Analysis
-
max time kernel
116s -
max time network
125s -
platform
windows10_x64 -
resource
win10 -
submitted
19-07-2020 07:27
Static task
static1
Behavioral task
behavioral1
Sample
afa0845d3b566114a16b0e9e25469a5ca83fbb9e25ed195ee8da67a8bb3f1ada.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
afa0845d3b566114a16b0e9e25469a5ca83fbb9e25ed195ee8da67a8bb3f1ada.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
afa0845d3b566114a16b0e9e25469a5ca83fbb9e25ed195ee8da67a8bb3f1ada.exe
-
Size
100KB
-
MD5
494f378e25e5460b4b395a81888bbd6c
-
SHA1
bdeaeac67ad4ff1c26aced4a8e0e8ab80223fd4b
-
SHA256
afa0845d3b566114a16b0e9e25469a5ca83fbb9e25ed195ee8da67a8bb3f1ada
-
SHA512
c5b36b6268353b61cca913812c19514f3dc17ec741ebb1051e9d73b29e3ced40025d74118f1595b1e94d953120ed9fd6ba6347be1d6a1457c2cb5ac1ffaa07b1
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 792 afa0845d3b566114a16b0e9e25469a5ca83fbb9e25ed195ee8da67a8bb3f1ada.exe 792 afa0845d3b566114a16b0e9e25469a5ca83fbb9e25ed195ee8da67a8bb3f1ada.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 792 afa0845d3b566114a16b0e9e25469a5ca83fbb9e25ed195ee8da67a8bb3f1ada.exe 792 afa0845d3b566114a16b0e9e25469a5ca83fbb9e25ed195ee8da67a8bb3f1ada.exe 792 afa0845d3b566114a16b0e9e25469a5ca83fbb9e25ed195ee8da67a8bb3f1ada.exe 792 afa0845d3b566114a16b0e9e25469a5ca83fbb9e25ed195ee8da67a8bb3f1ada.exe
Processes
Network
-
POSThttp://109.117.53.230:443/fDoRVN71/afa0845d3b566114a16b0e9e25469a5ca83fbb9e25ed195ee8da67a8bb3f1ada.exeRemote address:109.117.53.230:443RequestPOST /fDoRVN71/ HTTP/1.1
Referer: http://109.117.53.230/fDoRVN71/
Content-Type: multipart/form-data; boundary=---------------------------085630936201021
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: 109.117.53.230:443
Content-Length: 4468
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Sun, 19 Jul 2020 07:27:39 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 132
Connection: keep-alive
-
109.117.53.230:443http://109.117.53.230:443/fDoRVN71/httpafa0845d3b566114a16b0e9e25469a5ca83fbb9e25ed195ee8da67a8bb3f1ada.exe5.3kB 580 B 10 7
HTTP Request
POST http://109.117.53.230:443/fDoRVN71/HTTP Response
200 -