Malware Analysis Report

2024-11-30 23:20

Sample ID 220410-bpptysfdc3
Target b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
Tags
hacked blacknet persistence trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09

Threat Level: Known bad

The file b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe was found to be: Known bad.

Malicious Activity Summary

hacked blacknet persistence trojan

Blacknet family

BlackNET

BlackNET Payload

Contains code to disable Windows Defender

Adds Run key to start application

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-04-10 01:19

Signatures

BlackNET Payload

Description Indicator Process Target
N/A N/A N/A N/A

Blacknet family

blacknet

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-04-10 01:19

Reported

2022-04-10 01:37

Platform

win7-20220311-en

Max time kernel

4294075s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

Signatures

BlackNET

trojan blacknet

BlackNET Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2199625441-3471261906-229485034-1000\Software\Microsoft\Windows\CurrentVersion\Run\df7427b5e05183e625345c3c37ef31c0 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe" C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\MyClient\WindowsUpdate.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\MyClient\WindowsUpdate.exe"

C:\Users\Admin\AppData\Local\Temp\svchosts.exe

"C:\Users\Admin\AppData\Local\Temp\svchosts.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 finalb.xyz udp

Files

memory/1828-54-0x000007FEEE400000-0x000007FEEF496000-memory.dmp

memory/1828-55-0x0000000000B80000-0x0000000000B82000-memory.dmp

memory/1828-56-0x0000000000B86000-0x0000000000BA5000-memory.dmp

memory/1828-57-0x0000000000BBC000-0x0000000000BBE000-memory.dmp

memory/1828-58-0x0000000000BBA000-0x0000000000BBF000-memory.dmp

memory/1828-59-0x0000000000BD9000-0x0000000000BE4000-memory.dmp

memory/1828-60-0x0000000000BBE000-0x0000000000BC0000-memory.dmp

memory/1828-63-0x0000000000BC5000-0x0000000000BC7000-memory.dmp

memory/1828-64-0x0000000000BC7000-0x0000000000BC9000-memory.dmp

memory/1828-65-0x0000000000BC9000-0x0000000000BCB000-memory.dmp

memory/1828-62-0x0000000000BC3000-0x0000000000BC5000-memory.dmp

memory/1828-61-0x0000000000BC1000-0x0000000000BC3000-memory.dmp

memory/1828-68-0x0000000000BD1000-0x0000000000BD5000-memory.dmp

memory/1828-67-0x0000000000BCD000-0x0000000000BD1000-memory.dmp

memory/1828-71-0x0000000000BDD000-0x0000000000BE1000-memory.dmp

memory/1828-75-0x0000000000BAB000-0x0000000000BB6000-memory.dmp

memory/1828-74-0x0000000000BC1000-0x0000000000BC8000-memory.dmp

memory/1828-73-0x0000000000BB9000-0x0000000000BBF000-memory.dmp

memory/1828-72-0x0000000000BE1000-0x0000000000BE5000-memory.dmp

memory/1828-70-0x0000000000BD9000-0x0000000000BDD000-memory.dmp

memory/1828-69-0x0000000000BD5000-0x0000000000BD9000-memory.dmp

memory/1828-66-0x0000000000BCB000-0x0000000000BCD000-memory.dmp

memory/1828-76-0x0000000000BE5000-0x0000000000BE9000-memory.dmp

memory/1828-77-0x0000000000BC1000-0x0000000000BC6000-memory.dmp

memory/1828-78-0x0000000000BAB000-0x0000000000BB0000-memory.dmp

memory/1828-79-0x0000000000BAE000-0x0000000000BB6000-memory.dmp

memory/1464-80-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\MyClient\WindowsUpdate.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

C:\Users\Admin\AppData\Roaming\Microsoft\MyClient\WindowsUpdate.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/992-84-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\svchosts.exe

MD5 89dd6e72358a669b7d6e2348307a7af7
SHA1 0db348f3c6114a45d71f4d218e0e088b71c7bb0a
SHA256 ad34794058212006ae974fcc6a0242598e6d020f08044439e3512773cd402b7e
SHA512 93b8a47686d7491281a0809b138a6244a535302ba0d6b2146849e9888632c72b6223ae8eb7a24f1006aaf57ab947a8f43719cff4837df559e7bf42f52c63856b

C:\Users\Admin\AppData\Local\Temp\svchosts.exe

MD5 89dd6e72358a669b7d6e2348307a7af7
SHA1 0db348f3c6114a45d71f4d218e0e088b71c7bb0a
SHA256 ad34794058212006ae974fcc6a0242598e6d020f08044439e3512773cd402b7e
SHA512 93b8a47686d7491281a0809b138a6244a535302ba0d6b2146849e9888632c72b6223ae8eb7a24f1006aaf57ab947a8f43719cff4837df559e7bf42f52c63856b

memory/1464-87-0x00000000020A0000-0x00000000020A2000-memory.dmp

memory/1464-83-0x000007FEEE400000-0x000007FEEF496000-memory.dmp

memory/992-89-0x0000000000A50000-0x0000000000A52000-memory.dmp

memory/992-88-0x000007FEEE400000-0x000007FEEF496000-memory.dmp

memory/1464-90-0x00000000020A6000-0x00000000020C5000-memory.dmp

memory/992-91-0x0000000000A56000-0x0000000000A75000-memory.dmp

memory/1220-92-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/1220-94-0x000007FEEE400000-0x000007FEEF496000-memory.dmp

memory/1220-95-0x00000000000E0000-0x0000000000160000-memory.dmp

memory/1220-96-0x00000000000E0000-0x0000000000160000-memory.dmp

memory/1980-97-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/1980-100-0x0000000000A40000-0x0000000000A42000-memory.dmp

memory/1980-99-0x000007FEEE400000-0x000007FEEF496000-memory.dmp

memory/1464-101-0x00000000020F5000-0x00000000020F9000-memory.dmp

memory/1464-102-0x00000000020DC000-0x00000000020DE000-memory.dmp

memory/1464-103-0x00000000020DE000-0x00000000020E0000-memory.dmp

memory/1464-105-0x00000000020E1000-0x00000000020E3000-memory.dmp

memory/1464-104-0x0000000002115000-0x0000000002120000-memory.dmp

memory/1464-106-0x00000000020E3000-0x00000000020E5000-memory.dmp

memory/1464-108-0x000000001D2F1000-0x000000001D2F9000-memory.dmp

memory/1980-109-0x0000000000A46000-0x0000000000A65000-memory.dmp

memory/1464-107-0x000000001D2D0000-0x000000001D2D9000-memory.dmp

memory/1464-110-0x000000001D301000-0x000000001D311000-memory.dmp

memory/1464-111-0x000000001D2D9000-0x000000001D2E1000-memory.dmp

memory/1464-112-0x000000001D2E1000-0x000000001D2E9000-memory.dmp

memory/1464-113-0x000000001D2E9000-0x000000001D2F1000-memory.dmp

memory/1464-114-0x000000001D2F9000-0x000000001D301000-memory.dmp

memory/1464-115-0x00000000020E5000-0x00000000020E7000-memory.dmp

memory/1464-116-0x00000000020E7000-0x00000000020E9000-memory.dmp

memory/1464-118-0x00000000020EB000-0x00000000020ED000-memory.dmp

memory/1464-117-0x00000000020E9000-0x00000000020EB000-memory.dmp

memory/1464-119-0x00000000020ED000-0x00000000020F1000-memory.dmp

memory/1464-121-0x00000000020F9000-0x00000000020FD000-memory.dmp

memory/1464-120-0x00000000020F1000-0x00000000020F5000-memory.dmp

memory/1464-122-0x00000000020FD000-0x0000000002101000-memory.dmp

memory/1464-123-0x0000000002101000-0x0000000002105000-memory.dmp

memory/1464-124-0x0000000002105000-0x0000000002109000-memory.dmp

memory/1464-125-0x0000000002109000-0x000000000210D000-memory.dmp

memory/1464-126-0x000000000210D000-0x0000000002115000-memory.dmp

memory/1464-128-0x000000001D321000-0x000000001D331000-memory.dmp

memory/1464-127-0x000000001D311000-0x000000001D321000-memory.dmp

memory/1464-129-0x000000001D331000-0x000000001D341000-memory.dmp

memory/1464-130-0x00000000020DA000-0x00000000020DF000-memory.dmp

memory/1464-132-0x000000001D351000-0x000000001D361000-memory.dmp

memory/1464-131-0x000000001D341000-0x000000001D351000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/1876-134-0x0000000000000000-mapping.dmp

memory/1876-136-0x000007FEEE400000-0x000007FEEF496000-memory.dmp

memory/1528-143-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/1528-145-0x000007FEEE400000-0x000007FEEF496000-memory.dmp

memory/1556-152-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/1556-154-0x000007FEEE400000-0x000007FEEF496000-memory.dmp

memory/852-158-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/852-160-0x000007FEEE400000-0x000007FEEF496000-memory.dmp

memory/1544-162-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/1020-166-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/1020-168-0x000007FEEE400000-0x000007FEEF496000-memory.dmp

memory/1248-169-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/1248-171-0x000007FEEE400000-0x000007FEEF496000-memory.dmp

memory/1620-173-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/1620-175-0x000007FEEE400000-0x000007FEEF496000-memory.dmp

memory/1220-177-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/1220-179-0x000007FEEE400000-0x000007FEEF496000-memory.dmp

memory/852-181-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/852-183-0x000007FEEE400000-0x000007FEEF496000-memory.dmp

memory/316-185-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/316-187-0x000007FEEE400000-0x000007FEEF496000-memory.dmp

memory/1820-189-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/1724-193-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/1724-195-0x000007FEEE400000-0x000007FEEF496000-memory.dmp

memory/1248-197-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/1248-199-0x000007FEEE400000-0x000007FEEF496000-memory.dmp

memory/1636-201-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 86b98ee4c30e016907e98331143f1333
SHA1 af819d6be679d2fd93a51da196dbf5c13c29db31
SHA256 a6b390531e90f306683abc046665ecdd6ffa9c17f565c96ec803c36b0b5c75ba
SHA512 45fb305d5eac440e9f038ee3ef8a2469e76c233ae5efd339cd8b467a4d7f4e432b7375ce7150e9909f069514ecd115bfe6fe36ac426439556a7c4953ba20ec85

Analysis: behavioral2

Detonation Overview

Submitted

2022-04-10 01:19

Reported

2022-04-10 01:37

Platform

win10v2004-en-20220113

Max time kernel

132s

Max time network

136s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Windows\system32\fondue.exe

"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll

Network

Country Destination Domain Proto
NL 104.110.191.140:80 tcp
NL 104.110.191.140:80 tcp

Files

memory/4092-130-0x0000000000000000-mapping.dmp