bbdf4c8d657e3123bd009ab086758bfd707f9b8c7f5fabb22783c4cb81784ca8

Analysis

max time kernel
422s
max time network
441s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-es
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-eslocale:es-esos:windows10-ltsc 2021-x64systemwindows
submitted
22/01/2025, 15:18 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

stl_01.ott
Size

37KB
MD5

81ac2d7b648026ae4b5e95be2d77d406
SHA1

3bcdf3032251990f65c98ab0f0c1ca790597660d
SHA256

df36adf98577de3c41852c764fe079532f4f0bbeb0a1ab402b421f4906c5c296
SHA512

f9aacf9e6d584843d5302039799b0a7428c4672fb1d1e0c324ef8e7aa5111c4e8bd2fe3ff727513465b9399bdfcba50ead0dd295c442dd45e07a5d5bfe241898
SSDEEP

768:B1hTSkAsTUWid5KauiNpDnE9N10zNbX3pGlHdoN40UiZ:B1hT5IWid5pVs10z1ySUy

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1898866115-3160784972-1217720036-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1898866115-3160784972-1217720036-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4492	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\stl_01.ott
1⤵
- Modifies registry class
PID:3792

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4492

Network

DNS

76.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.32.126.40.in-addr.arpa

IN PTR

Response
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

167.173.78.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.173.78.104.in-addr.arpa

IN PTR

Response

167.173.78.104.in-addr.arpa

IN PTR

a104-78-173-167deploystaticakamaitechnologiescom
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
DNS

fd.api.iris.microsoft.com

Remote address:

8.8.8.8:53

Request

fd.api.iris.microsoft.com

IN A

Response

fd.api.iris.microsoft.com

IN CNAME

fd-api-iris.trafficmanager.net

fd-api-iris.trafficmanager.net

IN CNAME

iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com

iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com

IN A

20.223.36.55
DNS

197.87.175.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

197.87.175.4.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

1.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.173.189.20.in-addr.arpa

IN PTR

Response

20.223.36.55:443

fd.api.iris.microsoft.com

52 B
1

8.8.8.8:53

76.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

76.32.126.40.in-addr.arpa
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

167.173.78.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

167.173.78.104.in-addr.arpa
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.249.119.40.in-addr.arpa
8.8.8.8:53

fd.api.iris.microsoft.com

dns

71 B
199 B
1
1

DNS Request

fd.api.iris.microsoft.com

DNS Response

20.223.36.55
8.8.8.8:53

197.87.175.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

197.87.175.4.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

1.173.189.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

1.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.