c234498ecb0a966b421d4ab6036674aa39efbb4b88278535dd8f97c06aebb25a

Analysis

max time kernel
94s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 01:19 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c234498ecb0a966b421d4ab6036674aa39efbb4b88278535dd8f97c06aebb25aN.exe
Size

48KB
MD5

f5e1bee686e95949d32f05346a9646e0
SHA1

8b1b79d2fffc4bc5c55516711f631ec8469c18b9
SHA256

c234498ecb0a966b421d4ab6036674aa39efbb4b88278535dd8f97c06aebb25a
SHA512

7ed2edd9d939afb77aa4bb0ac416e2de187885d1e195249aba75dd1b6af8e8472d3e6d075a3be731f3f634ac3417952bb1ebe502320e3b6ca334031a5518fc23
SSDEEP

768:1tXOcleICm7s2Lv1Zv12SAhKuXMHYiARC7sQ8vGCc3fAR1GGWB4:1te8Rn2SAhKuXMHYiARC7sHvGCc3fARD

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c234498ecb0a966b421d4ab6036674aa39efbb4b88278535dd8f97c06aebb25aN.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
224	c234498ecb0a966b421d4ab6036674aa39efbb4b88278535dd8f97c06aebb25aN.exe
224	c234498ecb0a966b421d4ab6036674aa39efbb4b88278535dd8f97c06aebb25aN.exe

C:\Users\Admin\AppData\Local\Temp\c234498ecb0a966b421d4ab6036674aa39efbb4b88278535dd8f97c06aebb25aN.exe
"C:\Users\Admin\AppData\Local\Temp\c234498ecb0a966b421d4ab6036674aa39efbb4b88278535dd8f97c06aebb25aN.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:224

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

windows-update.zigg.me

c234498ecb0a966b421d4ab6036674aa39efbb4b88278535dd8f97c06aebb25aN.exe

Remote address:

8.8.8.8:53

Request

windows-update.zigg.me

IN A

Response

windows-update.zigg.me

IN CNAME

zigg.me

zigg.me

IN A

198.49.68.187
DNS

69.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

69.31.126.40.in-addr.arpa

IN PTR

Response
DNS

83.210.23.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.210.23.2.in-addr.arpa

IN PTR

Response

83.210.23.2.in-addr.arpa

IN PTR

a2-23-210-83deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

154.239.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.239.44.20.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

5.210.23.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.210.23.2.in-addr.arpa

IN PTR

Response

5.210.23.2.in-addr.arpa

IN PTR

a2-23-210-5deploystaticakamaitechnologiescom
DNS

13.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response

198.49.68.187:41001

windows-update.zigg.me

c234498ecb0a966b421d4ab6036674aa39efbb4b88278535dd8f97c06aebb25aN.exe

260 B
5

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

windows-update.zigg.me

dns

c234498ecb0a966b421d4ab6036674aa39efbb4b88278535dd8f97c06aebb25aN.exe

68 B
98 B
1
1

DNS Request

windows-update.zigg.me

DNS Response

198.49.68.187
8.8.8.8:53

83.210.23.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

83.210.23.2.in-addr.arpa
8.8.8.8:53

69.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

69.31.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

154.239.44.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

154.239.44.20.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

5.210.23.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

5.210.23.2.in-addr.arpa
8.8.8.8:53

13.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.