Overview

overview

7

Static

static

3

794d973af7...9b.exe

windows7-x64

7

794d973af7...9b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/01/2024, 04:42 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    794d973af7d463d579cb1e663fe1949b.exe

  • Size

    193KB

  • MD5

    794d973af7d463d579cb1e663fe1949b

  • SHA1

    9b6e82d09e998804b68d894142ccbd7d79a9ac54

  • SHA256

    b2b1005cf34c20e9799da3d1d0c48e68a0cfe14c27545156a10c8b6305a289c2

  • SHA512

    b4b0acff9189c0db9c130487ccb796154c510f74862f1b493593499e1aa2bd845f0a7e207b006ed7c1c6af9cae7b27e43bcdbb0d0ef2c03bd53a5d794c657bfd

  • SSDEEP

    3072:SOrXxb6jasztQBE7G1mNm8395ucDQOnY0hRQ0LGMDbQ+45KWTgh3aVZjT1:SOrXx2asKE7G149ND5YBU5DbZWMujh

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Drops startup file 2 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\794d973af7d463d579cb1e663fe1949b.exe
    "C:\Users\Admin\AppData\Local\Temp\794d973af7d463d579cb1e663fe1949b.exe"
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:4256
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
      • Deletes itself
      • Drops startup file
      PID:2672

Network

  • flag-us
    DNS
    seaserver1.in
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    seaserver1.in
    IN A
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    173.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    173.178.17.96.in-addr.arpa
    IN PTR
    Response
    173.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-173deploystaticakamaitechnologiescom
  • flag-us
    DNS
    71.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    81.171.91.138.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    81.171.91.138.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    169.117.168.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    169.117.168.52.in-addr.arpa
    IN PTR
    Response
  • 52.142.223.178:80
    52 B
     1
  • 8.8.8.8:53
    seaserver1.in
    dns
    svchost.exe
    59 B
     112 B
     1
    1

    DNS Request

    seaserver1.in

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    173.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    173.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    71.31.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    71.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    81.171.91.138.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    81.171.91.138.in-addr.arpa

  • 8.8.8.8:53
    169.117.168.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    169.117.168.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe
    Filesize

    193KB

    MD5

    794d973af7d463d579cb1e663fe1949b

    SHA1

    9b6e82d09e998804b68d894142ccbd7d79a9ac54

    SHA256

    b2b1005cf34c20e9799da3d1d0c48e68a0cfe14c27545156a10c8b6305a289c2

    SHA512

    b4b0acff9189c0db9c130487ccb796154c510f74862f1b493593499e1aa2bd845f0a7e207b006ed7c1c6af9cae7b27e43bcdbb0d0ef2c03bd53a5d794c657bfd

    Download Submit

  • memory/2672-4-0x0000000000F80000-0x0000000000F82000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2672-8-0x0000000000F80000-0x0000000000F82000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2672-55-0x0000000000F80000-0x0000000000F82000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4256-0-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/4256-2-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/4256-1-0x00000000005E0000-0x00000000005E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4256-3-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.