Overview

overview

7

Static

static

3

Proxy Grab...rp.dll

windows7-x64

1

Proxy Grab...rp.dll

windows10-2004-x64

1

Proxy Grab...ic.dll

windows7-x64

1

Proxy Grab...ic.dll

windows10-2004-x64

1

Proxy Grab...er.exe

windows7-x64

7

Proxy Grab...er.exe

windows10-2004-x64

7

Proxy Grab...rp.dll

windows7-x64

1

Proxy Grab...rp.dll

windows10-2004-x64

1

Proxy Grab...or.exe

windows7-x64

3

Proxy Grab...or.exe

windows10-2004-x64

7

Proxy Grab...st.exe

windows7-x64

3

Proxy Grab...st.exe

windows10-2004-x64

7

Proxy Grab...ic.dll

windows7-x64

1

Proxy Grab...ic.dll

windows10-2004-x64

1

Proxy Grab...32.exe

windows7-x64

1

Proxy Grab...32.exe

windows10-2004-x64

1

Proxy Grab...ht.dll

windows7-x64

1

Proxy Grab...ht.dll

windows10-2004-x64

1

Proxy Grab...ht.dll

windows7-x64

1

Proxy Grab...ht.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2024, 11:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Proxy Grabber by Mathian/Proxy Grabber by Mathian/mfc100cht.dll

  • Size

    36KB

  • MD5

    61a56eb574daa6ceab692f98be3e5bb6

  • SHA1

    b52aa36e1a2594fe0ac97ee0b867df822d223b76

  • SHA256

    928f0528706576c2f7211e98462e87e03bfc14eb7a84ca3531f45ce1d9f080a3

  • SHA512

    0b787be453e7d55b810e3075ab96e9f07a7f4a10d34c9082f17c26db0578a7199ddfccf1749c87c97541f9484908e59b1a237361b92123f98880dc5835173124

  • SSDEEP

    384:m1cPmgt96DteT9X2IEI41W4WA1G/7kn4TJgUqJgM3KbgkE3H+iihZ2+10vq0GftC:muufpTVI4P+7kn4TJVM3i/EhK2iex

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Proxy Grabber by Mathian\Proxy Grabber by Mathian\mfc100cht.dll",#1
    1⤵
      PID:864

    Network

    • flag-us
      DNS
      133.211.185.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.211.185.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      40.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      40.134.221.88.in-addr.arpa
      IN PTR
      Response
      40.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-40deploystaticakamaitechnologiescom
    • flag-us
      DNS
      140.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      140.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      241.150.49.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.150.49.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      178.223.142.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      178.223.142.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      228.249.119.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      228.249.119.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      26.165.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.165.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      56.126.166.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.126.166.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      217.135.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.135.221.88.in-addr.arpa
      IN PTR
      Response
      217.135.221.88.in-addr.arpa
      IN PTR
      a88-221-135-217deploystaticakamaitechnologiescom
    • flag-us
      DNS
      41.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.134.221.88.in-addr.arpa
      IN PTR
      Response
      41.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      13.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      152.141.79.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      152.141.79.40.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      133.211.185.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      133.211.185.52.in-addr.arpa

    • 8.8.8.8:53
      40.134.221.88.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      40.134.221.88.in-addr.arpa

    • 8.8.8.8:53
      140.32.126.40.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      140.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      241.150.49.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      241.150.49.20.in-addr.arpa

    • 8.8.8.8:53
      178.223.142.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      178.223.142.52.in-addr.arpa

    • 8.8.8.8:53
      228.249.119.40.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      228.249.119.40.in-addr.arpa

    • 8.8.8.8:53
      26.165.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      26.165.165.52.in-addr.arpa

    • 8.8.8.8:53
      56.126.166.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      56.126.166.20.in-addr.arpa

    • 8.8.8.8:53
      217.135.221.88.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      217.135.221.88.in-addr.arpa

    • 8.8.8.8:53
      41.134.221.88.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      41.134.221.88.in-addr.arpa

    • 8.8.8.8:53
      13.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      13.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      152.141.79.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      152.141.79.40.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.