Overview

overview

7

Static

static

3fa8397e0b...9d.exe

windows7-x64

7

3fa8397e0b...9d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    82s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2022, 06:00 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d.exe

  • Size

    324KB

  • MD5

    71dad9770f05df00bcde9d08efa6aee0

  • SHA1

    8e77790537fc9fe09d61497160217cb66899082e

  • SHA256

    3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d

  • SHA512

    f83f48b93fd13216af8ca03b31f2474d2abd8922783e4a20191c2d9c701b45e36e11fb21516dc9a2ca5b7ba1066ce425f1cb9e67e2836966aa8c60bebefb28a0

  • SSDEEP

    6144:7rwP9uEo2S1YnQmCX492DkwNP3qpYF+gkWr01QLNTMuLYlT0Ysrw0EW0gDmOu4q:7rUu6/eIo4bQLNgf27M0d0gDm9

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d.exe
    "C:\Users\Admin\AppData\Local\Temp\3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    PID:3036

Network

  • flag-us
    DNS
    r1.stylezip.info
    3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.stylezip.info
    IN A
    Response
  • flag-us
    DNS
    r1.stylezip.info
    3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.stylezip.info
    IN A
    Response
  • flag-us
    DNS
    c1.stylezip.info
    3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.stylezip.info
    IN A
    Response
  • flag-us
    DNS
    c2.stylemy.info
    3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.stylemy.info
    IN A
    Response
  • flag-us
    DNS
    r2.stylemy.info
    3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.stylemy.info
    IN A
    Response
  • flag-us
    DNS
    c1.stylezip.info
    3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.stylezip.info
    IN A
    Response
  • flag-us
    DNS
    c2.stylemy.info
    3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.stylemy.info
    IN A
    Response
  • flag-us
    DNS
    c1.stylezip.info
    3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.stylezip.info
    IN A
    Response
  • flag-us
    DNS
    c2.stylemy.info
    3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.stylemy.info
    IN A
    Response
  • flag-us
    DNS
    c2.stylemy.info
    3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.stylemy.info
    IN A
    Response
  • 72.21.91.29:80
    46 B
     40 B
     1
    1
  • 20.42.73.24:443
    322 B
     7
  • 2.18.109.224:443
    322 B
     7
  • 88.221.25.155:80
    322 B
     7
  • 87.248.202.1:80
    322 B
     7
  • 8.8.8.8:53
    r1.stylezip.info
    dns
    3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d.exe
    124 B
     282 B
     2
    2

    DNS Request

    r1.stylezip.info

    DNS Request

    r1.stylezip.info

  • 8.8.8.8:53
    c1.stylezip.info
    dns
    3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d.exe
    62 B
     141 B
     1
    1

    DNS Request

    c1.stylezip.info

  • 8.8.8.8:53
    c2.stylemy.info
    dns
    3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d.exe
    61 B
     140 B
     1
    1

    DNS Request

    c2.stylemy.info

  • 8.8.8.8:53
    r2.stylemy.info
    dns
    3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d.exe
    61 B
     140 B
     1
    1

    DNS Request

    r2.stylemy.info

  • 8.8.8.8:53
    c1.stylezip.info
    dns
    3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d.exe
    62 B
     141 B
     1
    1

    DNS Request

    c1.stylezip.info

  • 8.8.8.8:53
    c2.stylemy.info
    dns
    3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d.exe
    61 B
     140 B
     1
    1

    DNS Request

    c2.stylemy.info

  • 8.8.8.8:53
    c1.stylezip.info
    dns
    3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d.exe
    62 B
     141 B
     1
    1

    DNS Request

    c1.stylezip.info

  • 8.8.8.8:53
    c2.stylemy.info
    dns
    3fa8397e0b6c8825000ee96b8bb9e2255d879ade82bb94302bb535adc65a0c9d.exe
    122 B
     280 B
     2
    2

    DNS Request

    c2.stylemy.info

    DNS Request

    c2.stylemy.info

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Tsu1A595315.dll
    Filesize

    269KB

    MD5

    af7ce801c8471c5cd19b366333c153c4

    SHA1

    4267749d020a362edbd25434ad65f98b073581f1

    SHA256

    cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

    SHA512

    88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{A352641A-A1C5-4BFA-A911-E9E778B146EC}\Custom.dll
    Filesize

    73KB

    MD5

    56e4e9e881524397c9f6dca5ca70b1e8

    SHA1

    8ad77bad589591171eb94a593c3814a3b742f79c

    SHA256

    2e6e83c80a887c82c890053f491e0cb24074967b5ae7af7c8c4bcae78af2a22b

    SHA512

    130c83dfc0db281bd7999edc6c295f122ab3ba00c69353daad988866680a6994365874eb29122b8473930d2ba0df58bdfb27eb8897a819f79c8b8e31e6597700

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{A352641A-A1C5-4BFA-A911-E9E778B146EC}\_Setup.dll
    Filesize

    178KB

    MD5

    544cd326c7ff8786127b4a8bdfce4188

    SHA1

    bdc4e984a02ad23592871f15639bd9b36235ad78

    SHA256

    f9347487cdae8dc01f10099c36f601a498a552ced184de2d2e704414fa37381a

    SHA512

    bac0e15b680a6b35d2638058599d13f7813f1ebd3427985691b497c23e56145db6191dca6837116f29a6e2c6d3c8cc2f1b3ef8d6271f87607fb6d7e0f24d5feb

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.