Static

static

10

testx2-mai...64.sys

windows7-x64

1

testx2-mai...64.sys

windows10-2004-x64

1

testx2-mai...1).exe

windows7-x64

1

testx2-mai...1).exe

windows10-2004-x64

1

testx2-mai...0).exe

windows7-x64

1

testx2-mai...0).exe

windows10-2004-x64

1

testx2-mai...1).exe

windows7-x64

1

testx2-mai...1).exe

windows10-2004-x64

1

testx2-mai...2).exe

windows7-x64

1

testx2-mai...2).exe

windows10-2004-x64

1

testx2-mai...3).exe

windows7-x64

1

testx2-mai...3).exe

windows10-2004-x64

1

testx2-mai...4).exe

windows7-x64

1

testx2-mai...4).exe

 

testx2-mai...5).exe

 

testx2-mai...5).exe

 

testx2-mai...6).exe

 

testx2-mai...6).exe

 

testx2-mai...7).exe

 

testx2-mai...7).exe

 

testx2-mai...8).exe

 

testx2-mai...8).exe

 

testx2-mai...9).exe

 

testx2-mai...9).exe

 

testx2-mai...2).exe

 

testx2-mai...2).exe

 

testx2-mai...0).exe

 

testx2-mai...0).exe

 

testx2-mai...1).exe

 

testx2-mai...1).exe

 

testx2-mai...2).exe

 

testx2-mai...2).exe

 

Analysis

  • max time kernel
    134s
  • max time network
    266s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/07/2024, 22:02 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    testx2-main/WinRing0x64.sys

  • Size

    14KB

  • MD5

    0c0195c48b6b8582fa6f6373032118da

  • SHA1

    d25340ae8e92a6d29f599fef426a2bc1b5217299

  • SHA256

    11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5

  • SHA512

    ab28e99659f219fec553155a0810de90f0c5b07dc9b66bda86d7686499fb0ec5fddeb7cd7a3c5b77dccb5e865f2715c2d81f4d40df4431c92ac7860c7e01720d

  • SSDEEP

    192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\testx2-main\WinRing0x64.sys
    1⤵
      PID:3928
      • C:\Users\Admin\AppData\Local\Temp\testx2-main\WinRing0x64.sys
        C:\Users\Admin\AppData\Local\Temp\testx2-main\WinRing0x64.sys
        2⤵
          PID:5100

      Network

      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.dual-a-0034.a-msedge.net
        g-bing-com.dual-a-0034.a-msedge.net
        IN CNAME
        dual-a-0034.a-msedge.net
        dual-a-0034.a-msedge.net
        IN A
        13.107.21.237
        dual-a-0034.a-msedge.net
        IN A
        204.79.197.237
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e4792c5307f545ebb27152c3f249f5d2&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=
        Remote address:
        13.107.21.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e4792c5307f545ebb27152c3f249f5d2&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=0CD7910F813661D733A485B9808D607C; domain=.bing.com; expires=Sat, 02-Aug-2025 22:03:51 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 7F690056BA884227B97FB69658575A6E Ref B: LON04EDGE0917 Ref C: 2024-07-08T22:03:51Z
        date: Mon, 08 Jul 2024 22:03:51 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e4792c5307f545ebb27152c3f249f5d2&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=
        Remote address:
        13.107.21.237:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e4792c5307f545ebb27152c3f249f5d2&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=0CD7910F813661D733A485B9808D607C
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=Z5cO6xi8uQ9exOjKnq3I29ZetLJadsR7gKzF0DBZiuI; domain=.bing.com; expires=Sat, 02-Aug-2025 22:03:51 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 2EE4BFC44D3B4CF4A4D466E824D56209 Ref B: LON04EDGE0917 Ref C: 2024-07-08T22:03:51Z
        date: Mon, 08 Jul 2024 22:03:51 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e4792c5307f545ebb27152c3f249f5d2&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=
        Remote address:
        13.107.21.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e4792c5307f545ebb27152c3f249f5d2&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=0CD7910F813661D733A485B9808D607C; MSPTC=Z5cO6xi8uQ9exOjKnq3I29ZetLJadsR7gKzF0DBZiuI
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 599345808B18459898B33979A0D2582C Ref B: LON04EDGE0917 Ref C: 2024-07-08T22:03:51Z
        date: Mon, 08 Jul 2024 22:03:51 GMT
      • flag-us
        DNS
        73.31.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        73.31.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        8.8.8.8.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        8.8.8.8.in-addr.arpa
        IN PTR
        Response
        8.8.8.8.in-addr.arpa
        IN PTR
        dnsgoogle
      • flag-us
        DNS
        237.21.107.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        237.21.107.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        55.36.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        55.36.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        100.58.20.217.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        100.58.20.217.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        26.165.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.165.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        15.164.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        15.164.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        0.204.248.87.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        0.204.248.87.in-addr.arpa
        IN PTR
        Response
        0.204.248.87.in-addr.arpa
        IN PTR
        https-87-248-204-0lhrllnwnet
      • flag-us
        DNS
        22.210.23.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        22.210.23.2.in-addr.arpa
        IN PTR
        Response
        22.210.23.2.in-addr.arpa
        IN PTR
        a2-23-210-22deploystaticakamaitechnologiescom
      • flag-us
        DNS
        13.227.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        13.227.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        105.246.116.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        105.246.116.51.in-addr.arpa
        IN PTR
        Response
      • 13.107.21.237:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e4792c5307f545ebb27152c3f249f5d2&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=
        tls, http2
        2.0kB
         9.3kB
         22
        19

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e4792c5307f545ebb27152c3f249f5d2&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e4792c5307f545ebb27152c3f249f5d2&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e4792c5307f545ebb27152c3f249f5d2&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=

        HTTP Response

        204
      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         151 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        13.107.21.237
        204.79.197.237

      • 8.8.8.8:53
        73.31.126.40.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        73.31.126.40.in-addr.arpa

      • 8.8.8.8:53
        8.8.8.8.in-addr.arpa
        dns
        66 B
         90 B
         1
        1

        DNS Request

        8.8.8.8.in-addr.arpa

      • 8.8.8.8:53
        237.21.107.13.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        237.21.107.13.in-addr.arpa

      • 8.8.8.8:53
        55.36.223.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        55.36.223.20.in-addr.arpa

      • 8.8.8.8:53
        100.58.20.217.in-addr.arpa
        dns
        72 B
         132 B
         1
        1

        DNS Request

        100.58.20.217.in-addr.arpa

      • 8.8.8.8:53
        26.165.165.52.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        26.165.165.52.in-addr.arpa

      • 8.8.8.8:53
        15.164.165.52.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        15.164.165.52.in-addr.arpa

      • 8.8.8.8:53
        0.204.248.87.in-addr.arpa
        dns
        71 B
         116 B
         1
        1

        DNS Request

        0.204.248.87.in-addr.arpa

      • 8.8.8.8:53
        22.210.23.2.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        22.210.23.2.in-addr.arpa

      • 8.8.8.8:53
        13.227.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        13.227.111.52.in-addr.arpa

      • 8.8.8.8:53
        105.246.116.51.in-addr.arpa
        dns
        73 B
         159 B
         1
        1

        DNS Request

        105.246.116.51.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/5100-0-0x0000000000010000-0x0000000000017000-memory.dmp

        Filesize

        28KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.