Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20240709-en -
resource tags
arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system -
submitted
15/07/2024, 11:41 UTC
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4f7ba3951f4fc51c4c1391fd62a66026c59cdec5b38dd33f4c8a5957944bf6df.dll
Resource
win10v2004-20240709-en
2 signatures
150 seconds
General
-
Target
4f7ba3951f4fc51c4c1391fd62a66026c59cdec5b38dd33f4c8a5957944bf6df.dll
-
Size
123KB
-
MD5
a5a1c3fb6644530db92a25326c4b0976
-
SHA1
d2e4c2b3ca54fdc2d04568db8c76a8108834817a
-
SHA256
4f7ba3951f4fc51c4c1391fd62a66026c59cdec5b38dd33f4c8a5957944bf6df
-
SHA512
e911d96854ef46ffb69866f63cfbf7904302bb38061a623d57be1c3a7adb789fb83270708bcc091008c5dd7af08d69aace2fdfa0a302815836bbe0860611f29e
-
SSDEEP
3072:jOGWOj6RPLGyUlaaeewiaOaSpns9dkd+SIKvXR3PN:jPGPLHOa7qaOxts9dkd+SxvXR3PN
Malware Config
Extracted
Family
strela
C2
45.9.74.32
Attributes
-
url_path
/out.php
-
user_agent
Mozilla/4.0 (compatible)
Signatures
Processes
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Requestself.events.data.microsoft.comIN AResponseself.events.data.microsoft.comIN CNAMEself-events-data.trafficmanager.netself-events-data.trafficmanager.netIN CNAMEonedscolprdaue00.australiaeast.cloudapp.azure.comonedscolprdaue00.australiaeast.cloudapp.azure.comIN A40.79.173.40
No results found