Analysis

  • max time kernel
    116s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    19-07-2020 07:27

General

  • Target

    afa0845d3b566114a16b0e9e25469a5ca83fbb9e25ed195ee8da67a8bb3f1ada.exe

  • Size

    100KB

  • MD5

    494f378e25e5460b4b395a81888bbd6c

  • SHA1

    bdeaeac67ad4ff1c26aced4a8e0e8ab80223fd4b

  • SHA256

    afa0845d3b566114a16b0e9e25469a5ca83fbb9e25ed195ee8da67a8bb3f1ada

  • SHA512

    c5b36b6268353b61cca913812c19514f3dc17ec741ebb1051e9d73b29e3ced40025d74118f1595b1e94d953120ed9fd6ba6347be1d6a1457c2cb5ac1ffaa07b1

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\afa0845d3b566114a16b0e9e25469a5ca83fbb9e25ed195ee8da67a8bb3f1ada.exe
    "C:\Users\Admin\AppData\Local\Temp\afa0845d3b566114a16b0e9e25469a5ca83fbb9e25ed195ee8da67a8bb3f1ada.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: EnumeratesProcesses
    PID:792

Network

  • flag-unknown
    POST
    http://109.117.53.230:443/fDoRVN71/
    afa0845d3b566114a16b0e9e25469a5ca83fbb9e25ed195ee8da67a8bb3f1ada.exe
    Remote address:
    109.117.53.230:443
    Request
    POST /fDoRVN71/ HTTP/1.1
    Referer: http://109.117.53.230/fDoRVN71/
    Content-Type: multipart/form-data; boundary=---------------------------085630936201021
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: 109.117.53.230:443
    Content-Length: 4468
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Sun, 19 Jul 2020 07:27:39 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 132
    Connection: keep-alive
  • 109.117.53.230:443
    http://109.117.53.230:443/fDoRVN71/
    http
    afa0845d3b566114a16b0e9e25469a5ca83fbb9e25ed195ee8da67a8bb3f1ada.exe
    5.3kB
    580 B
    10
    7

    HTTP Request

    POST http://109.117.53.230:443/fDoRVN71/

    HTTP Response

    200
  • 127.0.0.1:47001
  • 10.10.0.255:138
    netbios-dgm
    850 B
    4
  • 10.10.0.22:137
    netbios-ns
    270 B
    3
  • 239.255.255.250:1900
    1.3kB
    8
  • 239.255.255.250:1900
  • 10.10.0.255:137
    netbios-ns
    702 B
    9

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/792-0-0x00000000022D0000-0x00000000022DC000-memory.dmp

    Filesize

    48KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.