Analysis
-
max time kernel
149s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 11:37 UTC
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
174f85abda4ed48b438a1a487cb47e5f.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
174f85abda4ed48b438a1a487cb47e5f.exe
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
174f85abda4ed48b438a1a487cb47e5f.exe
-
Size
91KB
-
MD5
174f85abda4ed48b438a1a487cb47e5f
-
SHA1
cd324bbb18f49c89e5e8c32ea18af4800f76a4bd
-
SHA256
51e836a76e738526bf44d6ccfe51916bef009f0a9515d6b5f1fb6cc9dd1178f9
-
SHA512
5a52e642b7a1c2a46b2fb48a5b291a93a4fbdaf5f92773d342e1141ec3cde162ca55cfb06d8c14d555c56f2bbf71013c46d0d8f82826fad02e0095c37c93aa99
-
SSDEEP
1536:A5XAx24NOuFDWymzYy9/kn+ddvHOkRrAotvQMBVF0TNwAfnVfWSVa7omMU:YAInIEYy9lFHjAolQlNwA5WSVFmMU
Score
1/10
Malware Config
Signatures
-
Suspicious use of UnmapMainImage 1 IoCs
pid Process 2104 174f85abda4ed48b438a1a487cb47e5f.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2104 wrote to memory of 2316 2104 174f85abda4ed48b438a1a487cb47e5f.exe 16 PID 2104 wrote to memory of 2316 2104 174f85abda4ed48b438a1a487cb47e5f.exe 16 PID 2104 wrote to memory of 2316 2104 174f85abda4ed48b438a1a487cb47e5f.exe 16 PID 2104 wrote to memory of 2316 2104 174f85abda4ed48b438a1a487cb47e5f.exe 16 PID 2104 wrote to memory of 2316 2104 174f85abda4ed48b438a1a487cb47e5f.exe 16 PID 2104 wrote to memory of 2316 2104 174f85abda4ed48b438a1a487cb47e5f.exe 16 PID 2104 wrote to memory of 2316 2104 174f85abda4ed48b438a1a487cb47e5f.exe 16
Processes
Network
-
Remote address:8.8.8.8:53Requestloca.betrule.comIN AResponseloca.betrule.comIN CNAMEb.17986.netb.17986.netIN A67.21.93.227
-
Remote address:8.8.8.8:53Requestmutta.agesask.netIN AResponsemutta.agesask.netIN A104.155.138.21mutta.agesask.netIN A107.178.223.183
-
Remote address:8.8.8.8:53Requestuokwa.agesonest.comIN AResponseuokwa.agesonest.comIN A107.178.223.183uokwa.agesonest.comIN A104.155.138.21
-
Remote address:8.8.8.8:53Requestfitt.prince.kzIN AResponse
-
Remote address:8.8.8.8:53Requestfitt.prince.kzIN A
-
Remote address:8.8.8.8:53Requestfitt.prince.kzIN A
-
Remote address:8.8.8.8:53Requestfitt.prince.kzIN A
-
Remote address:8.8.8.8:53Requesteit.folks.suIN AResponse
No results found
-
62 B 103 B 1 1
DNS Request
loca.betrule.com
DNS Response
67.21.93.227
-
49 B 1
-
63 B 95 B 1 1
DNS Request
mutta.agesask.net
DNS Response
104.155.138.21107.178.223.183
-
49 B 1
-
65 B 97 B 1 1
DNS Request
uokwa.agesonest.com
DNS Response
107.178.223.183104.155.138.21
-
49 B 1
-
240 B 132 B 4 1
DNS Request
fitt.prince.kz
DNS Request
fitt.prince.kz
DNS Request
fitt.prince.kz
DNS Request
fitt.prince.kz
-
58 B 119 B 1 1
DNS Request
eit.folks.su