Malware Analysis Report

2024-10-10 12:08

Sample ID 230717-f6e4asad29
Target 864e49643f02a5ef33a9b0b7861e909b8976e6667961991e4fc69968c027cbed
SHA256 864e49643f02a5ef33a9b0b7861e909b8976e6667961991e4fc69968c027cbed
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

864e49643f02a5ef33a9b0b7861e909b8976e6667961991e4fc69968c027cbed

Threat Level: Likely benign

The file 864e49643f02a5ef33a9b0b7861e909b8976e6667961991e4fc69968c027cbed was found to be: Likely benign.

Malicious Activity Summary


Unsigned PE

Enumerates physical storage devices

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-07-17 05:28

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-07-17 05:28

Reported

2023-07-17 05:31

Platform

win7-20230712-en

Max time kernel

141s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\864e49643f02a5ef33a9b0b7861e909b8976e6667961991e4fc69968c027cbed.exe"

Signatures

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\864e49643f02a5ef33a9b0b7861e909b8976e6667961991e4fc69968c027cbed.exe

"C:\Users\Admin\AppData\Local\Temp\864e49643f02a5ef33a9b0b7861e909b8976e6667961991e4fc69968c027cbed.exe"

Network

N/A

Files

memory/688-54-0x0000000000240000-0x0000000000241000-memory.dmp

memory/688-64-0x0000000000400000-0x0000000000703000-memory.dmp

memory/688-65-0x0000000000240000-0x0000000000241000-memory.dmp

memory/688-70-0x0000000000400000-0x0000000000703000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-07-17 05:28

Reported

2023-07-17 05:31

Platform

win10v2004-20230703-en

Max time kernel

140s

Max time network

131s

Command Line

"C:\Users\Admin\AppData\Local\Temp\864e49643f02a5ef33a9b0b7861e909b8976e6667961991e4fc69968c027cbed.exe"

Signatures

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\864e49643f02a5ef33a9b0b7861e909b8976e6667961991e4fc69968c027cbed.exe

"C:\Users\Admin\AppData\Local\Temp\864e49643f02a5ef33a9b0b7861e909b8976e6667961991e4fc69968c027cbed.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 83.99.62.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 45.8.109.52.in-addr.arpa udp
US 8.8.8.8:53 195.98.74.40.in-addr.arpa udp

Files

memory/3492-133-0x00000000025F0000-0x00000000025F1000-memory.dmp

memory/3492-143-0x0000000000400000-0x0000000000703000-memory.dmp

memory/3492-144-0x00000000025F0000-0x00000000025F1000-memory.dmp

memory/3492-149-0x0000000000400000-0x0000000000703000-memory.dmp