Analysis Overview
SHA256
12b1dd20a35cc3379b0f77435e0f8e980c6a57c952143a463e0cd0d15d83e979
Threat Level: Shows suspicious behavior
The file 4a5753830ca02215fb67aa567475c487 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Drops startup file
Enumerates physical storage devices
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-08 03:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-08 03:40
Reported
2024-01-08 03:42
Platform
win7-20231215-en
Max time kernel
117s
Max time network
137s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4a5753830ca02215fb67aa567475c487.lnk | C:\Users\Admin\AppData\Local\Temp\4a5753830ca02215fb67aa567475c487.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4a5753830ca02215fb67aa567475c487.exe | N/A |
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\4a5753830ca02215fb67aa567475c487.exe
"C:\Users\Admin\AppData\Local\Temp\4a5753830ca02215fb67aa567475c487.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | listsearchfind.com | udp |
| NL | 212.32.237.101:80 | listsearchfind.com | tcp |
| NL | 212.32.237.101:80 | listsearchfind.com | tcp |
| NL | 212.32.237.101:80 | listsearchfind.com | tcp |
Files
memory/2144-0-0x00000000000F0000-0x00000000000F1000-memory.dmp
memory/2144-2-0x0000000000110000-0x0000000000112000-memory.dmp
memory/2144-11-0x00000000001B0000-0x00000000001B1000-memory.dmp
memory/2144-36-0x0000000000410000-0x0000000000411000-memory.dmp
memory/2144-35-0x00000000003E0000-0x00000000003E1000-memory.dmp
memory/2144-34-0x0000000000180000-0x0000000000182000-memory.dmp
memory/2144-33-0x0000000000130000-0x0000000000131000-memory.dmp
memory/2144-32-0x0000000000440000-0x0000000000441000-memory.dmp
memory/2144-31-0x00000000003A0000-0x00000000003A1000-memory.dmp
memory/2144-30-0x00000000003D0000-0x00000000003D1000-memory.dmp
memory/2144-29-0x00000000003C0000-0x00000000003C1000-memory.dmp
memory/2144-28-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/2144-27-0x0000000000390000-0x0000000000391000-memory.dmp
memory/2144-24-0x0000000000320000-0x0000000000321000-memory.dmp
memory/2144-23-0x0000000000380000-0x0000000000381000-memory.dmp
memory/2144-22-0x0000000000330000-0x0000000000331000-memory.dmp
memory/2144-21-0x0000000000300000-0x0000000000301000-memory.dmp
memory/2144-20-0x0000000000310000-0x0000000000311000-memory.dmp
memory/2144-19-0x0000000000240000-0x0000000000241000-memory.dmp
memory/2144-18-0x0000000000230000-0x0000000000231000-memory.dmp
memory/2144-16-0x0000000000210000-0x0000000000211000-memory.dmp
memory/2144-17-0x0000000000220000-0x0000000000221000-memory.dmp
memory/2144-12-0x0000000000200000-0x0000000000201000-memory.dmp
memory/2144-10-0x00000000001A0000-0x00000000001A1000-memory.dmp
memory/2144-9-0x0000000000190000-0x0000000000191000-memory.dmp
memory/2144-8-0x0000000000170000-0x0000000000171000-memory.dmp
memory/2144-7-0x0000000000160000-0x0000000000161000-memory.dmp
memory/2144-6-0x0000000000150000-0x0000000000151000-memory.dmp
memory/2144-5-0x0000000000250000-0x0000000000276000-memory.dmp
memory/2144-4-0x0000000000140000-0x0000000000141000-memory.dmp
memory/2144-3-0x0000000000120000-0x0000000000121000-memory.dmp
memory/2144-1-0x0000000000100000-0x0000000000101000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-08 03:40
Reported
2024-01-08 03:43
Platform
win10v2004-20231215-en
Max time kernel
158s
Max time network
172s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4a5753830ca02215fb67aa567475c487.lnk | C:\Users\Admin\AppData\Local\Temp\4a5753830ca02215fb67aa567475c487.exe | N/A |
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\4a5753830ca02215fb67aa567475c487.exe
"C:\Users\Admin\AppData\Local\Temp\4a5753830ca02215fb67aa567475c487.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.113.50.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | listsearchfind.com | udp |
| NL | 212.32.237.101:80 | listsearchfind.com | tcp |
| NL | 212.32.237.101:80 | listsearchfind.com | tcp |
| NL | 212.32.237.101:80 | listsearchfind.com | tcp |
| US | 8.8.8.8:53 | 101.237.32.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
memory/4372-1-0x0000000000A10000-0x0000000000A11000-memory.dmp
memory/4372-0-0x0000000000A00000-0x0000000000A01000-memory.dmp
memory/4372-2-0x0000000000A30000-0x0000000000A32000-memory.dmp
memory/4372-3-0x0000000000A40000-0x0000000000A41000-memory.dmp
memory/4372-4-0x0000000000A50000-0x0000000000A51000-memory.dmp
memory/4372-5-0x0000000000A70000-0x0000000000A71000-memory.dmp
memory/4372-6-0x0000000000A90000-0x0000000000A91000-memory.dmp
memory/4372-7-0x0000000000AA0000-0x0000000000AA1000-memory.dmp
memory/4372-8-0x0000000000B10000-0x0000000000B11000-memory.dmp
memory/4372-9-0x0000000000B20000-0x0000000000B21000-memory.dmp
memory/4372-11-0x0000000000E40000-0x0000000000E41000-memory.dmp
memory/4372-10-0x0000000000E30000-0x0000000000E31000-memory.dmp
memory/4372-12-0x0000000000E50000-0x0000000000E51000-memory.dmp
memory/4372-13-0x0000000000E60000-0x0000000000E61000-memory.dmp
memory/4372-14-0x0000000000EB0000-0x0000000000EB1000-memory.dmp
memory/4372-16-0x0000000000ED0000-0x0000000000ED1000-memory.dmp
memory/4372-15-0x0000000000AF0000-0x0000000000AF2000-memory.dmp
memory/4372-17-0x0000000000EE0000-0x0000000000EE1000-memory.dmp
memory/4372-18-0x0000000000EF0000-0x0000000000EF1000-memory.dmp
memory/4372-19-0x0000000000F00000-0x0000000000F01000-memory.dmp
memory/4372-20-0x0000000000F20000-0x0000000000F21000-memory.dmp
memory/4372-21-0x0000000000A80000-0x0000000000A81000-memory.dmp
memory/4372-22-0x0000000000B00000-0x0000000000B01000-memory.dmp
memory/4372-23-0x0000000000E70000-0x0000000000E71000-memory.dmp
memory/4372-24-0x0000000000EC0000-0x0000000000EC1000-memory.dmp
memory/4372-25-0x0000000000F10000-0x0000000000F11000-memory.dmp
memory/4372-26-0x0000000000F30000-0x0000000000F31000-memory.dmp
memory/4372-29-0x0000000003110000-0x0000000003111000-memory.dmp
memory/4372-28-0x0000000000E80000-0x0000000000EA6000-memory.dmp
memory/4372-27-0x0000000000F40000-0x0000000000F41000-memory.dmp
memory/4372-33-0x0000000003120000-0x0000000003121000-memory.dmp
memory/4372-34-0x0000000003130000-0x0000000003131000-memory.dmp