2d2c4f01c4a67595b694c743542aca22a2c4bb0b0f83c055a7fd16a30cd10cf8

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 20:25 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d2c4f01c4a67595b694c743542aca22a2c4bb0b0f83c055a7fd16a30cd10cf8.exe
Size

14KB
MD5

325d2582ba0775c9766be38a54caf8a1
SHA1

a5aff538304253cc4279e2e8a2c914b5c86c34db
SHA256

2d2c4f01c4a67595b694c743542aca22a2c4bb0b0f83c055a7fd16a30cd10cf8
SHA512

abf067e28b38bdfb85fe90dafe1c5b9a42a1b47cdeb6797fb995c22d15eeccdd7005c95cbc2051b7afa515fb4326c5293b256010d6f2509465d0ef42c8fc4399
SSDEEP

192:xzNJHwiIZmlGOwg6a3RFLOlodIAdt5fSpkO/DVuO7YbqDE045HQ:xzYqsOHfBFLJNoNn7YODE045H

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2196	3656	WerFault.exe	80

C:\Users\Admin\AppData\Local\Temp\2d2c4f01c4a67595b694c743542aca22a2c4bb0b0f83c055a7fd16a30cd10cf8.exe
"C:\Users\Admin\AppData\Local\Temp\2d2c4f01c4a67595b694c743542aca22a2c4bb0b0f83c055a7fd16a30cd10cf8.exe"
1⤵
PID:3656
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
  2⤵
  - Program crash
  PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3656 -ip 3656
1⤵
PID:884

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

145.83.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

145.83.221.88.in-addr.arpa

IN PTR

Response

145.83.221.88.in-addr.arpa

IN PTR

a88-221-83-145deploystaticakamaitechnologiescom
DNS

20.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.160.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

129.83.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

129.83.221.88.in-addr.arpa

IN PTR

Response

129.83.221.88.in-addr.arpa

IN PTR

a88-221-83-129deploystaticakamaitechnologiescom
DNS

131.83.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.83.221.88.in-addr.arpa

IN PTR

Response

131.83.221.88.in-addr.arpa

IN PTR

a88-221-83-131deploystaticakamaitechnologiescom
DNS

13.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

20.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

20.160.190.20.in-addr.arpa
8.8.8.8:53

145.83.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

145.83.221.88.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

129.83.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

129.83.221.88.in-addr.arpa
8.8.8.8:53

131.83.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

131.83.221.88.in-addr.arpa
8.8.8.8:53

13.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.227.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3656-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.