3c72f2851f20fee1e57a73226a2d4a54d88f55fbcaa817bac22eaf01cb79c8de | Triage

Analysis

max time kernel
93s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 08:55 UTC

Sharing

Report Analysis Logs

General

Target

firewall.sys
Size

2KB
MD5

5779f099684ddf70a0c63e21b498ad34
SHA1

9cc8f0be4d8e3ed1ab1ef4256f1e77c53fcd2013
SHA256

1b6f32ee6b1e66a1c1804e0dc08a76340d7c38ff366e9170b2eac97466794506
SHA512

fa8c8b6085cac2070f004ebdc1f9a8dc02d27bcd53ec95b3e76e36cd9675b279cb36708a04eb3dfcc34a83e9cf8eb666cda8cbadc04bd8c2f9a8f239571fd064

Score

1^/10

Malware Config

Signatures

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\firewall.sys
1⤵
PID:3892
- C:\Users\Admin\AppData\Local\Temp\firewall.sys
  C:\Users\Admin\AppData\Local\Temp\firewall.sys
  2⤵
  PID:4884

Network

DNS

73.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.144.22.2.in-addr.arpa

IN PTR

Response

73.144.22.2.in-addr.arpa

IN PTR

a2-22-144-73deploystaticakamaitechnologiescom
DNS

4.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.159.190.20.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

24.58.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

24.58.20.217.in-addr.arpa

IN PTR

Response
DNS

98.58.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.58.20.217.in-addr.arpa

IN PTR

Response
DNS

21.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.236.111.52.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

73.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

73.144.22.2.in-addr.arpa
8.8.8.8:53

4.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

4.159.190.20.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

24.58.20.217.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

24.58.20.217.in-addr.arpa
8.8.8.8:53

98.58.20.217.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

98.58.20.217.in-addr.arpa
8.8.8.8:53

21.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

21.236.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads