0d887e91da0551c333f22db3b4a5289614eb20fff63188851509e0645cc774c8 | Triage

Analysis

max time kernel
147s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 22:59 UTC

Sharing

Report Analysis Logs

General

Target

resources/app/out/WebServer/BouncyCastle.Cryptography.dll
Size

6.8MB
MD5

29f67c517f366b3ff65cf0de64ef4bb6
SHA1

ae5f0bcdae220ec7332763fb6956685ac381efa6
SHA256

f40e8e6cd2705822bf33d4b360a628d8ba59765e3161cf602ff15a762b392874
SHA512

714f70b61daf136e869cb8e53aeee06e6b5e73ce3aee02efb18b9619af988c656d70dc3c11b6b381d479491598c65010a3cf9b0f4b3c5bf218b4fcaadeda2b89
SSDEEP

98304:n7shAKDMFQfVTwT3Pj3jno+adQ6Z5EgveHluvNoT4S9tomfTYFNUW:aAKDMF0u7MrdQ8rvsluv67amrYn/

Score

1^/10

Malware Config

Signatures

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app\out\WebServer\BouncyCastle.Cryptography.dll,#1
1⤵
PID:5048

Network

DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

75.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.159.190.20.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

107.12.20.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

107.12.20.2.in-addr.arpa

IN PTR

Response

107.12.20.2.in-addr.arpa

IN PTR

a2-20-12-107deploystaticakamaitechnologiescom
DNS

131.83.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.83.221.88.in-addr.arpa

IN PTR

Response

131.83.221.88.in-addr.arpa

IN PTR

a88-221-83-131deploystaticakamaitechnologiescom
DNS

145.83.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

145.83.221.88.in-addr.arpa

IN PTR

Response

145.83.221.88.in-addr.arpa

IN PTR

a88-221-83-145deploystaticakamaitechnologiescom

No results found

8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.249.119.40.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

75.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

75.159.190.20.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

107.12.20.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

107.12.20.2.in-addr.arpa
8.8.8.8:53

131.83.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

131.83.221.88.in-addr.arpa
8.8.8.8:53

145.83.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

145.83.221.88.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads