Overview

overview

7

Static

static

3

8eca46b796...6a.exe

windows7-x64

7

8eca46b796...6a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    160s
  • max time network
    171s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/02/2024, 09:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8eca46b796c3f4b07c5cf4282b1b076a.exe

  • Size

    2.5MB

  • MD5

    8eca46b796c3f4b07c5cf4282b1b076a

  • SHA1

    a64b462bccfb1a726cad6ffd0d7237984d0b6a3f

  • SHA256

    53015ec4339dca036dcd4be39565c626d49e1ca9fd6242642050afb281f7df45

  • SHA512

    6639bddaa382d8e484a12c06e659e0156e3758aca015b265e5372e259cadf80baf6f87f059527ffdc2528e7e3bb5a2561d7dc9b4eb415eb1ccbd41406edf9742

  • SSDEEP

    49152:52YT/j0AG7BmgYBf/ZkYDXAOcL/szp/mPrDpPYQ1qX2w5aV:sgj0JVm/peYDXAOc4duDDpI8

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8eca46b796c3f4b07c5cf4282b1b076a.exe
    "C:\Users\Admin\AppData\Local\Temp\8eca46b796c3f4b07c5cf4282b1b076a.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3504
    • C:\Users\Admin\AppData\Local\Temp\Stp2E7D_TMP.EXE
      "C:\Users\Admin\AppData\Local\Temp\Stp2E7D_TMP.EXE"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2044
      • C:\Users\Admin\AppData\Local\Temp\is-R63SM.tmp\Stp2E7D_TMP.tmp
        "C:\Users\Admin\AppData\Local\Temp\is-R63SM.tmp\Stp2E7D_TMP.tmp" /SL5="$A0238,2257206,53248,C:\Users\Admin\AppData\Local\Temp\Stp2E7D_TMP.EXE"
        3⤵
        • Executes dropped EXE
        PID:4492

Network

  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
    Response
    0.205.248.87.in-addr.arpa
    IN PTR
    https-87-248-205-0lgwllnwnet
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    133.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    14.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    226.162.46.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    226.162.46.104.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    0.205.248.87.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    133.32.126.40.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    133.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    14.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    14.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    226.162.46.104.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    226.162.46.104.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Stp2E7D_TMP.EXE
    Filesize

    2.5MB

    MD5

    3a60668ac7c2bf247a33255bb68050ee

    SHA1

    9a2bc4a6b3a161500d77e7c259d7c4ee2bb0afa4

    SHA256

    f65ef96dfe3d263a7bb34fbcd0e2baabe4713347a8a39a6f88f96d1337e5ef8e

    SHA512

    b4b7edbdd39ead608831a7aa1a552d3d90872be98f90b4b51017cabdf3fd2abdd14e6ceeeb444208da2dc8907098202938adb9cb6a19603bec057a7de634c5ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-R63SM.tmp\Stp2E7D_TMP.tmp
    Filesize

    669KB

    MD5

    52950ac9e2b481453082f096120e355a

    SHA1

    159c09db1abcee9114b4f792ffba255c78a6e6c3

    SHA256

    25fbc88c7c967266f041ae4d47c2eae0b96086f9e440cca10729103aee7ef6cd

    SHA512

    5b61c28bbcaedadb3b6cd3bb8a392d18016c354c4c16e01395930666addc95994333dfc45bea1a1844f6f1585e79c729136d3714ac118b5848becde0bdb182ba

    Download Submit

  • memory/2044-5-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2044-7-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2044-13-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4492-12-0x0000000002100000-0x0000000002101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4492-14-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/4492-21-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/4492-23-0x0000000002100000-0x0000000002101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4492-24-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.