Overview

overview

6

Static

static

925adf2596...a9.exe

windows7-x64

6

925adf2596...a9.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    42s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01/10/2022, 18:27 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    925adf2596b6c114d3f8ee7754b253e68b6ac7517d03f6a83212a1b08ab09aa9.exe

  • Size

    317KB

  • MD5

    6cb30c3f7fd1da8d9e10de8e1c57d0fd

  • SHA1

    d9b471966a755558f0c7b55af66dca95b94c1402

  • SHA256

    925adf2596b6c114d3f8ee7754b253e68b6ac7517d03f6a83212a1b08ab09aa9

  • SHA512

    62b50347e23a567732cb838b4530e103fe90e77b3c1e0fcc0fd3317feb15afe3f72b2aeb97e9ba22fa0f60a8513810c325a68089150f33b07b9679ebf2c1169a

  • SSDEEP

    6144:0Q64S4tdFmgWIqy6btoAAdw2Fma+ZNy+RhJMn0is:/6+HFOIqy6bKAA62Zey+RrQ0is

Score
6/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\925adf2596b6c114d3f8ee7754b253e68b6ac7517d03f6a83212a1b08ab09aa9.exe
    "C:\Users\Admin\AppData\Local\Temp\925adf2596b6c114d3f8ee7754b253e68b6ac7517d03f6a83212a1b08ab09aa9.exe"
    1⤵
    • Maps connected drives based on registry
    • Drops file in Windows directory
    PID:1092

Network

  • flag-us
    DNS
    allallstate.net
    925adf2596b6c114d3f8ee7754b253e68b6ac7517d03f6a83212a1b08ab09aa9.exe
    Remote address:
    8.8.8.8:53
    Request
    allallstate.net
    IN A
    Response
    allallstate.net
    IN A
    58.158.177.102
  • flag-us
    DNS
    allmodel-pro.com
    925adf2596b6c114d3f8ee7754b253e68b6ac7517d03f6a83212a1b08ab09aa9.exe
    Remote address:
    8.8.8.8:53
    Request
    allmodel-pro.com
    IN A
    Response
    allmodel-pro.com
    IN A
    193.166.255.171
  • flag-jp
    GET
    http://allallstate.net/?q=RF8R2XZFMl0869u2LFAZyvgHpF7MhEDuBckRzWshu%2F7Ji4JTOZxviOG0vqAclcIdzOO65MbYBm%2BXFuG5NKancB9IQJ8n8WabmCWNaC5oD7LzqpzfKbM8xhDw3BxHhCDElaEb1xC7Jzk4cqnGvW%2BThOsWXTT%2BjcXnP27LcOpn1FCvmFKtgojCAU6jN8v9erJYC2Y%2F1iVh3D8%2FBEPE0Jjq9DBCJvokO9vgnSLfAV8Mu4VofrtqZ8bLimdRvSLprUvJgxb9BXouN4EpfElmxJv8OwOc96K%2B%2FmgkHv6GpU48CPHgdJiyZgcip5woNTmmwJ4bNjiJiw8Mzd%2Byci
    925adf2596b6c114d3f8ee7754b253e68b6ac7517d03f6a83212a1b08ab09aa9.exe
    Remote address:
    58.158.177.102:80
    Request
    GET /?q=RF8R2XZFMl0869u2LFAZyvgHpF7MhEDuBckRzWshu%2F7Ji4JTOZxviOG0vqAclcIdzOO65MbYBm%2BXFuG5NKancB9IQJ8n8WabmCWNaC5oD7LzqpzfKbM8xhDw3BxHhCDElaEb1xC7Jzk4cqnGvW%2BThOsWXTT%2BjcXnP27LcOpn1FCvmFKtgojCAU6jN8v9erJYC2Y%2F1iVh3D8%2FBEPE0Jjq9DBCJvokO9vgnSLfAV8Mu4VofrtqZ8bLimdRvSLprUvJgxb9BXouN4EpfElmxJv8OwOc96K%2B%2FmgkHv6GpU48CPHgdJiyZgcip5woNTmmwJ4bNjiJiw8Mzd%2Byci HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36
    Host: allallstate.net
    Response
    HTTP/1.1 200 OK
    Date: Sat, 01 Oct 2022 18:45:56 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
    Last-Modified: Mon, 30 Nov 2015 13:48:40 GMT
    ETag: "9-525c24c725e00"
    Accept-Ranges: bytes
    Content-Length: 9
    Content-Type: text/html; charset=UTF-8
  • 58.158.177.102:80
    http://allallstate.net/?q=RF8R2XZFMl0869u2LFAZyvgHpF7MhEDuBckRzWshu%2F7Ji4JTOZxviOG0vqAclcIdzOO65MbYBm%2BXFuG5NKancB9IQJ8n8WabmCWNaC5oD7LzqpzfKbM8xhDw3BxHhCDElaEb1xC7Jzk4cqnGvW%2BThOsWXTT%2BjcXnP27LcOpn1FCvmFKtgojCAU6jN8v9erJYC2Y%2F1iVh3D8%2FBEPE0Jjq9DBCJvokO9vgnSLfAV8Mu4VofrtqZ8bLimdRvSLprUvJgxb9BXouN4EpfElmxJv8OwOc96K%2B%2FmgkHv6GpU48CPHgdJiyZgcip5woNTmmwJ4bNjiJiw8Mzd%2Byci
    http
    925adf2596b6c114d3f8ee7754b253e68b6ac7517d03f6a83212a1b08ab09aa9.exe
    1.3kB
     452 B
     6
    4

    HTTP Request

    GET http://allallstate.net/?q=RF8R2XZFMl0869u2LFAZyvgHpF7MhEDuBckRzWshu%2F7Ji4JTOZxviOG0vqAclcIdzOO65MbYBm%2BXFuG5NKancB9IQJ8n8WabmCWNaC5oD7LzqpzfKbM8xhDw3BxHhCDElaEb1xC7Jzk4cqnGvW%2BThOsWXTT%2BjcXnP27LcOpn1FCvmFKtgojCAU6jN8v9erJYC2Y%2F1iVh3D8%2FBEPE0Jjq9DBCJvokO9vgnSLfAV8Mu4VofrtqZ8bLimdRvSLprUvJgxb9BXouN4EpfElmxJv8OwOc96K%2B%2FmgkHv6GpU48CPHgdJiyZgcip5woNTmmwJ4bNjiJiw8Mzd%2Byci

    HTTP Response

    200
  • 193.166.255.171:80
    allmodel-pro.com
    925adf2596b6c114d3f8ee7754b253e68b6ac7517d03f6a83212a1b08ab09aa9.exe
    52 B
     1
  • 8.8.8.8:53
    allallstate.net
    dns
    925adf2596b6c114d3f8ee7754b253e68b6ac7517d03f6a83212a1b08ab09aa9.exe
    61 B
     77 B
     1
    1

    DNS Request

    allallstate.net

    DNS Response

    58.158.177.102

  • 8.8.8.8:53
    allmodel-pro.com
    dns
    925adf2596b6c114d3f8ee7754b253e68b6ac7517d03f6a83212a1b08ab09aa9.exe
    62 B
     78 B
     1
    1

    DNS Request

    allmodel-pro.com

    DNS Response

    193.166.255.171

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1092-54-0x0000000074C91000-0x0000000074C93000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1092-55-0x0000000000240000-0x000000000026F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1092-59-0x00000000033A0000-0x00000000033C7000-memory.dmp

    Filesize

    156KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.