Analysis

  • max time kernel
    133s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2022 00:13

General

  • Target

    38fbd07d8bb79b6060a8c27c03b52088518ff7165565d0f36605634f190771c8.exe

  • Size

    506KB

  • MD5

    ba84fdc8b7e5d606bc24f7bd7bede19d

  • SHA1

    42e34bc4bed1463b3ba43fec8d51725f9bb851e9

  • SHA256

    38fbd07d8bb79b6060a8c27c03b52088518ff7165565d0f36605634f190771c8

  • SHA512

    30ee50e9bf8423b36d795b1ce98bb47f369ff30a8ab91c3857d64ea1ec30ff9ab9970fa777ac618a1b907a2268fadce59b2ea44588362c14999fbfd1e40b3e56

  • SSDEEP

    6144:xqtSTmIejn6HD9OloWQYO5KWpwtt9/pKDSJ1QjsYMbGByo6QrsFIcF5M/QxhR/W2:xwSTmTn6jQifC5kSmTzKRoiHGk

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38fbd07d8bb79b6060a8c27c03b52088518ff7165565d0f36605634f190771c8.exe
    "C:\Users\Admin\AppData\Local\Temp\38fbd07d8bb79b6060a8c27c03b52088518ff7165565d0f36605634f190771c8.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1664
    • C:\Users\Admin\AppData\Local\Temp\38fbd07d8bb79b6060a8c27c03b52088518ff7165565d0f36605634f190771c8.exe
      start
      2⤵
        PID:2988
      • C:\Users\Admin\AppData\Local\Temp\38fbd07d8bb79b6060a8c27c03b52088518ff7165565d0f36605634f190771c8.exe
        watch
        2⤵
          PID:1556

      Network

      • flag-unknown
        DNS
        forces.info-elka.ru
        38fbd07d8bb79b6060a8c27c03b52088518ff7165565d0f36605634f190771c8.exe
        Remote address:
        8.8.8.8:53
        Request
        forces.info-elka.ru
        IN A
        Response
      • flag-unknown
        DNS
        forces.info-elka.ru
        38fbd07d8bb79b6060a8c27c03b52088518ff7165565d0f36605634f190771c8.exe
        Remote address:
        8.8.8.8:53
        Request
        forces.info-elka.ru
        IN A
        Response
      • flag-unknown
        DNS
        forces.info-elka.ru
        38fbd07d8bb79b6060a8c27c03b52088518ff7165565d0f36605634f190771c8.exe
        Remote address:
        8.8.8.8:53
        Request
        forces.info-elka.ru
        IN A
        Response
      • flag-unknown
        DNS
        forces.info-elka.ru
        38fbd07d8bb79b6060a8c27c03b52088518ff7165565d0f36605634f190771c8.exe
        Remote address:
        8.8.8.8:53
        Request
        forces.info-elka.ru
        IN A
        Response
      • flag-unknown
        DNS
        forces.info-elka.ru
        38fbd07d8bb79b6060a8c27c03b52088518ff7165565d0f36605634f190771c8.exe
        Remote address:
        8.8.8.8:53
        Request
        forces.info-elka.ru
        IN A
        Response
      • 209.197.3.8:80
        322 B
        7
      • 51.116.253.168:443
        322 B
        7
      • 209.197.3.8:80
        322 B
        7
      • 209.197.3.8:80
        322 B
        7
      • 104.80.225.205:443
        322 B
        7
      • 93.184.220.29:80
        322 B
        7
      • 8.8.8.8:53
        forces.info-elka.ru
        dns
        38fbd07d8bb79b6060a8c27c03b52088518ff7165565d0f36605634f190771c8.exe
        130 B
        252 B
        2
        2

        DNS Request

        forces.info-elka.ru

        DNS Request

        forces.info-elka.ru

      • 8.8.8.8:53
        forces.info-elka.ru
        dns
        38fbd07d8bb79b6060a8c27c03b52088518ff7165565d0f36605634f190771c8.exe
        130 B
        252 B
        2
        2

        DNS Request

        forces.info-elka.ru

        DNS Request

        forces.info-elka.ru

      • 8.8.8.8:53
        forces.info-elka.ru
        dns
        38fbd07d8bb79b6060a8c27c03b52088518ff7165565d0f36605634f190771c8.exe
        65 B
        126 B
        1
        1

        DNS Request

        forces.info-elka.ru

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1556-134-0x0000000000000000-mapping.dmp

      • memory/1556-136-0x0000000000400000-0x0000000000482000-memory.dmp

        Filesize

        520KB

      • memory/1556-138-0x0000000000400000-0x0000000000482000-memory.dmp

        Filesize

        520KB

      • memory/1556-141-0x0000000000400000-0x0000000000482000-memory.dmp

        Filesize

        520KB

      • memory/1664-132-0x0000000000400000-0x0000000000482000-memory.dmp

        Filesize

        520KB

      • memory/1664-135-0x0000000000400000-0x0000000000482000-memory.dmp

        Filesize

        520KB

      • memory/2988-133-0x0000000000000000-mapping.dmp

      • memory/2988-137-0x0000000000400000-0x0000000000482000-memory.dmp

        Filesize

        520KB

      • memory/2988-139-0x0000000000400000-0x0000000000482000-memory.dmp

        Filesize

        520KB

      • memory/2988-140-0x0000000000400000-0x0000000000482000-memory.dmp

        Filesize

        520KB

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.