Analysis Overview
SHA256
fdd4cca0516be799c954e96be26b2d04e42ea0bac1edb00604412914bae2f100
Threat Level: Known bad
The file fdd4cca0516be799c954e96be26b2d04e42ea0bac1edb00604412914bae2f100 was found to be: Known bad.
Malicious Activity Summary
SystemBC
Executes dropped EXE
Drops file in Windows directory
Program crash
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-12-20 10:29
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-12-20 10:29
Reported
2022-12-20 10:32
Platform
win10v2004-20220812-en
Max time kernel
90s
Max time network
150s
Command Line
Signatures
SystemBC
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\imbhou\lxava.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Tasks\lxava.job | C:\Users\Admin\AppData\Local\Temp\fdd4cca0516be799c954e96be26b2d04e42ea0bac1edb00604412914bae2f100.exe | N/A |
| File created | C:\Windows\Tasks\lxava.job | C:\Users\Admin\AppData\Local\Temp\fdd4cca0516be799c954e96be26b2d04e42ea0bac1edb00604412914bae2f100.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\fdd4cca0516be799c954e96be26b2d04e42ea0bac1edb00604412914bae2f100.exe |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\fdd4cca0516be799c954e96be26b2d04e42ea0bac1edb00604412914bae2f100.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\fdd4cca0516be799c954e96be26b2d04e42ea0bac1edb00604412914bae2f100.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\fdd4cca0516be799c954e96be26b2d04e42ea0bac1edb00604412914bae2f100.exe
"C:\Users\Admin\AppData\Local\Temp\fdd4cca0516be799c954e96be26b2d04e42ea0bac1edb00604412914bae2f100.exe"
C:\ProgramData\imbhou\lxava.exe
C:\ProgramData\imbhou\lxava.exe start
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3444 -ip 3444
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 956
Network
| Country | Destination | Domain | Proto |
| N/A | 93.184.220.29:80 | tcp | |
| N/A | 93.184.220.29:80 | tcp | |
| N/A | 109.205.214.18:443 | tcp | |
| N/A | 95.101.78.82:80 | tcp | |
| N/A | 95.101.78.82:80 | tcp | |
| N/A | 104.80.225.205:443 | tcp | |
| N/A | 51.11.192.48:443 | tcp | |
| N/A | 209.197.3.8:80 | tcp | |
| N/A | 209.197.3.8:80 | tcp | |
| N/A | 209.197.3.8:80 | tcp |
Files
memory/3444-133-0x0000000000568000-0x0000000000578000-memory.dmp
memory/3444-134-0x0000000002050000-0x0000000002059000-memory.dmp
memory/3444-135-0x0000000000400000-0x000000000045F000-memory.dmp
C:\ProgramData\imbhou\lxava.exe
| MD5 | cdc67700f25eaed1417264c4bdec03d3 |
| SHA1 | 56639e9414e6ee8394d940d62778475ddf071290 |
| SHA256 | fdd4cca0516be799c954e96be26b2d04e42ea0bac1edb00604412914bae2f100 |
| SHA512 | a2b38a1d4d0cb57532f3feb2efa1fb345c03df9114dfb2dcc93286e19b96eb5e182bd79d070a0e4fccf1980f47effc9b511dbb0074bba69bee80098317e08038 |
C:\ProgramData\imbhou\lxava.exe
| MD5 | cdc67700f25eaed1417264c4bdec03d3 |
| SHA1 | 56639e9414e6ee8394d940d62778475ddf071290 |
| SHA256 | fdd4cca0516be799c954e96be26b2d04e42ea0bac1edb00604412914bae2f100 |
| SHA512 | a2b38a1d4d0cb57532f3feb2efa1fb345c03df9114dfb2dcc93286e19b96eb5e182bd79d070a0e4fccf1980f47effc9b511dbb0074bba69bee80098317e08038 |
memory/4908-138-0x0000000000482000-0x0000000000493000-memory.dmp
memory/4908-139-0x0000000000400000-0x000000000045F000-memory.dmp
memory/3444-140-0x0000000000400000-0x000000000045F000-memory.dmp