Overview

overview

10

Static

static

cf0177bf62...da.exe

windows7-x64

10

cf0177bf62...da.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    185s
  • max time network
    188s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2022, 04:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe

  • Size

    198KB

  • MD5

    7beffa3c2e4abbe6464f42d6903fe8a3

  • SHA1

    8d9a9bf2671433d55288decd19e0d28a20b30edf

  • SHA256

    cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda

  • SHA512

    165ecfb6a773e76368fabb7fa5f057c29ec31eac15ee7e02b9b07637dfef3d8db2cdd5a5f3612a7a0fe87180b62e658c26bdc0c3384c059fd7ec4cc27af5ea7f

  • SSDEEP

    3072:edDvAv5nRN47EX5gsJz6GZrBQg8DEll65FwGKbzKDwh/sE03juWvWDAvq:Yy+iz1tS4lYKbccUECyWvxvq

Score
7/10

Malware Config

Signatures

  • Unexpected DNS network traffic destination 2 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2632
    • C:\Users\Admin\AppData\Local\Temp\cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe
      "C:\Users\Admin\AppData\Local\Temp\cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4320

Network

  • flag-unknown
    DNS
    j.maxmind.com
    cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe
    Remote address:
    8.8.8.8:53
    Request
    j.maxmind.com
    IN A
    Response
  • 20.42.65.84:443
    322 B
     7
  • 127.0.0.1:80
    cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe
  • 127.0.0.1:80
    cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe
  • 178.79.208.1:80
    322 B
     7
  • 178.79.208.1:80
    322 B
     7
  • 8.8.8.8:53
    j.maxmind.com
    dns
    cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe
    59 B
     118 B
     1
    1

    DNS Request

    j.maxmind.com

  • 83.133.123.20:53
    cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe
    48 B
     1
  • 83.133.123.20:53
    cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe
    48 B
     1

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4320-133-0x0000000000520000-0x0000000000562000-memory.dmp

    Filesize

    264KB

    Download

  • memory/4320-132-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/4320-134-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.