Overview

overview

7

Static

static

3

Saturn.zip

windows10-2004-x64

1

wwwroot/_c...pp.css

windows10-2004-x64

7

wwwroot/_c...in.css

windows10-2004-x64

7

wwwroot/_c...ss.map

windows10-2004-x64

3

wwwroot/_c...ICENSE

windows10-2004-x64

1

wwwroot/_c...ICENSE

windows10-2004-x64

1

wwwroot/_c...DME.md

windows10-2004-x64

3

wwwroot/_c...in.css

windows10-2004-x64

7

wwwroot/_c...ic.eot

windows10-2004-x64

3

wwwroot/_c...ic.otf

windows10-2004-x64

7

wwwroot/_c...ic.xml

windows10-2004-x64

1

wwwroot/_c...ic.ttf

windows10-2004-x64

7

wwwroot/_c...c.woff

windows10-2004-x64

3

wwwroot/_c...pp.css

windows10-2004-x64

7

wwwroot/_c...se.css

windows10-2004-x64

7

wwwroot/_c...er.css

windows10-2004-x64

7

wwwroot/_c...be.css

windows10-2004-x64

7

wwwroot/_c...ns.css

windows10-2004-x64

7

wwwroot/_c...et.css

windows10-2004-x64

7

wwwroot/_c...on.ico

windows10-2004-x64

3

wwwroot/_c...ar.ttf

windows10-2004-x64

7

wwwroot/_c...n0.png

windows10-2004-x64

3

wwwroot/_c...n1.png

windows10-2004-x64

3

wwwroot/_c...n2.png

windows10-2004-x64

3

wwwroot/_c...n3.png

windows10-2004-x64

3

wwwroot/_c...ims.js

windows10-2004-x64

1

wwwroot/index.html

windows10-2004-x64

1

wwwroot/js/anims.js

windows10-2004-x64

1

wwwroot/js...ger.js

windows10-2004-x64

1

wwwroot/js...ger.js

windows10-2004-x64

1

wwwroot/js/utils.js

windows10-2004-x64

1

wwwroot/li...min.js

windows10-2004-x64

1

Analysis

  • max time kernel
    1190s
  • max time network
    1201s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/02/2024, 14:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wwwroot/_content/Saturn.Backend/css/open-iconic/font/fonts/open-iconic.xml

  • Size

    54KB

  • MD5

    75ab47ef896a85e4860714dacd516410

  • SHA1

    fd46010fb43dee15e1c63657283907ad1607b045

  • SHA256

    f8fd684398cfcce549182e76135a31197217c710b2325ab2e80f5c371198cd59

  • SHA512

    919841dc2cf5977a96e2bfa7fc6c363cf90dc41cade87abd5af0ebca5d290638bb3101521565b9806be14897006e92856015a945a8e442d63897dcd4f021dee7

  • SSDEEP

    1536:8wz5cFkWsgkKsN/biC79ef+xmz69C7OpQ60Bb63DjHDEakhd4djWBNIfP21aIbQ:D5cFNs9Ky/biC79efVz69C7OpQ6cb63X

Score
1/10

Malware Config

Signatures

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\wwwroot\_content\Saturn.Backend\css\open-iconic\font\fonts\open-iconic.xml"
    1⤵
      PID:2956

    Network

    • flag-us
      DNS
      17.160.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      17.160.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      0.205.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.205.248.87.in-addr.arpa
      IN PTR
      Response
      0.205.248.87.in-addr.arpa
      IN PTR
      https-87-248-205-0lgwllnwnet
    • flag-us
      DNS
      241.154.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.154.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      26.35.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.35.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-gb
      GET
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      Remote address:
      92.123.128.150:443
      Request
      GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate, br
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Host: www.bing.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Cache-Control: public, max-age=2592000
      Content-Type: image/png
      Access-Control-Allow-Origin: *
      Access-Control-Allow-Headers: *
      Access-Control-Allow-Methods: GET, POST, OPTIONS
      Timing-Allow-Origin: *
      Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      Content-Length: 1107
      Date: Sun, 25 Feb 2024 22:45:24 GMT
      Connection: keep-alive
      Alt-Svc: h3=":443"; ma=93600
      X-CDN-TraceID: 0.96777b5c.1708901124.421a6750
    • flag-us
      DNS
      150.128.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      150.128.123.92.in-addr.arpa
      IN PTR
      Response
      150.128.123.92.in-addr.arpa
      IN PTR
      a92-123-128-150deploystaticakamaitechnologiescom
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
      Response
      41.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      18.31.95.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.31.95.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      140.71.91.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      140.71.91.104.in-addr.arpa
      IN PTR
      Response
      140.71.91.104.in-addr.arpa
      IN PTR
      a104-91-71-140deploystaticakamaitechnologiescom
    • flag-us
      DNS
      194.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      194.178.17.96.in-addr.arpa
      IN PTR
      Response
      194.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-194deploystaticakamaitechnologiescom
    • flag-us
      DNS
      13.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      180.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      180.178.17.96.in-addr.arpa
      IN PTR
      Response
      180.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-180deploystaticakamaitechnologiescom
    • flag-us
      DNS
      8.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.173.189.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      150.1.37.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      150.1.37.23.in-addr.arpa
      IN PTR
      Response
      150.1.37.23.in-addr.arpa
      IN PTR
      a23-37-1-150deploystaticakamaitechnologiescom
    • flag-us
      DNS
      81.171.91.138.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      81.171.91.138.in-addr.arpa
      IN PTR
      Response
    • 92.123.128.150:443
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      tls, http
      1.3kB
       6.4kB
       13
      11

      HTTP Request

      GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

      HTTP Response

      200
    • 52.142.223.178:80
      46 B
       1
    • 8.8.8.8:53
      17.160.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      17.160.190.20.in-addr.arpa

    • 8.8.8.8:53
      0.205.248.87.in-addr.arpa
      dns
      71 B
       116 B
       1
      1

      DNS Request

      0.205.248.87.in-addr.arpa

    • 8.8.8.8:53
      241.154.82.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      241.154.82.20.in-addr.arpa

    • 8.8.8.8:53
      26.35.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      26.35.223.20.in-addr.arpa

    • 8.8.8.8:53
      150.128.123.92.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      150.128.123.92.in-addr.arpa

    • 8.8.8.8:53
      41.110.16.96.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      41.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      18.31.95.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      18.31.95.13.in-addr.arpa

    • 8.8.8.8:53
      140.71.91.104.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      140.71.91.104.in-addr.arpa

    • 8.8.8.8:53
      194.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      194.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      13.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      13.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      180.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      180.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      8.173.189.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      8.173.189.20.in-addr.arpa

    • 8.8.8.8:53
      150.1.37.23.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      150.1.37.23.in-addr.arpa

    • 8.8.8.8:53
      81.171.91.138.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      81.171.91.138.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2956-0-0x00007FF827BB0000-0x00007FF827BC0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2956-1-0x00007FF867B30000-0x00007FF867D25000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2956-2-0x00007FF865800000-0x00007FF865AC9000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/2956-3-0x00007FF827BB0000-0x00007FF827BC0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2956-4-0x00007FF867B30000-0x00007FF867D25000-memory.dmp

      Filesize

      2.0MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.