Overview

overview

7

Static

static

3

Saturn.zip

windows10-2004-x64

1

wwwroot/_c...pp.css

windows10-2004-x64

7

wwwroot/_c...in.css

windows10-2004-x64

7

wwwroot/_c...ss.map

windows10-2004-x64

3

wwwroot/_c...ICENSE

windows10-2004-x64

1

wwwroot/_c...ICENSE

windows10-2004-x64

1

wwwroot/_c...DME.md

windows10-2004-x64

3

wwwroot/_c...in.css

windows10-2004-x64

7

wwwroot/_c...ic.eot

windows10-2004-x64

3

wwwroot/_c...ic.otf

windows10-2004-x64

7

wwwroot/_c...ic.xml

windows10-2004-x64

1

wwwroot/_c...ic.ttf

windows10-2004-x64

7

wwwroot/_c...c.woff

windows10-2004-x64

3

wwwroot/_c...pp.css

windows10-2004-x64

7

wwwroot/_c...se.css

windows10-2004-x64

7

wwwroot/_c...er.css

windows10-2004-x64

7

wwwroot/_c...be.css

windows10-2004-x64

7

wwwroot/_c...ns.css

windows10-2004-x64

7

wwwroot/_c...et.css

windows10-2004-x64

7

wwwroot/_c...on.ico

windows10-2004-x64

3

wwwroot/_c...ar.ttf

windows10-2004-x64

7

wwwroot/_c...n0.png

windows10-2004-x64

3

wwwroot/_c...n1.png

windows10-2004-x64

3

wwwroot/_c...n2.png

windows10-2004-x64

3

wwwroot/_c...n3.png

windows10-2004-x64

3

wwwroot/_c...ims.js

windows10-2004-x64

1

wwwroot/index.html

windows10-2004-x64

1

wwwroot/js/anims.js

windows10-2004-x64

1

wwwroot/js...ger.js

windows10-2004-x64

1

wwwroot/js...ger.js

windows10-2004-x64

1

wwwroot/js/utils.js

windows10-2004-x64

1

wwwroot/li...min.js

windows10-2004-x64

1

Analysis

  • max time kernel
    405s
  • max time network
    1140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/02/2024, 14:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wwwroot/_content/Saturn.Backend/favicon.ico

  • Size

    179KB

  • MD5

    6709d9c8b442c5e5a6494a60da2469a2

  • SHA1

    aea759885626a537b46456fbacf33b8d9d860915

  • SHA256

    2eab7fee596d68927f674e846867d4b0e6a5242842b93dc45a0218c582c88d62

  • SHA512

    c0336c783bece112325c7ac196cfad1b375a99e0d65070984e802fc49b97d6a1e3723e1711295d5b113bf2079ee14ad9803cb0012771c8bdb0cebf2ed107a66a

  • SSDEEP

    1536:aqw7JguPouxEFnssUnf7HMmMtR/25o3UB:y1EdsTMmn5iUB

Score
3/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\wwwroot\_content\Saturn.Backend\favicon.ico
    1⤵
      PID:4888

    Network

    • flag-us
      DNS
      17.160.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      17.160.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      180.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      180.178.17.96.in-addr.arpa
      IN PTR
      Response
      180.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-180deploystaticakamaitechnologiescom
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      56.126.166.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.126.166.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      140.71.91.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      140.71.91.104.in-addr.arpa
      IN PTR
      Response
      140.71.91.104.in-addr.arpa
      IN PTR
      a104-91-71-140deploystaticakamaitechnologiescom
    • flag-us
      DNS
      194.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      194.178.17.96.in-addr.arpa
      IN PTR
      Response
      194.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-194deploystaticakamaitechnologiescom
    • flag-us
      DNS
      48.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      48.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      131.72.42.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      131.72.42.20.in-addr.arpa
      IN PTR
      Response
    • 20.231.121.79:80
      322 B
       7
    • 8.8.8.8:53
      17.160.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      17.160.190.20.in-addr.arpa

    • 8.8.8.8:53
      180.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      180.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      43.58.199.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      43.58.199.20.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      56.126.166.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      56.126.166.20.in-addr.arpa

    • 8.8.8.8:53
      140.71.91.104.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      140.71.91.104.in-addr.arpa

    • 8.8.8.8:53
      194.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      194.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      48.229.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      48.229.111.52.in-addr.arpa

    • 8.8.8.8:53
      131.72.42.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      131.72.42.20.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.