Analysis Overview
SHA256
ef285ea4242236a8140884a57b2746f61484ab74cc920d664d4b4a3ef38e0979
Threat Level: Likely malicious
The file ef285ea4242236a8140884a57b2746f61484ab74cc920d664d4b4a3ef38e0979 was found to be: Likely malicious.
Malicious Activity Summary
detect oss ak
Unsigned PE
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-05-25 17:58
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-25 17:58
Reported
2024-05-25 18:01
Platform
win7-20240221-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
detect oss ak
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ef285ea4242236a8140884a57b2746f61484ab74cc920d664d4b4a3ef38e0979.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ef285ea4242236a8140884a57b2746f61484ab74cc920d664d4b4a3ef38e0979.exe
"C:\Users\Admin\AppData\Local\Temp\ef285ea4242236a8140884a57b2746f61484ab74cc920d664d4b4a3ef38e0979.exe"
Network
Files
memory/2532-0-0x0000000000400000-0x0000000001574000-memory.dmp
memory/2532-3-0x0000000000400000-0x0000000001574000-memory.dmp
memory/2532-2-0x0000000000B90000-0x0000000000EF7000-memory.dmp
memory/2532-4-0x0000000000400000-0x0000000001574000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AntiPlugCfg.ini
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\AntiPlugCfg.ini
| MD5 | 4f1331dd69faa9292698b3523dbdfa8f |
| SHA1 | 726e1162628e92ef557cf626bb6731f75013d163 |
| SHA256 | 8663acbefbd072a154c61d014322cf31c2777bd88d292acfee7c07f664cadd2a |
| SHA512 | f34b4141d6e1460c08d3457c1d570f98b7f44ab7eab8fdc6a560f808102266ada6a6e89982d050306d834f9ef9a3cb75e9e31b5200a1eee07cac3677640ae470 |
C:\Users\Admin\AppData\Local\Temp\AntiPlugCfg.ini
| MD5 | 677756e04d6203d1f3981ed7313ba353 |
| SHA1 | 70e3d62138c81724b3e145d1cd83911f45273e31 |
| SHA256 | c65e0a5492380fb1403932e0df0001f56b9ec98fcf445666b0447164634b95d6 |
| SHA512 | 4ed8d6ab87083e75c2349fbe56fb04c179d5145bb3b05b8902d00fb56ecba734429180dc48e51eb12f3046ab389cc2df7c81d5aba3ca0f5537909c817f98b31a |
C:\Users\Admin\AppData\Local\Temp\AntiPlugCfg.ini
| MD5 | 2958b994852c6742641982eb5b4fc9ba |
| SHA1 | 2982f11ee2537fe4a4c8d3c030caad044c41f96a |
| SHA256 | ed369bf5c86043802c7e07d888e296f6892de3fd46bf3af8e83b327da5dafed8 |
| SHA512 | c6ddc03062253376c9e4dadc324735d8aedcd118ea606795e6a454d68bf624fa83d4e0bfce2f16ba39e8ca47f73fe7dc712ed9e8ce3393d90cc52540db7e54ae |
memory/2532-664-0x0000000000400000-0x0000000001574000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-25 17:58
Reported
2024-05-25 18:01
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
detect oss ak
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ef285ea4242236a8140884a57b2746f61484ab74cc920d664d4b4a3ef38e0979.exe
"C:\Users\Admin\AppData\Local\Temp\ef285ea4242236a8140884a57b2746f61484ab74cc920d664d4b4a3ef38e0979.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| BE | 88.221.83.225:443 | www.bing.com | tcp |
| BE | 88.221.83.225:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 225.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.73.50.20.in-addr.arpa | udp |
Files
memory/5004-2-0x0000000000B90000-0x0000000000EF7000-memory.dmp
memory/5004-3-0x0000000000400000-0x0000000001574000-memory.dmp
memory/5004-4-0x0000000000400000-0x0000000001574000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Config.ini
| MD5 | bf68324e6b56889a2fc08aa43622d602 |
| SHA1 | 0a1a5727938fec84297f3167dd9f69bcda3d1659 |
| SHA256 | 0bb58fcd1fb04b8a0cbaf9471e71f0ac02dcd8c497b516f8ff4287431f405d3e |
| SHA512 | 1dcb05e57a29bc5f0bfeea27391cafd51b1914f35ed8bbe0ece092fbc108b228e3f7cdea69330407891fe500f8052f33d77986229b1503f07b5c03cf3194c307 |
C:\Users\Admin\AppData\Local\Temp\AntiPlugCfg.ini
| MD5 | 3b09843daea526920edbb5f501aebf9a |
| SHA1 | a0dcb699f28028f52289eca096d89737952e221d |
| SHA256 | fc89650c91d4b0409d3b7f2c0db586975cc70904b57b0d43294e1422c013318c |
| SHA512 | 64b223502b343e64a800b01489932c9cde61eb5abd67e525a1b8a4c9126e22d4c24a1f9188b9f2dfe12b2f7f7072059a215b60ebb42a592a1d30fd79326e87ef |
C:\Users\Admin\AppData\Local\Temp\AntiPlugCfg.ini
| MD5 | 51f779322d0f3df82c0f76deb6e79dca |
| SHA1 | 98abd46a53b95fa00c02fbee76643ce746380814 |
| SHA256 | 9ecca81bc3a31352ae288ec97e5662ee841ad703faf326c755644ce6d3eeb210 |
| SHA512 | 8cf0e1e6456980c52d912d1f129cadc839dc5686360a9807fcf8482089da4a343292e0b21dde5a152bf05edff7dd6d38fde76bf237e2117323fbc14bdb233341 |
C:\Users\Admin\AppData\Local\Temp\AntiPlugCfg.ini
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\AntiPlugCfg.ini
| MD5 | 286a9ac531e118152a08fafc8c0ab29f |
| SHA1 | 3c7c306e16508887c0f6ddece2c600db778de4b7 |
| SHA256 | c8997ee06f4429de2e8ac09638765e823cffe2a02c973b85c19410811260cc5f |
| SHA512 | fe95f2db1da3da5a0a3ebe6bfa5ce0844a9302553d978748ddffc146685490cb21f2d0d6be545f97fb56c8c218b623f622499dbece4327ba99d6be4be7e17c4c |
C:\Users\Admin\AppData\Local\Temp\AntiPlugCfg.ini
| MD5 | 527f54bb800787fa16893124f84c5860 |
| SHA1 | cb35a3cc5abc55fb12c058e5d894a77048816317 |
| SHA256 | 5ff60732213f65d85606cdd9bfcc9e84d9235a89fb00cee5ac884627b7003d02 |
| SHA512 | ca570114f94f4e9d72e78bcf677201ab03484a339aa153c5a2cbfb4675d86ecc9f4dc7a33055d72e02f63d253536037ea6dabfc4bd85672f322bb4c16abb2da7 |
C:\Users\Admin\AppData\Local\Temp\AntiPlugCfg.ini
| MD5 | 444acc43cf34a9f2fc8470a11f3b9113 |
| SHA1 | 106c0712cdde290c1464a893a990c541e18c25d2 |
| SHA256 | c1ff8e32f7530d6aeb12f8d6625fd17138cad1397ba60beaa42ef5aa095ef71a |
| SHA512 | ecf40e08386a44c5f537ccc75a4f07bcaac15de76138ad39c7d0d76c34f9da29941c6f1d12e263ab5a86eac34559ff64c6dd894efcdf1eee5aaff43b3b6f8b5c |
memory/5004-664-0x0000000000400000-0x0000000001574000-memory.dmp