Overview

overview

3

Static

static

3

174f85abda...5f.exe

windows7-x64

1

174f85abda...5f.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 11:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    174f85abda4ed48b438a1a487cb47e5f.exe

  • Size

    91KB

  • MD5

    174f85abda4ed48b438a1a487cb47e5f

  • SHA1

    cd324bbb18f49c89e5e8c32ea18af4800f76a4bd

  • SHA256

    51e836a76e738526bf44d6ccfe51916bef009f0a9515d6b5f1fb6cc9dd1178f9

  • SHA512

    5a52e642b7a1c2a46b2fb48a5b291a93a4fbdaf5f92773d342e1141ec3cde162ca55cfb06d8c14d555c56f2bbf71013c46d0d8f82826fad02e0095c37c93aa99

  • SSDEEP

    1536:A5XAx24NOuFDWymzYy9/kn+ddvHOkRrAotvQMBVF0TNwAfnVfWSVa7omMU:YAInIEYy9lFHjAolQlNwA5WSVFmMU

Score
1/10

Malware Config

Signatures

  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\174f85abda4ed48b438a1a487cb47e5f.exe
    "C:\Users\Admin\AppData\Local\Temp\174f85abda4ed48b438a1a487cb47e5f.exe"
    1⤵
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
        PID:2316

    Network

    • flag-us
      DNS
      loca.betrule.com
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      loca.betrule.com
      IN A
      Response
      loca.betrule.com
      IN CNAME
      b.17986.net
      b.17986.net
      IN A
      67.21.93.227
    • flag-us
      DNS
      mutta.agesask.net
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      mutta.agesask.net
      IN A
      Response
      mutta.agesask.net
      IN A
      104.155.138.21
      mutta.agesask.net
      IN A
      107.178.223.183
    • flag-us
      DNS
      uokwa.agesonest.com
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      uokwa.agesonest.com
      IN A
      Response
      uokwa.agesonest.com
      IN A
      107.178.223.183
      uokwa.agesonest.com
      IN A
      104.155.138.21
    • flag-us
      DNS
      fitt.prince.kz
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      fitt.prince.kz
      IN A
      Response
    • flag-us
      DNS
      fitt.prince.kz
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      fitt.prince.kz
      IN A
    • flag-us
      DNS
      fitt.prince.kz
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      fitt.prince.kz
      IN A
    • flag-us
      DNS
      fitt.prince.kz
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      fitt.prince.kz
      IN A
    • flag-us
      DNS
      eit.folks.su
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      eit.folks.su
      IN A
      Response
    No results found
    • 8.8.8.8:53
      loca.betrule.com
      dns
      svchost.exe
      62 B
       103 B
       1
      1

      DNS Request

      loca.betrule.com

      DNS Response

      67.21.93.227

    • 67.21.93.227:40333
      loca.betrule.com
      svchost.exe
      49 B
       1
    • 8.8.8.8:53
      mutta.agesask.net
      dns
      svchost.exe
      63 B
       95 B
       1
      1

      DNS Request

      mutta.agesask.net

      DNS Response

      104.155.138.21
      107.178.223.183

    • 104.155.138.21:40333
      mutta.agesask.net
      svchost.exe
      49 B
       1
    • 8.8.8.8:53
      uokwa.agesonest.com
      dns
      svchost.exe
      65 B
       97 B
       1
      1

      DNS Request

      uokwa.agesonest.com

      DNS Response

      107.178.223.183
      104.155.138.21

    • 107.178.223.183:40333
      uokwa.agesonest.com
      svchost.exe
      49 B
       1
    • 8.8.8.8:53
      fitt.prince.kz
      dns
      svchost.exe
      240 B
       132 B
       4
      1

      DNS Request

      fitt.prince.kz

      DNS Request

      fitt.prince.kz

      DNS Request

      fitt.prince.kz

      DNS Request

      fitt.prince.kz

    • 8.8.8.8:53
      eit.folks.su
      dns
      svchost.exe
      58 B
       119 B
       1
      1

      DNS Request

      eit.folks.su

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2104-0-0x0000000000400000-0x000000000042B000-memory.dmp

      Filesize

      172KB

      Download

    • memory/2104-7-0x0000000000260000-0x0000000000274000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2104-4-0x0000000000220000-0x0000000000232000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2104-3-0x0000000000260000-0x0000000000274000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2104-2-0x0000000000020000-0x0000000000022000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2104-1-0x0000000000400000-0x000000000042B000-memory.dmp

      Filesize

      172KB

      Download

    • memory/2316-9-0x0000000000080000-0x0000000000089000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2316-8-0x00000000004D0000-0x00000000004D8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2316-6-0x0000000000080000-0x0000000000089000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2316-5-0x0000000000080000-0x0000000000089000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2316-12-0x0000000000080000-0x0000000000089000-memory.dmp

      Filesize

      36KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.