32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 08:45 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe
Size

316KB
MD5

65594137d2bab22d3367e50d8db0bfa0
SHA1

c35802973aa8466754062016e87b72cecd96950f
SHA256

32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937
SHA512

92175a836153f9215249e4da46c66e5ba65ba735c74998dccf545b95f3fae19145f312c76a7291e68599751fce194a021ef05fc2f1d22177f73626e6d60bc2da
SSDEEP

6144:qrabUzkuvcBYC47l2xgh2hyP9wUnIG2mQP6vxoG0rkKc:qrDkuveY3N2eHnIPmQP6vqvE

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
4932	32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe
4932	32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe
4932	32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4932	32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe
4932	32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe

C:\Users\Admin\AppData\Local\Temp\32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe
"C:\Users\Admin\AppData\Local\Temp\32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe"
1⤵
- Loads dropped DLL
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
PID:4932

Network

DNS

c1.getapplicationmy.info

32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe

Remote address:

8.8.8.8:53

Request

c1.getapplicationmy.info

IN A

Response

c1.getapplicationmy.info

IN A

94.229.72.118
DNS

r1.getapplicationmy.info

32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe

Remote address:

8.8.8.8:53

Request

r1.getapplicationmy.info

IN A

Response

r1.getapplicationmy.info

IN A

94.229.72.118
DNS

r2.getapplicationmy.info

32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe

Remote address:

8.8.8.8:53

Request

r2.getapplicationmy.info

IN A

Response

r2.getapplicationmy.info

IN A

94.229.72.118
DNS

c2.getapplicationmy.info

32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe

Remote address:

8.8.8.8:53

Request

c2.getapplicationmy.info

IN A

Response

c2.getapplicationmy.info

IN A

94.229.72.118

94.229.72.118:80

r1.getapplicationmy.info

32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe

260 B
5
94.229.72.118:80

r1.getapplicationmy.info

32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe

260 B
5
93.184.221.240:80

322 B
7
52.109.13.64:443

40 B
1
20.189.173.1:443

322 B
7
94.229.72.118:80

c2.getapplicationmy.info

32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe

260 B
5
94.229.72.118:80

c2.getapplicationmy.info

32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe

260 B
5
209.197.3.8:80

46 B
40 B
1
1
94.229.72.118:80

c2.getapplicationmy.info

32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe

260 B
5
87.248.202.1:80

322 B
7
93.184.221.240:80

322 B
7
93.184.221.240:80

260 B
5
94.229.72.118:80

c2.getapplicationmy.info

32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe

260 B
5
94.229.72.118:80

c2.getapplicationmy.info

32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe

260 B
5
94.229.72.118:80

c2.getapplicationmy.info

32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe

260 B
5

8.8.8.8:53

c1.getapplicationmy.info

dns

32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe

70 B
86 B
1
1

DNS Request

c1.getapplicationmy.info

DNS Response

94.229.72.118
8.8.8.8:53

r1.getapplicationmy.info

dns

32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe

70 B
86 B
1
1

DNS Request

r1.getapplicationmy.info

DNS Response

94.229.72.118
8.8.8.8:53

r2.getapplicationmy.info

dns

32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe

70 B
86 B
1
1

DNS Request

r2.getapplicationmy.info

DNS Response

94.229.72.118
8.8.8.8:53

c2.getapplicationmy.info

dns

32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe

70 B
86 B
1
1

DNS Request

c2.getapplicationmy.info

DNS Response

94.229.72.118

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Tsu34954B55.dll

Filesize
269KB

MD5
af7ce801c8471c5cd19b366333c153c4

SHA1
4267749d020a362edbd25434ad65f98b073581f1

SHA256
cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

SHA512
88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{728D896C-0CE8-47E7-A50C-44CAA96EAB9A}\Custom.dll

Filesize
91KB

MD5
dc1e339686c8ccab49a2860c6709760b

SHA1
4662d7283d4ad26b4a235d82d831db526e9daa42

SHA256
07d70be92b1ef086f5f41f95fe14044fe8186e85a3972bb790ae143c66214f0b

SHA512
913e466fcae98118375c19e000c75ef03d7f5d30f16a29ad98fd90cbed425adf6415598b332cf30652a3dab2371e4a59a6a2c813d1df739bd09080e56aed9c52

Download Submit
C:\Users\Admin\AppData\Local\Temp\{728D896C-0CE8-47E7-A50C-44CAA96EAB9A}\_Setup.dll

Filesize
173KB

MD5
849cfed02ed4ded563da47d93592b653

SHA1
bcdc289cf10557a0ee5b8a3f956739710215a4e5

SHA256
40f7374f5089a9429f4fe0d568364c567d535fa2d3d542d4f7dfb948c480be27

SHA512
8f6d24b7234efb6cbf11be13bfa11f5e6d11aea48d1c81c37a421862aa452b6af0a06bc8637b58bfae631a68aa0d532c7922ccca6433cd2e05e87198ad719cf0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.