Analysis
-
max time kernel
114s -
max time network
133s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
17-07-2020 21:36
Static task
static1
Behavioral task
behavioral1
Sample
8e07e4ef903c87a039051bd86e891d95665b1724ecc817095edc210d4d5b6cb2.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
8e07e4ef903c87a039051bd86e891d95665b1724ecc817095edc210d4d5b6cb2.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
8e07e4ef903c87a039051bd86e891d95665b1724ecc817095edc210d4d5b6cb2.exe
-
Size
276KB
-
MD5
76a61cb0e25d3af7f229c2fc6f003276
-
SHA1
edb65619f3d5331c6167d720848fee9448193952
-
SHA256
8e07e4ef903c87a039051bd86e891d95665b1724ecc817095edc210d4d5b6cb2
-
SHA512
94474287e94ec8aade1230a01bf7e80fd00519c7f836ae3213b05ac9c4d72ba776200d071fea81ab31511dd33c5c8fbae89ac33bf8a4db0fc275a2a220de17a7
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2536 8e07e4ef903c87a039051bd86e891d95665b1724ecc817095edc210d4d5b6cb2.exe 2536 8e07e4ef903c87a039051bd86e891d95665b1724ecc817095edc210d4d5b6cb2.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2536 8e07e4ef903c87a039051bd86e891d95665b1724ecc817095edc210d4d5b6cb2.exe 2536 8e07e4ef903c87a039051bd86e891d95665b1724ecc817095edc210d4d5b6cb2.exe 2536 8e07e4ef903c87a039051bd86e891d95665b1724ecc817095edc210d4d5b6cb2.exe 2536 8e07e4ef903c87a039051bd86e891d95665b1724ecc817095edc210d4d5b6cb2.exe
Processes
Network
-
POSThttp://177.144.135.2/NAAQEVv2Fucq0UeMgJS/4dyGt/69DoPHFe7bGT4DDPm/YZXNqKPo7pRL7AI6/8e07e4ef903c87a039051bd86e891d95665b1724ecc817095edc210d4d5b6cb2.exeRemote address:177.144.135.2:80RequestPOST /NAAQEVv2Fucq0UeMgJS/4dyGt/69DoPHFe7bGT4DDPm/YZXNqKPo7pRL7AI6/ HTTP/1.1
Referer: http://177.144.135.2/NAAQEVv2Fucq0UeMgJS/4dyGt/69DoPHFe7bGT4DDPm/YZXNqKPo7pRL7AI6/
Content-Type: multipart/form-data; boundary=---------------------------673631834653321
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: 177.144.135.2
Content-Length: 4484
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Fri, 17 Jul 2020 21:36:43 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 132
Connection: keep-alive
-
177.144.135.2:80http://177.144.135.2/NAAQEVv2Fucq0UeMgJS/4dyGt/69DoPHFe7bGT4DDPm/YZXNqKPo7pRL7AI6/http8e07e4ef903c87a039051bd86e891d95665b1724ecc817095edc210d4d5b6cb2.exe5.4kB 580 B 10 7
HTTP Request
POST http://177.144.135.2/NAAQEVv2Fucq0UeMgJS/4dyGt/69DoPHFe7bGT4DDPm/YZXNqKPo7pRL7AI6/HTTP Response
200