e3bef3c169ed317c459bf9d52958a6ae4d4bf753ba6224ee4878e6bbddca067d

Analysis

max time kernel
93s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 21:30 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/KillProcDLL.dll
Size

20KB
MD5

e725dd273d5a8cf4386280436fe968ef
SHA1

6487e0c872c175991914378402572b806fcd1c8b
SHA256

22432bb3b215f61665f14ba375c9d2e52b84d748d11ba26427b0ca70e674b415
SHA512

4eb47aefa50255afd0fb54df85670da37548a5502219f21c6067239cdbad0454dd66f05eed2f2d310151b88902f2bd0240cce9e3a1665ab41cb3bb43ba99c2f9
SSDEEP

96:08S8CUNqsthSo5G+FUMlxTFqiwJQAgyUE1fb+4:08S8CU4stV5ozcyI4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2600	3008	rundll32.exe	84
PID 3008 wrote to memory of 2600	3008	rundll32.exe	84
PID 3008 wrote to memory of 2600	3008	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\KillProcDLL.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\KillProcDLL.dll,#1
  2⤵
  PID:2600

Network

DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

152.78.101.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

152.78.101.95.in-addr.arpa

IN PTR

Response

152.78.101.95.in-addr.arpa

IN PTR

a95-101-78-152deploystaticakamaitechnologiescom
DNS

2.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.159.190.20.in-addr.arpa

IN PTR

Response
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

23.160.77.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.160.77.104.in-addr.arpa

IN PTR

Response

23.160.77.104.in-addr.arpa

IN PTR

a104-77-160-23deploystaticakamaitechnologiescom
DNS

172.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.178.17.96.in-addr.arpa

IN PTR

Response

172.178.17.96.in-addr.arpa

IN PTR

a96-17-178-172deploystaticakamaitechnologiescom
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
DNS

190.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

190.178.17.96.in-addr.arpa

IN PTR

Response

190.178.17.96.in-addr.arpa

IN PTR

a96-17-178-190deploystaticakamaitechnologiescom

No results found

8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

152.78.101.95.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

152.78.101.95.in-addr.arpa
8.8.8.8:53

2.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.159.190.20.in-addr.arpa
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

23.160.77.104.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

23.160.77.104.in-addr.arpa
8.8.8.8:53

172.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

172.178.17.96.in-addr.arpa
8.8.8.8:53

19.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

19.229.111.52.in-addr.arpa
8.8.8.8:53

190.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

190.178.17.96.in-addr.arpa

Windows 7 deprecation

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.