Overview

overview

7

Static

static

3

Julien_and..._C.rar

windows11-21h2-x64

7

Julien and...hy.dll

windows11-21h2-x64

1

Julien and...rs.dll

windows11-21h2-x64

1

Julien and...ds.dll

windows11-21h2-x64

1

Julien and...re.dll

windows11-21h2-x64

1

Julien and...ns.dll

windows11-21h2-x64

1

Julien and...st.dll

windows11-21h2-x64

1

Julien and...et.dll

windows11-21h2-x64

1

Julien and...ok.dll

windows11-21h2-x64

1

Julien and...er.dll

windows11-21h2-x64

1

Julien and...es.dll

windows11-21h2-x64

1

Julien and...ns.dll

windows11-21h2-x64

1

Julien and...on.dll

windows11-21h2-x64

1

Julien and...er.exe

windows11-21h2-x64

1

Julien and...rs.dll

windows11-21h2-x64

1

Julien and...le.dll

windows11-21h2-x64

1

Julien and...el.dll

windows11-21h2-x64

1

Julien and...on.dll

windows11-21h2-x64

1

Julien and...ng.dll

windows11-21h2-x64

1

Julien and...me.dll

windows11-21h2-x64

1

Julien and...ts.dll

windows11-21h2-x64

1

Julien and...es.dll

windows11-21h2-x64

1

Julien and...nc.dll

windows11-21h2-x64

1

Julien and...nc.dll

windows11-21h2-x64

1

Julien and...ry.dll

windows11-21h2-x64

1

Julien and...rs.dll

windows11-21h2-x64

1

Julien and...ve.dll

windows11-21h2-x64

1

Julien and...ta.dll

windows11-21h2-x64

1

Julien and...fe.dll

windows11-21h2-x64

1

Julien and...es.dll

windows11-21h2-x64

1

Julien and...ns.dll

windows11-21h2-x64

1

Julien and...le.dll

windows11-21h2-x64

1

Resubmissions

28/02/2024, 11:10 UTC

240228-m96traab8y 7

28/02/2024, 11:07 UTC

240228-m7zbwsab3z 7

28/02/2024, 11:06 UTC

240228-m7grvaaa72 7

Analysis

  • max time kernel
    139s
  • max time network
    169s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    28/02/2024, 11:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Julien and anarchi selfsniper C#/Microsoft.Extensions.DependencyInjection.Abstractions.dll

  • Size

    43KB

  • MD5

    7a9b8793552ce40160a6d273b22f807e

  • SHA1

    1c302ea0a44f517b97af19252140ec710d5d3bfb

  • SHA256

    200aba7859ecfb045d43a8e2bf9abce4c929507364b7714388f59affe708fb06

  • SHA512

    7d5ea03d5815a6f5705875fe6c2d2179c6ee5468d6b19423f04c8982e64226e656bfd7ccaf7a5756c7046d2e6d2c3504190ba642e02bc197d48dad9320fd6bd5

  • SSDEEP

    768:gQnUmCQ0dQ8d2TN7uxgoXvM4s8w0woFY9SP8:MmC3dQ88Tk+8vM2fBO9I8

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Julien and anarchi selfsniper C#\Microsoft.Extensions.DependencyInjection.Abstractions.dll",#1
    1⤵
      PID:3296

    Network

    • flag-us
      DNS
      179.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      179.178.17.96.in-addr.arpa
      IN PTR
      Response
      179.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-179deploystaticakamaitechnologiescom
    • flag-us
      DNS
      ocsp.digicert.com
      Remote address:
      8.8.8.8:53
      Request
      ocsp.digicert.com
      IN A
      Response
      ocsp.digicert.com
      IN CNAME
      ocsp.edge.digicert.com
      ocsp.edge.digicert.com
      IN CNAME
      fp2e7a.wpc.2be4.phicdn.net
      fp2e7a.wpc.2be4.phicdn.net
      IN CNAME
      fp2e7a.wpc.phicdn.net
      fp2e7a.wpc.phicdn.net
      IN A
      192.229.221.95
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
      iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
      IN A
      20.223.36.55
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com
      iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com
      IN A
      20.199.58.43
    • flag-us
      DNS
      nexusrules.officeapps.live.com
      Remote address:
      8.8.8.8:53
      Request
      nexusrules.officeapps.live.com
      IN A
      Response
      nexusrules.officeapps.live.com
      IN CNAME
      prod.nexusrules.live.com.akadns.net
      prod.nexusrules.live.com.akadns.net
      IN A
      52.111.243.31
    • flag-us
      DNS
      ctldl.windowsupdate.com
      Remote address:
      8.8.8.8:53
      Request
      ctldl.windowsupdate.com
      IN A
      Response
      ctldl.windowsupdate.com
      IN CNAME
      wu-bg-shim.trafficmanager.net
      wu-bg-shim.trafficmanager.net
      IN CNAME
      download.windowsupdate.com.edgesuite.net
      download.windowsupdate.com.edgesuite.net
      IN CNAME
      a767.dspw65.akamai.net
      a767.dspw65.akamai.net
      IN A
      96.17.178.200
      a767.dspw65.akamai.net
      IN A
      96.17.178.185
      a767.dspw65.akamai.net
      IN A
      96.17.178.208
      a767.dspw65.akamai.net
      IN A
      96.17.178.187
      a767.dspw65.akamai.net
      IN A
      96.17.178.175
      a767.dspw65.akamai.net
      IN A
      96.17.178.210
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com
      iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com
      IN A
      20.199.58.43
    • flag-us
      DNS
      54.120.234.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      54.120.234.20.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      1.6kB
       8.5kB
       18
      16
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      1.6kB
       8.5kB
       18
      16
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      1.6kB
       8.5kB
       18
      16
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      61.9kB
       1.7MB
       1275
      1274
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls
      1.6kB
       8.5kB
       18
      16
    • 8.8.8.8:53
      179.178.17.96.in-addr.arpa
      dns
      585 B
       1.6kB
       9
      9

      DNS Request

      179.178.17.96.in-addr.arpa

      DNS Request

      ocsp.digicert.com

      DNS Response

      192.229.221.95

      DNS Request

      arc.msn.com

      DNS Response

      20.223.36.55

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

      DNS Request

      arc.msn.com

      DNS Response

      20.199.58.43

      DNS Request

      nexusrules.officeapps.live.com

      DNS Response

      52.111.243.31

      DNS Request

      ctldl.windowsupdate.com

      DNS Response

      96.17.178.200
      96.17.178.185
      96.17.178.208
      96.17.178.187
      96.17.178.175
      96.17.178.210

      DNS Request

      arc.msn.com

      DNS Response

      20.199.58.43

      DNS Request

      54.120.234.20.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.