Overview

overview

7

Static

static

3

156f835cdc...d0.exe

windows7-x64

7

156f835cdc...d0.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    95s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/09/2024, 19:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    156f835cdcecb04374f8afb79a9ae624f544b6c1185a664f21493003774165d0.exe

  • Size

    468KB

  • MD5

    6799c3225cb836b2e0e63efbd9273ce8

  • SHA1

    1a6ade64f8b63ddcaab71777ee74f3ef4d015fa4

  • SHA256

    156f835cdcecb04374f8afb79a9ae624f544b6c1185a664f21493003774165d0

  • SHA512

    666ff3c81c0c6a535fe5b656434112cb81b02fe58a3ca543ca1046cc8a23970b6a9ce82d5ab91d65e4a9414d0ec2f7f573bf27bfc2b29b67f5cf31790b371c12

  • SSDEEP

    3072:fbm9og1r748U2bYCPga8lf3//Chj+IpCFdHek03vMHA35TgkPllI:fbEo8VU2VPn8lfL03BMH+5gkP

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\156f835cdcecb04374f8afb79a9ae624f544b6c1185a664f21493003774165d0.exe
    "C:\Users\Admin\AppData\Local\Temp\156f835cdcecb04374f8afb79a9ae624f544b6c1185a664f21493003774165d0.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4252

Network

  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    98.209.201.84.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    98.209.201.84.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • 52.111.229.43:443
    322 B
     7
  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    98.209.201.84.in-addr.arpa
    dns
    72 B
     132 B
     1
    1

    DNS Request

    98.209.201.84.in-addr.arpa

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    146 B
     159 B
     2
    1

    DNS Request

    228.249.119.40.in-addr.arpa

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4252-0-0x0000000000400000-0x0000000000475000-memory.dmp

    Filesize

    468KB

    Download

  • memory/4252-1-0x0000000000400000-0x0000000000475000-memory.dmp

    Filesize

    468KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.