df63df335d4e3307bb952c16aef542177187fa3efbde9d7483b207812d4e1e72

Analysis

max time kernel
145s
max time network
201s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 18:16 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FLEngine_x64_Copy5.dll
Size

63.3MB
MD5

06bb6dde5c9adbac93470ed86ce7d5ff
SHA1

46fc43590d6d4c4f04f23ab0eb6f8f602e7e731a
SHA256

2a44a8af200c4ee36de4b0f91471ffca82ce25e0fe90401d64a9d4c01b9f9525
SHA512

5399dbdf1c523ae86956b3a774996cbe0276fb1ca08919564f7669e8cb695711dc9830cbf751cf4479d2bb08f982193c22e00a8be34c5466c9567287a45d8c23
SSDEEP

786432:iJfMakY21meWZcB9fM/4F+cJ/HKYVVCmS0fkrw632FfsjA2E27Dy:ek+W/FRsYVV0/rVmEE2h7+

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2104	rundll32.exe
2104	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2104	rundll32.exe
2104	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\FLEngine_x64_Copy5.dll,#1
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:2104

Network

DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

69.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

69.31.126.40.in-addr.arpa

IN PTR

Response
DNS

79.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.190.18.2.in-addr.arpa

IN PTR

Response

79.190.18.2.in-addr.arpa

IN PTR

a2-18-190-79deploystaticakamaitechnologiescom
DNS

nexusrules.officeapps.live.com

Remote address:

8.8.8.8:53

Request

nexusrules.officeapps.live.com

IN A

Response

nexusrules.officeapps.live.com

IN CNAME

prod.nexusrules.live.com.akadns.net

prod.nexusrules.live.com.akadns.net

IN A

52.111.229.19
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

187.83.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

187.83.221.88.in-addr.arpa

IN PTR

Response

187.83.221.88.in-addr.arpa

IN PTR

a88-221-83-187deploystaticakamaitechnologiescom
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

24.121.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

24.121.18.2.in-addr.arpa

IN PTR

Response

24.121.18.2.in-addr.arpa

IN PTR

a2-18-121-24deploystaticakamaitechnologiescom
DNS

24.121.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

24.121.18.2.in-addr.arpa

IN PTR
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response

204.79.197.237:443

g.bing.com

tls

2.0kB
9.2kB
21
17
88.221.83.187:443

www.bing.com

tls

1.5kB
6.4kB
16
12

8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

69.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

69.31.126.40.in-addr.arpa
8.8.8.8:53

79.190.18.2.in-addr.arpa

dns

146 B
274 B
2
2

DNS Request

79.190.18.2.in-addr.arpa

DNS Request

nexusrules.officeapps.live.com

DNS Response

52.111.229.19
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

187.83.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

187.83.221.88.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

24.121.18.2.in-addr.arpa

dns

140 B
133 B
2
1

DNS Request

24.121.18.2.in-addr.arpa

DNS Request

24.121.18.2.in-addr.arpa
8.8.8.8:53

19.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

19.229.111.52.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2104-0-0x00007FFFB69F0000-0x00007FFFB69F2000-memory.dmp

Filesize
8KB

Download
memory/2104-1-0x0000000051D00000-0x0000000055D87000-memory.dmp

Filesize
64.5MB

Download
memory/2104-2-0x0000000055907000-0x000000005599A000-memory.dmp

Filesize
588KB

Download
memory/2104-3-0x0000000051D00000-0x0000000055D87000-memory.dmp

Filesize
64.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.