Overview

overview

3

Static

static

3

cryptolaemus

windows10-2004-x64

1

cryptolaemus

windows11-21h2-x64

1

Analysis

  • max time kernel
    132s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/06/2024, 07:13 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1cb1d79637a18997c32536ac52e2d074e6e728e60f3f2c0da88d85cd5406d69c.exe

  • Size

    13KB

  • MD5

    43e710459cb77afe2be35dcd74474812

  • SHA1

    78c2270fa1d9482cb3f5d2c4a0db53cc756aec64

  • SHA256

    1cb1d79637a18997c32536ac52e2d074e6e728e60f3f2c0da88d85cd5406d69c

  • SHA512

    b640880714a08cffdb1c8f06f034de8cbc34662bfe1094c400f0b2c9eb70efbfaf2c92abcfaa71e478f0ffa54dcdaaf7c69c2b81c6319cd8f3821348b16636fe

  • SSDEEP

    192:8iphI1nYWIBChY2mB6ZaMQoG5fsMl1G7tiLPEA2gTUEkxnMdRy0sIWlJdxqHPnov:thNBCh3m/Md7tlFG+LwWlJj+q

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\1cb1d79637a18997c32536ac52e2d074e6e728e60f3f2c0da88d85cd5406d69c.exe
    "C:\Users\Admin\AppData\Local\Temp\1cb1d79637a18997c32536ac52e2d074e6e728e60f3f2c0da88d85cd5406d69c.exe"
    1⤵
      PID:3168

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      217.106.137.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.106.137.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      152.107.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      152.107.17.2.in-addr.arpa
      IN PTR
      Response
      152.107.17.2.in-addr.arpa
      IN PTR
      a2-17-107-152deploystaticakamaitechnologiescom
    • flag-us
      DNS
      72.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      72.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro
      1cb1d79637a18997c32536ac52e2d074e6e728e60f3f2c0da88d85cd5406d69c.exe
      Remote address:
      8.8.8.8:53
      Request
      wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro
      IN A
      Response
      wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro
      IN A
      193.70.94.19
    • flag-pl
      GET
      http://wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro/v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin
      1cb1d79637a18997c32536ac52e2d074e6e728e60f3f2c0da88d85cd5406d69c.exe
      Remote address:
      193.70.94.19:80
      Request
      GET /v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Referer: /~isapi/isapiv5.dll/v5/ucph/yzxt/240603023323352/000c38001063/000000/obfr.bin
      User-Agent: TrollAV/5.0+(Windows+NT+10.0.19041)
      Host: wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro
    • flag-us
      DNS
      19.94.70.193.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      19.94.70.193.in-addr.arpa
      IN PTR
      Response
      19.94.70.193.in-addr.arpa
      IN PTR
      arrmrmpzjjhn3sgtq5wpro
    • flag-pl
      GET
      http://wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro/v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin
      1cb1d79637a18997c32536ac52e2d074e6e728e60f3f2c0da88d85cd5406d69c.exe
      Remote address:
      193.70.94.19:80
      Request
      GET /v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Referer: /~isapi/isapiv5.dll/v5/ucph/yzxt/240603023323352/000c38001063/000000/obfr.bin
      User-Agent: TrollAV/5.0+(Windows+NT+10.0.19041)
      Host: wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro
    • flag-pl
      GET
      http://wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro/v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin
      1cb1d79637a18997c32536ac52e2d074e6e728e60f3f2c0da88d85cd5406d69c.exe
      Remote address:
      193.70.94.19:80
      Request
      GET /v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Referer: /~isapi/isapiv5.dll/v5/ucph/yzxt/240603023323352/000c38001063/000000/obfr.bin
      User-Agent: TrollAV/5.0+(Windows+NT+10.0.19041)
      Host: wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro
    • flag-pl
      GET
      http://wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro/v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin
      1cb1d79637a18997c32536ac52e2d074e6e728e60f3f2c0da88d85cd5406d69c.exe
      Remote address:
      193.70.94.19:80
      Request
      GET /v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Referer: /~isapi/isapiv5.dll/v5/ucph/yzxt/240603023323352/000c38001063/000000/obfr.bin
      User-Agent: TrollAV/5.0+(Windows+NT+10.0.19041)
      Host: wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro
    • flag-pl
      GET
      http://wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro/v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin
      1cb1d79637a18997c32536ac52e2d074e6e728e60f3f2c0da88d85cd5406d69c.exe
      Remote address:
      193.70.94.19:80
      Request
      GET /v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Referer: /~isapi/isapiv5.dll/v5/ucph/yzxt/240603023323352/000c38001063/000000/obfr.bin
      User-Agent: TrollAV/5.0+(Windows+NT+10.0.19041)
      Host: wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-pl
      GET
      http://wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro/v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin
      1cb1d79637a18997c32536ac52e2d074e6e728e60f3f2c0da88d85cd5406d69c.exe
      Remote address:
      193.70.94.19:80
      Request
      GET /v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Referer: /~isapi/isapiv5.dll/v5/ucph/yzxt/240603023323352/000c38001063/000000/obfr.bin
      User-Agent: TrollAV/5.0+(Windows+NT+10.0.19041)
      Host: wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro
    • flag-us
      DNS
      216.107.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      216.107.17.2.in-addr.arpa
      IN PTR
      Response
      216.107.17.2.in-addr.arpa
      IN PTR
      a2-17-107-216deploystaticakamaitechnologiescom
    • flag-pl
      GET
      http://wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro/v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin
      1cb1d79637a18997c32536ac52e2d074e6e728e60f3f2c0da88d85cd5406d69c.exe
      Remote address:
      193.70.94.19:80
      Request
      GET /v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Referer: /~isapi/isapiv5.dll/v5/ucph/yzxt/240603023323352/000c38001063/000000/obfr.bin
      User-Agent: TrollAV/5.0+(Windows+NT+10.0.19041)
      Host: wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro
    • flag-us
      DNS
      30.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      30.243.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • 193.70.94.19:80
      http://wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro/v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin
      http
      1cb1d79637a18997c32536ac52e2d074e6e728e60f3f2c0da88d85cd5406d69c.exe
      428 B
       92 B
       3
      2

      HTTP Request

      GET http://wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro/v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin
    • 193.70.94.19:80
      http://wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro/v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin
      http
      1cb1d79637a18997c32536ac52e2d074e6e728e60f3f2c0da88d85cd5406d69c.exe
      428 B
       92 B
       3
      2

      HTTP Request

      GET http://wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro/v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin
    • 193.70.94.19:80
      http://wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro/v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin
      http
      1cb1d79637a18997c32536ac52e2d074e6e728e60f3f2c0da88d85cd5406d69c.exe
      428 B
       92 B
       3
      2

      HTTP Request

      GET http://wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro/v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin
    • 193.70.94.19:80
      http://wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro/v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin
      http
      1cb1d79637a18997c32536ac52e2d074e6e728e60f3f2c0da88d85cd5406d69c.exe
      428 B
       92 B
       3
      2

      HTTP Request

      GET http://wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro/v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin
    • 193.70.94.19:80
      http://wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro/v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin
      http
      1cb1d79637a18997c32536ac52e2d074e6e728e60f3f2c0da88d85cd5406d69c.exe
      428 B
       92 B
       3
      2

      HTTP Request

      GET http://wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro/v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin
    • 193.70.94.19:80
      http://wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro/v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin
      http
      1cb1d79637a18997c32536ac52e2d074e6e728e60f3f2c0da88d85cd5406d69c.exe
      428 B
       92 B
       3
      2

      HTTP Request

      GET http://wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro/v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin
    • 193.70.94.19:80
      http://wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro/v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin
      http
      1cb1d79637a18997c32536ac52e2d074e6e728e60f3f2c0da88d85cd5406d69c.exe
      428 B
       92 B
       3
      2

      HTTP Request

      GET http://wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro/v5/ucph/yzxt/242607071333351/000c27002000/000000/yyzk.bin
    • 193.70.94.19:80
      wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro
      1cb1d79637a18997c32536ac52e2d074e6e728e60f3f2c0da88d85cd5406d69c.exe
      260 B
       5
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      217.106.137.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      217.106.137.52.in-addr.arpa

    • 8.8.8.8:53
      152.107.17.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      152.107.17.2.in-addr.arpa

    • 8.8.8.8:53
      72.32.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      72.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro
      dns
      1cb1d79637a18997c32536ac52e2d074e6e728e60f3f2c0da88d85cd5406d69c.exe
      79 B
       95 B
       1
      1

      DNS Request

      wwlh.urlx.v5.mrmpzjjhn3sgtq5w.pro

      DNS Response

      193.70.94.19

    • 8.8.8.8:53
      19.94.70.193.in-addr.arpa
      dns
      71 B
       109 B
       1
      1

      DNS Request

      19.94.70.193.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      216.107.17.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      216.107.17.2.in-addr.arpa

    • 8.8.8.8:53
      30.243.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      30.243.111.52.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.