Overview

overview

7

Static

static

1

v.1.1/FA I...1 .bat

windows7-x64

3

v.1.1/FA I...1 .bat

windows10-2004-x64

7

v.1.2/FA I...2 .bat

windows7-x64

1

v.1.2/FA I...2 .bat

windows10-2004-x64

1

v.1.3/FA I...3 .bat

windows7-x64

1

v.1.3/FA I...3 .bat

windows10-2004-x64

1

v.1.4/FA I...4 .bat

windows7-x64

1

v.1.4/FA I...4 .bat

windows10-2004-x64

1

v.1.5/FA I...5 .bat

windows7-x64

1

v.1.5/FA I...5 .bat

windows10-2004-x64

7

v.Beta.1.0...0 .bat

windows7-x64

1

v.Beta.1.0...0 .bat

windows10-2004-x64

1

v.Beta.1.1...1 .bat

windows7-x64

1

v.Beta.1.1...1 .bat

windows10-2004-x64

1

Analysis

  • max time kernel
    954s
  • max time network
    962s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 21:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    v.1.3/FA Installer v.1.3 .bat

  • Size

    79KB

  • MD5

    0fd1873ebb0b210c90b07b2869392c89

  • SHA1

    c6ec11cd5ec3fd247eb12518c78d5937302b233d

  • SHA256

    63c010b0c5c7b649f8e64461b5cd83e996b0179c8d874f4847063a22c9c9e97a

  • SHA512

    17c80c544e0d143d1ff466966260e9ff3fae13424b67aa94fed1ffb15a2719052c6e2534feb6cc922ac9fd46bc73094bffff22ae4a0f28c4e320dbb394d68111

  • SSDEEP

    1536:kKSG9nf9tUc+nuxGIFwyKhTf+DxhbHAtrXt+01J4EyjgB:k3GDhbHAtrXt+01J4EyjgB

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\v.1.3\FA Installer v.1.3 .bat"
    1⤵
      PID:1380
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3644 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:4508
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2204 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:4784

        Network

        • flag-us
          DNS
          149.220.183.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          149.220.183.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          172.210.232.199.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          172.210.232.199.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          0.159.190.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          0.159.190.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          95.221.229.192.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          95.221.229.192.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          97.17.167.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          97.17.167.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          183.59.114.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          183.59.114.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          171.39.242.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          171.39.242.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          240.197.17.2.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          240.197.17.2.in-addr.arpa
          IN PTR
          Response
          240.197.17.2.in-addr.arpa
          IN PTR
          a2-17-197-240deploystaticakamaitechnologiescom
        • flag-us
          DNS
          chromewebstore.googleapis.com
          Remote address:
          8.8.8.8:53
          Request
          chromewebstore.googleapis.com
          IN A
          Response
          chromewebstore.googleapis.com
          IN A
          172.217.16.234
          chromewebstore.googleapis.com
          IN A
          142.250.200.10
          chromewebstore.googleapis.com
          IN A
          142.250.200.42
          chromewebstore.googleapis.com
          IN A
          216.58.201.106
          chromewebstore.googleapis.com
          IN A
          216.58.204.74
          chromewebstore.googleapis.com
          IN A
          216.58.213.10
          chromewebstore.googleapis.com
          IN A
          172.217.169.10
          chromewebstore.googleapis.com
          IN A
          172.217.169.74
          chromewebstore.googleapis.com
          IN A
          142.250.179.234
          chromewebstore.googleapis.com
          IN A
          142.250.180.10
          chromewebstore.googleapis.com
          IN A
          142.250.187.202
          chromewebstore.googleapis.com
          IN A
          142.250.187.234
          chromewebstore.googleapis.com
          IN A
          142.250.178.10
        • flag-us
          DNS
          chromewebstore.googleapis.com
          Remote address:
          8.8.8.8:53
          Request
          chromewebstore.googleapis.com
          IN Unknown
          Response
        • flag-us
          DNS
          234.16.217.172.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          234.16.217.172.in-addr.arpa
          IN PTR
          Response
          234.16.217.172.in-addr.arpa
          IN PTR
          mad08s04-in-f101e100net
          234.16.217.172.in-addr.arpa
          IN PTR
          lhr48s28-in-f10�I
        • flag-us
          DNS
          14.227.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          14.227.111.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          17.173.189.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          17.173.189.20.in-addr.arpa
          IN PTR
          Response
        • 20.231.121.79:80
          46 B
           1
        • 172.217.16.234:443
          chromewebstore.googleapis.com
          tls
          2.2kB
           8.3kB
           22
          23
        • 8.8.8.8:53
          149.220.183.52.in-addr.arpa
          dns
          73 B
           147 B
           1
          1

          DNS Request

          149.220.183.52.in-addr.arpa

        • 8.8.8.8:53
          172.210.232.199.in-addr.arpa
          dns
          74 B
           128 B
           1
          1

          DNS Request

          172.210.232.199.in-addr.arpa

        • 8.8.8.8:53
          0.159.190.20.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          0.159.190.20.in-addr.arpa

        • 8.8.8.8:53
          95.221.229.192.in-addr.arpa
          dns
          73 B
           144 B
           1
          1

          DNS Request

          95.221.229.192.in-addr.arpa

        • 8.8.8.8:53
          97.17.167.52.in-addr.arpa
          dns
          71 B
           145 B
           1
          1

          DNS Request

          97.17.167.52.in-addr.arpa

        • 8.8.8.8:53
          183.59.114.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          183.59.114.20.in-addr.arpa

        • 8.8.8.8:53
          171.39.242.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          171.39.242.20.in-addr.arpa

        • 8.8.8.8:53
          240.197.17.2.in-addr.arpa
          dns
          71 B
           135 B
           1
          1

          DNS Request

          240.197.17.2.in-addr.arpa

        • 8.8.8.8:53
          chromewebstore.googleapis.com
          dns
          75 B
           283 B
           1
          1

          DNS Request

          chromewebstore.googleapis.com

          DNS Response

          172.217.16.234
          142.250.200.10
          142.250.200.42
          216.58.201.106
          216.58.204.74
          216.58.213.10
          172.217.169.10
          172.217.169.74
          142.250.179.234
          142.250.180.10
          142.250.187.202
          142.250.187.234
          142.250.178.10

        • 8.8.8.8:53
          chromewebstore.googleapis.com
          dns
          75 B
           132 B
           1
          1

          DNS Request

          chromewebstore.googleapis.com

        • 8.8.8.8:53
          234.16.217.172.in-addr.arpa
          dns
          73 B
           142 B
           1
          1

          DNS Request

          234.16.217.172.in-addr.arpa

        • 8.8.8.8:53
          14.227.111.52.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          14.227.111.52.in-addr.arpa

        • 8.8.8.8:53
          17.173.189.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          17.173.189.20.in-addr.arpa

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.