Analysis

  • max time kernel
    144s
  • max time network
    146s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    18-07-2020 01:59

General

  • Target

    53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exe

  • Size

    273KB

  • MD5

    f13fa622a5e241361740134525d43a9a

  • SHA1

    79e76e20f5b75c2ce66ec2033015ab124bbf4245

  • SHA256

    53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e

  • SHA512

    a269d0e0020102d1803401f61bd065ebbda4a6fe900cd2e3881c6c5bf596984d3b4edd6f2c7d8c5890a9080f66cc45eadddf490db262a43014fbf4314ae43e05

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: EmotetMutantsSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exe
    "C:\Users\Admin\AppData\Local\Temp\53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: EmotetMutantsSpam
    PID:1616

Network

  • flag-unknown
    DNS
    dns.msftncsi.com
    Remote address:
    8.8.8.8:53
    Request
    dns.msftncsi.com
    IN A
    Response
    dns.msftncsi.com
    IN A
    131.107.255.255
  • flag-unknown
    POST
    http://212.51.142.238:8080/j4D0xp9G/mDLeKA/KuDcWbW9qWydngds91Y/y7RnM3vVG36FHXT/9oMSSEV/
    53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exe
    Remote address:
    212.51.142.238:8080
    Request
    POST /j4D0xp9G/mDLeKA/KuDcWbW9qWydngds91Y/y7RnM3vVG36FHXT/9oMSSEV/ HTTP/1.1
    Referer: http://212.51.142.238/j4D0xp9G/mDLeKA/KuDcWbW9qWydngds91Y/y7RnM3vVG36FHXT/9oMSSEV/
    Content-Type: multipart/form-data; boundary=---------------------------991713805451020
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: 212.51.142.238:8080
    Content-Length: 4500
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Sat, 18 Jul 2020 02:00:33 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 132
    Connection: keep-alive
  • flag-unknown
    DNS
    dns.msftncsi.com
    Remote address:
    8.8.8.8:53
    Request
    dns.msftncsi.com
    IN A
    Response
    dns.msftncsi.com
    IN A
    131.107.255.255
  • 52.109.12.20:443
    40 B
    1
  • 109.117.53.230:443
    53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exe
    156 B
    3
  • 212.51.142.238:8080
    http://212.51.142.238:8080/j4D0xp9G/mDLeKA/KuDcWbW9qWydngds91Y/y7RnM3vVG36FHXT/9oMSSEV/
    http
    53df74090b88c31e939ee086ded031d510d94c0c7af9719c2aa98ce751e7152e.exe
    5.7kB
    620 B
    16
    8

    HTTP Request

    POST http://212.51.142.238:8080/j4D0xp9G/mDLeKA/KuDcWbW9qWydngds91Y/y7RnM3vVG36FHXT/9oMSSEV/

    HTTP Response

    200
  • 239.255.255.250:1900
    825 B
    5
  • 239.255.255.250:1900
  • 10.10.0.255:137
    netbios-ns
    288 B
    3
  • 10.10.0.23:137
    netbios-ns
    270 B
    3
  • 8.8.8.8:53
    dns.msftncsi.com
    dns
    62 B
    78 B
    1
    1

    DNS Request

    dns.msftncsi.com

    DNS Response

    131.107.255.255

  • 8.8.8.8:53
    dns.msftncsi.com
    dns
    62 B
    78 B
    1
    1

    DNS Request

    dns.msftncsi.com

    DNS Response

    131.107.255.255

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1616-0-0x00000000027B0000-0x00000000027BC000-memory.dmp

    Filesize

    48KB

  • memory/1616-1-0x0000000000400000-0x0000000000449000-memory.dmp

    Filesize

    292KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.