Overview

overview

3

Static

static

3

47fcbf6121...15.dll

windows7-x64

1

47fcbf6121...15.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/01/2024, 04:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    47fcbf6121cacaef216baa230b054b15.dll

  • Size

    224KB

  • MD5

    47fcbf6121cacaef216baa230b054b15

  • SHA1

    6a5c17cbb74ba5e8d594e6875e94ab1e7253b648

  • SHA256

    cf25137be13df6a89f80c5db2238818254d756b866692c1a882304b43c63a5eb

  • SHA512

    cafec0019ceddcc2f680bdce9f78e91af3d6354a4f6a7145b5a679664e6a2da444d477fe4ea1b7755f29e562401319c7913f5d46dbbc3c5c04558ee8680bc3a6

  • SSDEEP

    6144:P+1/hQJ7hocruDvmb2A38gvqaqFztilOl1elpQxlSUApM1aYiDmzxF:6VlSbPDmv

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\47fcbf6121cacaef216baa230b054b15.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3188
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\47fcbf6121cacaef216baa230b054b15.dll,#1
      2⤵
        PID:4756

    Network

    • flag-us
      DNS
      158.240.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      158.240.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      158.240.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      158.240.127.40.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      5.181.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      5.181.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      5.181.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      5.181.190.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      2.136.104.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.136.104.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
      Response
      41.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      146.78.124.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      146.78.124.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      104.241.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      104.241.123.92.in-addr.arpa
      IN PTR
      Response
      104.241.123.92.in-addr.arpa
      IN PTR
      a92-123-241-104deploystaticakamaitechnologiescom
    • flag-us
      DNS
      119.110.54.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      119.110.54.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      232.135.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      232.135.221.88.in-addr.arpa
      IN PTR
      Response
      232.135.221.88.in-addr.arpa
      IN PTR
      a88-221-135-232deploystaticakamaitechnologiescom
    • flag-us
      DNS
      232.135.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      232.135.221.88.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      176.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      176.178.17.96.in-addr.arpa
      IN PTR
      Response
      176.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-176deploystaticakamaitechnologiescom
    • flag-us
      DNS
      176.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      176.178.17.96.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      67.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      67.134.221.88.in-addr.arpa
      IN PTR
      Response
      67.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-67deploystaticakamaitechnologiescom
    • flag-us
      DNS
      67.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      67.134.221.88.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      194.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      194.178.17.96.in-addr.arpa
      IN PTR
      Response
      194.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-194deploystaticakamaitechnologiescom
    • flag-us
      DNS
      57.169.31.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.169.31.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      57.169.31.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.169.31.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      55.36.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      55.36.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      DNS
      18.31.95.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.31.95.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      50.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.134.221.88.in-addr.arpa
      IN PTR
      Response
      50.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-50deploystaticakamaitechnologiescom
    • flag-us
      DNS
      217.135.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.135.221.88.in-addr.arpa
      IN PTR
      Response
      217.135.221.88.in-addr.arpa
      IN PTR
      a88-221-135-217deploystaticakamaitechnologiescom
    • flag-us
      DNS
      217.135.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.135.221.88.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      217.135.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.135.221.88.in-addr.arpa
      IN PTR
    • 96.17.178.176:80
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      856 B
       7.6kB
       10
      8
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      29.2kB
       826.2kB
       603
      600
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      856 B
       7.6kB
       10
      7
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      856 B
       7.6kB
       10
      7
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      615 B
       7.6kB
       9
      8
    • 96.17.178.176:80
    • 96.17.178.174:80
    • 8.8.8.8:53
      158.240.127.40.in-addr.arpa
      dns
      146 B
       147 B
       2
      1

      DNS Request

      158.240.127.40.in-addr.arpa

      DNS Request

      158.240.127.40.in-addr.arpa

    • 8.8.8.8:53
      5.181.190.20.in-addr.arpa
      dns
      142 B
       157 B
       2
      1

      DNS Request

      5.181.190.20.in-addr.arpa

      DNS Request

      5.181.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      43.58.199.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      43.58.199.20.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      2.136.104.51.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      2.136.104.51.in-addr.arpa

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      41.110.16.96.in-addr.arpa
      dns
      142 B
       135 B
       2
      1

      DNS Request

      41.110.16.96.in-addr.arpa

      DNS Request

      41.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      146.78.124.51.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      146.78.124.51.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      104.241.123.92.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      104.241.123.92.in-addr.arpa

    • 8.8.8.8:53
      119.110.54.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      119.110.54.20.in-addr.arpa

    • 8.8.8.8:53
      232.135.221.88.in-addr.arpa
      dns
      146 B
       139 B
       2
      1

      DNS Request

      232.135.221.88.in-addr.arpa

      DNS Request

      232.135.221.88.in-addr.arpa

    • 8.8.8.8:53
      176.178.17.96.in-addr.arpa
      dns
      144 B
       137 B
       2
      1

      DNS Request

      176.178.17.96.in-addr.arpa

      DNS Request

      176.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      67.134.221.88.in-addr.arpa
      dns
      144 B
       137 B
       2
      1

      DNS Request

      67.134.221.88.in-addr.arpa

      DNS Request

      67.134.221.88.in-addr.arpa

    • 8.8.8.8:53
      194.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      194.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      57.169.31.20.in-addr.arpa
      dns
      142 B
       157 B
       2
      1

      DNS Request

      57.169.31.20.in-addr.arpa

      DNS Request

      57.169.31.20.in-addr.arpa

    • 8.8.8.8:53
      55.36.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      55.36.223.20.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      124 B
       346 B
       2
      2

      DNS Request

      tse1.mm.bing.net

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
    • 8.8.8.8:53
      18.31.95.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      18.31.95.13.in-addr.arpa

    • 8.8.8.8:53
      50.134.221.88.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      50.134.221.88.in-addr.arpa

    • 8.8.8.8:53
      217.135.221.88.in-addr.arpa
      dns
      219 B
       139 B
       3
      1

      DNS Request

      217.135.221.88.in-addr.arpa

      DNS Request

      217.135.221.88.in-addr.arpa

      DNS Request

      217.135.221.88.in-addr.arpa

    • 8.8.8.8:53

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.