94c7cf630ea81de4dbb4db3b031b96a90afc2ae1f3da6d329910e4fc1a51629c | Triage

Resubmissions

02/08/2024, 14:19 UTC

240802-rnce8sscne 3

02/08/2024, 14:17 UTC

240802-rl7hlasclb 7

Analysis

max time kernel
93s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 14:17 UTC

Sharing

Report Analysis Logs

General

Target

rmclient/rilproxy.dll
Size

57KB
MD5

70e5e88231068a5053aeaa4e1d952f9f
SHA1

b1be0d3ec94d1f993b6d19d68f90c387cb026799
SHA256

8fbf5ecb938268d5df468d723bff8ff9ec6a17fbee04c8847e889a027190a2f9
SHA512

a2aaee081fdfbb3d515dee30e92cdeeaef8551acc3673618421da5acc99e79199bd4d1fb85e480cd25fc9f008624c2a3d21bde84952022b329190e474c6b94db
SSDEEP

768:5SeTJsDf+jk12Q1BnZxLFeX3ofC+Z0GGaDCbv/GaKPv6h8B51iWwGrEc/00vbf8a:3bqxFeX3o5kiv88g7GrEc/00vbf8Y+k

Score

1^/10

Malware Config

Signatures

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\rmclient\rilproxy.dll,#1
1⤵
PID:744

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

85.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

85.177.190.20.in-addr.arpa

IN PTR

Response
DNS

45.19.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

45.19.74.20.in-addr.arpa

IN PTR

Response
DNS

45.19.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

45.19.74.20.in-addr.arpa

IN PTR
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

198 B
90 B
3
1

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

85.177.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

85.177.190.20.in-addr.arpa
8.8.8.8:53

45.19.74.20.in-addr.arpa

dns

140 B
156 B
2
1

DNS Request

45.19.74.20.in-addr.arpa

DNS Request

45.19.74.20.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

219 B
144 B
3
1

DNS Request

240.221.184.93.in-addr.arpa

DNS Request

240.221.184.93.in-addr.arpa

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads