Analysis

  • max time kernel
    92s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-06-2024 15:30

General

  • Target

    start_protected_game.exe

  • Size

    255KB

  • MD5

    0991065b2191e7715d96983983e3207d

  • SHA1

    827093e196b9c3081002f17cee192e590bb96657

  • SHA256

    0078f3f5cea79e68ff7eb526ad8a2151ef1a2e88904ff5038c5cdd82d1ca8b6c

  • SHA512

    d542e94cd094431923358b26f222fce902432719885fb9d861c30def6193fd3bd65e7c18b2310ea5b741a7bfa286131d74b0bfc5a293ab443719954f5ee7771c

  • SSDEEP

    3072:+J5fEmNK1AvXpr9+pWnReBs10a9qQQr0ngg2/:+J2mNK1AfL+pWL1Z+r8R2/

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\start_protected_game.exe
    "C:\Users\Admin\AppData\Local\Temp\start_protected_game.exe"
    1⤵
      PID:3772

    Network

    • flag-us
      DNS
      149.220.183.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      149.220.183.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      105.83.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      105.83.221.88.in-addr.arpa
      IN PTR
      Response
      105.83.221.88.in-addr.arpa
      IN PTR
      a88-221-83-105deploystaticakamaitechnologiescom
    • flag-us
      DNS
      73.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      196.249.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      196.249.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      97.17.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.17.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      129.83.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      129.83.221.88.in-addr.arpa
      IN PTR
      Response
      129.83.221.88.in-addr.arpa
      IN PTR
      a88-221-83-129deploystaticakamaitechnologiescom
    • flag-us
      DNS
      160.83.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      160.83.221.88.in-addr.arpa
      IN PTR
      Response
      160.83.221.88.in-addr.arpa
      IN PTR
      a88-221-83-160deploystaticakamaitechnologiescom
    • flag-us
      DNS
      13.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.227.111.52.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      149.220.183.52.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      149.220.183.52.in-addr.arpa

    • 8.8.8.8:53
      105.83.221.88.in-addr.arpa
      dns
      72 B
      137 B
      1
      1

      DNS Request

      105.83.221.88.in-addr.arpa

    • 8.8.8.8:53
      73.159.190.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      73.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      196.249.167.52.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      196.249.167.52.in-addr.arpa

    • 8.8.8.8:53
      97.17.167.52.in-addr.arpa
      dns
      71 B
      145 B
      1
      1

      DNS Request

      97.17.167.52.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
      146 B
      1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      129.83.221.88.in-addr.arpa
      dns
      72 B
      137 B
      1
      1

      DNS Request

      129.83.221.88.in-addr.arpa

    • 8.8.8.8:53
      13.227.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      13.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      160.83.221.88.in-addr.arpa
      dns
      72 B
      137 B
      1
      1

      DNS Request

      160.83.221.88.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.