e11811db10afadc6d917402d841b750dc66b91649657a5020adc81cd5d84a72c

Analysis

max time kernel
445s
max time network
1169s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
16/12/2024, 21:17 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cxapis.dll
Size

12KB
MD5

d60ed50bd25555f3004d33b0655afc9c
SHA1

7ea3bb536ebdf7a534c4a026c58612d69d712a59
SHA256

4bc61c1b668faa12b27e107fd3c4fbe83b2b2a8f0285d8d5c6436a62bbcb081a
SHA512

888fae7c71e3e6d574c53331a6485649bb2da0b0c2c565822c696bc9f38ddd4c813f1cd808452e7a3c2cd01ee54586c631fe7fcd17324f9e67384a68d4c06a20
SSDEEP

192:shyp9xF/8zoQwCDLOzI1xCqVUhdK19/g2xKQ5KjvPgFM5R7Jra8VVUw:shyE1LAI18Wa2xKQUTuMtVH

Score

1^/10

Malware Config

Signatures

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cxapis.dll,#1
1⤵
PID:5040

Network

DNS

2.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.173.189.20.in-addr.arpa

IN PTR

Response
DNS

ctldl.windowsupdate.com

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

ctldl.windowsupdate.com.delivery.microsoft.com

ctldl.windowsupdate.com.delivery.microsoft.com

IN CNAME

wu-b-net.trafficmanager.net

wu-b-net.trafficmanager.net

IN CNAME

bg.microsoft.map.fastly.net

bg.microsoft.map.fastly.net

IN A

199.232.210.172

bg.microsoft.map.fastly.net

IN A

199.232.214.172
DNS

ocsp.digicert.com

Remote address:

8.8.8.8:53

Request

ocsp.digicert.com

IN A

Response

ocsp.digicert.com

IN CNAME

ocsp.edge.digicert.com

ocsp.edge.digicert.com

IN CNAME

fp2e7a.wpc.2be4.phicdn.net

fp2e7a.wpc.2be4.phicdn.net

IN CNAME

fp2e7a.wpc.phicdn.net

fp2e7a.wpc.phicdn.net

IN A

192.229.221.95
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

ctldl.windowsupdate.com

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

ctldl.windowsupdate.com.delivery.microsoft.com

ctldl.windowsupdate.com.delivery.microsoft.com

IN CNAME

wu-b-net.trafficmanager.net

wu-b-net.trafficmanager.net

IN CNAME

bg.microsoft.map.fastly.net

bg.microsoft.map.fastly.net

IN A

199.232.210.172

bg.microsoft.map.fastly.net

IN A

199.232.214.172

No results found

8.8.8.8:53

2.173.189.20.in-addr.arpa

dns

419 B
1.1kB
6
6

DNS Request

2.173.189.20.in-addr.arpa

DNS Request

ctldl.windowsupdate.com

DNS Response

199.232.210.172

199.232.214.172

DNS Request

ocsp.digicert.com

DNS Response

192.229.221.95

DNS Request

172.210.232.199.in-addr.arpa

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

ctldl.windowsupdate.com

DNS Response

199.232.210.172

199.232.214.172

Windows 7 deprecation

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.