1cd649ea4273fd977b6a350bfe8f3b62f1d0aee1408b9966aa3d6ad39ba5af6a

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 18:32 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup (13).exe
Size

631KB
MD5

cb927513ff8ebff4dd52a47f7e42f934
SHA1

0de47c02a8adc4940a6c18621b4e4a619641d029
SHA256

fd5c970806fba1500cbb6af5328329aeb43b8de3f02d90ec5d8cd1d57711622f
SHA512

988c8fd886a9155b7d190faf2ce6b34d910efcffcf1c6251f18a9d0c804a0ea26a89679273033ac98b200363c536426efd1ae9de445c34e660369abb06f0071c
SSDEEP

12288:0qtavSvIGmVujfIzEQlzlmgGak6H3lP3XJik0YhBhrj05:0qsVrYyl876j0KDrj05

Score

1^/10

Malware Config

Signatures

C:\Users\Admin\AppData\Local\Temp\Setup (13).exe
"C:\Users\Admin\AppData\Local\Temp\Setup (13).exe"
1⤵
PID:3952

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

203.107.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

203.107.17.2.in-addr.arpa

IN PTR

Response

203.107.17.2.in-addr.arpa

IN PTR

a2-17-107-203deploystaticakamaitechnologiescom
DNS

1.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.181.190.20.in-addr.arpa

IN PTR

Response
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

wfsdragon.ru

Setup (13).exe

Remote address:

8.8.8.8:53

Request

wfsdragon.ru

IN A

Response

wfsdragon.ru

IN A

172.67.133.215

wfsdragon.ru

IN A

104.21.5.208
GET

http://wfsdragon.ru/api/setStats.php

Setup (13).exe

Remote address:

172.67.133.215:80

Request

GET /api/setStats.php HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Host: wfsdragon.ru

Response

HTTP/1.1 404 Not Found

Date: Mon, 01 Jul 2024 18:34:00 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pBDwmQYDG5Cai%2FGriTlR72eIZFNKrqkJvN7Hph6MAAYYJRZp2csvhBo9dk6QrA9pjCKbozlHauXICglR6QU85hzMD6dvSh0j4J1Iu2yf2X5tz2%2F9j%2BOPh8VvsyHKUGg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 89c87cda0ac35314-LHR
alt-svc: h3=":443"; ma=86400
DNS

215.133.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.133.67.172.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

21.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.236.111.52.in-addr.arpa

IN PTR

Response
DNS

2.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.173.189.20.in-addr.arpa

IN PTR

Response

37.0.8.235:80

Setup (13).exe

260 B
5
37.0.11.8:80

Setup (13).exe

260 B
5
172.67.133.215:80

http://wfsdragon.ru/api/setStats.php

http

Setup (13).exe

483 B
1.9kB
6
4

HTTP Request

GET http://wfsdragon.ru/api/setStats.php

HTTP Response

404
37.0.10.236:80

Setup (13).exe

260 B
5

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

203.107.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

203.107.17.2.in-addr.arpa
8.8.8.8:53

1.181.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

1.181.190.20.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

wfsdragon.ru

dns

Setup (13).exe

58 B
90 B
1
1

DNS Request

wfsdragon.ru

DNS Response

172.67.133.215

104.21.5.208
8.8.8.8:53

215.133.67.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

215.133.67.172.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

21.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

21.236.111.52.in-addr.arpa
8.8.8.8:53

2.173.189.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.173.189.20.in-addr.arpa

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.