Overview

overview

3

Static

static

3

5d204c4617...3a.exe

windows7-x64

1

5d204c4617...3a.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    92s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2024, 15:58 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5d204c46173e06821cbf13809cdb7a8113b9f84508ec86b0c576e07ecc1be73a.exe

  • Size

    500KB

  • MD5

    4e606ec2c539df61d47793d033487456

  • SHA1

    a9613340888ba3bd3b9ce16a9ce17f78b962cb2b

  • SHA256

    5d204c46173e06821cbf13809cdb7a8113b9f84508ec86b0c576e07ecc1be73a

  • SHA512

    a568751d4c0167c9da9cbd23119b0289196b3ba09ff012d67c4a8ffaa307d1e7cae6e00ccbf6589edc9547e148d6fa18a7b670bec263b9b8f3ae83569f7a141d

  • SSDEEP

    12288:TgUK9Q0u9pGHNu4B2UoZGgYNWwrcpZ+bDFpPOoNMcq:TgUK9Q0PI4rowgE6p2RdNM

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5d204c46173e06821cbf13809cdb7a8113b9f84508ec86b0c576e07ecc1be73a.exe
    "C:\Users\Admin\AppData\Local\Temp\5d204c46173e06821cbf13809cdb7a8113b9f84508ec86b0c576e07ecc1be73a.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5036

Network

  • flag-us
    DNS
    209.205.72.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.205.72.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    147.111.86.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    147.111.86.104.in-addr.arpa
    IN PTR
    Response
    147.111.86.104.in-addr.arpa
    IN PTR
    a104-86-111-147deploystaticakamaitechnologiescom
  • flag-us
    DNS
    19.53.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.53.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.86.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.86.104.in-addr.arpa
    IN PTR
    Response
    41.110.86.104.in-addr.arpa
    IN PTR
    a104-86-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    251.110.86.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    251.110.86.104.in-addr.arpa
    IN PTR
    Response
    251.110.86.104.in-addr.arpa
    IN PTR
    a104-86-110-251deploystaticakamaitechnologiescom
  • flag-us
    DNS
    21.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    161.111.86.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    161.111.86.104.in-addr.arpa
    IN PTR
    Response
    161.111.86.104.in-addr.arpa
    IN PTR
    a104-86-111-161deploystaticakamaitechnologiescom
No results found
  • 8.8.8.8:53
    209.205.72.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    209.205.72.20.in-addr.arpa

  • 8.8.8.8:53
    147.111.86.104.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    147.111.86.104.in-addr.arpa

  • 8.8.8.8:53
    19.53.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    19.53.126.40.in-addr.arpa

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    41.110.86.104.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    41.110.86.104.in-addr.arpa

  • 8.8.8.8:53
    251.110.86.104.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    251.110.86.104.in-addr.arpa

  • 8.8.8.8:53
    21.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    21.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    161.111.86.104.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    161.111.86.104.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.