Malware Analysis Report

2024-11-30 04:05

Sample ID 240408-cantsadc8y
Target MentalMentor.exe
SHA256 4219ad1aba06e67dc8f4978dc32cdf1da817a360798256f907b813be201580ec
Tags
discovery
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

4219ad1aba06e67dc8f4978dc32cdf1da817a360798256f907b813be201580ec

Threat Level: Likely benign

The file MentalMentor.exe was found to be: Likely benign.

Malicious Activity Summary

discovery

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Script User-Agent

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-08 01:52

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-08 01:52

Reported

2024-04-08 02:02

Platform

win10-20240404-en

Max time kernel

362s

Max time network

318s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe"

Signatures

Checks installed software on the system

discovery

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-QREME.tmp\MentalMentor.tmp N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe

"C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe"

C:\Users\Admin\AppData\Local\Temp\is-QREME.tmp\MentalMentor.tmp

"C:\Users\Admin\AppData\Local\Temp\is-QREME.tmp\MentalMentor.tmp" /SL5="$300E0,2483841,845312,C:\Users\Admin\AppData\Local\Temp\MentalMentor.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 web.mymentalmentor.net udp
NL 51.158.210.166:443 web.mymentalmentor.net tcp
US 8.8.8.8:53 166.210.158.51.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 9.73.50.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp

Files

memory/4144-0-0x0000000000400000-0x00000000004DC000-memory.dmp

memory/4144-2-0x0000000000400000-0x00000000004DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-QREME.tmp\MentalMentor.tmp

MD5 0d041f22d598f3a63bdf0e66c448bdab
SHA1 591fc72ec32e7efe2e641dba38c3cd7b6d415450
SHA256 e6b54015c403e3016b848b18fc488d4d281a752bc9ab2a3324ba4d8efb642563
SHA512 5dd3af37f06f308f348213c0305acab38cf279556c12a9b14d0343072b1f431778c75129715a2b04abcf219baaeba665faa08fcb4692d2ede36b2511178de210

memory/3108-6-0x0000000002790000-0x0000000002791000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-1PDS7.tmp\idp.dll

MD5 59fd376f6e67cf49bfb0ac6724140e72
SHA1 e02a4185b9272ae6a3b5eaa4333905fc989698e2
SHA256 88d2da3783c9ef9b2c9f20224a399fe3607581f338daea94f68606a760cc06d5
SHA512 9510b201f43cb9a2362842dd382dd3be794b439227241f97f89c1f15246888099094c91b96905b55c1e490ef7dc26aff06382c2c69971d4506ad5f8a66a811eb

memory/3108-13-0x0000000002570000-0x00000000026B0000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-1PDS7.tmp\mentor-inno-lib.dll

MD5 8e8f2104c9a175fb576cdb208a08e6a3
SHA1 77f937b7ca2450c71db6075bfe71df266fd1854d
SHA256 784ca2a85f535658d4b914943a4b82cce8658b80fb75158e357aa3a2308fe2be
SHA512 e83521476a1d5ff1ef900c727d2f49e0c175f8c82cc7f23373a8f088d1db4fe1205297883e5be23c5081706faad2f21c5e5e7681a362d83e73395a28f1d5cfb6

memory/3108-14-0x0000000002570000-0x00000000026B0000-memory.dmp

memory/4144-19-0x0000000000400000-0x00000000004DC000-memory.dmp

memory/3108-20-0x0000000000400000-0x0000000000717000-memory.dmp

memory/3108-23-0x0000000002790000-0x0000000002791000-memory.dmp