Malware Analysis Report

2025-08-05 17:00

Sample ID 240108-d9mlfaaecl
Target 4a588e938d447df4d0cd9b26d791a724
SHA256 b5b9137fa9ea5cef7233830411dcc95d949b804d07203c3b834081052cd587a3
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

b5b9137fa9ea5cef7233830411dcc95d949b804d07203c3b834081052cd587a3

Threat Level: Shows suspicious behavior

The file 4a588e938d447df4d0cd9b26d791a724 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Deletes itself

Executes dropped EXE

Loads dropped DLL

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-01-08 03:42

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-08 03:42

Reported

2024-01-08 03:45

Platform

win7-20231129-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4a588e938d447df4d0cd9b26d791a724.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\657.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\657.tmp N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a588e938d447df4d0cd9b26d791a724.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4a588e938d447df4d0cd9b26d791a724.exe

"C:\Users\Admin\AppData\Local\Temp\4a588e938d447df4d0cd9b26d791a724.exe"

C:\Users\Admin\AppData\Local\Temp\657.tmp

"C:\Users\Admin\AppData\Local\Temp\657.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4a588e938d447df4d0cd9b26d791a724.exe 291028087D210082831AC8395B90B70336249953F30C99D13D74C8D667E1F8421EA3F2ACE4047111CC2EE78B0D1798887AB979A5F89B4A5984FE13392E165FEA

Network

N/A

Files

memory/2932-0-0x0000000000400000-0x00000000005E6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\657.tmp

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Temp\657.tmp

MD5 09a766949cca2d2f1d2b0f7b9ccc42cd
SHA1 322ea38bbb8b44919a57d0832246d821aeafb5b7
SHA256 bf1a650fdaa5cde20e4ae935c1ffcb66930b373edcfb19aee1b9c4d65d514a14
SHA512 b35a3940e6435385bc97c6005e32803590feb2dbc1a0cb8458e0a61983be8dbfd3f4e0ef814aa0dcf704378ee7f09881e68b74e7bcee7c30aff7b8b7e49bca5a

memory/3048-6-0x0000000000400000-0x00000000005E6000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-08 03:42

Reported

2024-01-08 03:45

Platform

win10v2004-20231222-en

Max time kernel

146s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4a588e938d447df4d0cd9b26d791a724.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5AE1.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5AE1.tmp N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4a588e938d447df4d0cd9b26d791a724.exe

"C:\Users\Admin\AppData\Local\Temp\4a588e938d447df4d0cd9b26d791a724.exe"

C:\Users\Admin\AppData\Local\Temp\5AE1.tmp

"C:\Users\Admin\AppData\Local\Temp\5AE1.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4a588e938d447df4d0cd9b26d791a724.exe 9D8FF65A8EF46CE70B4F77BF468A322841F7A180632BDF97050705BA2DA0C0B218F203EBF73F1FDD0339A50E26D8247D230A6D34CE1405F4668755C1A67129BA

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 179.113.50.184.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 211.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 211.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp

Files

memory/3512-0-0x0000000000400000-0x00000000005E6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\5AE1.tmp

MD5 6df0f7cf012ad33d55cf2b5d523272e7
SHA1 8a738ecf83d54ba34da4cac4b55de877a1b83e2c
SHA256 7c836caeab9a4d11101036585ba78cc63ef0bc2f0dd4064c4d80bd761ff693c7
SHA512 9119ff594efc354498fa3358ba5c7c65049b225747f3fe66c2bb7d1016ad94e78d3a77c113f689a7684c3c82dc63fbeaed4845e4c07320d71c1e3c53939bd2d8

C:\Users\Admin\AppData\Local\Temp\5AE1.tmp

MD5 5a8dd5c213cc3db013821cbabeabe2d9
SHA1 421295ff5295035e9fab52cbe52e02eb96d24e6b
SHA256 712c3eb0c4f96e217ea0b432822e0de98a19e1c92a6df639eb455bdc0512235b
SHA512 4825e4c33999cbca13b68d53ad20cb54855e4bfeb97424003e54b9501e537b6949dcfea978a6d5a19b23089a1b5c8474f3d898ae305b6bd361b81f782d3b2ef6

memory/2188-5-0x0000000000400000-0x00000000005E6000-memory.dmp