Overview

overview

7

Static

static

453ca9bf53...67.exe

windows7-x64

7

453ca9bf53...67.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    51s
  • max time network
    89s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2022, 16:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    453ca9bf53d1f4cd9e31058768f38be99ccd7c2302389a6170104c9a2fe89f67.exe

  • Size

    315KB

  • MD5

    487423951ef0696cf57e9711cf706c60

  • SHA1

    6ac08b19b11a129e65568617630e76eb8e9e0fc6

  • SHA256

    453ca9bf53d1f4cd9e31058768f38be99ccd7c2302389a6170104c9a2fe89f67

  • SHA512

    807c5648c955bb3abea8e9e7cb61a92bbe49d111f36ba40fd11ead9a2601852414e0b2a02860d6f6df7bf5261fa5399c3bdf05afe056861503b3baad24d17418

  • SSDEEP

    6144:oreyVm/vbUzkuvcBYC47l2x1SVkJlzhrx7iY+1t8sBf4+sO6Xd5y5x9/:orzVm/kkuveY3MGWzlx7DMS7dG9/

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\453ca9bf53d1f4cd9e31058768f38be99ccd7c2302389a6170104c9a2fe89f67.exe
    "C:\Users\Admin\AppData\Local\Temp\453ca9bf53d1f4cd9e31058768f38be99ccd7c2302389a6170104c9a2fe89f67.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    PID:1756

Network

  • flag-us
    DNS
    r1.getapplicationmy.info
    453ca9bf53d1f4cd9e31058768f38be99ccd7c2302389a6170104c9a2fe89f67.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.getapplicationmy.info
    IN A
    Response
    r1.getapplicationmy.info
    IN A
    94.229.72.120
  • flag-us
    DNS
    c1.downlloaddatamy.info
    453ca9bf53d1f4cd9e31058768f38be99ccd7c2302389a6170104c9a2fe89f67.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.downlloaddatamy.info
    IN A
    Response
  • flag-us
    DNS
    c2.downlloaddatamy.info
    453ca9bf53d1f4cd9e31058768f38be99ccd7c2302389a6170104c9a2fe89f67.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.downlloaddatamy.info
    IN A
    Response
  • flag-us
    DNS
    r2.getapplicationmy.info
    453ca9bf53d1f4cd9e31058768f38be99ccd7c2302389a6170104c9a2fe89f67.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.getapplicationmy.info
    IN A
    Response
    r2.getapplicationmy.info
    IN A
    199.115.116.162
  • 94.229.72.120:80
    r1.getapplicationmy.info
    453ca9bf53d1f4cd9e31058768f38be99ccd7c2302389a6170104c9a2fe89f67.exe
    152 B
     3
  • 199.115.116.162:80
    r2.getapplicationmy.info
    453ca9bf53d1f4cd9e31058768f38be99ccd7c2302389a6170104c9a2fe89f67.exe
    152 B
     3
  • 8.8.8.8:53
    r1.getapplicationmy.info
    dns
    453ca9bf53d1f4cd9e31058768f38be99ccd7c2302389a6170104c9a2fe89f67.exe
    70 B
     86 B
     1
    1

    DNS Request

    r1.getapplicationmy.info

    DNS Response

    94.229.72.120

  • 8.8.8.8:53
    c1.downlloaddatamy.info
    dns
    453ca9bf53d1f4cd9e31058768f38be99ccd7c2302389a6170104c9a2fe89f67.exe
    69 B
     148 B
     1
    1

    DNS Request

    c1.downlloaddatamy.info

  • 8.8.8.8:53
    c2.downlloaddatamy.info
    dns
    453ca9bf53d1f4cd9e31058768f38be99ccd7c2302389a6170104c9a2fe89f67.exe
    69 B
     148 B
     1
    1

    DNS Request

    c2.downlloaddatamy.info

  • 8.8.8.8:53
    r2.getapplicationmy.info
    dns
    453ca9bf53d1f4cd9e31058768f38be99ccd7c2302389a6170104c9a2fe89f67.exe
    70 B
     86 B
     1
    1

    DNS Request

    r2.getapplicationmy.info

    DNS Response

    199.115.116.162

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\TsuC2D31F31.dll
    Filesize

    269KB

    MD5

    af7ce801c8471c5cd19b366333c153c4

    SHA1

    4267749d020a362edbd25434ad65f98b073581f1

    SHA256

    cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

    SHA512

    88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\{36D26831-DA15-469F-A474-9237ED314AC7}\Custom.dll
    Filesize

    91KB

    MD5

    a2a81b0e4c80fb76704b1d79e937aff8

    SHA1

    2c6bdb07bba01186b59dbf1ba107bd27c2d9e00d

    SHA256

    a59dcfc80305319700a9390f0e9770c446497b8b6b373c5dfd32bc08b13f47aa

    SHA512

    c3e02e446a69b6fb45d0cbd6c6d9943b4163e5002edaaf10893a35c5fb02d9d4e83863352bf28fd0ce85a7f18e9fa4c7f61a3083d9f2aa0d6d88e0a5d100f6d7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\{36D26831-DA15-469F-A474-9237ED314AC7}\_Setup.dll
    Filesize

    173KB

    MD5

    63c4055bdfe2b293be2e5d245bcb58a0

    SHA1

    3dc358a031c34b9709dae920f0aad796fe2153b5

    SHA256

    ecde6d486664067d0da60ef52d416f9d405d0bb3bf8c0d7cfbf3931583bd4136

    SHA512

    95804ce3635b64567b145afffb602d4e34480fa314a9db5d703802956003b8db2e80457a07729104309f850d41f2694ad8c4da081ebed48c7b6749ce986e1f7e

    Download Submit

  • memory/1756-55-0x00000000756B1000-0x00000000756B3000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.