Analysis

  • max time kernel
    62s
  • max time network
    84s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29/10/2022, 11:11 UTC

General

  • Target

    1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e.exe

  • Size

    225KB

  • MD5

    e63742a0c0175923f8025ed36cdb4e03

  • SHA1

    f705ad2cb1e125eb47f95dbb516b10d6caca3b54

  • SHA256

    1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e

  • SHA512

    fe89f910a393ed38bfc82e0c6feb082f44115dd4e334f632febe677f94ccb368425b08e451eebfd8d9ba1b15929cd8aba5d4a3b26fef95d2697b9094267c510b

  • SSDEEP

    3072:AogUrIZR2O88Dv9JN/ReFDrmEvllgXBWj0jB9HfpA3enDZtoLPKLYC/ZlyyZDBdA:7rKRb8KF/cFZABWj0nfa3eDmCPZn85oW

Score
6/10

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e.exe
    "C:\Users\Admin\AppData\Local\Temp\1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e.exe"
    1⤵
    • Drops file in Windows directory
    PID:2012

Network

  • flag-us
    DNS
    allmodel-pro.com
    1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e.exe
    Remote address:
    8.8.8.8:53
    Request
    allmodel-pro.com
    IN A
    Response
    allmodel-pro.com
    IN A
    193.166.255.171
  • flag-us
    DNS
    full-set.link
    1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e.exe
    Remote address:
    8.8.8.8:53
    Request
    full-set.link
    IN A
    Response
  • flag-us
    DNS
    parentmodel.biz
    1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e.exe
    Remote address:
    8.8.8.8:53
    Request
    parentmodel.biz
    IN A
    Response
    parentmodel.biz
    IN A
    58.158.177.102
  • flag-jp
    GET
    http://parentmodel.biz/?q=TCvcEmj6jsSCrMRrpnA7NHn88unqm%2FXEmC7Lb6yvZ3EMiGnAikMKHzGo9CTU%2FnEIu3SA2H13S5t88aLH93eE2YC20uMLJtUvkknckBb%2Ft9BWP2cGUYOUiaqdGOXJOjquEY6uDn5KRs8X4L%2BaXksRvBc5St0ZlpL%2FUju8Wgq8q7oPWArmDx%2Fto6FSQaS9ZyLzmtoW3SjlYlh%2BQdCkKD%2BTOpn3YMZA0Is82KLRNaNhwH%2BBigRYDtjTMcWw1SQAR6sZJeQTf%2BJoEdv4DJoQEIEfyAhCHAICmZATRcRz2%2FyKsgLqo8EXZ
    1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e.exe
    Remote address:
    58.158.177.102:80
    Request
    GET /?q=TCvcEmj6jsSCrMRrpnA7NHn88unqm%2FXEmC7Lb6yvZ3EMiGnAikMKHzGo9CTU%2FnEIu3SA2H13S5t88aLH93eE2YC20uMLJtUvkknckBb%2Ft9BWP2cGUYOUiaqdGOXJOjquEY6uDn5KRs8X4L%2BaXksRvBc5St0ZlpL%2FUju8Wgq8q7oPWArmDx%2Fto6FSQaS9ZyLzmtoW3SjlYlh%2BQdCkKD%2BTOpn3YMZA0Is82KLRNaNhwH%2BBigRYDtjTMcWw1SQAR6sZJeQTf%2BJoEdv4DJoQEIEfyAhCHAICmZATRcRz2%2FyKsgLqo8EXZ HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
    Host: parentmodel.biz
    Response
    HTTP/1.1 200 OK
    Date: Sat, 29 Oct 2022 15:55:02 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
    Last-Modified: Mon, 30 Nov 2015 13:48:40 GMT
    ETag: "9-525c24c725e00"
    Accept-Ranges: bytes
    Content-Length: 9
    Content-Type: text/html; charset=UTF-8
  • 193.166.255.171:80
    allmodel-pro.com
    1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e.exe
    52 B
    1
  • 58.158.177.102:80
    http://parentmodel.biz/?q=TCvcEmj6jsSCrMRrpnA7NHn88unqm%2FXEmC7Lb6yvZ3EMiGnAikMKHzGo9CTU%2FnEIu3SA2H13S5t88aLH93eE2YC20uMLJtUvkknckBb%2Ft9BWP2cGUYOUiaqdGOXJOjquEY6uDn5KRs8X4L%2BaXksRvBc5St0ZlpL%2FUju8Wgq8q7oPWArmDx%2Fto6FSQaS9ZyLzmtoW3SjlYlh%2BQdCkKD%2BTOpn3YMZA0Is82KLRNaNhwH%2BBigRYDtjTMcWw1SQAR6sZJeQTf%2BJoEdv4DJoQEIEfyAhCHAICmZATRcRz2%2FyKsgLqo8EXZ
    http
    1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e.exe
    685 B
    400 B
    5
    3

    HTTP Request

    GET http://parentmodel.biz/?q=TCvcEmj6jsSCrMRrpnA7NHn88unqm%2FXEmC7Lb6yvZ3EMiGnAikMKHzGo9CTU%2FnEIu3SA2H13S5t88aLH93eE2YC20uMLJtUvkknckBb%2Ft9BWP2cGUYOUiaqdGOXJOjquEY6uDn5KRs8X4L%2BaXksRvBc5St0ZlpL%2FUju8Wgq8q7oPWArmDx%2Fto6FSQaS9ZyLzmtoW3SjlYlh%2BQdCkKD%2BTOpn3YMZA0Is82KLRNaNhwH%2BBigRYDtjTMcWw1SQAR6sZJeQTf%2BJoEdv4DJoQEIEfyAhCHAICmZATRcRz2%2FyKsgLqo8EXZ

    HTTP Response

    200
  • 8.8.8.8:53
    allmodel-pro.com
    dns
    1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e.exe
    62 B
    78 B
    1
    1

    DNS Request

    allmodel-pro.com

    DNS Response

    193.166.255.171

  • 8.8.8.8:53
    full-set.link
    dns
    1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e.exe
    59 B
    132 B
    1
    1

    DNS Request

    full-set.link

  • 8.8.8.8:53
    parentmodel.biz
    dns
    1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e.exe
    61 B
    77 B
    1
    1

    DNS Request

    parentmodel.biz

    DNS Response

    58.158.177.102

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2012-54-0x00000000758C1000-0x00000000758C3000-memory.dmp

    Filesize

    8KB

  • memory/2012-55-0x0000000000210000-0x000000000023F000-memory.dmp

    Filesize

    188KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.