Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
01-04-2023 05:03
Behavioral task
behavioral1
Sample
r_noins.exe
Resource
win7-20230220-en
windows7-x64
2 signatures
150 seconds
General
-
Target
r_noins.exe
-
Size
160KB
-
MD5
5a6a6ed96d1816d3aadb5c5efe7df06b
-
SHA1
67eef55084828705dd3b004b1b0f62298357a562
-
SHA256
e965a18c87835712f3caa5e854b952c8422f7564401b2b8ba721e4ed26e261dd
-
SHA512
f9256671e9b7234aeea4258b8e11d5603e8c5a097717cc354ad08c0ddde4df60df1a4143fab1ed0f947d2006cc98d5f907f2ea804ffeefe137e0cd26562446ed
-
SSDEEP
3072:jOzPcXa+ND32eioGHlz8rnAE0HCXh0edLvoYMjMqqDvFf:jOTcK+NrRioGHlz8rz0i/ozQqqDvFf
Malware Config
Extracted
Family
netwire
C2
wire.universitynetservice1979.info:8888
167.179.102.70:8888
62.234.24.30:8888
Attributes
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-CSy2su
-
keylogger_dir
C:\Users\Admin\AppData\Roaming\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
win
-
registry_autorun
false
-
use_mutex
false
Signatures
-
NetWire RAT payload 7 IoCs
Processes:
resource yara_rule behavioral1/memory/2040-54-0x0000000000400000-0x0000000000433000-memory.dmp netwire behavioral1/memory/2040-56-0x0000000000400000-0x0000000000433000-memory.dmp netwire behavioral1/memory/2040-63-0x0000000000400000-0x0000000000433000-memory.dmp netwire behavioral1/memory/2040-64-0x0000000000400000-0x0000000000433000-memory.dmp netwire behavioral1/memory/2040-65-0x0000000000400000-0x0000000000433000-memory.dmp netwire behavioral1/memory/2040-66-0x0000000000400000-0x0000000000433000-memory.dmp netwire behavioral1/memory/2040-67-0x0000000000400000-0x0000000000433000-memory.dmp netwire
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2040-54-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/2040-56-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/2040-63-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/2040-64-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/2040-65-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/2040-66-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/2040-67-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB