0250d7ab03d27076b35efa6b1a5dd0100651d120784fb53dce7a9ce4f6b3c809

Analysis

max time kernel
146s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 04:59 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0250d7ab03d27076b35efa6b1a5dd0100651d120784fb53dce7a9ce4f6b3c809.dll
Size

899KB
MD5

56844ebfac0d3edbbcd8edee50215ce2
SHA1

643ca58110c57450b30c48007325c546928b2671
SHA256

0250d7ab03d27076b35efa6b1a5dd0100651d120784fb53dce7a9ce4f6b3c809
SHA512

08e652e723601705cb999ba5984ddc80c5bd8cf175608bdb6a88e880c249722ef191b804a7147227fad0381a80ef8b324f1d1086b8594801dc93721fc921dd25
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PX0:7wqd87V0

Score

1^/10

Malware Config

Signatures

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
224	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 112 wrote to memory of 224	112	rundll32.exe	82
PID 112 wrote to memory of 224	112	rundll32.exe	82
PID 112 wrote to memory of 224	112	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0250d7ab03d27076b35efa6b1a5dd0100651d120784fb53dce7a9ce4f6b3c809.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0250d7ab03d27076b35efa6b1a5dd0100651d120784fb53dce7a9ce4f6b3c809.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:224

Network

DNS

67.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.31.126.40.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

25.24.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.24.18.2.in-addr.arpa

IN PTR

Response

25.24.18.2.in-addr.arpa

IN PTR

a2-18-24-25deploystaticakamaitechnologiescom
DNS

21.114.53.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.114.53.23.in-addr.arpa

IN PTR

Response

21.114.53.23.in-addr.arpa

IN PTR

a23-53-114-21deploystaticakamaitechnologiescom
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

100.58.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.58.20.217.in-addr.arpa

IN PTR

Response
DNS

11.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.227.111.52.in-addr.arpa

IN PTR

Response
DNS

18.24.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.24.18.2.in-addr.arpa

IN PTR

Response

18.24.18.2.in-addr.arpa

IN PTR

a2-18-24-18deploystaticakamaitechnologiescom
DNS

8.167.79.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.167.79.40.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

67.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

67.31.126.40.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

25.24.18.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

25.24.18.2.in-addr.arpa
8.8.8.8:53

21.114.53.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

21.114.53.23.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

100.58.20.217.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

100.58.20.217.in-addr.arpa
8.8.8.8:53

11.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

11.227.111.52.in-addr.arpa
8.8.8.8:53

18.24.18.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

18.24.18.2.in-addr.arpa
8.8.8.8:53

8.167.79.40.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

8.167.79.40.in-addr.arpa

Windows 7 deprecation

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.