eb5979cd25aa7520034d0df78df9322a86790b719284a1ca4d7d490dec43cc26

Analysis

max time kernel
93s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 04:37 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb5979cd25aa7520034d0df78df9322a86790b719284a1ca4d7d490dec43cc26.exe
Size

119KB
MD5

16a7b671d0fca9aa98334420403ad5ca
SHA1

54952ca7366ba7b7d5e7c5f6554aee9e8fd1485c
SHA256

eb5979cd25aa7520034d0df78df9322a86790b719284a1ca4d7d490dec43cc26
SHA512

d8bdfbbd3640f4452269f71aac21e580ce120926ca6c9ba8474e41e33e3896088e707728509de56eb0e1e6d85a3f150711dbe8da602a7700b8e7e58f21a784c2
SSDEEP

1536:a7ZyqaFAlsr1++PJHJXFAIuZAIuYSbGDPzxA1hvNCYPV4qI276gnzbarK72WoKRy:enaym3AIuZAIujny/

Score

9^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 2 IoCs

resource	yara_rule
behavioral2/memory/1620-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral2/memory/1620-1-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1620-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/memory/1620-1-0x0000000000400000-0x000000000040B000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\eb5979cd25aa7520034d0df78df9322a86790b719284a1ca4d7d490dec43cc26.exe
"C:\Users\Admin\AppData\Local\Temp\eb5979cd25aa7520034d0df78df9322a86790b719284a1ca4d7d490dec43cc26.exe"
1⤵
PID:1620

Network

DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

73.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.159.190.20.in-addr.arpa

IN PTR

Response
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

0.204.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.204.248.87.in-addr.arpa

IN PTR

Response

0.204.248.87.in-addr.arpa

IN PTR

https-87-248-204-0lhrllnwnet
DNS

82.90.14.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

82.90.14.23.in-addr.arpa

IN PTR

Response

82.90.14.23.in-addr.arpa

IN PTR

a23-14-90-82deploystaticakamaitechnologiescom
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

11.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.227.111.52.in-addr.arpa

IN PTR

Response

52.111.229.43:443

322 B
7

8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.249.119.40.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

73.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

73.159.190.20.in-addr.arpa
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

0.204.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.204.248.87.in-addr.arpa
8.8.8.8:53

82.90.14.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

82.90.14.23.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

11.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

11.227.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1620-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1620-1-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.