Overview

overview

8

Static

static

ccf6ec1c89...6d.exe

windows7-x64

8

ccf6ec1c89...6d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 17:31 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe

  • Size

    124KB

  • MD5

    a7247982cd47e17c64d43fc4d32ab7ad

  • SHA1

    f5df20fb78e6c3201737e3c747cac16cfe221413

  • SHA256

    ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d

  • SHA512

    8eac1871cbba79b9aa0b356a2eb1f658eb63e87fa83628f12d1455b14aaf721f8e04cec7e90e4b82bbfba186f65a368cf033b610dfa5e501d4b4e0eb85c667e4

  • SSDEEP

    1536:/tPr2/kPKMonowh4ooFoNyhUICkT2rLtp4fNGtJ2d9DUMymuGFYp4Py+i6m6j+:/9PPnonoroomISrLtpgNXdyp6m6j+

Score
7/10

Malware Config

Signatures

  • Unexpected DNS network traffic destination 5 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
    "C:\Users\Admin\AppData\Local\Temp\ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1056
    • C:\Users\Admin\AppData\Local\Temp\ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      "C:\Users\Admin\AppData\Local\Temp\ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe"
      2⤵
        PID:920

    Network

    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • flag-unknown
      DNS
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      Remote address:
      83.133.119.139:53
      Request
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      IN Unknown
    • 178.79.208.1:80
      322 B
       7
    • 83.133.119.139:53
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      dns
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      750 B
       5

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

    • 83.133.119.139:53
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      dns
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      750 B
       5

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

    • 83.133.119.139:53
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      dns
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      750 B
       5

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

    • 83.133.119.139:53
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      dns
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      750 B
       5

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

    • 83.133.119.139:53
      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm
      dns
      ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
      750 B
       5

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

      DNS Request

      6.0.0.655.1582267361.1775139395.128.0.b067f729983db313ab8bf7478f93b5d4ee0b4276622e90ea4a.twothousands.cm

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/920-133-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/920-135-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/920-136-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.