Analysis

  • max time kernel
    300s
  • max time network
    332s
  • platform
    windows10-1703_x64
  • resource
    win10-20231020-en
  • resource tags

    arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25-11-2023 19:21

General

  • Target

    IDA Pro 8.3/IDA Pro 8.3 (x86, x86_64)/ida64.exe

  • Size

    4.0MB

  • MD5

    23fe02467fb05b85cc78bcaaf1b015da

  • SHA1

    79399bce20c07e0845197f4b5ef3d2a2d780ef6a

  • SHA256

    c695b8de0b3cb3b152890625ec3e0495bad2cd1b257c89de3169b35e3d67b44c

  • SHA512

    cb38da2a0366c73ddcac2a7024d302b80ecb36e5d4dea4a161e468e989e94b8db31cef8326a6a4837a7e3ff59808bd90829311431007aa93b5a521490a1b1c63

  • SSDEEP

    49152:3JSx9rKN/uUVPb4QpuLuv9C1nq7IqqvAkuvnb6wPxLIfFvnP9bCxK/kLC/XIB9C:3Qx9asSFClEZlT5a8LaIBAazGXMZ8G

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 46 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro 8.3 (x86, x86_64)\ida64.exe
    "C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro 8.3 (x86, x86_64)\ida64.exe"
    1⤵
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2892

Network

  • flag-us
    DNS
    29.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.243.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    84.65.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    84.65.42.20.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    29.243.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    29.243.111.52.in-addr.arpa

  • 8.8.8.8:53
    84.65.42.20.in-addr.arpa
    dns
    70 B
    156 B
    1
    1

    DNS Request

    84.65.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2892-0-0x00007FF70B8F0000-0x00007FF70BCF2000-memory.dmp

    Filesize

    4.0MB

  • memory/2892-1-0x00007FFFF01D0000-0x00007FFFF0728000-memory.dmp

    Filesize

    5.3MB

  • memory/2892-2-0x00000159AC230000-0x00000159AC240000-memory.dmp

    Filesize

    64KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.