Analysis Overview
SHA256
b023aaf055d9c4ea3bf04da5016b36581e5f267f668a8a9c6ebdf8dcf02d5d8b
Threat Level: Known bad
The file b023aaf055d9c4ea3bf04da5016b36581e5f267f668a8a9c6ebdf8dcf02d5d8b was found to be: Known bad.
Malicious Activity Summary
Detect Ducktail Third Stage Payload
Ducktail family
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-07-11 01:31
Signatures
Detect Ducktail Third Stage Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Ducktail family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-11 01:30
Reported
2024-07-11 01:34
Platform
win10v2004-20240709-en
Max time kernel
91s
Max time network
153s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\b023aaf055d9c4ea3bf04da5016b36581e5f267f668a8a9c6ebdf8dcf02d5d8b.exe
"C:\Users\Admin\AppData\Local\Temp\b023aaf055d9c4ea3bf04da5016b36581e5f267f668a8a9c6ebdf8dcf02d5d8b.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| IE | 52.111.236.22:443 | tcp | |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
memory/3896-1-0x0000000180000000-0x0000000180A25000-memory.dmp
memory/3896-3-0x00007FF72F56E000-0x00007FF72F56F000-memory.dmp
memory/3896-4-0x00000185E19F0000-0x00000185E26A1000-memory.dmp
memory/3896-10-0x00000185E0E00000-0x00000185E0EC1000-memory.dmp
memory/3896-7-0x00000185C0230000-0x00000185C0242000-memory.dmp
memory/3896-16-0x00000185C0260000-0x00000185C0280000-memory.dmp
memory/3896-13-0x00000185BE950000-0x00000185BE95D000-memory.dmp
memory/3896-34-0x00000185E0FE0000-0x00000185E10DE000-memory.dmp
memory/3896-43-0x00000185E11A0000-0x00000185E1255000-memory.dmp
memory/3896-40-0x00000185E0DE0000-0x00000185E0DEA000-memory.dmp
memory/3896-31-0x00000185E0CE0000-0x00000185E0D20000-memory.dmp
memory/3896-28-0x00000185E0D30000-0x00000185E0D51000-memory.dmp
memory/3896-22-0x00000185E0CC0000-0x00000185E0CD3000-memory.dmp
memory/3896-19-0x00000185E0CA0000-0x00000185E0CB8000-memory.dmp
memory/3896-37-0x00000185E0C80000-0x00000185E0C87000-memory.dmp
memory/3896-46-0x00000185E19A0000-0x00000185E19CA000-memory.dmp
memory/3896-49-0x00000185E1140000-0x00000185E1145000-memory.dmp
memory/3896-52-0x00000185E1150000-0x00000185E116D000-memory.dmp
memory/3896-55-0x00000185E19D0000-0x00000185E19E6000-memory.dmp
memory/3896-58-0x00000185E8340000-0x00000185E83C3000-memory.dmp
memory/3896-61-0x00000185E82F0000-0x00000185E832E000-memory.dmp
memory/3896-64-0x00000185E1190000-0x00000185E1199000-memory.dmp
memory/3896-67-0x00000185E2CD0000-0x00000185E2CE6000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-11 01:30
Reported
2024-07-11 01:34
Platform
win7-20240704-en
Max time kernel
119s
Max time network
126s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\b023aaf055d9c4ea3bf04da5016b36581e5f267f668a8a9c6ebdf8dcf02d5d8b.exe
"C:\Users\Admin\AppData\Local\Temp\b023aaf055d9c4ea3bf04da5016b36581e5f267f668a8a9c6ebdf8dcf02d5d8b.exe"
Network
Files
memory/2052-0-0x0000000180000000-0x0000000180A25000-memory.dmp
memory/2052-3-0x000000014046E000-0x000000014046F000-memory.dmp
memory/2052-10-0x0000000002B70000-0x0000000002C31000-memory.dmp
memory/2052-7-0x0000000001D50000-0x0000000001D62000-memory.dmp
memory/2052-4-0x0000000004300000-0x0000000004FB1000-memory.dmp
memory/2052-43-0x0000000003700000-0x00000000037B5000-memory.dmp
memory/2052-40-0x0000000001DC0000-0x0000000001DCA000-memory.dmp
memory/2052-37-0x0000000000660000-0x0000000000667000-memory.dmp
memory/2052-34-0x0000000002230000-0x000000000232E000-memory.dmp
memory/2052-31-0x00000000021F0000-0x0000000002230000-memory.dmp
memory/2052-28-0x0000000002060000-0x0000000002081000-memory.dmp
memory/2052-22-0x0000000001D90000-0x0000000001DA3000-memory.dmp
memory/2052-19-0x0000000000680000-0x0000000000698000-memory.dmp
memory/2052-16-0x0000000001D70000-0x0000000001D90000-memory.dmp
memory/2052-13-0x00000000003A0000-0x00000000003AD000-memory.dmp
memory/2052-46-0x0000000002960000-0x000000000298A000-memory.dmp
memory/2052-49-0x00000000021D0000-0x00000000021D5000-memory.dmp
memory/2052-52-0x00000000029C0000-0x00000000029DD000-memory.dmp
memory/2052-55-0x0000000002FF0000-0x0000000003006000-memory.dmp
memory/2052-58-0x0000000003640000-0x00000000036C3000-memory.dmp
memory/2052-61-0x0000000003050000-0x000000000308E000-memory.dmp
memory/2052-64-0x00000000029E0000-0x00000000029E9000-memory.dmp
memory/2052-67-0x00000000030B0000-0x00000000030C6000-memory.dmp