Malware Analysis Report

2025-01-22 13:29

Sample ID 210913-j8gaxsdch6
Target 577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764
SHA256 577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764
Tags
osiris banker botnet persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764

Threat Level: Known bad

The file 577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764 was found to be: Known bad.

Malicious Activity Summary

osiris banker botnet persistence

Osiris

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Looks up external IP address via web service

Uses Tor communications

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2021-09-13 08:20

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2021-09-13 08:20

Reported

2021-09-13 08:22

Platform

win7-en

Max time kernel

150s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe"

Signatures

Osiris

banker botnet osiris

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Local\\Temp\\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe" C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Uses Tor communications

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe

"C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe"

C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe

"C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe"

Network

Country Destination Domain Proto
NL 194.109.206.212:80 tcp
SE 171.25.193.9:443 171.25.193.9 tcp
US 8.8.8.8:53 api.ipify.org udp
US 54.235.247.117:443 api.ipify.org tcp
GB 140.238.88.224:80 140.238.88.224 tcp
AT 116.202.21.217:443 tcp
US 8.8.8.8:53 time-a.nist.gov udp
US 129.6.15.28:13 time-a.nist.gov tcp
US 8.8.8.8:53 time-a-g.nist.gov udp
US 129.6.15.28:13 time-a-g.nist.gov tcp
US 8.8.8.8:53 time.nist.gov udp
US 128.138.141.172:13 time.nist.gov tcp
MY 124.217.246.97:80 124.217.246.97 tcp
US 135.148.100.90:443 tcp
DE 46.142.4.35:80 46.142.4.35 tcp
FI 95.216.19.206:443 tcp
GB 51.68.214.45:80 51.68.214.45 tcp
US 204.85.191.9:443 tcp
AU 51.161.131.117:80 51.161.131.117 tcp
EE 95.153.31.8:80 95.153.31.8 tcp
US 65.49.20.11:443 tcp
KR 160.202.162.186:80 160.202.162.186 tcp
RO 37.221.67.56:80 37.221.67.56 tcp
US 23.154.177.102:80 23.154.177.102 tcp
SE 79.136.1.46:80 79.136.1.46 tcp
LV 195.123.213.154:80 195.123.213.154 tcp
US 107.150.36.162:80 107.150.36.162 tcp
US 74.91.21.2:80 74.91.21.2 tcp
DE 82.165.103.72:80 82.165.103.72 tcp
US 157.230.50.72:80 157.230.50.72 tcp
DE 5.189.181.61:443 tcp
IT 158.58.173.78:80 158.58.173.78 tcp
UA 91.203.5.165:80 91.203.5.165 tcp

Files

memory/1684-52-0x0000000075AD1000-0x0000000075AD3000-memory.dmp

memory/1684-53-0x0000000000220000-0x0000000000278000-memory.dmp

memory/1684-55-0x0000000000490000-0x0000000000539000-memory.dmp

memory/1684-54-0x0000000000400000-0x0000000000490000-memory.dmp

\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe

MD5 b4cd27f2b37665f51eb9fe685ec1d373
SHA1 7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0
SHA256 91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581
SHA512 e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e

memory/808-57-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe

MD5 b4cd27f2b37665f51eb9fe685ec1d373
SHA1 7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0
SHA256 91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581
SHA512 e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e

C:\Users\Admin\AppData\Local\Temp\x64btit.txt

MD5 dc8b80d57d43beb3946652f8b8250c25
SHA1 ee5f1cdb25a9bbcfcf3ef9ab6d69d97c4dc27311
SHA256 6db8fac880ce5e4d15740c5d8e4783a8cc02ee523d00aa4fc98dc88e8df695f7
SHA512 7f8e9ec4fbb80b384edf97b72115645d6e7ff3d8a6371bb14c93d993ac626d52e26278eb980c9cfe4dd413234ee5f3fcd15affc966ecfd6e34bf594d78ca58e8

Analysis: behavioral2

Detonation Overview

Submitted

2021-09-13 08:20

Reported

2021-09-13 08:22

Platform

win10v20210408

Max time kernel

151s

Max time network

135s

Command Line

"C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe"

Signatures

Osiris

banker botnet osiris

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Local\\Temp\\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe" C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Uses Tor communications

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe

"C:\Users\Admin\AppData\Local\Temp\577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764.exe"

C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe

"C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe"

Network

Country Destination Domain Proto
DE 193.23.244.244:80 193.23.244.244 tcp
NL 194.109.206.212:80 tcp
CA 199.58.81.140:80 199.58.81.140 tcp
US 8.8.8.8:53 api.ipify.org udp
US 50.16.248.208:443 api.ipify.org tcp
US 192.34.80.176:80 192.34.80.176 tcp
US 198.255.21.2:443 tcp
US 8.8.8.8:53 time-a.nist.gov udp
US 129.6.15.28:13 time-a.nist.gov tcp
US 8.8.8.8:53 time-a-g.nist.gov udp
US 129.6.15.28:13 time-a-g.nist.gov tcp
US 8.8.8.8:53 time.nist.gov udp
US 128.138.140.44:13 time.nist.gov tcp
RO 37.221.67.54:80 37.221.67.54 tcp
US 198.98.61.131:80 198.98.61.131 tcp
US 129.6.15.28:13 time-a-g.nist.gov tcp
US 129.6.15.28:13 time-a-g.nist.gov tcp
DE 179.43.169.20:80 179.43.169.20 tcp
FR 62.210.97.21:80 62.210.97.21 tcp
US 198.98.61.131:80 198.98.61.131 tcp
SE 79.136.1.46:80 79.136.1.46 tcp
HU 217.112.131.7:80 217.112.131.7 tcp
US 45.56.90.176:80 45.56.90.176 tcp
LU 104.244.77.250:80 104.244.77.250 tcp
FR 52.143.157.92:443 tcp
IT 37.9.231.195:80 37.9.231.195 tcp
SE 193.182.61.9:80 193.182.61.9 tcp
US 128.31.0.61:80 128.31.0.61 tcp
US 199.184.246.250:443 tcp
NL 80.127.137.14:80 80.127.137.14 tcp
CZ 46.36.39.134:80 46.36.39.134 tcp
FR 51.255.106.85:80 51.255.106.85 tcp
LV 94.140.112.74:443 tcp
DE 217.160.60.110:80 217.160.60.110 tcp
EE 46.22.212.230:80 46.22.212.230 tcp
DE 176.9.75.110:80 176.9.75.110 tcp
DE 78.31.65.42:443 tcp
NL 185.227.82.63:80 185.227.82.63 tcp
US 204.85.191.8:80 204.85.191.8 tcp
BG 94.156.175.120:80 94.156.175.120 tcp
US 199.249.230.73:443 tcp
MY 124.217.246.98:80 124.217.246.98 tcp
DE 217.79.179.7:80 217.79.179.7 tcp
DE 185.220.102.240:80 185.220.102.240 tcp
US 108.199.56.138:443 tcp
US 172.104.208.190:80 172.104.208.190 tcp
DE 93.104.209.61:80 93.104.209.61 tcp

Files

memory/664-115-0x0000000000400000-0x0000000000490000-memory.dmp

memory/664-114-0x0000000000730000-0x0000000000788000-memory.dmp

memory/664-116-0x00000000022A0000-0x0000000002349000-memory.dmp

memory/1040-117-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe

MD5 b4cd27f2b37665f51eb9fe685ec1d373
SHA1 7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0
SHA256 91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581
SHA512 e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e

C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe

MD5 b4cd27f2b37665f51eb9fe685ec1d373
SHA1 7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0
SHA256 91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581
SHA512 e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e

C:\Users\Admin\AppData\Local\Temp\x64btit.txt

MD5 09fc5178a368d61edb70782a468cfd04
SHA1 1c4cfc11ddc6b79e907f87e681e6d03bffcee277
SHA256 8de3112d58c025c123f431638f857500cf817fdcd93ce9129927f8bc8beb7d26
SHA512 b33258f198ae9613819d031f23744d5d3f4d25edf221209ba518aaa7050271c793d5c310884bffa081e56830d7f3c512576b9a01bd9afffa0fbea291cfeb3418