Analysis

  • max time kernel
    136s
  • max time network
    158s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14-07-2024 18:46

General

  • Target

    IDA Pro 8.3 (x86, x86_64)/ida64.exe

  • Size

    4.0MB

  • MD5

    23fe02467fb05b85cc78bcaaf1b015da

  • SHA1

    79399bce20c07e0845197f4b5ef3d2a2d780ef6a

  • SHA256

    c695b8de0b3cb3b152890625ec3e0495bad2cd1b257c89de3169b35e3d67b44c

  • SHA512

    cb38da2a0366c73ddcac2a7024d302b80ecb36e5d4dea4a161e468e989e94b8db31cef8326a6a4837a7e3ff59808bd90829311431007aa93b5a521490a1b1c63

  • SSDEEP

    49152:3JSx9rKN/uUVPb4QpuLuv9C1nq7IqqvAkuvnb6wPxLIfFvnP9bCxK/kLC/XIB9C:3Qx9asSFClEZlT5a8LaIBAazGXMZ8G

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3 (x86, x86_64)\ida64.exe
    "C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3 (x86, x86_64)\ida64.exe"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:344
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004CC
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1544

Network

  • flag-us
    DNS
    130.211.222.173.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    130.211.222.173.in-addr.arpa
    IN PTR
    Response
    130.211.222.173.in-addr.arpa
    IN PTR
    a173-222-211-130deploystaticakamaitechnologiescom
No results found
  • 8.8.8.8:53
    130.211.222.173.in-addr.arpa
    dns
    74 B
    141 B
    1
    1

    DNS Request

    130.211.222.173.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/344-0-0x00007FF6A80E0000-0x00007FF6A84E2000-memory.dmp

    Filesize

    4.0MB

  • memory/344-1-0x00007FFFC73E0000-0x00007FFFC7938000-memory.dmp

    Filesize

    5.3MB

  • memory/344-2-0x000001DDF97B0000-0x000001DDF97C0000-memory.dmp

    Filesize

    64KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.