Analysis

  • max time kernel
    150s
  • max time network
    280s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12-07-2024 17:11

General

  • Target

    bin/Ace/ace/worker-php.js

  • Size

    129KB

  • MD5

    252f17e9eb1657bc463d30b59714c5a7

  • SHA1

    694751478a81ee36445f6b4e06bb1e2be04130a6

  • SHA256

    dc63a37b79c60d6d7ccfe64dcd382c85a6e5aad2fd892160edc269ade901eb0c

  • SHA512

    2cde0dd6d8c81452dfc7953a3bbc823f864f381aeacf66bd10bf6942363d440a7e036602b43d0b1d169e6d8cd9be4d27426bf19e38ccbc341928dad3d9303caf

  • SSDEEP

    1536:PlrIAGxV2XzMwE4ej4elY4Reualc06Apfyc332MHomQ+ooooolllllp:PXXzz5rel9Rsv68oooo2

Score
3/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\bin\Ace\ace\worker-php.js
    1⤵
      PID:4552

    Network

    • flag-us
      DNS
      134.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      134.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      20.58.20.217.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      20.58.20.217.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      ocsp.digicert.com
      Remote address:
      8.8.8.8:53
      Request
      ocsp.digicert.com
      IN A
      Response
      ocsp.digicert.com
      IN CNAME
      ocsp.edge.digicert.com
      ocsp.edge.digicert.com
      IN CNAME
      fp2e7a.wpc.2be4.phicdn.net
      fp2e7a.wpc.2be4.phicdn.net
      IN CNAME
      fp2e7a.wpc.phicdn.net
      fp2e7a.wpc.phicdn.net
      IN A
      192.229.221.95
    • flag-us
      DNS
      10.27.171.150.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      10.27.171.150.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
      iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
      IN A
      20.223.36.55
    • flag-us
      DNS
      ctldl.windowsupdate.com
      Remote address:
      8.8.8.8:53
      Request
      ctldl.windowsupdate.com
      IN A
      Response
      ctldl.windowsupdate.com
      IN CNAME
      ctldl.windowsupdate.com.delivery.microsoft.com
      ctldl.windowsupdate.com.delivery.microsoft.com
      IN CNAME
      wu-b-net.trafficmanager.net
      wu-b-net.trafficmanager.net
      IN CNAME
      bg.microsoft.map.fastly.net
      bg.microsoft.map.fastly.net
      IN A
      199.232.214.172
      bg.microsoft.map.fastly.net
      IN A
      199.232.210.172
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
      iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
      IN A
      20.223.35.26
    • flag-us
      DNS
      nexusrules.officeapps.live.com
      Remote address:
      8.8.8.8:53
      Request
      nexusrules.officeapps.live.com
      IN A
      Response
      nexusrules.officeapps.live.com
      IN CNAME
      prod.nexusrules.live.com.akadns.net
      prod.nexusrules.live.com.akadns.net
      IN A
      52.111.227.11
    • flag-us
      DNS
      self.events.data.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      self.events.data.microsoft.com
      IN A
      Response
      self.events.data.microsoft.com
      IN CNAME
      self-events-data.trafficmanager.net
      self-events-data.trafficmanager.net
      IN CNAME
      onedscolprdwus14.westus.cloudapp.azure.com
      onedscolprdwus14.westus.cloudapp.azure.com
      IN A
      20.189.173.15
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls
      126.1kB
      3.7MB
      2668
      2663
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls
      1.6kB
      7.2kB
      17
      15
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls
      1.6kB
      7.2kB
      17
      15
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls
      1.6kB
      7.2kB
      17
      15
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls
      1.6kB
      7.2kB
      17
      15
    • 8.8.8.8:53
      134.32.126.40.in-addr.arpa
      dns
      613 B
      1.5kB
      9
      9

      DNS Request

      134.32.126.40.in-addr.arpa

      DNS Request

      20.58.20.217.in-addr.arpa

      DNS Request

      ocsp.digicert.com

      DNS Response

      192.229.221.95

      DNS Request

      10.27.171.150.in-addr.arpa

      DNS Request

      arc.msn.com

      DNS Response

      20.223.36.55

      DNS Request

      ctldl.windowsupdate.com

      DNS Response

      199.232.214.172
      199.232.210.172

      DNS Request

      arc.msn.com

      DNS Response

      20.223.35.26

      DNS Request

      nexusrules.officeapps.live.com

      DNS Response

      52.111.227.11

      DNS Request

      self.events.data.microsoft.com

      DNS Response

      20.189.173.15

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.