03351bca89c7d7ea84d830cb33667f7303b54fbbbd075873bf4977731a8a1a7c | Triage

Analysis

max time kernel
142s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
19/06/2024, 18:22 UTC

Sharing

Report Analysis Logs

General

Target

resources/elevate.exe
Size

105KB
MD5

792b92c8ad13c46f27c7ced0810694df
SHA1

d8d449b92de20a57df722df46435ba4553ecc802
SHA256

9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512

6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
SSDEEP

3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l

Score

1^/10

Malware Config

Signatures

C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe
"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"
1⤵
PID:4816

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

self.events.data.microsoft.com

Remote address:

8.8.8.8:53

Request

self.events.data.microsoft.com

IN A

Response

self.events.data.microsoft.com

IN CNAME

self-events-data.trafficmanager.net

self-events-data.trafficmanager.net

IN CNAME

onedscolprdeus15.eastus.cloudapp.azure.com

onedscolprdeus15.eastus.cloudapp.azure.com

IN A

20.42.73.28

No results found

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

142 B
284 B
2
2

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

self.events.data.microsoft.com

DNS Response

20.42.73.28

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads