Overview

overview

7

Static

static

3

6be4950d9a...21.exe

windows7-x64

7

6be4950d9a...21.exe

windows10-1703-x64

7

6be4950d9a...21.exe

windows10-2004-x64

6

6be4950d9a...21.exe

windows11-21h2-x64

7

Resubmissions

09-04-2024 13:39

240409-qx1czsbf71 7

09-04-2024 13:39

240409-qxzfpagd52 7

09-04-2024 13:39

240409-qxyt6abf7z 7

09-04-2024 13:39

240409-qxx8magd46 7

03-04-2024 19:01

240403-xpdbtaac35 10

Analysis

  • max time kernel
    1s
  • max time network
    32s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-04-2024 13:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6be4950d9a919f5d0150d19552b340e9b5ef1959a18fd97b18778bf39e1a6421.exe

  • Size

    4.5MB

  • MD5

    20ed8b8eb556fa3cbc88b83882a6f1b0

  • SHA1

    cd7ce6fc0068b6ef9c37d5dafec1319a39b88709

  • SHA256

    6be4950d9a919f5d0150d19552b340e9b5ef1959a18fd97b18778bf39e1a6421

  • SHA512

    868b859bdff27e41f63b527590214ad22dcaf332bb3d5c7daafd295ea648d71d5bd6d01fee29587eee8b7d4ef01384089eb0b2408f3d2e048021701c357e3b9b

  • SSDEEP

    98304:in1GhDYSAEbWAtdt7Eea0+JJHOBMT6yCltq5CFvxWof8e45D4UO38cYd5:0gYfux7EF0CHqI6Xg5CFvxW2Pe

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6be4950d9a919f5d0150d19552b340e9b5ef1959a18fd97b18778bf39e1a6421.exe
    "C:\Users\Admin\AppData\Local\Temp\6be4950d9a919f5d0150d19552b340e9b5ef1959a18fd97b18778bf39e1a6421.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2604
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
    1⤵
      PID:3484
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
      1⤵
        PID:3124

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\System32\GroupPolicy\gpt.ini
        Filesize

        127B

        MD5

        8ef9853d1881c5fe4d681bfb31282a01

        SHA1

        a05609065520e4b4e553784c566430ad9736f19f

        SHA256

        9228f13d82c3dc96b957769f6081e5bac53cffca4ffde0ba1e102d9968f184a2

        SHA512

        5ddee931a08cfea5bb9d1c36355d47155a24d617c2a11d08364ffc54e593064011dee4fea8ac5b67029cab515d3071f0ba0422bb76af492a3115272ba8feb005

        Download Submit

      • memory/2604-0-0x00007FFF34AF0000-0x00007FFF34AF2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2604-1-0x00007FF6E3C20000-0x00007FF6E44C3000-memory.dmp

        Filesize

        8.6MB

        Download

      • memory/2604-2-0x00007FF6E3C20000-0x00007FF6E44C3000-memory.dmp

        Filesize

        8.6MB

        Download