Overview

overview

1

Static

static

## HOW TO ...##.exe

windows7_x64

1

## HOW TO ...##.exe

windows10_x64

1

Analysis

  • max time kernel
    8s
  • max time network
    107s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    23/12/2020, 14:30 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ## HOW TO DECRYPT ##.exe

  • Size

    78KB

  • MD5

    55cb627f9925b52bd5ae0bc5e5188bcf

  • SHA1

    858c350062bde8644d89113697a1b9b38ec91714

  • SHA256

    2608e3aee2ca61701eb8b5281b9c9f25f84f40faf3210b2cdaa188d798345a3c

  • SHA512

    93d4d1528f7c13374e4e91aa6dcb9c0e2c1149b00ff15f43c0353bee568bd8287085e7ca7b5eadeaa015b4b2052c2462bec1598e595a98af847b2772e14549c3

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\## HOW TO DECRYPT ##.exe
    "C:\Users\Admin\AppData\Local\Temp\## HOW TO DECRYPT ##.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:848

Network

  • flag-unknown
    DNS
    fixfiles.xyz
    Remote address:
    8.8.8.8:53
    Request
    fixfiles.xyz
    IN A
    Response
    fixfiles.xyz
    IN A
    91.223.82.39
  • flag-unknown
    GET
    http://fixfiles.xyz/ziggy/api/info.php?id=80120786
    ## HOW TO DECRYPT ##.exe
    Remote address:
    91.223.82.39:80
    Request
    GET /ziggy/api/info.php?id=80120786 HTTP/1.1
    Host: fixfiles.xyz
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Connection: Keep-Alive
    Content-Type: text/html; charset=UTF-8
    Content-Length: 0
    Date: Wed, 23 Dec 2020 14:30:27 GMT
    Server: LiteSpeed
  • 91.223.82.39:80
    http://fixfiles.xyz/ziggy/api/info.php?id=80120786
    http
    ## HOW TO DECRYPT ##.exe
    374 B
     568 B
     6
    6

    HTTP Request

    GET http://fixfiles.xyz/ziggy/api/info.php?id=80120786

    HTTP Response

    200
  • 8.8.8.8:53
    fixfiles.xyz
    dns
    58 B
     74 B
     1
    1

    DNS Request

    fixfiles.xyz

    DNS Response

    91.223.82.39

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/848-2-0x00000000748D0000-0x0000000074FBE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/848-3-0x0000000000BD0000-0x0000000000BD1000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.