Analysis

  • max time kernel
    66s
  • max time network
    122s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    18-07-2020 18:14

General

  • Target

    2a820ecb0a28a40313b090ae3ada542b40ccb761835155294655ab0e20e7d7d9.exe

  • Size

    100KB

  • MD5

    329bee6ad333d800c76c00480f7f8a5c

  • SHA1

    826f8d3782efdae09e27afd8c8516fa01758efb8

  • SHA256

    2a820ecb0a28a40313b090ae3ada542b40ccb761835155294655ab0e20e7d7d9

  • SHA512

    a6019ef6425a34297ed2a227083664d69250012bdbd850912085b0de546eb65ac8e63d955299b792cbc8b65a215f39884ec282e90dcb5f280990e4ee3a3d54e8

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2a820ecb0a28a40313b090ae3ada542b40ccb761835155294655ab0e20e7d7d9.exe
    "C:\Users\Admin\AppData\Local\Temp\2a820ecb0a28a40313b090ae3ada542b40ccb761835155294655ab0e20e7d7d9.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: EnumeratesProcesses
    PID:2532

Network

  • flag-unknown
    POST
    http://177.144.135.2/TX6vI6HLtN/
    2a820ecb0a28a40313b090ae3ada542b40ccb761835155294655ab0e20e7d7d9.exe
    Remote address:
    177.144.135.2:80
    Request
    POST /TX6vI6HLtN/ HTTP/1.1
    Referer: http://177.144.135.2/TX6vI6HLtN/
    Content-Type: multipart/form-data; boundary=---------------------------812506123743216
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: 177.144.135.2
    Content-Length: 4484
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Sat, 18 Jul 2020 18:14:24 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 132
    Connection: keep-alive
  • 177.144.135.2:80
    http://177.144.135.2/TX6vI6HLtN/
    http
    2a820ecb0a28a40313b090ae3ada542b40ccb761835155294655ab0e20e7d7d9.exe
    5.3kB
    580 B
    10
    7

    HTTP Request

    POST http://177.144.135.2/TX6vI6HLtN/

    HTTP Response

    200
  • 127.0.0.1:47001
  • 239.255.255.250:1900
    1.3kB
    8
  • 239.255.255.250:1900
  • 10.10.0.255:137
    netbios-ns
    288 B
    3
  • 10.10.0.16:137
    netbios-ns
    270 B
    3
  • 10.10.0.32:137
    netbios-ns
    270 B
    3
  • 10.10.0.25:137
    netbios-ns
    270 B
    3

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2532-0-0x0000000002400000-0x000000000240C000-memory.dmp

    Filesize

    48KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.