a9b4325238596e5f4d1083987b50aabfec65a20d7b4436332ac56c93ce0f9eed

Analysis

max time kernel
1799s
max time network
1800s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dos.exe
Size

6.6MB
MD5

098935ddcddffc9e4d9d9a41648ece6e
SHA1

b049a356c043ccb45a9466b6497cd21ce9098837
SHA256

a9b4325238596e5f4d1083987b50aabfec65a20d7b4436332ac56c93ce0f9eed
SHA512

7411184d1fe12ee2622bc4a640bb96b28d1b66e1be2f49ddff15970a367fd45ee4a8d352693da647dbb8bf9877af6b5b1976d762a876d01a8a11ba41e975172c
SSDEEP

98304:igilwJXTDE5KEQwyt/L1EEQr4rZCfYtVJOAkDuPKV:ZiqXTDEtQ4E9Qf+8Akii

Score

6^/10

discovery

Malware Config

Signatures

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

GoLang User-Agent 64 IoCs

Uses default user-agent string defined by GoLang HTTP packages.

Processes:

description	flow	ioc
HTTP User-Agent header	3723	Go-http-client/1.1
HTTP User-Agent header	4027	Go-http-client/1.1
HTTP User-Agent header	4931	Go-http-client/1.1
HTTP User-Agent header	5242	Go-http-client/1.1
HTTP User-Agent header	4653	Go-http-client/1.1
HTTP User-Agent header	56	Go-http-client/1.1
HTTP User-Agent header	3667	Go-http-client/1.1
HTTP User-Agent header	117	Go-http-client/1.1
HTTP User-Agent header	2463	Go-http-client/1.1
HTTP User-Agent header	4086	Go-http-client/1.1
HTTP User-Agent header	6579	Go-http-client/1.1
HTTP User-Agent header	1124	Go-http-client/1.1
HTTP User-Agent header	1827	Go-http-client/1.1
HTTP User-Agent header	3738	Go-http-client/1.1
HTTP User-Agent header	5792	Go-http-client/1.1
HTTP User-Agent header	1365	Go-http-client/1.1
HTTP User-Agent header	3397	Go-http-client/1.1
HTTP User-Agent header	5217	Go-http-client/1.1
HTTP User-Agent header	6175	Go-http-client/1.1
HTTP User-Agent header	3177	Go-http-client/1.1
HTTP User-Agent header	3567	Go-http-client/1.1
HTTP User-Agent header	5128	Go-http-client/1.1
HTTP User-Agent header	6730	Go-http-client/1.1
HTTP User-Agent header	2480	Go-http-client/1.1
HTTP User-Agent header	4462	Go-http-client/1.1
HTTP User-Agent header	5303	Go-http-client/1.1
HTTP User-Agent header	848	Go-http-client/1.1
HTTP User-Agent header	1192	Go-http-client/1.1
HTTP User-Agent header	6158	Go-http-client/1.1
HTTP User-Agent header	6229	Go-http-client/1.1
HTTP User-Agent header	3614	Go-http-client/1.1
HTTP User-Agent header	4830	Go-http-client/1.1
HTTP User-Agent header	4856	Go-http-client/1.1
HTTP User-Agent header	5038	Go-http-client/1.1
HTTP User-Agent header	5564	Go-http-client/1.1
HTTP User-Agent header	3140	Go-http-client/1.1
HTTP User-Agent header	3851	Go-http-client/1.1
HTTP User-Agent header	4716	Go-http-client/1.1
HTTP User-Agent header	4823	Go-http-client/1.1
HTTP User-Agent header	5195	Go-http-client/1.1
HTTP User-Agent header	5322	Go-http-client/1.1
HTTP User-Agent header	4158	Go-http-client/1.1
HTTP User-Agent header	4698	Go-http-client/1.1
HTTP User-Agent header	6200	Go-http-client/1.1
HTTP User-Agent header	6271	Go-http-client/1.1
HTTP User-Agent header	2454	Go-http-client/1.1
HTTP User-Agent header	6413	Go-http-client/1.1
HTTP User-Agent header	6520	Go-http-client/1.1
HTTP User-Agent header	1728	Go-http-client/1.1
HTTP User-Agent header	3752	Go-http-client/1.1
HTTP User-Agent header	3969	Go-http-client/1.1
HTTP User-Agent header	6666	Go-http-client/1.1
HTTP User-Agent header	1896	Go-http-client/1.1
HTTP User-Agent header	3955	Go-http-client/1.1
HTTP User-Agent header	4035	Go-http-client/1.1
HTTP User-Agent header	5084	Go-http-client/1.1
HTTP User-Agent header	5167	Go-http-client/1.1
HTTP User-Agent header	5869	Go-http-client/1.1
HTTP User-Agent header	2931	Go-http-client/1.1
HTTP User-Agent header	3225	Go-http-client/1.1
HTTP User-Agent header	6166	Go-http-client/1.1
HTTP User-Agent header	2296	Go-http-client/1.1
HTTP User-Agent header	4827	Go-http-client/1.1
HTTP User-Agent header	4879	Go-http-client/1.1

C:\Users\Admin\AppData\Local\Temp\dos.exe
"C:\Users\Admin\AppData\Local\Temp\dos.exe"
1⤵
PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads