Overview

overview

1

Static

static

1

hey.txt

windows7-x64

1

hey.txt

windows10-2004-x64

1

Resubmissions

29/06/2024, 22:37 UTC

240629-2j4n2a1hkm 1

29/06/2024, 22:21 UTC

240629-19tfbaxgkg 10

Analysis

  • max time kernel
    452s
  • max time network
    1176s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/06/2024, 22:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hey.txt

  • Size

    118B

  • MD5

    221ad89e039255e04f2188a169cdc35e

  • SHA1

    95d97e72b73b41aaba4a0e55980d75fb50a444eb

  • SHA256

    5d7cc02e1da62aee3aa6627150b2784c8a915765da9b55c45483fe8b5985800c

  • SHA512

    939bb152a9fe21a5d88a969fb5eae534092a2878a52cfdf505f26e86b8ca974edbe45992964cf0a9b830e7482af8152915d52d4cf6801a7716942924e9315040

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\hey.txt
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:4404

Network

  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    75.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    75.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    203.107.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    203.107.17.2.in-addr.arpa
    IN PTR
    Response
    203.107.17.2.in-addr.arpa
    IN PTR
    a2-17-107-203deploystaticakamaitechnologiescom
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.179.89.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.179.89.13.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    75.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    75.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    140 B
     156 B
     2
    1

    DNS Request

    50.23.12.20.in-addr.arpa

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    203.107.17.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    203.107.17.2.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    13.179.89.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    13.179.89.13.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.