a9b4325238596e5f4d1083987b50aabfec65a20d7b4436332ac56c93ce0f9eed

Analysis

max time kernel
1050s
max time network
1051s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
22-05-2024 23:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dos.exe
Size

6.6MB
MD5

098935ddcddffc9e4d9d9a41648ece6e
SHA1

b049a356c043ccb45a9466b6497cd21ce9098837
SHA256

a9b4325238596e5f4d1083987b50aabfec65a20d7b4436332ac56c93ce0f9eed
SHA512

7411184d1fe12ee2622bc4a640bb96b28d1b66e1be2f49ddff15970a367fd45ee4a8d352693da647dbb8bf9877af6b5b1976d762a876d01a8a11ba41e975172c
SSDEEP

98304:igilwJXTDE5KEQwyt/L1EEQr4rZCfYtVJOAkDuPKV:ZiqXTDEtQ4E9Qf+8Akii

Score

6^/10

discovery

Malware Config

Signatures

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

GoLang User-Agent 64 IoCs

Uses default user-agent string defined by GoLang HTTP packages.

Processes:

description	flow	ioc
HTTP User-Agent header	823	Go-http-client/1.1
HTTP User-Agent header	3303	Go-http-client/1.1
HTTP User-Agent header	3346	Go-http-client/1.1
HTTP User-Agent header	1428	Go-http-client/1.1
HTTP User-Agent header	2735	Go-http-client/1.1
HTTP User-Agent header	471	Go-http-client/1.1
HTTP User-Agent header	954	Go-http-client/1.1
HTTP User-Agent header	1416	Go-http-client/1.1
HTTP User-Agent header	2999	Go-http-client/1.1
HTTP User-Agent header	3874	Go-http-client/1.1
HTTP User-Agent header	474	Go-http-client/1.1
HTTP User-Agent header	599	Go-http-client/1.1
HTTP User-Agent header	674	Go-http-client/1.1
HTTP User-Agent header	1207	Go-http-client/1.1
HTTP User-Agent header	1583	Go-http-client/1.1
HTTP User-Agent header	2357	Go-http-client/1.1
HTTP User-Agent header	3696	Go-http-client/1.1
HTTP User-Agent header	3884	Go-http-client/1.1
HTTP User-Agent header	1988	Go-http-client/1.1
HTTP User-Agent header	2225	Go-http-client/1.1
HTTP User-Agent header	2455	Go-http-client/1.1
HTTP User-Agent header	1983	Go-http-client/1.1
HTTP User-Agent header	3579	Go-http-client/1.1
HTTP User-Agent header	208	Go-http-client/1.1
HTTP User-Agent header	1271	Go-http-client/1.1
HTTP User-Agent header	1946	Go-http-client/1.1
HTTP User-Agent header	733	Go-http-client/1.1
HTTP User-Agent header	920	Go-http-client/1.1
HTTP User-Agent header	3248	Go-http-client/1.1
HTTP User-Agent header	809	Go-http-client/1.1
HTTP User-Agent header	1765	Go-http-client/1.1
HTTP User-Agent header	3865	Go-http-client/1.1
HTTP User-Agent header	1605	Go-http-client/1.1
HTTP User-Agent header	2189	Go-http-client/1.1
HTTP User-Agent header	3100	Go-http-client/1.1
HTTP User-Agent header	3448	Go-http-client/1.1
HTTP User-Agent header	3727	Go-http-client/1.1
HTTP User-Agent header	4006	Go-http-client/1.1
HTTP User-Agent header	4088	Go-http-client/1.1
HTTP User-Agent header	293	Go-http-client/1.1
HTTP User-Agent header	1478	Go-http-client/1.1
HTTP User-Agent header	3087	Go-http-client/1.1
HTTP User-Agent header	736	Go-http-client/1.1
HTTP User-Agent header	3554	Go-http-client/1.1
HTTP User-Agent header	4051	Go-http-client/1.1
HTTP User-Agent header	1091	Go-http-client/1.1
HTTP User-Agent header	3439	Go-http-client/1.1
HTTP User-Agent header	2910	Go-http-client/1.1
HTTP User-Agent header	408	Go-http-client/1.1
HTTP User-Agent header	1387	Go-http-client/1.1
HTTP User-Agent header	2050	Go-http-client/1.1
HTTP User-Agent header	2346	Go-http-client/1.1
HTTP User-Agent header	1553	Go-http-client/1.1
HTTP User-Agent header	2172	Go-http-client/1.1
HTTP User-Agent header	2180	Go-http-client/1.1
HTTP User-Agent header	2780	Go-http-client/1.1
HTTP User-Agent header	3487	Go-http-client/1.1
HTTP User-Agent header	4038	Go-http-client/1.1
HTTP User-Agent header	798	Go-http-client/1.1
HTTP User-Agent header	982	Go-http-client/1.1
HTTP User-Agent header	2532	Go-http-client/1.1
HTTP User-Agent header	2955	Go-http-client/1.1
HTTP User-Agent header	3934	Go-http-client/1.1
HTTP User-Agent header	1018	Go-http-client/1.1

C:\Users\Admin\AppData\Local\Temp\dos.exe
"C:\Users\Admin\AppData\Local\Temp\dos.exe"
1⤵
PID:4292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads