Analysis
-
max time kernel
118s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
13-02-2024 17:24
Behavioral task
behavioral1
Sample
PentaPulse.exe
Resource
win7-20231129-en
General
-
Target
PentaPulse.exe
-
Size
153KB
-
MD5
f70905e64d41d899e586fa1b43d8c65e
-
SHA1
98c0d8ea2cd4fb47cfca1c4871e1de0e4303591b
-
SHA256
771f327f1637897150eaaf1fb3fa25209b372d05e50b5000cdc4bee40f9447e9
-
SHA512
f758114e81df55161f7edeb0bada54647a8af586876688dc163bd780f582b72677bc2ecfc7df9deed45c1cfeb29ff5fdd9c530150e87719002d71dd282fab824
-
SSDEEP
3072:pbOmL8fzFQr0njTRsu1yIG9XKThCN3FBROfxD6ORvd05glsQ:cjTRda9yCXBROfxN051
Malware Config
Extracted
zloader
Bing_Mod3
M1
https://adslstickerni.world
Signatures
-
Blocklisted process makes network request 4 IoCs
flow pid Process 4 2364 msiexec.exe 6 2364 msiexec.exe 9 2364 msiexec.exe 12 2364 msiexec.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2220 set thread context of 2364 2220 PentaPulse.exe 28 -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 2220 wrote to memory of 2364 2220 PentaPulse.exe 28 PID 2220 wrote to memory of 2364 2220 PentaPulse.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\PentaPulse.exe"C:\Users\Admin\AppData\Local\Temp\PentaPulse.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2220 -
C:\Windows\System32\msiexec.exe\??\C:\Windows\System32\msiexec.exe2⤵
- Blocklisted process makes network request
PID:2364
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD570d4e929b207332829d54ea19db0001c
SHA18df20f11562e933728d81dbd35ebf6d1e5c7f328
SHA25616c1c5f7b61c593eaba6d3d47cad745eefcc6a03636b80ce5b0164df20720b5f
SHA512a6f70d8c1a79aebc376e4a88169478354b0e9ecdc2649ed786ec2c79a307659c0b53d3f8a030425ea3a74544835b963db268dd068b9e6c96ff3725d32f1bc705
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5bfa0d684a199204160b598aa533ad4be
SHA1002df1cded200817ba1e7fbfe9d1e86f35fc4ffb
SHA256e70b64b53763c5a3ee8983371c758fa5a5050bde0ab5a45ec30199f125e723e5
SHA51227d73f2c770a243a857f73f74d0e1f74435b11cd793dd68b31db62785c5348e4be26e72da4fc4a3e2b976843b82c0886680ecb2470816e3dbc3315139ca5f840
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06