00fce8f5f6519d7b531cf4206b9a9ea1900ad371f5b339972b4bb718db51d376 | Triage

Resubmissions

21/02/2024, 21:33 UTC

240221-1ebl1sff21 1

21/02/2024, 21:21 UTC

240221-z7ptnsfd7t 3

21/02/2024, 21:11 UTC

240221-z1lhnsfh42 6

21/02/2024, 20:59 UTC

240221-zs7qyafc41 6

21/02/2024, 20:49 UTC

240221-zl1n2sfb6y 3

21/02/2024, 20:37 UTC

240221-zefqasfe76 6

21/02/2024, 20:24 UTC

240221-y65m3aeh3v 6

21/02/2024, 20:10 UTC

240221-yxsl5sfc47 6

21/02/2024, 19:59 UTC

240221-yqk9gsef4y 6

21/02/2024, 19:43 UTC

240221-ye7ncaeh25 6

Analysis

max time kernel
128s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 21:33 UTC

Sharing

Report Analysis Logs

General

Target

test/etc/localtime
Size

118B
MD5

c79354b8dbee09e62bbc3fb544853283
SHA1

1b4722a913e61f7b016401ad5c7cf1010c5a8c36
SHA256

ab1ddb33c7187e56408033a8165ea3b1432e024710e7ab2aafec036a8bd7f09a
SHA512

9ec030ad941829f7dde0a1dd1005b359d95a20fe28b0ca234cd12a59089fe6ef068197b64f1cafe27c31b0c7580a2fd5796015be16d1d8da55c7c1d1ce69bd91

Score

1^/10

Malware Config

Signatures

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\test\etc\localtime
1⤵
PID:4220

Network

DNS

25.63.96.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.63.96.20.in-addr.arpa

IN PTR

Response
DNS

167.109.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.109.18.2.in-addr.arpa

IN PTR

Response

167.109.18.2.in-addr.arpa

IN PTR

a2-18-109-167deploystaticakamaitechnologiescom
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

17.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.160.190.20.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

57.110.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.110.18.2.in-addr.arpa

IN PTR

Response

57.110.18.2.in-addr.arpa

IN PTR

a2-18-110-57deploystaticakamaitechnologiescom
DNS

57.110.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.110.18.2.in-addr.arpa

IN PTR
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
DNS

16.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.173.189.20.in-addr.arpa

IN PTR

Response

52.142.223.178:80

52 B
1
204.79.197.200:443

g.bing.com

tls

2.0kB
9.2kB
22
19

8.8.8.8:53

25.63.96.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

25.63.96.20.in-addr.arpa
8.8.8.8:53

167.109.18.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

167.109.18.2.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
158 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

17.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

17.160.190.20.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

57.110.18.2.in-addr.arpa

dns

140 B
133 B
2
1

DNS Request

57.110.18.2.in-addr.arpa

DNS Request

57.110.18.2.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

19.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

19.229.111.52.in-addr.arpa
8.8.8.8:53

16.173.189.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

16.173.189.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads