Analysis Overview
SHA256
c1d30ac10457e6ef204271734ac30c15351153e6cad663000a422ec9c22cacca
Threat Level: Known bad
The file 714a08f16bbae43f96dc7274176a7787.exe was found to be: Known bad.
Malicious Activity Summary
BlackNET
Drops desktop.ini file(s)
Drops file in Windows directory
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-08-05 15:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2021-04-16 22:26
Reported
2021-04-16 22:28
Platform
win7v20210410
Max time kernel
140s
Max time network
141s
Command Line
Signatures
BlackNET
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe
"C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | micros0ftcenter.xyz | udp |
| N/A | 185.239.243.112:80 | micros0ftcenter.xyz | tcp |
| N/A | 185.239.243.112:80 | micros0ftcenter.xyz | tcp |
| N/A | 185.239.243.112:80 | micros0ftcenter.xyz | tcp |
| N/A | 185.239.243.112:80 | micros0ftcenter.xyz | tcp |
| N/A | 185.239.243.112:80 | micros0ftcenter.xyz | tcp |
Files
memory/1096-59-0x0000000075281000-0x0000000075283000-memory.dmp
memory/1096-60-0x00000000002A0000-0x00000000002A1000-memory.dmp
memory/1096-61-0x00000000002A1000-0x00000000002A2000-memory.dmp
memory/1096-62-0x00000000002A2000-0x00000000002A3000-memory.dmp
memory/1096-63-0x00000000002A7000-0x00000000002B8000-memory.dmp
memory/1096-64-0x00000000002B8000-0x00000000002B9000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2021-04-16 22:26
Reported
2021-04-16 22:28
Platform
win10v20210408
Max time kernel
127s
Max time network
142s
Command Line
Signatures
BlackNET
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe | N/A |
| File opened for modification | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\assembly | C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe | N/A |
| File created | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe | N/A |
| File opened for modification | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe
"C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | micros0ftcenter.xyz | udp |
| N/A | 185.239.243.112:80 | micros0ftcenter.xyz | tcp |
| N/A | 185.239.243.112:80 | micros0ftcenter.xyz | tcp |
| N/A | 185.239.243.112:80 | micros0ftcenter.xyz | tcp |
| N/A | 185.239.243.112:80 | micros0ftcenter.xyz | tcp |
| N/A | 185.239.243.112:80 | micros0ftcenter.xyz | tcp |
Files
memory/584-114-0x0000000000C00000-0x0000000000C01000-memory.dmp
memory/584-116-0x0000000000C02000-0x0000000000C03000-memory.dmp
memory/584-115-0x0000000000C01000-0x0000000000C02000-memory.dmp
memory/584-117-0x0000000000C05000-0x0000000000C07000-memory.dmp
memory/584-118-0x0000000000C07000-0x0000000000C08000-memory.dmp