Overview

overview

3

Static

static

3

ImageMap-cmd.exe

windows7-x64

1

ImageMap-cmd.exe

windows10-2004-x64

1

ImageMap.exe

windows7-x64

3

ImageMap.exe

windows10-2004-x64

1

leveldb.dll

windows7-x64

1

leveldb.dll

windows10-2004-x64

1

leveldb_mc...32.dll

windows7-x64

3

leveldb_mc...32.dll

windows10-2004-x64

3

leveldb_mc...64.dll

windows7-x64

1

leveldb_mc...64.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/08/2024, 17:38 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    leveldb.dll

  • Size

    385KB

  • MD5

    606378bbc6ed8f1038a4bcac411b99e5

  • SHA1

    edeb97710788dfaff5e415917ad7b7f762d2fd79

  • SHA256

    853939baf1391a7a73d3ec6fd0ee8b36e2ef200ea1a8aa70090a83944e5ddac2

  • SHA512

    80fbd6d94b1e1b718f95b80974013999402d94b6a7da259954bb23a4e111f61b9c59ec76a59716bbf0da429a6e1e2825371064f11afd19fcc33787d324454ad4

  • SSDEEP

    6144:I0QdQjA4JpvdnnF8NXuF3PQ7FZnajqpWSq:s4JpvVeSQ7MqpS

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\leveldb.dll,#1
    1⤵
      PID:3620

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      69.31.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      69.31.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=6913328f5deb4582a3fd668245157386&localId=w:568930E6-1262-9E23-EB49-CE8A389C3C60&deviceId=6966569430359306&anid=
      Remote address:
      13.107.21.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=6913328f5deb4582a3fd668245157386&localId=w:568930E6-1262-9E23-EB49-CE8A389C3C60&deviceId=6966569430359306&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=0681F1C89DA46C6512A1E5079C1F6D43; domain=.bing.com; expires=Wed, 27-Aug-2025 17:39:02 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 8086A9DA5BB3456FACD793EC06B5C3CC Ref B: LON04EDGE0921 Ref C: 2024-08-02T17:39:00Z
      date: Fri, 02 Aug 2024 17:39:00 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=6913328f5deb4582a3fd668245157386&localId=w:568930E6-1262-9E23-EB49-CE8A389C3C60&deviceId=6966569430359306&anid=
      Remote address:
      13.107.21.237:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=6913328f5deb4582a3fd668245157386&localId=w:568930E6-1262-9E23-EB49-CE8A389C3C60&deviceId=6966569430359306&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0681F1C89DA46C6512A1E5079C1F6D43
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=y3khmVlz0GFdzyXX_VGYSyClMZ46EczDBDX-R57ZOak; domain=.bing.com; expires=Wed, 27-Aug-2025 17:39:02 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 0567E82601E941939950B52FEC076EAA Ref B: LON04EDGE0921 Ref C: 2024-08-02T17:39:00Z
      date: Fri, 02 Aug 2024 17:39:00 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=6913328f5deb4582a3fd668245157386&localId=w:568930E6-1262-9E23-EB49-CE8A389C3C60&deviceId=6966569430359306&anid=
      Remote address:
      13.107.21.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=6913328f5deb4582a3fd668245157386&localId=w:568930E6-1262-9E23-EB49-CE8A389C3C60&deviceId=6966569430359306&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0681F1C89DA46C6512A1E5079C1F6D43; MSPTC=y3khmVlz0GFdzyXX_VGYSyClMZ46EczDBDX-R57ZOak
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: ED94C816A365435C977CE8E3AA99F73D Ref B: LON04EDGE0921 Ref C: 2024-08-02T17:39:00Z
      date: Fri, 02 Aug 2024 17:39:00 GMT
    • flag-us
      DNS
      57.169.31.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.169.31.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      237.21.107.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.21.107.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      237.21.107.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.21.107.13.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      25.140.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      25.140.123.92.in-addr.arpa
      IN PTR
      Response
      25.140.123.92.in-addr.arpa
      IN PTR
      a92-123-140-25deploystaticakamaitechnologiescom
    • flag-us
      DNS
      25.140.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      25.140.123.92.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      25.140.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      25.140.123.92.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      48.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      48.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      48.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      48.229.111.52.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      48.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      48.229.111.52.in-addr.arpa
      IN PTR
    • 13.107.21.237:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=6913328f5deb4582a3fd668245157386&localId=w:568930E6-1262-9E23-EB49-CE8A389C3C60&deviceId=6966569430359306&anid=
      tls, http2
      2.0kB
       9.3kB
       21
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=6913328f5deb4582a3fd668245157386&localId=w:568930E6-1262-9E23-EB49-CE8A389C3C60&deviceId=6966569430359306&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=6913328f5deb4582a3fd668245157386&localId=w:568930E6-1262-9E23-EB49-CE8A389C3C60&deviceId=6966569430359306&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=6913328f5deb4582a3fd668245157386&localId=w:568930E6-1262-9E23-EB49-CE8A389C3C60&deviceId=6966569430359306&anid=

      HTTP Response

      204
    • 8.8.8.8:53
      g.bing.com
      dns
      112 B
       151 B
       2
      1

      DNS Request

      g.bing.com

      DNS Request

      g.bing.com

      DNS Response

      13.107.21.237
      204.79.197.237

    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      69.31.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      69.31.126.40.in-addr.arpa

    • 8.8.8.8:53
      57.169.31.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      57.169.31.20.in-addr.arpa

    • 8.8.8.8:53
      237.21.107.13.in-addr.arpa
      dns
      144 B
       158 B
       2
      1

      DNS Request

      237.21.107.13.in-addr.arpa

      DNS Request

      237.21.107.13.in-addr.arpa

    • 8.8.8.8:53
      25.140.123.92.in-addr.arpa
      dns
      216 B
       137 B
       3
      1

      DNS Request

      25.140.123.92.in-addr.arpa

      DNS Request

      25.140.123.92.in-addr.arpa

      DNS Request

      25.140.123.92.in-addr.arpa

    • 8.8.8.8:53
      48.229.111.52.in-addr.arpa
      dns
      216 B
       158 B
       3
      1

      DNS Request

      48.229.111.52.in-addr.arpa

      DNS Request

      48.229.111.52.in-addr.arpa

      DNS Request

      48.229.111.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.