Analysis Overview
SHA256
f637eee856596f0e6fe66ffcd31bd049f689df0a9f81e4b56c8e5323f155bbe0
Threat Level: Known bad
The file Malware-1.zip was found to be: Known bad.
Malicious Activity Summary
DarkGate
Checks processor information in registry
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-10-27 19:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-27 19:46
Reported
2023-10-27 19:58
Platform
win10-20231020-en
Max time kernel
314s
Max time network
400s
Command Line
Signatures
DarkGate
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\AutoIt3.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\AutoIt3.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1132 wrote to memory of 4576 | N/A | C:\Windows\system32\cmd.exe | C:\Users\Admin\AppData\Local\Temp\AutoIt3.exe |
| PID 1132 wrote to memory of 4576 | N/A | C:\Windows\system32\cmd.exe | C:\Users\Admin\AppData\Local\Temp\AutoIt3.exe |
| PID 1132 wrote to memory of 4576 | N/A | C:\Windows\system32\cmd.exe | C:\Users\Admin\AppData\Local\Temp\AutoIt3.exe |
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Run-AU3-1.bat"
C:\Users\Admin\AppData\Local\Temp\AutoIt3.exe
AutoIt3.exe bone.au3
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 102.48.74.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.183.119.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.34.86.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.47.79.100.in-addr.arpa | udp |
Files
memory/4576-1-0x00000000012C0000-0x00000000016C0000-memory.dmp
memory/4576-2-0x00000000044D0000-0x00000000047FA000-memory.dmp