Analysis

  • max time kernel
    1465s
  • max time network
    1475s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18-07-2024 12:21

General

  • Target

    lago_addon_resourcepack/textures/blocks/bottom_blue.png

  • Size

    4KB

  • MD5

    036c160586bcf9f926a36bfeb8c33291

  • SHA1

    15da07c7adf6313d7f725e73cbcefeee309d7340

  • SHA256

    5661d1e42850b772f4debe310b72dec8b643db71e69ef89174c18ed8a29982c1

  • SHA512

    260505dd3721194da305d7aebc7c8a74f9bc6743d11e87645acd5cab86da85f0bfaaa795813af0c33369ec66cc5d531b8b257b5e6605faf8e1552d70e931596e

  • SSDEEP

    96:+iAHo97gNCWchhNjRVRHbL/OY92s1bDpx75ogvdqa:jAHS7gMhhN9HbLf2s1bdx7Wa

Score
3/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\lago_addon_resourcepack\textures\blocks\bottom_blue.png
    1⤵
      PID:4316

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      self.events.data.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      self.events.data.microsoft.com
      IN A
      Response
      self.events.data.microsoft.com
      IN CNAME
      self-events-data.trafficmanager.net
      self-events-data.trafficmanager.net
      IN CNAME
      onedscolprdeus00.eastus.cloudapp.azure.com
      onedscolprdeus00.eastus.cloudapp.azure.com
      IN A
      20.42.72.131
    • flag-us
      DNS
      ctldl.windowsupdate.com
      Remote address:
      8.8.8.8:53
      Request
      ctldl.windowsupdate.com
      IN A
      Response
      ctldl.windowsupdate.com
      IN CNAME
      ctldl.windowsupdate.com.delivery.microsoft.com
      ctldl.windowsupdate.com.delivery.microsoft.com
      IN CNAME
      wu-b-net.trafficmanager.net
      wu-b-net.trafficmanager.net
      IN CNAME
      wu.azureedge.net
      wu.azureedge.net
      IN CNAME
      wu.ec.azureedge.net
      wu.ec.azureedge.net
      IN CNAME
      bg.apr-52dd2-0503.edgecastdns.net
      bg.apr-52dd2-0503.edgecastdns.net
      IN CNAME
      hlb.apr-52dd2-0.edgecastdns.net
      hlb.apr-52dd2-0.edgecastdns.net
      IN CNAME
      cs11.wpc.v0cdn.net
      cs11.wpc.v0cdn.net
      IN A
      93.184.221.240
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com
      iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com
      IN A
      20.199.58.43
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      ris.api.iris.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      ris.api.iris.microsoft.com
      IN A
      Response
      ris.api.iris.microsoft.com
      IN CNAME
      ris-prod.trafficmanager.net
      ris-prod.trafficmanager.net
      IN CNAME
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      IN A
      20.234.120.54
    • flag-us
      DNS
      88.156.103.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.156.103.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      54.120.234.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      54.120.234.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      10.28.171.150.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      10.28.171.150.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com
      iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com
      IN A
      20.199.58.43
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls
      2.2kB
      7.3kB
      20
      15
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls
      2.3kB
      7.9kB
      21
      16
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls
      2.3kB
      7.4kB
      21
      16
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls
      2.3kB
      7.9kB
      21
      16
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls
      150.9kB
      4.3MB
      3167
      3155
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      871 B
      1.9kB
      13
      11

      DNS Request

      8.8.8.8.in-addr.arpa

      DNS Request

      self.events.data.microsoft.com

      DNS Response

      20.42.72.131

      DNS Request

      ctldl.windowsupdate.com

      DNS Response

      93.184.221.240

      DNS Request

      240.221.184.93.in-addr.arpa

      DNS Request

      arc.msn.com

      DNS Response

      20.199.58.43

      DNS Request

      43.58.199.20.in-addr.arpa

      DNS Request

      ris.api.iris.microsoft.com

      DNS Response

      20.234.120.54

      DNS Request

      88.156.103.20.in-addr.arpa

      DNS Request

      54.120.234.20.in-addr.arpa

      DNS Request

      10.28.171.150.in-addr.arpa

      DNS Request

      arc.msn.com

      DNS Request

      arc.msn.com

      DNS Request

      arc.msn.com

      DNS Response

      20.199.58.43

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      124 B
      170 B
      2
      1

      DNS Request

      tse1.mm.bing.net

      DNS Request

      tse1.mm.bing.net

      DNS Response

      150.171.28.10
      150.171.27.10

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.