Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/03/2024, 20:51 UTC

General

  • Target

    dcrat/data/Rar.exe

  • Size

    578KB

  • MD5

    eb24024a8a46c71303e0b18d0e1859f6

  • SHA1

    e0ee47fcd63beb2168da119f061d03b0bd6872ea

  • SHA256

    770d7b5e40ed9b0aff5d0e3fc2ccf9ba10d4925d3441f38b71a35bd26e6e8d98

  • SHA512

    292e3090338ee3443acd8c2bde59506f3f89d62bf8ff0d95067a812a22b17c98fc2aa9439d3dfa16dcfe338070d7b5af3acefb696a267435bf5b19dceef83a2c

  • SSDEEP

    12288:wS6ZrwO87OYWi14874mT77CkIf3kBmiXtRI/+7bHuVV7:wSOrwO87OM14nmT77Ck28mijQ+bHit

Score
3/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\dcrat\data\Rar.exe
    "C:\Users\Admin\AppData\Local\Temp\dcrat\data\Rar.exe"
    1⤵
      PID:908

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.a-0001.a-msedge.net
      g-bing-com.a-0001.a-msedge.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      DNS
      85.177.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      85.177.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      241.154.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.154.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      182.245.100.95.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      182.245.100.95.in-addr.arpa
      IN PTR
      Response
      182.245.100.95.in-addr.arpa
      IN PTR
      a95-100-245-182deploystaticakamaitechnologiescom
    • flag-us
      DNS
      26.165.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.165.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      81.171.91.138.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      81.171.91.138.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      134.71.91.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      134.71.91.104.in-addr.arpa
      IN PTR
      Response
      134.71.91.104.in-addr.arpa
      IN PTR
      a104-91-71-134deploystaticakamaitechnologiescom
    • flag-us
      DNS
      30.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      30.243.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      3.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      3.173.189.20.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.200:443
      g.bing.com
      tls
      2.0kB
      9.2kB
      21
      19
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
      158 B
      1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      85.177.190.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      85.177.190.20.in-addr.arpa

    • 8.8.8.8:53
      241.154.82.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      241.154.82.20.in-addr.arpa

    • 8.8.8.8:53
      200.197.79.204.in-addr.arpa
      dns
      73 B
      106 B
      1
      1

      DNS Request

      200.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      240.221.184.93.in-addr.arpa
      dns
      73 B
      144 B
      1
      1

      DNS Request

      240.221.184.93.in-addr.arpa

    • 8.8.8.8:53
      182.245.100.95.in-addr.arpa
      dns
      73 B
      139 B
      1
      1

      DNS Request

      182.245.100.95.in-addr.arpa

    • 8.8.8.8:53
      26.165.165.52.in-addr.arpa
      dns
      72 B
      146 B
      1
      1

      DNS Request

      26.165.165.52.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
      145 B
      1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      81.171.91.138.in-addr.arpa
      dns
      72 B
      146 B
      1
      1

      DNS Request

      81.171.91.138.in-addr.arpa

    • 8.8.8.8:53
      134.71.91.104.in-addr.arpa
      dns
      72 B
      137 B
      1
      1

      DNS Request

      134.71.91.104.in-addr.arpa

    • 8.8.8.8:53
      30.243.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      30.243.111.52.in-addr.arpa

    • 8.8.8.8:53
      3.173.189.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      3.173.189.20.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.