Analysis Overview
SHA256
91a10b40d12258492917ff8fb27d14812572200bd48a486d5c8f95e0d37efba4
Threat Level: Known bad
The file log.exe was found to be: Known bad.
Malicious Activity Summary
MetaSploit
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-05-20 12:06
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-20 12:06
Reported
2024-05-20 12:09
Platform
win10v2004-20240426-en
Max time kernel
134s
Max time network
145s
Command Line
Signatures
MetaSploit
Processes
C:\Users\Admin\AppData\Local\Temp\log.exe
"C:\Users\Admin\AppData\Local\Temp\log.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| CN | 154.8.204.157:19001 | tcp | |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| BE | 2.17.107.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.107.17.2.in-addr.arpa | udp |
| BE | 2.17.107.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
memory/4952-0-0x00000000001D0000-0x00000000001D1000-memory.dmp
memory/4952-1-0x0000000000400000-0x0000000000409000-memory.dmp
memory/4952-3-0x0000000000400000-0x0000000000409000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-20 12:06
Reported
2024-05-20 12:09
Platform
win7-20240508-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
MetaSploit
Processes
C:\Users\Admin\AppData\Local\Temp\log.exe
"C:\Users\Admin\AppData\Local\Temp\log.exe"
Network
| Country | Destination | Domain | Proto |
| CN | 154.8.204.157:19001 | tcp | |
| CN | 154.8.204.157:19001 | tcp |
Files
memory/1704-0-0x0000000000020000-0x0000000000021000-memory.dmp
memory/1704-1-0x0000000000400000-0x0000000000409000-memory.dmp
memory/1704-5-0x0000000000400000-0x0000000000409000-memory.dmp