Analysis
-
max time kernel
125s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20220310-en -
submitted
13-03-2022 21:08
Static task
static1
Behavioral task
behavioral1
Sample
066dd2538407a6ae20996556d4f67d50.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
066dd2538407a6ae20996556d4f67d50.exe
Resource
win10v2004-20220310-en
General
-
Target
066dd2538407a6ae20996556d4f67d50.exe
-
Size
518KB
-
MD5
066dd2538407a6ae20996556d4f67d50
-
SHA1
5586f384bb7441a529b4d4d24bb2f50578bf7f2a
-
SHA256
30f8d690fcd9bc1e0020f6b3a916ad71e5b2df3cdb17e02e5a1565b579bf7319
-
SHA512
a0500413cca66e65b5bd37a5ac444223dae2139df43c7797ec259e83825fb5b3041b32d88f460ba5092f9068b95cbf0c49200b6f60103be0ed4a09abb4f85a89
Malware Config
Extracted
raccoon
ccba3157b9f42051adf38fbb8f5d0aca7f2b7366
-
url4cnc
http://185.163.204.81/nui8xtgen
http://194.180.191.33/nui8xtgen
http://174.138.11.98/nui8xtgen
http://194.180.191.44/nui8xtgen
http://91.219.236.120/nui8xtgen
https://t.me/nui8xtgen
Signatures
Processes
-
C:\Users\Admin\AppData\Local\Temp\066dd2538407a6ae20996556d4f67d50.exe"C:\Users\Admin\AppData\Local\Temp\066dd2538407a6ae20996556d4f67d50.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 8402⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4308 -ip 43081⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4308-134-0x00000000006E1000-0x0000000000731000-memory.dmpFilesize
320KB
-
memory/4308-135-0x00000000006E1000-0x0000000000731000-memory.dmpFilesize
320KB
-
memory/4308-136-0x00000000022F0000-0x0000000002382000-memory.dmpFilesize
584KB
-
memory/4308-137-0x0000000000400000-0x00000000004B2000-memory.dmpFilesize
712KB