Analysis
-
max time kernel
66s -
max time network
122s -
platform
windows10_x64 -
resource
win10 -
submitted
18-07-2020 18:14
Static task
static1
Behavioral task
behavioral1
Sample
2a820ecb0a28a40313b090ae3ada542b40ccb761835155294655ab0e20e7d7d9.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
2a820ecb0a28a40313b090ae3ada542b40ccb761835155294655ab0e20e7d7d9.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
2a820ecb0a28a40313b090ae3ada542b40ccb761835155294655ab0e20e7d7d9.exe
-
Size
100KB
-
MD5
329bee6ad333d800c76c00480f7f8a5c
-
SHA1
826f8d3782efdae09e27afd8c8516fa01758efb8
-
SHA256
2a820ecb0a28a40313b090ae3ada542b40ccb761835155294655ab0e20e7d7d9
-
SHA512
a6019ef6425a34297ed2a227083664d69250012bdbd850912085b0de546eb65ac8e63d955299b792cbc8b65a215f39884ec282e90dcb5f280990e4ee3a3d54e8
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2532 2a820ecb0a28a40313b090ae3ada542b40ccb761835155294655ab0e20e7d7d9.exe 2532 2a820ecb0a28a40313b090ae3ada542b40ccb761835155294655ab0e20e7d7d9.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2532 2a820ecb0a28a40313b090ae3ada542b40ccb761835155294655ab0e20e7d7d9.exe 2532 2a820ecb0a28a40313b090ae3ada542b40ccb761835155294655ab0e20e7d7d9.exe 2532 2a820ecb0a28a40313b090ae3ada542b40ccb761835155294655ab0e20e7d7d9.exe 2532 2a820ecb0a28a40313b090ae3ada542b40ccb761835155294655ab0e20e7d7d9.exe
Processes
Network
-
POSThttp://177.144.135.2/TX6vI6HLtN/2a820ecb0a28a40313b090ae3ada542b40ccb761835155294655ab0e20e7d7d9.exeRemote address:177.144.135.2:80RequestPOST /TX6vI6HLtN/ HTTP/1.1
Referer: http://177.144.135.2/TX6vI6HLtN/
Content-Type: multipart/form-data; boundary=---------------------------812506123743216
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: 177.144.135.2
Content-Length: 4484
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Sat, 18 Jul 2020 18:14:24 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 132
Connection: keep-alive
-
177.144.135.2:80http://177.144.135.2/TX6vI6HLtN/http2a820ecb0a28a40313b090ae3ada542b40ccb761835155294655ab0e20e7d7d9.exe5.3kB 580 B 10 7
HTTP Request
POST http://177.144.135.2/TX6vI6HLtN/HTTP Response
200 -