Analysis

  • max time kernel
    129s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    19-07-2020 10:34

General

  • Target

    f314518d2bd4b4be8054513af0c141488831c28265adaeb213969617da721ecf.exe

  • Size

    100KB

  • MD5

    d598d0018fadd75b25f1220e707c0170

  • SHA1

    0aa684462db866176e485f09176f6f565693ff8e

  • SHA256

    f314518d2bd4b4be8054513af0c141488831c28265adaeb213969617da721ecf

  • SHA512

    87047418f7317683abc44677602560da44478ae9942a1e6829844f50e83b6573636b73965d8ff5850d2f58bbbbce5a14132fc60c3d6b5f0c52a02d3b4039de3a

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: EmotetMutantsSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f314518d2bd4b4be8054513af0c141488831c28265adaeb213969617da721ecf.exe
    "C:\Users\Admin\AppData\Local\Temp\f314518d2bd4b4be8054513af0c141488831c28265adaeb213969617da721ecf.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: EmotetMutantsSpam
    PID:1492

Network

  • flag-unknown
    POST
    http://177.144.130.105:443/ObOmcMP1W1l/UWfE1XyNvLR/
    f314518d2bd4b4be8054513af0c141488831c28265adaeb213969617da721ecf.exe
    Remote address:
    177.144.130.105:443
    Request
    POST /ObOmcMP1W1l/UWfE1XyNvLR/ HTTP/1.1
    Referer: http://177.144.130.105/ObOmcMP1W1l/UWfE1XyNvLR/
    Content-Type: multipart/form-data; boundary=---------------------------435095040002474
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: 177.144.130.105:443
    Content-Length: 4500
    Connection: Keep-Alive
    Cache-Control: no-cache
  • flag-unknown
    POST
    http://77.74.78.80:443/WnDjaEZQh/lM5fHn/3LmFCFBAWA/52ZbHexTA/
    f314518d2bd4b4be8054513af0c141488831c28265adaeb213969617da721ecf.exe
    Remote address:
    77.74.78.80:443
    Request
    POST /WnDjaEZQh/lM5fHn/3LmFCFBAWA/52ZbHexTA/ HTTP/1.1
    Referer: http://77.74.78.80/WnDjaEZQh/lM5fHn/3LmFCFBAWA/52ZbHexTA/
    Content-Type: multipart/form-data; boundary=---------------------------228017863244509
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: 77.74.78.80:443
    Content-Length: 4500
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Sun, 19 Jul 2020 10:33:06 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 132
    Connection: keep-alive
  • 177.144.130.105:443
    http://177.144.130.105:443/ObOmcMP1W1l/UWfE1XyNvLR/
    http
    f314518d2bd4b4be8054513af0c141488831c28265adaeb213969617da721ecf.exe
    5.3kB
    212 B
    9
    5

    HTTP Request

    POST http://177.144.130.105:443/ObOmcMP1W1l/UWfE1XyNvLR/
  • 198.27.69.201:8080
    f314518d2bd4b4be8054513af0c141488831c28265adaeb213969617da721ecf.exe
    156 B
    120 B
    3
    3
  • 157.7.164.178:8081
    f314518d2bd4b4be8054513af0c141488831c28265adaeb213969617da721ecf.exe
    156 B
    120 B
    3
    3
  • 78.188.170.128:80
    f314518d2bd4b4be8054513af0c141488831c28265adaeb213969617da721ecf.exe
    156 B
    3
  • 203.153.216.178:7080
    f314518d2bd4b4be8054513af0c141488831c28265adaeb213969617da721ecf.exe
    156 B
    120 B
    3
    3
  • 77.74.78.80:443
    http://77.74.78.80:443/WnDjaEZQh/lM5fHn/3LmFCFBAWA/52ZbHexTA/
    http
    f314518d2bd4b4be8054513af0c141488831c28265adaeb213969617da721ecf.exe
    5.4kB
    660 B
    10
    9

    HTTP Request

    POST http://77.74.78.80:443/WnDjaEZQh/lM5fHn/3LmFCFBAWA/52ZbHexTA/

    HTTP Response

    200
  • 239.255.255.250:1900
    825 B
    5
  • 239.255.255.250:1900
  • 10.10.0.255:137
    netbios-ns
    288 B
    3
  • 10.10.0.10:137
    netbios-ns
    270 B
    3

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1492-0-0x00000000022D0000-0x00000000022DC000-memory.dmp

    Filesize

    48KB

  • memory/1492-1-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.