Overview

overview

3

Static

static

3

Pulsive (1).exe

windows11-21h2-x64

1

Resubmissions

24/08/2024, 12:18 UTC

240824-pgr61azbkd 3

24/08/2024, 12:14 UTC

240824-peeg5a1elm 3

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    24/08/2024, 12:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Pulsive (1).exe

  • Size

    36.4MB

  • MD5

    1e8bbb642f09d8dfdffb8f15a28e2c94

  • SHA1

    c54cfc144cc96144356b805143ec14c51ad3c74d

  • SHA256

    c9c6ef4428c1045a2364b3b479a60d5ccdaf1fecb6618bcefffc924461d20984

  • SHA512

    093c0e43aefedbe0e225fff5a027c95404013c62b07f480dfbb7ef70b3fcfd06c4868e7188386ff22577e75557dc3a485a63c731732d583c898f984f56f27d6c

  • SSDEEP

    393216:f1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYf3:fMguj8Q4VfviqFTrYH

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\Pulsive (1).exe
    "C:\Users\Admin\AppData\Local\Temp\Pulsive (1).exe"
    1⤵
      PID:1760

    Network

    • flag-fi
      POST
      http://37.27.114.136:25345/auth
      Pulsive (1).exe
      Remote address:
      37.27.114.136:25345
      Request
      POST /auth HTTP/1.1
      Accept: application/json, text/plain, */*
      Content-Type: application/json
      User-Agent: axios/0.23.0
      Content-Length: 55
      Host: 37.27.114.136:25345
      Connection: close
      Response
      HTTP/1.1 200 OK
      X-Powered-By: Express
      Content-Type: application/json; charset=utf-8
      Content-Length: 28
      ETag: W/"1c-A3DQYGUUvV2rTs98SJfT/lRFy5o"
      Date: Sat, 24 Aug 2024 12:20:58 GMT
      Connection: close
    • flag-us
      DNS
      136.114.27.37.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      136.114.27.37.in-addr.arpa
      IN PTR
      Response
      136.114.27.37.in-addr.arpa
      IN PTR
      huguitisnodeshost
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      nexusrules.officeapps.live.com
      Remote address:
      8.8.8.8:53
      Request
      nexusrules.officeapps.live.com
      IN A
      Response
      nexusrules.officeapps.live.com
      IN CNAME
      prod.nexusrules.live.com.akadns.net
      prod.nexusrules.live.com.akadns.net
      IN A
      52.111.229.43
    • flag-us
      DNS
      43.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      self.events.data.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      self.events.data.microsoft.com
      IN A
      Response
      self.events.data.microsoft.com
      IN CNAME
      self-events-data.trafficmanager.net
      self-events-data.trafficmanager.net
      IN CNAME
      onedscolprdwus03.westus.cloudapp.azure.com
      onedscolprdwus03.westus.cloudapp.azure.com
      IN A
      20.189.173.4
    • flag-us
      DNS
      4.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      4.173.189.20.in-addr.arpa
      IN PTR
      Response
    • flag-fi
      POST
      http://37.27.114.136:25345/auth
      Pulsive (1).exe
      Remote address:
      37.27.114.136:25345
      Request
      POST /auth HTTP/1.1
      Accept: application/json, text/plain, */*
      Content-Type: application/json
      User-Agent: axios/0.23.0
      Content-Length: 55
      Host: 37.27.114.136:25345
      Connection: close
      Response
      HTTP/1.1 200 OK
      X-Powered-By: Express
      Content-Type: application/json; charset=utf-8
      Content-Length: 28
      ETag: W/"1c-A3DQYGUUvV2rTs98SJfT/lRFy5o"
      Date: Sat, 24 Aug 2024 12:21:37 GMT
      Connection: close
    • 37.27.114.136:25345
      http://37.27.114.136:25345/auth
      http
      Pulsive (1).exe
      475 B
       447 B
       5
      5

      HTTP Request

      POST http://37.27.114.136:25345/auth

      HTTP Response

      200
    • 37.27.114.136:25345
      http://37.27.114.136:25345/auth
      http
      Pulsive (1).exe
      475 B
       447 B
       5
      5

      HTTP Request

      POST http://37.27.114.136:25345/auth

      HTTP Response

      200
    • 8.8.8.8:53
      136.114.27.37.in-addr.arpa
      dns
      433 B
       844 B
       6
      6

      DNS Request

      136.114.27.37.in-addr.arpa

      DNS Request

      8.8.8.8.in-addr.arpa

      DNS Request

      nexusrules.officeapps.live.com

      DNS Response

      52.111.229.43

      DNS Request

      43.229.111.52.in-addr.arpa

      DNS Request

      self.events.data.microsoft.com

      DNS Response

      20.189.173.4

      DNS Request

      4.173.189.20.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.