ab7e4085828b98e52db4a171a5c3b01f7e6a3c1ab97885466a5f97e35e6a10a1 | Triage

Analysis

max time kernel
132s
max time network
137s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
20/05/2024, 05:00 UTC

Sharing

Report Analysis Logs

General

Target

overrides/config/aether/aether_customizations.txt
Size

84B
MD5

cbb7dadd96742517600bf029d14ce08f
SHA1

b9f71c03578eef752fe3c401112845574529aef1
SHA256

113f7dfc56b7b2efdc782e45356c87c47174bb76dc34dcef24ca2ec32c7908e1
SHA512

baa71c60b5428daaadbc3a3e71853d981ac6db397a4c5e3cb16f8c9bfbea36c0a20bcf126887fe633ad74b28b540fa81deeeaddafd56adae624354d3771f24a8

Score

1^/10

Malware Config

Signatures

Opens file in notepad (likely ransom note) 1 IoCs

pid	Process
788	NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\overrides\config\aether\aether_customizations.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:788

Network

DNS

23.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.236.111.52.in-addr.arpa

IN PTR

Response
DNS

77.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

77.190.18.2.in-addr.arpa

IN PTR

Response

77.190.18.2.in-addr.arpa

IN PTR

a2-18-190-77deploystaticakamaitechnologiescom
DNS

233.17.178.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.17.178.52.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

23.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

23.236.111.52.in-addr.arpa
8.8.8.8:53

77.190.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

77.190.18.2.in-addr.arpa
8.8.8.8:53

233.17.178.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

233.17.178.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads