7126b9932dc0cdfe751340edfa7c4a14b69262eb1afd0530e6d1fdb2e25986dd

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16/09/2024, 09:54 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$R9/NsCpuCNMiner64.exe
Size

1.5MB
MD5

eedb9d86ae8abc65fa7ac7c6323d4e8f
SHA1

ce1fbf382e89146ea5a22ae551b68198c45f40e4
SHA256

d0326f0ddce4c00f93682e3a6f55a3125f6387e959e9ed6c5e5584e78e737078
SHA512

9de3390197a02965feed6acdc77a292c0ef160e466fbfc9500fa7de17b0225a935127da71029cb8006bc7a5f4b5457319362b7a7caf4c0bf92174d139ed52ab5
SSDEEP

24576:Mf79KQimeoyEgM8dSGDeCAQ4GYwEkYEDI3BiiVzKJo23bvH5xh8wtDzgClYAdC51:b3EciPG9E/LBVeJo2Vsw57lYAA51

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral10/memory/4844-0-0x00007FF758AE0000-0x00007FF758E8D000-memory.dmp	vmprotect
behavioral10/memory/4844-1-0x00007FF758AE0000-0x00007FF758E8D000-memory.dmp	vmprotect
behavioral10/memory/4844-5-0x00007FF758AE0000-0x00007FF758E8D000-memory.dmp	vmprotect

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4844	NsCpuCNMiner64.exe

C:\Users\Admin\AppData\Local\Temp\$R9\NsCpuCNMiner64.exe
"C:\Users\Admin\AppData\Local\Temp\$R9\NsCpuCNMiner64.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:4844

Network

DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR
DNS

44.56.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

44.56.20.217.in-addr.arpa

IN PTR

Response
DNS

44.56.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

44.56.20.217.in-addr.arpa

IN PTR
DNS

44.56.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

44.56.20.217.in-addr.arpa

IN PTR
DNS

69.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

69.31.126.40.in-addr.arpa

IN PTR

Response
DNS

69.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

69.31.126.40.in-addr.arpa

IN PTR
DNS

154.239.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.239.44.20.in-addr.arpa

IN PTR

Response
DNS

154.239.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.239.44.20.in-addr.arpa

IN PTR
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR
DNS

92.12.20.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

92.12.20.2.in-addr.arpa

IN PTR

Response

92.12.20.2.in-addr.arpa

IN PTR

a2-20-12-92deploystaticakamaitechnologiescom
DNS

240.143.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.143.123.92.in-addr.arpa

IN PTR

Response

240.143.123.92.in-addr.arpa

IN PTR

a92-123-143-240deploystaticakamaitechnologiescom
DNS

25.140.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.140.123.92.in-addr.arpa

IN PTR

Response

25.140.123.92.in-addr.arpa

IN PTR

a92-123-140-25deploystaticakamaitechnologiescom
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

213 B
157 B
3
1

DNS Request

13.86.106.20.in-addr.arpa

DNS Request

13.86.106.20.in-addr.arpa

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

44.56.20.217.in-addr.arpa

dns

213 B
131 B
3
1

DNS Request

44.56.20.217.in-addr.arpa

DNS Request

44.56.20.217.in-addr.arpa

DNS Request

44.56.20.217.in-addr.arpa
8.8.8.8:53

69.31.126.40.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

69.31.126.40.in-addr.arpa

DNS Request

69.31.126.40.in-addr.arpa
8.8.8.8:53

154.239.44.20.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

154.239.44.20.in-addr.arpa

DNS Request

154.239.44.20.in-addr.arpa
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

216 B
158 B
3
1

DNS Request

28.118.140.52.in-addr.arpa

DNS Request

28.118.140.52.in-addr.arpa

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

144 B
146 B
2
1

DNS Request

15.164.165.52.in-addr.arpa

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

92.12.20.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

92.12.20.2.in-addr.arpa
8.8.8.8:53

240.143.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

240.143.123.92.in-addr.arpa
8.8.8.8:53

25.140.123.92.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

25.140.123.92.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4844-0-0x00007FF758AE0000-0x00007FF758E8D000-memory.dmp

Filesize
3.7MB

Download
memory/4844-1-0x00007FF758AE0000-0x00007FF758E8D000-memory.dmp

Filesize
3.7MB

Download
memory/4844-5-0x00007FF758AE0000-0x00007FF758E8D000-memory.dmp

Filesize
3.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.