dfe43dc9f787115a63c74b693855e5638abe2e9c5afc0743d91000db0234939c | Triage

Analysis

max time kernel
95s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 05:56 UTC

Sharing

Report Analysis Logs

General

Target

dfe43dc9f787115a63c74b693855e5638abe2e9c5afc0743d91000db0234939cN.exe
Size

1.3MB
MD5

db38da59bec47769d0d3a8efcd7a3f40
SHA1

e144d074c2d875df5cae1d3d58f398f02095531f
SHA256

dfe43dc9f787115a63c74b693855e5638abe2e9c5afc0743d91000db0234939c
SHA512

21c29eae58cdcfaafb66a0c2a720f6abb88d29e1fab2dd8e78862c48512286af03e212f599f7e96d9810493ce3386c0a3565511997e1483b13e85d9d43774f8c
SSDEEP

12288:Bkz2DWU+Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:Kz2DW/sqjnhMgeiCl7G0nehbGZpbD

Score

1^/10

Malware Config

Signatures

C:\Users\Admin\AppData\Local\Temp\dfe43dc9f787115a63c74b693855e5638abe2e9c5afc0743d91000db0234939cN.exe
"C:\Users\Admin\AppData\Local\Temp\dfe43dc9f787115a63c74b693855e5638abe2e9c5afc0743d91000db0234939cN.exe"
1⤵
PID:3944

Network

DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR

Response

81.144.22.2.in-addr.arpa

IN PTR

a2-22-144-81deploystaticakamaitechnologiescom
DNS

71.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.159.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

29.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.243.111.52.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
8.8.8.8:53

81.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

81.144.22.2.in-addr.arpa
8.8.8.8:53

71.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

71.159.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

29.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

29.243.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3944-0-0x0000000010000000-0x00000000101E6000-memory.dmp

Filesize
1.9MB

Download
memory/3944-1-0x0000000010000000-0x00000000101E6000-memory.dmp

Filesize
1.9MB

Download