Analysis
-
max time kernel
62s -
max time network
84s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
29/10/2022, 11:11 UTC
Static task
static1
Behavioral task
behavioral1
Sample
1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e.exe
Resource
win10v2004-20220812-en
General
-
Target
1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e.exe
-
Size
225KB
-
MD5
e63742a0c0175923f8025ed36cdb4e03
-
SHA1
f705ad2cb1e125eb47f95dbb516b10d6caca3b54
-
SHA256
1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e
-
SHA512
fe89f910a393ed38bfc82e0c6feb082f44115dd4e334f632febe677f94ccb368425b08e451eebfd8d9ba1b15929cd8aba5d4a3b26fef95d2697b9094267c510b
-
SSDEEP
3072:AogUrIZR2O88Dv9JN/ReFDrmEvllgXBWj0jB9HfpA3enDZtoLPKLYC/ZlyyZDBdA:7rKRb8KF/cFZABWj0nfa3eDmCPZn85oW
Malware Config
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\Tasks\EasyPark.job 1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestallmodel-pro.comIN AResponseallmodel-pro.comIN A193.166.255.171
-
Remote address:8.8.8.8:53Requestfull-set.linkIN AResponse
-
Remote address:8.8.8.8:53Requestparentmodel.bizIN AResponseparentmodel.bizIN A58.158.177.102
-
GEThttp://parentmodel.biz/?q=TCvcEmj6jsSCrMRrpnA7NHn88unqm%2FXEmC7Lb6yvZ3EMiGnAikMKHzGo9CTU%2FnEIu3SA2H13S5t88aLH93eE2YC20uMLJtUvkknckBb%2Ft9BWP2cGUYOUiaqdGOXJOjquEY6uDn5KRs8X4L%2BaXksRvBc5St0ZlpL%2FUju8Wgq8q7oPWArmDx%2Fto6FSQaS9ZyLzmtoW3SjlYlh%2BQdCkKD%2BTOpn3YMZA0Is82KLRNaNhwH%2BBigRYDtjTMcWw1SQAR6sZJeQTf%2BJoEdv4DJoQEIEfyAhCHAICmZATRcRz2%2FyKsgLqo8EXZ1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e.exeRemote address:58.158.177.102:80RequestGET /?q=TCvcEmj6jsSCrMRrpnA7NHn88unqm%2FXEmC7Lb6yvZ3EMiGnAikMKHzGo9CTU%2FnEIu3SA2H13S5t88aLH93eE2YC20uMLJtUvkknckBb%2Ft9BWP2cGUYOUiaqdGOXJOjquEY6uDn5KRs8X4L%2BaXksRvBc5St0ZlpL%2FUju8Wgq8q7oPWArmDx%2Fto6FSQaS9ZyLzmtoW3SjlYlh%2BQdCkKD%2BTOpn3YMZA0Is82KLRNaNhwH%2BBigRYDtjTMcWw1SQAR6sZJeQTf%2BJoEdv4DJoQEIEfyAhCHAICmZATRcRz2%2FyKsgLqo8EXZ HTTP/1.1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Host: parentmodel.biz
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Last-Modified: Mon, 30 Nov 2015 13:48:40 GMT
ETag: "9-525c24c725e00"
Accept-Ranges: bytes
Content-Length: 9
Content-Type: text/html; charset=UTF-8
-
193.166.255.171:80allmodel-pro.com1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e.exe52 B 1
-
58.158.177.102:80http://parentmodel.biz/?q=TCvcEmj6jsSCrMRrpnA7NHn88unqm%2FXEmC7Lb6yvZ3EMiGnAikMKHzGo9CTU%2FnEIu3SA2H13S5t88aLH93eE2YC20uMLJtUvkknckBb%2Ft9BWP2cGUYOUiaqdGOXJOjquEY6uDn5KRs8X4L%2BaXksRvBc5St0ZlpL%2FUju8Wgq8q7oPWArmDx%2Fto6FSQaS9ZyLzmtoW3SjlYlh%2BQdCkKD%2BTOpn3YMZA0Is82KLRNaNhwH%2BBigRYDtjTMcWw1SQAR6sZJeQTf%2BJoEdv4DJoQEIEfyAhCHAICmZATRcRz2%2FyKsgLqo8EXZhttp1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e.exe685 B 400 B 5 3
HTTP Request
GET http://parentmodel.biz/?q=TCvcEmj6jsSCrMRrpnA7NHn88unqm%2FXEmC7Lb6yvZ3EMiGnAikMKHzGo9CTU%2FnEIu3SA2H13S5t88aLH93eE2YC20uMLJtUvkknckBb%2Ft9BWP2cGUYOUiaqdGOXJOjquEY6uDn5KRs8X4L%2BaXksRvBc5St0ZlpL%2FUju8Wgq8q7oPWArmDx%2Fto6FSQaS9ZyLzmtoW3SjlYlh%2BQdCkKD%2BTOpn3YMZA0Is82KLRNaNhwH%2BBigRYDtjTMcWw1SQAR6sZJeQTf%2BJoEdv4DJoQEIEfyAhCHAICmZATRcRz2%2FyKsgLqo8EXZHTTP Response
200
-
8.8.8.8:53allmodel-pro.comdns1b62e1f14fe57e64b6e0ed5339cd153cbf7d49b22c35fbf7825a19e1904f399e.exe62 B 78 B 1 1
DNS Request
allmodel-pro.com
DNS Response
193.166.255.171
-
59 B 132 B 1 1
DNS Request
full-set.link
-
61 B 77 B 1 1
DNS Request
parentmodel.biz
DNS Response
58.158.177.102