Analysis Overview
SHA256
df56759ef4120b2a14faeddbe0ed975af175c19299727f9b70203baa81eeeec6
Threat Level: Shows suspicious behavior
The file 4a68b5e9d28f386ad47fe57d657f2d56 was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Drops file in System32 directory
Drops file in Windows directory
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-01-08 04:13
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-08 04:13
Reported
2024-01-08 04:15
Platform
win7-20231215-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\HisLlPZZyeEaCNFYLaIG.com | C:\Users\Admin\AppData\Local\Temp\4a68b5e9d28f386ad47fe57d657f2d56.exe | N/A |
Drops file in Windows directory
Processes
C:\Users\Admin\AppData\Local\Temp\4a68b5e9d28f386ad47fe57d657f2d56.exe
"C:\Users\Admin\AppData\Local\Temp\4a68b5e9d28f386ad47fe57d657f2d56.exe"
Network
Files
memory/1720-0-0x0000000000400000-0x0000000000423000-memory.dmp
memory/1720-1-0x0000000000400000-0x0000000000423000-memory.dmp
C:\Windows\win32dc\FlatOut_patch.exe
| MD5 | 4a68b5e9d28f386ad47fe57d657f2d56 |
| SHA1 | 870b05c6f90940164d0a8d8472e1824a2915815b |
| SHA256 | df56759ef4120b2a14faeddbe0ed975af175c19299727f9b70203baa81eeeec6 |
| SHA512 | 843de1d571fc6426a60b959145ddc1fc9b1e8279f4819b2194050b1f5a004f7cbffc982869e46fdf83ab8f5a5d6711df5e06a995963c57e79885f0d90283d16a |
memory/1720-17-0x0000000000400000-0x0000000000423000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-08 04:13
Reported
2024-01-08 04:15
Platform
win10v2004-20231222-en
Max time kernel
127s
Max time network
151s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
Processes
C:\Users\Admin\AppData\Local\Temp\4a68b5e9d28f386ad47fe57d657f2d56.exe
"C:\Users\Admin\AppData\Local\Temp\4a68b5e9d28f386ad47fe57d657f2d56.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | us.undernet.org | udp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 8.8.8.8:53 | 122.156.83.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 8.8.8.8:53 | 104.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 8.8.8.8:53 | 174.178.17.96.in-addr.arpa | udp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 8.8.8.8:53 | 24.134.221.88.in-addr.arpa | udp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | tcp | |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | tcp | |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | tcp | |
| US | 8.8.8.8:53 | udp | |
| GB | 96.17.178.194:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 172.83.156.122:6667 | tcp | |
| N/A | 20.199.58.43:443 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 172.83.156.122:6667 | tcp | |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 172.83.156.122:6667 | tcp | |
| GB | 96.17.178.176:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 8.8.8.8:53 | 11.173.189.20.in-addr.arpa | udp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| US | 172.83.156.122:6667 | us.undernet.org | tcp |
| GB | 96.17.178.174:80 | tcp |
Files
memory/1532-0-0x0000000000400000-0x0000000000423000-memory.dmp
memory/1532-1-0x0000000000400000-0x0000000000423000-memory.dmp
C:\Windows\win32dc\UT2004(serial).exe
| MD5 | b06a39bc9f17a29cfff21bcce14feb3a |
| SHA1 | 0bcc56ab50231a0a2f33ce0d028e2d4a9e34052c |
| SHA256 | 876b6b0794c6a7628653b65db3b6893538f70514419b7238684bbfee91e50adc |
| SHA512 | 3afffeff77b74ff513b0fc065496e4f4b35786de5a309a35c3dc20bfd87ba1f11147213caeb7d611e220dd4d2ce1c77864409e39760851693249760203d844d3 |
memory/1532-19-0x0000000000400000-0x0000000000423000-memory.dmp
memory/1532-20-0x0000000000400000-0x0000000000423000-memory.dmp
memory/1532-21-0x0000000000400000-0x0000000000423000-memory.dmp
memory/1532-22-0x0000000000400000-0x0000000000423000-memory.dmp
memory/1532-23-0x0000000000400000-0x0000000000423000-memory.dmp
memory/1532-24-0x0000000000400000-0x0000000000423000-memory.dmp
memory/1532-25-0x0000000000400000-0x0000000000423000-memory.dmp
memory/1532-26-0x0000000000400000-0x0000000000423000-memory.dmp
memory/1532-27-0x0000000000400000-0x0000000000423000-memory.dmp
memory/1532-28-0x0000000000400000-0x0000000000423000-memory.dmp
memory/1532-29-0x0000000000400000-0x0000000000423000-memory.dmp
memory/1532-30-0x0000000000400000-0x0000000000423000-memory.dmp
memory/1532-31-0x0000000000400000-0x0000000000423000-memory.dmp