Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    19-07-2020 06:30

General

  • Target

    9b553998b8c06e28b46ed64a91c78d2504da3b6095abfb48bc43d61ce2aee32c.exe

  • Size

    100KB

  • MD5

    6b29eb477685d038e6aca83aeeab353f

  • SHA1

    45fcd7794c76eb056e7f35cc4565cabf07032e53

  • SHA256

    9b553998b8c06e28b46ed64a91c78d2504da3b6095abfb48bc43d61ce2aee32c

  • SHA512

    3da77abef7b6d5dd800faba359c16ba89338963c0a8f53c716e66caac6bc0e7c58f9c0e3a1ba1f95603e6ae5817d02098bffa98f82b67b80e3f6974c07540b3c

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: EmotetMutantsSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9b553998b8c06e28b46ed64a91c78d2504da3b6095abfb48bc43d61ce2aee32c.exe
    "C:\Users\Admin\AppData\Local\Temp\9b553998b8c06e28b46ed64a91c78d2504da3b6095abfb48bc43d61ce2aee32c.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: EmotetMutantsSpam
    PID:4092

Network

  • flag-unknown
    POST
    http://177.144.130.105:443/tvBZk3NqYY/oxJE/7ItJL4qtOn8IFyF/S6t6PsQNTK8VrYsbR/HK0aa3hv/
    9b553998b8c06e28b46ed64a91c78d2504da3b6095abfb48bc43d61ce2aee32c.exe
    Remote address:
    177.144.130.105:443
    Request
    POST /tvBZk3NqYY/oxJE/7ItJL4qtOn8IFyF/S6t6PsQNTK8VrYsbR/HK0aa3hv/ HTTP/1.1
    Referer: http://177.144.130.105/tvBZk3NqYY/oxJE/7ItJL4qtOn8IFyF/S6t6PsQNTK8VrYsbR/HK0aa3hv/
    Content-Type: multipart/form-data; boundary=---------------------------744874432507419
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: 177.144.130.105:443
    Content-Length: 4484
    Connection: Keep-Alive
    Cache-Control: no-cache
  • flag-unknown
    POST
    http://77.74.78.80:443/2hc7KYhmT2R/MM9xyHf/vYXRpY6YX/7k0HG/
    9b553998b8c06e28b46ed64a91c78d2504da3b6095abfb48bc43d61ce2aee32c.exe
    Remote address:
    77.74.78.80:443
    Request
    POST /2hc7KYhmT2R/MM9xyHf/vYXRpY6YX/7k0HG/ HTTP/1.1
    Referer: http://77.74.78.80/2hc7KYhmT2R/MM9xyHf/vYXRpY6YX/7k0HG/
    Content-Type: multipart/form-data; boundary=---------------------------114278518652150
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: 77.74.78.80:443
    Content-Length: 4500
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Sun, 19 Jul 2020 06:28:38 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 132
    Connection: keep-alive
  • 177.144.130.105:443
    http://177.144.130.105:443/tvBZk3NqYY/oxJE/7ItJL4qtOn8IFyF/S6t6PsQNTK8VrYsbR/HK0aa3hv/
    http
    9b553998b8c06e28b46ed64a91c78d2504da3b6095abfb48bc43d61ce2aee32c.exe
    5.4kB
    212 B
    9
    5

    HTTP Request

    POST http://177.144.130.105:443/tvBZk3NqYY/oxJE/7ItJL4qtOn8IFyF/S6t6PsQNTK8VrYsbR/HK0aa3hv/
  • 198.27.69.201:8080
    9b553998b8c06e28b46ed64a91c78d2504da3b6095abfb48bc43d61ce2aee32c.exe
    156 B
    120 B
    3
    3
  • 157.7.164.178:8081
    9b553998b8c06e28b46ed64a91c78d2504da3b6095abfb48bc43d61ce2aee32c.exe
    156 B
    120 B
    3
    3
  • 78.188.170.128:80
    9b553998b8c06e28b46ed64a91c78d2504da3b6095abfb48bc43d61ce2aee32c.exe
    156 B
    3
  • 127.0.0.1:47001
  • 203.153.216.178:7080
    9b553998b8c06e28b46ed64a91c78d2504da3b6095abfb48bc43d61ce2aee32c.exe
    156 B
    120 B
    3
    3
  • 77.74.78.80:443
    http://77.74.78.80:443/2hc7KYhmT2R/MM9xyHf/vYXRpY6YX/7k0HG/
    http
    9b553998b8c06e28b46ed64a91c78d2504da3b6095abfb48bc43d61ce2aee32c.exe
    5.4kB
    660 B
    10
    9

    HTTP Request

    POST http://77.74.78.80:443/2hc7KYhmT2R/MM9xyHf/vYXRpY6YX/7k0HG/

    HTTP Response

    200
  • 10.10.0.255:138
    netbios-dgm
    1.3kB
    6
  • 10.10.0.38:137
    netbios-ns
    270 B
    3
  • 239.255.255.250:1900
    1.3kB
    8
  • 239.255.255.250:1900
  • 10.10.0.255:137
    netbios-ns
    702 B
    9

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4092-0-0x00000000022D0000-0x00000000022DC000-memory.dmp

    Filesize

    48KB

  • memory/4092-1-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.