Analysis
-
max time kernel
144s -
max time network
146s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
18-07-2020 01:59
Static task
static1
Behavioral task
behavioral1
Sample
53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exe
-
Size
273KB
-
MD5
f13fa622a5e241361740134525d43a9a
-
SHA1
79e76e20f5b75c2ce66ec2033015ab124bbf4245
-
SHA256
53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e
-
SHA512
a269d0e0020102d1803401f61bd065ebbda4a6fe900cd2e3881c6c5bf596984d3b4edd6f2c7d8c5890a9080f66cc45eadddf490db262a43014fbf4314ae43e05
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1616 53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exe 1616 53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1616 53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exe 1616 53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exe 1616 53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exe 1616 53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exe 1616 53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exe 1616 53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exe -
Suspicious behavior: EmotetMutantsSpam 1 IoCs
pid Process 1616 53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exe"C:\Users\Admin\AppData\Local\Temp\53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: EmotetMutantsSpam
PID:1616
Network
-
Remote address:8.8.8.8:53Requestdns.msftncsi.comIN AResponsedns.msftncsi.comIN A131.107.255.255
-
POSThttp://212.51.142.238:8080/j4D0xp9G/mDLeKA/KuDcWbW9qWydngds91Y/y7RnM3vVG36FHXT/9oMSSEV/53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exeRemote address:212.51.142.238:8080RequestPOST /j4D0xp9G/mDLeKA/KuDcWbW9qWydngds91Y/y7RnM3vVG36FHXT/9oMSSEV/ HTTP/1.1
Referer: http://212.51.142.238/j4D0xp9G/mDLeKA/KuDcWbW9qWydngds91Y/y7RnM3vVG36FHXT/9oMSSEV/
Content-Type: multipart/form-data; boundary=---------------------------991713805451020
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: 212.51.142.238:8080
Content-Length: 4500
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Sat, 18 Jul 2020 02:00:33 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 132
Connection: keep-alive
-
Remote address:8.8.8.8:53Requestdns.msftncsi.comIN AResponsedns.msftncsi.comIN A131.107.255.255
-
40 B 1
-
156 B 3
-
212.51.142.238:8080http://212.51.142.238:8080/j4D0xp9G/mDLeKA/KuDcWbW9qWydngds91Y/y7RnM3vVG36FHXT/9oMSSEV/http53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exe5.7kB 620 B 16 8
HTTP Request
POST http://212.51.142.238:8080/j4D0xp9G/mDLeKA/KuDcWbW9qWydngds91Y/y7RnM3vVG36FHXT/9oMSSEV/HTTP Response
200
-
825 B 5
-
-
288 B 3
-
270 B 3
-
62 B 78 B 1 1
DNS Request
dns.msftncsi.com
DNS Response
131.107.255.255
-
62 B 78 B 1 1
DNS Request
dns.msftncsi.com
DNS Response
131.107.255.255