
536KB

Download
memory/3200-19-0x0000000000B80000-0x0000000000C06000-memory.dmp

Filesize
536KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.