3de66fe938329d14b6e512cf653afeae55a4a9d02acb2fd812493060bcd5e4b3

Analysis

max time kernel
140s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2023, 14:51 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23003290885ca5exeexe_JC.exe
Size

373KB
MD5

23003290885ca5525297b0fc13c67911
SHA1

180482dbb207ed1141258e00fdc151d0d3ff2486
SHA256

3de66fe938329d14b6e512cf653afeae55a4a9d02acb2fd812493060bcd5e4b3
SHA512

f772ab8d8282d8495ce8774733292de3cbec42f92dfb0e11863c9ee4330e2bf326df61445b857ae3fed2308a8b42552fee92a35d12192fb1932946867efe532a
SSDEEP

6144:BplrlbbDdQaqd2X/96fr3KFEUGjr8uB2WgcA0cpXEVNrvGZ4FUqm6:BplrVbDdQaqdS/ofraFErH8uB2Wm0SXj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2208	upgraded..exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\MessageBox\upgraded..exe	23003290885ca5exeexe_JC.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4876	23003290885ca5exeexe_JC.exe
4876	23003290885ca5exeexe_JC.exe
4876	23003290885ca5exeexe_JC.exe
4876	23003290885ca5exeexe_JC.exe
2208	upgraded..exe
2208	upgraded..exe
2208	upgraded..exe
2208	upgraded..exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 2208	4876	23003290885ca5exeexe_JC.exe	84
PID 4876 wrote to memory of 2208	4876	23003290885ca5exeexe_JC.exe	84
PID 4876 wrote to memory of 2208	4876	23003290885ca5exeexe_JC.exe	84

C:\Users\Admin\AppData\Local\Temp\23003290885ca5exeexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\23003290885ca5exeexe_JC.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Program Files\MessageBox\upgraded..exe
  "C:\Program Files\MessageBox\upgraded..exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2208

Network

DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

1.208.79.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.208.79.178.in-addr.arpa

IN PTR

Response

1.208.79.178.in-addr.arpa

IN PTR

https-178-79-208-1amsllnwnet
DNS

68.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.159.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

69.121.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

69.121.18.2.in-addr.arpa

IN PTR

Response

69.121.18.2.in-addr.arpa

IN PTR

a2-18-121-69deploystaticakamaitechnologiescom
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

254.177.238.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.177.238.8.in-addr.arpa

IN PTR

Response
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

88.16.208.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.16.208.104.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

1.208.79.178.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

1.208.79.178.in-addr.arpa
8.8.8.8:53

68.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

68.159.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

69.121.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

69.121.18.2.in-addr.arpa
8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

254.177.238.8.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

254.177.238.8.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

88.16.208.104.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

88.16.208.104.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\MessageBox\upgraded..exe

Filesize
373KB

MD5
23c7ba3c22b670ee0c3d131d58011440

SHA1
1d158ad4095b7369d385cad0e9930e7677aebb58

SHA256
4895f4bcc3103ff61de7cb4f05ba2f9765947ddbc990ee383c738074085f1f9d

SHA512
ecdd0f2bcdae454dea096e71c00c333c061c22cc21b190f73c0f311bd5bbee047fa24bc9313ccc98271112fa898374dd65c77d0dddc3fe7e2038957740d4380f

Download Submit
C:\Program Files\MessageBox\upgraded..exe

Filesize
373KB

MD5
23c7ba3c22b670ee0c3d131d58011440

SHA1
1d158ad4095b7369d385cad0e9930e7677aebb58

SHA256
4895f4bcc3103ff61de7cb4f05ba2f9765947ddbc990ee383c738074085f1f9d

SHA512
ecdd0f2bcdae454dea096e71c00c333c061c22cc21b190f73c0f311bd5bbee047fa24bc9313ccc98271112fa898374dd65c77d0dddc3fe7e2038957740d4380f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.