Malware Analysis Report

2024-10-18 22:58

Sample ID 221116-1trlsadb55
Target ac077946c2310271e6d14aa3f939b2418c174c54d1d139cf1d309bba0f9082f6
SHA256 ac077946c2310271e6d14aa3f939b2418c174c54d1d139cf1d309bba0f9082f6
Tags
joker upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ac077946c2310271e6d14aa3f939b2418c174c54d1d139cf1d309bba0f9082f6

Threat Level: Known bad

The file ac077946c2310271e6d14aa3f939b2418c174c54d1d139cf1d309bba0f9082f6 was found to be: Known bad.

Malicious Activity Summary

joker upx

Joker family

UPX packed file

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-11-16 21:56

Signatures

Joker family

joker

Analysis: behavioral1

Detonation Overview

Submitted

2022-11-16 21:56

Reported

2022-11-16 21:59

Platform

win7-20220812-en

Max time kernel

134s

Max time network

109s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ac077946c2310271e6d14aa3f939b2418c174c54d1d139cf1d309bba0f9082f6.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\ac077946c2310271e6d14aa3f939b2418c174c54d1d139cf1d309bba0f9082f6.exe

"C:\Users\Admin\AppData\Local\Temp\ac077946c2310271e6d14aa3f939b2418c174c54d1d139cf1d309bba0f9082f6.exe"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 soft-1251416406.file.myqcloud.com udp
N/A 8.8.8.8:53 soft-1251416406.file.myqcloud.com udp
N/A 211.97.85.198:443 soft-1251416406.file.myqcloud.com tcp
N/A 116.177.248.80:443 soft-1251416406.file.myqcloud.com tcp
N/A 8.8.8.8:53 cdn3.mengyu555.com udp
N/A 114.96.98.81:7771 cdn3.mengyu555.com tcp

Files

memory/112-54-0x0000000074C11000-0x0000000074C13000-memory.dmp

memory/112-55-0x0000000010000000-0x0000000010018000-memory.dmp

memory/112-56-0x00000000361E0000-0x00000000361F0000-memory.dmp

memory/112-57-0x0000000010000000-0x0000000010018000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-11-16 21:56

Reported

2022-11-16 21:59

Platform

win10v2004-20221111-en

Max time kernel

91s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ac077946c2310271e6d14aa3f939b2418c174c54d1d139cf1d309bba0f9082f6.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\ac077946c2310271e6d14aa3f939b2418c174c54d1d139cf1d309bba0f9082f6.exe

"C:\Users\Admin\AppData\Local\Temp\ac077946c2310271e6d14aa3f939b2418c174c54d1d139cf1d309bba0f9082f6.exe"

Network

Country Destination Domain Proto
N/A 8.238.24.126:80 tcp
N/A 8.238.24.126:80 tcp
N/A 8.238.24.126:80 tcp
N/A 8.8.8.8:53 soft-1251416406.file.myqcloud.com udp
N/A 116.177.248.80:443 soft-1251416406.file.myqcloud.com tcp
N/A 116.177.248.80:443 soft-1251416406.file.myqcloud.com tcp
N/A 8.8.8.8:53 cdn3.mengyu555.com udp
N/A 114.96.98.81:7776 cdn3.mengyu555.com tcp
N/A 104.80.225.205:443 tcp
N/A 20.42.65.85:443 tcp
N/A 87.248.202.1:80 tcp
N/A 87.248.202.1:80 tcp
N/A 87.248.202.1:80 tcp

Files

memory/1916-132-0x0000000010000000-0x0000000010018000-memory.dmp

memory/1916-133-0x0000000036F70000-0x0000000036F80000-memory.dmp

memory/1916-134-0x0000000010000000-0x0000000010018000-memory.dmp