52e72513fe2a38707aa63fbc52dabd7c7d2c5809ed7e27f384315375426f57bf

Analysis

max time kernel
600s
max time network
603s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
26-10-2022 21:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35683ac5bbcc63eb33d552878d02ff44582161d1ea1ff969b14ea326083ea780_unpacked.exe
Size

96KB
MD5

e44cfd6ecc1ea0015c28a75964d19799
SHA1

cb294c79b5d48840382a06c4021bc2772fdbcf63
SHA256

52e72513fe2a38707aa63fbc52dabd7c7d2c5809ed7e27f384315375426f57bf
SHA512

89ec1c96d90991fcc691a461e64631f5f9d970a90560cf5143685a2f2b6c3afeda84fe38500003f303dc1cb35876fda03aeac29745d30cc397509751d8a96835
SSDEEP

1536:7X4kTvTOqjai7Z/ZP1FOsXO4dvhvMdAX0pJ0P11XJ2H1:7X4kL5f/OgO4dZvMdO0pWP11XM1

Score

8^/10

Malware Config

Signatures

Tries to connect to .bazar domain 64 IoCs

Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

Processes:

flow	ioc
1094	ehqesoto.bazar
1537	etqeudib.bazar
1926	owewtoib.bazar
1975	husoelel.bazar
2483	etududel.bazar
94	etcusoud.bazar
123	huidelib.bazar
816	izywudel.bazar
690	ufibelso.bazar
2202	etewtoso.bazar
2104	ypudtoib.bazar
2141	ehontoel.bazar
1187	iqywtoon.bazar
1264	bionibon.bazar
1515	agywonso.bazar
842	huedonon.bazar
971	aquhudud.bazar
1116	exedonud.bazar
1292	iztoonib.bazar
1499	ypibibib.bazar
575	bisosoib.bazar
738	aqudonel.bazar
762	exomonib.bazar
1980	husoelel.bazar
2388	agudsoel.bazar
1037	uftoelib.bazar
1752	liuhsoto.bazar
2123	ypudtoib.bazar
865	huedonon.bazar
1942	owewtoib.bazar
121	huidelib.bazar
578	bisosoib.bazar
666	tutoibso.bazar
2233	huekibto.bazar
498	hucaibib.bazar
892	iqsotoon.bazar
1120	exedonud.bazar
2068	aqqetoib.bazar
2101	vuibsoto.bazar
182	ydudibon.bazar
240	fuuhtoel.bazar
1832	iqqeudel.bazar
2090	vuibsoto.bazar
2114	ypudtoib.bazar
545	ypomudto.bazar
889	iqsotoon.bazar
1741	fueksoon.bazar
646	exuhelon.bazar
1434	ydywsoel.bazar
2489	etududel.bazar
1010	exektoto.bazar
1652	ydudtoib.bazar
2421	vuwyibib.bazar
2056	aqqetoib.bazar
348	tusoudib.bazar
457	lielelel.bazar
972	aquhudud.bazar
1050	biektoon.bazar
1262	bionibon.bazar
1306	iztoonib.bazar
2291	ypwyibto.bazar
2444	ehomudso.bazar
86	etcusoud.bazar
438	exomtoud.bazar

Unexpected DNS network traffic destination 64 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description	ioc
Destination IP	208.67.222.222
Destination IP	172.104.136.243
Destination IP	5.45.97.127
Destination IP	172.104.136.243
Destination IP	162.248.241.94
Destination IP	147.135.185.78
Destination IP	217.12.210.54
Destination IP	45.32.160.206
Destination IP	63.231.92.27
Destination IP	63.231.92.27
Destination IP	208.67.222.222
Destination IP	82.141.39.32
Destination IP	176.126.70.119
Destination IP	142.4.204.111
Destination IP	162.248.241.94
Destination IP	82.141.39.32
Destination IP	5.135.183.146
Destination IP	147.135.185.78
Destination IP	162.248.241.94
Destination IP	5.45.97.127
Destination IP	185.121.177.177
Destination IP	176.126.70.119
Destination IP	185.164.136.225
Destination IP	89.35.39.64
Destination IP	63.231.92.27
Destination IP	167.99.153.82
Destination IP	185.164.136.225
Destination IP	82.141.39.32
Destination IP	169.239.202.202
Destination IP	45.32.160.206
Destination IP	5.135.183.146
Destination IP	51.255.211.146
Destination IP	35.196.105.24
Destination IP	217.12.210.54
Destination IP	163.172.185.51
Destination IP	77.73.68.161
Destination IP	192.99.85.244
Destination IP	5.45.97.127
Destination IP	69.164.196.21
Destination IP	162.248.241.94
Destination IP	45.32.160.206
Destination IP	163.172.185.51
Destination IP	139.59.23.241
Destination IP	192.99.85.244
Destination IP	45.32.160.206
Destination IP	45.63.124.65
Destination IP	162.248.241.94
Destination IP	185.121.177.177
Destination IP	142.4.204.111
Destination IP	139.59.23.241
Destination IP	69.164.196.21
Destination IP	94.177.171.127
Destination IP	51.255.211.146
Destination IP	208.67.220.220
Destination IP	185.164.136.225
Destination IP	5.45.97.127
Destination IP	185.121.177.177
Destination IP	163.172.185.51
Destination IP	176.126.70.119
Destination IP	163.172.185.51
Destination IP	163.172.185.51
Destination IP	77.73.68.161
Destination IP	208.67.220.220
Destination IP	63.231.92.27

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

35683ac5bbcc63eb33d552878d02ff44582161d1ea1ff969b14ea326083ea780_unpacked.exe

pid	process
1748	35683ac5bbcc63eb33d552878d02ff44582161d1ea1ff969b14ea326083ea780_unpacked.exe
1748	35683ac5bbcc63eb33d552878d02ff44582161d1ea1ff969b14ea326083ea780_unpacked.exe

C:\Users\Admin\AppData\Local\Temp\35683ac5bbcc63eb33d552878d02ff44582161d1ea1ff969b14ea326083ea780_unpacked.exe
"C:\Users\Admin\AppData\Local\Temp\35683ac5bbcc63eb33d552878d02ff44582161d1ea1ff969b14ea326083ea780_unpacked.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1748

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads