Analysis

  • max time kernel
    69s
  • max time network
    127s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    18-07-2020 01:58

General

  • Target

    e9f029c9713b569bf7434b49d154ae3508b80d74a30b2bfbecb2fde18bce79e6.exe

  • Size

    273KB

  • MD5

    50497bbb34bbf2f2b02e7ffed2ddd519

  • SHA1

    629c32d41c616434fbdc61f139f859485df86f12

  • SHA256

    e9f029c9713b569bf7434b49d154ae3508b80d74a30b2bfbecb2fde18bce79e6

  • SHA512

    5c152b4807491a273936c1bd22432983bd49329d72fb75a29339030a436e2ccbae48ac45f7e7f089cc1ae9a782517f54c767bd3d89bc7ab742d20ed4f80c4546

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e9f029c9713b569bf7434b49d154ae3508b80d74a30b2bfbecb2fde18bce79e6.exe
    "C:\Users\Admin\AppData\Local\Temp\e9f029c9713b569bf7434b49d154ae3508b80d74a30b2bfbecb2fde18bce79e6.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: EnumeratesProcesses
    PID:3100

Network

  • flag-unknown
    POST
    http://177.144.135.2/aV5oU2ms3y5Iai/KqSs/VCCVDlKUQZEEdM3nJaG/qcbLpYRL/H0qWXaTkW/
    e9f029c9713b569bf7434b49d154ae3508b80d74a30b2bfbecb2fde18bce79e6.exe
    Remote address:
    177.144.135.2:80
    Request
    POST /aV5oU2ms3y5Iai/KqSs/VCCVDlKUQZEEdM3nJaG/qcbLpYRL/H0qWXaTkW/ HTTP/1.1
    Referer: http://177.144.135.2/aV5oU2ms3y5Iai/KqSs/VCCVDlKUQZEEdM3nJaG/qcbLpYRL/H0qWXaTkW/
    Content-Type: multipart/form-data; boundary=---------------------------017699710658622
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: 177.144.135.2
    Content-Length: 4484
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Sat, 18 Jul 2020 01:59:08 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 132
    Connection: keep-alive
  • 177.144.135.2:80
    http://177.144.135.2/aV5oU2ms3y5Iai/KqSs/VCCVDlKUQZEEdM3nJaG/qcbLpYRL/H0qWXaTkW/
    http
    e9f029c9713b569bf7434b49d154ae3508b80d74a30b2bfbecb2fde18bce79e6.exe
    5.4kB
    580 B
    10
    7

    HTTP Request

    POST http://177.144.135.2/aV5oU2ms3y5Iai/KqSs/VCCVDlKUQZEEdM3nJaG/qcbLpYRL/H0qWXaTkW/

    HTTP Response

    200
  • 127.0.0.1:47001
  • 239.255.255.250:1900
    1.3kB
    8
  • 239.255.255.250:1900
  • 10.10.0.255:137
    netbios-ns
    288 B
    3
  • 10.10.0.18:137
    netbios-ns
    270 B
    3
  • 10.10.0.17:137
    netbios-ns
    270 B
    3
  • 10.10.0.21:137
    netbios-ns
    270 B
    3
  • 10.10.0.11:137
    netbios-ns
    270 B
    3
  • 10.10.0.10:137
    netbios-ns
    270 B
    3
  • 10.10.0.34:137
    netbios-ns
    270 B
    3

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3100-0-0x0000000002250000-0x000000000225C000-memory.dmp

    Filesize

    48KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.