Analysis
-
max time kernel
69s -
max time network
127s -
platform
windows10_x64 -
resource
win10 -
submitted
18-07-2020 01:58
Static task
static1
Behavioral task
behavioral1
Sample
e9f029c9713b569bf7434b49d154ae3508b80d74a30b2bfbecb2fde18bce79e6.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
e9f029c9713b569bf7434b49d154ae3508b80d74a30b2bfbecb2fde18bce79e6.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
e9f029c9713b569bf7434b49d154ae3508b80d74a30b2bfbecb2fde18bce79e6.exe
-
Size
273KB
-
MD5
50497bbb34bbf2f2b02e7ffed2ddd519
-
SHA1
629c32d41c616434fbdc61f139f859485df86f12
-
SHA256
e9f029c9713b569bf7434b49d154ae3508b80d74a30b2bfbecb2fde18bce79e6
-
SHA512
5c152b4807491a273936c1bd22432983bd49329d72fb75a29339030a436e2ccbae48ac45f7e7f089cc1ae9a782517f54c767bd3d89bc7ab742d20ed4f80c4546
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3100 e9f029c9713b569bf7434b49d154ae3508b80d74a30b2bfbecb2fde18bce79e6.exe 3100 e9f029c9713b569bf7434b49d154ae3508b80d74a30b2bfbecb2fde18bce79e6.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3100 e9f029c9713b569bf7434b49d154ae3508b80d74a30b2bfbecb2fde18bce79e6.exe 3100 e9f029c9713b569bf7434b49d154ae3508b80d74a30b2bfbecb2fde18bce79e6.exe 3100 e9f029c9713b569bf7434b49d154ae3508b80d74a30b2bfbecb2fde18bce79e6.exe 3100 e9f029c9713b569bf7434b49d154ae3508b80d74a30b2bfbecb2fde18bce79e6.exe
Processes
Network
-
POSThttp://177.144.135.2/aV5oU2ms3y5Iai/KqSs/VCCVDlKUQZEEdM3nJaG/qcbLpYRL/H0qWXaTkW/e9f029c9713b569bf7434b49d154ae3508b80d74a30b2bfbecb2fde18bce79e6.exeRemote address:177.144.135.2:80RequestPOST /aV5oU2ms3y5Iai/KqSs/VCCVDlKUQZEEdM3nJaG/qcbLpYRL/H0qWXaTkW/ HTTP/1.1
Referer: http://177.144.135.2/aV5oU2ms3y5Iai/KqSs/VCCVDlKUQZEEdM3nJaG/qcbLpYRL/H0qWXaTkW/
Content-Type: multipart/form-data; boundary=---------------------------017699710658622
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: 177.144.135.2
Content-Length: 4484
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Sat, 18 Jul 2020 01:59:08 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 132
Connection: keep-alive
-
177.144.135.2:80http://177.144.135.2/aV5oU2ms3y5Iai/KqSs/VCCVDlKUQZEEdM3nJaG/qcbLpYRL/H0qWXaTkW/httpe9f029c9713b569bf7434b49d154ae3508b80d74a30b2bfbecb2fde18bce79e6.exe5.4kB 580 B 10 7
HTTP Request
POST http://177.144.135.2/aV5oU2ms3y5Iai/KqSs/VCCVDlKUQZEEdM3nJaG/qcbLpYRL/H0qWXaTkW/HTTP Response
200 -