Overview

overview

10

Static

static

10

ec4f09f82d...d3.exe

windows10-2004-x64

10

efd97b1038...ea4.js

windows10-2004-x64

3

emotet_exe...04.exe

windows10-2004-x64

10

emotet_exe...23.exe

windows10-2004-x64

10

eupdate.exe

windows10-2004-x64

7

f4f47c67be...3f.exe

windows10-2004-x64

10

fb5d110ced...9c.exe

windows10-2004-x64

6

fee15285c3...35.exe

windows10-2004-x64

10

file(1).exe

windows10-2004-x64

1

file.exe

windows10-2004-x64

7

gjMEi6eG.exe

windows10-2004-x64

10

good.exe

windows10-2004-x64

10

hyundai st...1).exe

windows10-2004-x64

10

hyundai st...10.exe

windows10-2004-x64

10

infected d...er.exe

windows10-2004-x64

10

inps_979.xls

windows10-2004-x64

1

jar.jar

windows10-2004-x64

10

june9.dll

windows10-2004-x64

10

mouse_2.exe

windows10-2004-x64

10

oof.exe

windows10-2004-x64

3

openme.exe

windows10-2004-x64

10

ou55sg33s_1.exe

windows10-2004-x64

10

senate.dll

windows10-2004-x64

10

starticon3.exe

windows10-2004-x64

10

str.dll

windows10-2004-x64

10

svchost.exe

windows10-2004-x64

10

update.exe

windows10-2004-x64

10

vir1.xlsx

windows10-2004-x64

1

wwf[1].exe

windows10-2004-x64

10

xNet.dll

windows10-2004-x64

1

전산 및...��.exe

windows10-2004-x64

10

전산 및...�1.exe

windows10-2004-x64

10

Resubmissions

20/04/2025, 00:10 UTC

250420-agcc8axyax 10

16/04/2025, 11:04 UTC

250416-m58gsaz1ay 10

15/04/2025, 17:34 UTC

250415-v5ylksypw9 10

15/04/2025, 06:16 UTC

250415-g1p7ras1dw 10

14/04/2025, 08:06 UTC

250414-jzpwpstxhx 10

14/04/2025, 07:59 UTC

250414-jvg1assky4 10

14/04/2025, 07:22 UTC

250414-h7g1dss1h1 10

14/04/2025, 07:16 UTC

250414-h3xv2s1nv6 10

Analysis

  • max time kernel
    147s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2024, 19:31 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe

  • Size

    19KB

  • MD5

    6029c37a32d7e4951449e197d4850213

  • SHA1

    6ed7bb726b1e04d6858c084bc9bf475a13b77c95

  • SHA256

    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c

  • SHA512

    bf3639710e259aa38d0cd028071408bdd41c01ee1bd0ea70a16ada78b848c63886854ed40407242e3a68fd9b5444fce2e6ddc050e0c8a2f578b00f43b6c52b6f

  • SSDEEP

    384:EB8JbJPKd1Bf3rNeD9k4NcKlb5sCSvyP5CtrCzYcHe+Z:EBCNPKd155ulNzxoUzYcHe+Z

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    "C:\Users\Admin\AppData\Local\Temp\fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2512

Network

  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    101.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    101.210.23.2.in-addr.arpa
    IN PTR
    Response
    101.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-101deploystaticakamaitechnologiescom
  • flag-us
    DNS
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    Remote address:
    8.8.8.8:53
    Request
    3.tcp.ngrok.io
    IN A
    Response
    3.tcp.ngrok.io
    IN A
    3.131.123.134
  • flag-us
    DNS
    23.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    23.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.159.190.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    196.249.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.249.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    200.163.202.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.163.202.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    180.129.81.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.129.81.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.49.80.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.49.80.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    Remote address:
    8.8.8.8:53
    Request
    3.tcp.ngrok.io
    IN A
    Response
    3.tcp.ngrok.io
    IN A
    3.138.228.94
  • flag-us
    DNS
    21.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    Remote address:
    8.8.8.8:53
    Request
    3.tcp.ngrok.io
    IN A
    Response
    3.tcp.ngrok.io
    IN A
    18.220.222.33
  • 3.131.123.134:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.131.123.134:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.131.123.134:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.131.123.134:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.131.123.134:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.131.123.134:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.131.123.134:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.131.123.134:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.131.123.134:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.131.123.134:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.131.123.134:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.131.123.134:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.138.228.94:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.138.228.94:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.138.228.94:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.138.228.94:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.138.228.94:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.138.228.94:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.138.228.94:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.138.228.94:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.138.228.94:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.138.228.94:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.138.228.94:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 3.138.228.94:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 18.220.222.33:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 18.220.222.33:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     200 B
     5
    5
  • 18.220.222.33:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    260 B
     160 B
     5
    4
  • 18.220.222.33:24041
    3.tcp.ngrok.io
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    208 B
     160 B
     4
    4
  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    101.210.23.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    101.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    3.tcp.ngrok.io
    dns
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    60 B
     76 B
     1
    1

    DNS Request

    3.tcp.ngrok.io

    DNS Response

    3.131.123.134

  • 8.8.8.8:53
    23.159.190.20.in-addr.arpa
    dns
    144 B
     158 B
     2
    1

    DNS Request

    23.159.190.20.in-addr.arpa

    DNS Request

    23.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    196.249.167.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    196.249.167.52.in-addr.arpa

  • 8.8.8.8:53
    200.163.202.172.in-addr.arpa
    dns
    74 B
     160 B
     1
    1

    DNS Request

    200.163.202.172.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    180.129.81.91.in-addr.arpa
    dns
    72 B
     147 B
     1
    1

    DNS Request

    180.129.81.91.in-addr.arpa

  • 8.8.8.8:53
    86.49.80.91.in-addr.arpa
    dns
    70 B
     145 B
     1
    1

    DNS Request

    86.49.80.91.in-addr.arpa

  • 8.8.8.8:53
    3.tcp.ngrok.io
    dns
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    60 B
     76 B
     1
    1

    DNS Request

    3.tcp.ngrok.io

    DNS Response

    3.138.228.94

  • 8.8.8.8:53
    21.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    21.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    3.tcp.ngrok.io
    dns
    fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
    60 B
     76 B
     1
    1

    DNS Request

    3.tcp.ngrok.io

    DNS Response

    18.220.222.33

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2512-0-0x00007FFEC6EE5000-0x00007FFEC6EE6000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2512-1-0x00007FFEC6C30000-0x00007FFEC75D1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2512-2-0x000000001B7E0000-0x000000001BCAE000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/2512-3-0x000000001BD60000-0x000000001BE06000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2512-4-0x000000001BED0000-0x000000001BF32000-memory.dmp

    Filesize

    392KB

    Download

  • memory/2512-5-0x00007FFEC6C30000-0x00007FFEC75D1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2512-6-0x00007FFEC6EE5000-0x00007FFEC6EE6000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2512-7-0x00007FFEC6C30000-0x00007FFEC75D1000-memory.dmp

    Filesize

    9.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.