a25e1156c42ef797085c3d6a4afe8f2691f0889bc695b34b8d4eaafc775ef91d | Triage

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 23:12 UTC

Sharing

Report Analysis Logs

General

Target

MicroMiniNew.exe
Size

3.0MB
MD5

6e4b0ea8818cc26e9170a1c9f855e994
SHA1

87d23fde52b06145e9a6a02d1994dc74105af714
SHA256

a25e1156c42ef797085c3d6a4afe8f2691f0889bc695b34b8d4eaafc775ef91d
SHA512

bb839d8c5f7a027dce4d045e614e1e6ed82b458fb0014fbe215de35926ae8e48eee1c8f049b22b6627a068ac8a85eccb107a3090db7eedc9a2a0a9ba10464f14
SSDEEP

98304:OlgJZ4XTIIQKAzav4oGrvUTtC8J1XwLeE4Og2kohJivNxo+j:Og42FmwycAOrPivNxo+j

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3024	MicroMiniNew.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3024	MicroMiniNew.exe
3024	MicroMiniNew.exe

C:\Users\Admin\AppData\Local\Temp\MicroMiniNew.exe
"C:\Users\Admin\AppData\Local\Temp\MicroMiniNew.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3024

Network

DNS

operate.mini1.cn

MicroMiniNew.exe

Remote address:

8.8.8.8:53

Request

operate.mini1.cn

IN A

Response

operate.mini1.cn

IN A

116.205.254.163

operate.mini1.cn

IN A

116.205.254.176

operate.mini1.cn

IN A

116.205.254.181

operate.mini1.cn

IN A

116.205.254.186

operate.mini1.cn

IN A

116.205.254.210

operate.mini1.cn

IN A

116.205.254.222

operate.mini1.cn

IN A

116.205.254.245

operate.mini1.cn

IN A

124.71.120.9

operate.mini1.cn

IN A

124.71.120.204

operate.mini1.cn

IN A

124.71.120.249

operate.mini1.cn

IN A

116.205.254.12

operate.mini1.cn

IN A

116.205.254.37

operate.mini1.cn

IN A

116.205.254.50

operate.mini1.cn

IN A

116.205.254.111

operate.mini1.cn

IN A

116.205.254.132

operate.mini1.cn

IN A

116.205.254.145
DNS

mnweb.mini1.cn

MicroMiniNew.exe

Remote address:

8.8.8.8:53

Request

mnweb.mini1.cn

IN A

Response

mnweb.mini1.cn

IN CNAME

mnweb.mini1.cn.wsdvs.com

mnweb.mini1.cn.wsdvs.com

IN A

163.171.129.134

116.205.254.163:80

operate.mini1.cn

MicroMiniNew.exe

104 B
2
116.205.254.176:80

operate.mini1.cn

MicroMiniNew.exe

52 B
1
116.205.254.181:80

operate.mini1.cn

MicroMiniNew.exe

52 B
1
116.205.254.186:80

operate.mini1.cn

MicroMiniNew.exe

52 B
1
116.205.254.210:80

operate.mini1.cn

MicroMiniNew.exe

52 B
1
116.205.254.222:80

operate.mini1.cn

MicroMiniNew.exe

52 B
1
116.205.254.245:80

operate.mini1.cn

MicroMiniNew.exe

52 B
1
124.71.120.9:80

operate.mini1.cn

MicroMiniNew.exe

52 B
1
124.71.120.204:80

operate.mini1.cn

MicroMiniNew.exe

52 B
1
124.71.120.249:80

operate.mini1.cn

MicroMiniNew.exe

52 B
1
163.171.129.134:443

mnweb.mini1.cn

tls

MicroMiniNew.exe

1.1kB
7.0kB
8
10

8.8.8.8:53

operate.mini1.cn

dns

MicroMiniNew.exe

62 B
318 B
1
1

DNS Request

operate.mini1.cn

DNS Response

116.205.254.163

116.205.254.176

116.205.254.181

116.205.254.186

116.205.254.210

116.205.254.222

116.205.254.245

124.71.120.9

124.71.120.204

124.71.120.249

116.205.254.12

116.205.254.37

116.205.254.50

116.205.254.111

116.205.254.132

116.205.254.145
8.8.8.8:53

mnweb.mini1.cn

dns

MicroMiniNew.exe

60 B
114 B
1
1

DNS Request

mnweb.mini1.cn

DNS Response

163.171.129.134

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads