4344e052ca1475a93ad11de70248ab3b0b0979d76f3022c0ef291d8aa8014055

Analysis

max time kernel
151s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 17:59 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Slinky.gg (Cracked)/start-quick.bat
Size

44B
MD5

e46151f32afa2e98c578df82d8b27832
SHA1

9d45f9fba8f2a263663fcf9cab6313485be19e3c
SHA256

90324ac004e0d9f7a5aac10182916bb507a2a21a6b4ae02dbf90a6207f218f0c
SHA512

7d8498b81a99dda2a41f141d2243b47615af1cdda60f8753a0f095c51f756213043d9c00f8513ac346866ae39ca50a5a74d1ec27d37080b0624ac681ef4d2500

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe
1744	Loader.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1824 wrote to memory of 1744	1824	cmd.exe	90
PID 1824 wrote to memory of 1744	1824	cmd.exe	90

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Slinky.gg (Cracked)\start-quick.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Users\Admin\AppData\Local\Temp\Slinky.gg (Cracked)\Loader.exe
  Loader.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3644 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
1⤵
PID:4592

Network

DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

80.90.14.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.90.14.23.in-addr.arpa

IN PTR

Response

80.90.14.23.in-addr.arpa

IN PTR

a23-14-90-80deploystaticakamaitechnologiescom
DNS

75.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.159.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

164.189.21.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

164.189.21.2.in-addr.arpa

IN PTR

Response

164.189.21.2.in-addr.arpa

IN PTR

a2-21-189-164deploystaticakamaitechnologiescom
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

107.12.20.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

107.12.20.2.in-addr.arpa

IN PTR

Response

107.12.20.2.in-addr.arpa

IN PTR

a2-20-12-107deploystaticakamaitechnologiescom
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

13.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response
DNS

154.141.79.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.141.79.40.in-addr.arpa

IN PTR

Response

96.16.110.114:80

260 B
5
142.250.187.234:443

46 B
40 B
1
1

8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

80.90.14.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

80.90.14.23.in-addr.arpa
8.8.8.8:53

75.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

75.159.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

164.189.21.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

164.189.21.2.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

107.12.20.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

107.12.20.2.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

13.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.227.111.52.in-addr.arpa
8.8.8.8:53

154.141.79.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

154.141.79.40.in-addr.arpa

Windows 7 deprecation

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.