Overview

overview

7

Static

static

09c8f46a97...7a.exe

windows7-x64

7

09c8f46a97...7a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2022, 22:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09c8f46a975a7b7ace97338727c51fd02a57530ca4e7d37d8e002ca7fbdfa87a.exe

  • Size

    316KB

  • MD5

    39826cc4329d878b09d8a944db1da260

  • SHA1

    8016b4e572f698f799f89ecec961df51d405808c

  • SHA256

    09c8f46a975a7b7ace97338727c51fd02a57530ca4e7d37d8e002ca7fbdfa87a

  • SHA512

    3e9bd2e72177239b36b66283d7671fc5f0cbb59bd9d54877d4de3b1fdc4d5b2926293fd689b8ae0895cfef3edb65fdab21306f6eee6e9715aaa5c36397f38040

  • SSDEEP

    6144:VrJbUzkuvcBYC47l2xuNfL2pAgWriSTb3Z9xuzSCR2bSj:Vr6kuveY3TT2XdGp9xRC4bSj

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09c8f46a975a7b7ace97338727c51fd02a57530ca4e7d37d8e002ca7fbdfa87a.exe
    "C:\Users\Admin\AppData\Local\Temp\09c8f46a975a7b7ace97338727c51fd02a57530ca4e7d37d8e002ca7fbdfa87a.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    PID:616

Network

  • flag-us
    DNS
    r1.getapplicationmy.info
    09c8f46a975a7b7ace97338727c51fd02a57530ca4e7d37d8e002ca7fbdfa87a.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.getapplicationmy.info
    IN A
    Response
    r1.getapplicationmy.info
    IN A
    162.210.196.173
  • flag-us
    DNS
    c1.getapplicationmy.info
    09c8f46a975a7b7ace97338727c51fd02a57530ca4e7d37d8e002ca7fbdfa87a.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.getapplicationmy.info
    IN A
    Response
    c1.getapplicationmy.info
    IN A
    94.229.72.117
  • flag-us
    DNS
    r2.getapplicationmy.info
    09c8f46a975a7b7ace97338727c51fd02a57530ca4e7d37d8e002ca7fbdfa87a.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.getapplicationmy.info
    IN A
    Response
    r2.getapplicationmy.info
    IN A
    94.229.72.117
  • flag-us
    DNS
    c2.getapplicationmy.info
    09c8f46a975a7b7ace97338727c51fd02a57530ca4e7d37d8e002ca7fbdfa87a.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.getapplicationmy.info
    IN A
    Response
    c2.getapplicationmy.info
    IN A
    94.229.72.117
  • flag-us
    DNS
    96.108.152.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    96.108.152.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    226.101.242.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    226.101.242.52.in-addr.arpa
    IN PTR
    Response
  • 93.184.221.240:80
    260 B
     5
  • 162.210.196.173:80
    r1.getapplicationmy.info
    09c8f46a975a7b7ace97338727c51fd02a57530ca4e7d37d8e002ca7fbdfa87a.exe
    260 B
     5
  • 94.229.72.117:80
    c1.getapplicationmy.info
    09c8f46a975a7b7ace97338727c51fd02a57530ca4e7d37d8e002ca7fbdfa87a.exe
    260 B
     5
  • 52.109.77.0:443
    40 B
     1
  • 93.184.220.29:80
    46 B
     40 B
     1
    1
  • 94.229.72.117:80
    c2.getapplicationmy.info
    09c8f46a975a7b7ace97338727c51fd02a57530ca4e7d37d8e002ca7fbdfa87a.exe
    260 B
     5
  • 94.229.72.117:80
    c2.getapplicationmy.info
    09c8f46a975a7b7ace97338727c51fd02a57530ca4e7d37d8e002ca7fbdfa87a.exe
    260 B
     5
  • 13.69.109.130:443
    322 B
     7
  • 94.229.72.117:80
    c2.getapplicationmy.info
    09c8f46a975a7b7ace97338727c51fd02a57530ca4e7d37d8e002ca7fbdfa87a.exe
    260 B
     5
  • 94.229.72.117:80
    c2.getapplicationmy.info
    09c8f46a975a7b7ace97338727c51fd02a57530ca4e7d37d8e002ca7fbdfa87a.exe
    260 B
     5
  • 94.229.72.117:80
    c2.getapplicationmy.info
    09c8f46a975a7b7ace97338727c51fd02a57530ca4e7d37d8e002ca7fbdfa87a.exe
    260 B
     5
  • 94.229.72.117:80
    c2.getapplicationmy.info
    09c8f46a975a7b7ace97338727c51fd02a57530ca4e7d37d8e002ca7fbdfa87a.exe
    260 B
     5
  • 8.8.8.8:53
    r1.getapplicationmy.info
    dns
    09c8f46a975a7b7ace97338727c51fd02a57530ca4e7d37d8e002ca7fbdfa87a.exe
    70 B
     86 B
     1
    1

    DNS Request

    r1.getapplicationmy.info

    DNS Response

    162.210.196.173

  • 8.8.8.8:53
    c1.getapplicationmy.info
    dns
    09c8f46a975a7b7ace97338727c51fd02a57530ca4e7d37d8e002ca7fbdfa87a.exe
    70 B
     86 B
     1
    1

    DNS Request

    c1.getapplicationmy.info

    DNS Response

    94.229.72.117

  • 8.8.8.8:53
    r2.getapplicationmy.info
    dns
    09c8f46a975a7b7ace97338727c51fd02a57530ca4e7d37d8e002ca7fbdfa87a.exe
    70 B
     86 B
     1
    1

    DNS Request

    r2.getapplicationmy.info

    DNS Response

    94.229.72.117

  • 8.8.8.8:53
    c2.getapplicationmy.info
    dns
    09c8f46a975a7b7ace97338727c51fd02a57530ca4e7d37d8e002ca7fbdfa87a.exe
    70 B
     86 B
     1
    1

    DNS Request

    c2.getapplicationmy.info

    DNS Response

    94.229.72.117

  • 8.8.8.8:53
    96.108.152.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    96.108.152.52.in-addr.arpa

  • 8.8.8.8:53
    226.101.242.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    226.101.242.52.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Tsu5B84E67E.dll
    Filesize

    269KB

    MD5

    af7ce801c8471c5cd19b366333c153c4

    SHA1

    4267749d020a362edbd25434ad65f98b073581f1

    SHA256

    cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

    SHA512

    88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{D5A9C2A0-7EA4-4A48-A8A3-36860E4AE056}\Custom.dll
    Filesize

    91KB

    MD5

    aab03c84db6cba9639d49888a5f0cae1

    SHA1

    f27e6a68da55cb9b6e25b1ddf1c21a77bf6605ae

    SHA256

    72041aa64738b7cfbf8c10d8c8fcadf208240d3d69f0d546e2a923ed9a79cd32

    SHA512

    9c5c935e041d3f7388b9abb4ce20b02a0a9b6d8616182bf717431dac38686f983eb2da2893b60106367970c7a13b845df46279c1a8d64263873ccf1505e731c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{D5A9C2A0-7EA4-4A48-A8A3-36860E4AE056}\_Setup.dll
    Filesize

    173KB

    MD5

    0518cb1e0dc406122ccdabd50aeafb76

    SHA1

    53e860574019872b2a740b4bc345db7972b06a87

    SHA256

    77e1fae9a24895805780626e4a27a75d91528e73830a7dc33b154fb868b70df2

    SHA512

    989fcf7d0a2cec0d8bafeb08f1f4a3a8f44a6a5d4e6831ff993e907d88b8226d89c5235b03e421d4802071edb0787b36c11c39f0faebe7edd2fca9e33989c40c

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.