Resubmissions
17-04-2024 12:27
240417-pm674seg85 1017-04-2024 12:27
240417-pm5z2sgd3t 1017-04-2024 12:27
240417-pm5dhseg79 1017-04-2024 12:27
240417-pm4rzseg78 1017-04-2024 12:27
240417-pm4f8aeg77 1017-04-2024 06:33
240417-hbkfmshe8v 10Analysis
-
max time kernel
300s -
max time network
308s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
17-04-2024 12:27
Static task
static1
Behavioral task
behavioral1
Sample
cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
Resource
win10v2004-20240412-en
General
-
Target
cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
-
Size
312KB
-
MD5
f765a6eb1642a430e5c4ab00b959af92
-
SHA1
122a578748d3183369facb7fcf485c7a02bf278d
-
SHA256
cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c
-
SHA512
79731e7631facb8c690937ebc4222ce5378a1189dc4203080400724e1ca6bb3b8b80e41f8e9a60a80481ad4af2e610bcd847d1dc44483c7aabbaad31869c8d59
-
SSDEEP
6144:XlYiCJDvVjZobnqLgib2V6jHnR+M/qhW/Xib459ZQ:VFol+rqUiiV6jH+hWC45Q
Malware Config
Signatures
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 37 api.ipify.org 36 api.ipify.org -
Uses Tor communications 1 TTPs
Malware can proxy its traffic through Tor for more anonymity.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1368 cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe"C:\Users\Admin\AppData\Local\Temp\cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1368