Malware Analysis Report

2025-04-14 01:49

Sample ID 240602-2ee5wahc9z
Target 5c8fc022fbe712cba4b8285d2464a9d72c98f80036fb403db0599a57ca262769
SHA256 5c8fc022fbe712cba4b8285d2464a9d72c98f80036fb403db0599a57ca262769
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5c8fc022fbe712cba4b8285d2464a9d72c98f80036fb403db0599a57ca262769

Threat Level: Shows suspicious behavior

The file 5c8fc022fbe712cba4b8285d2464a9d72c98f80036fb403db0599a57ca262769 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 22:29

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 22:29

Reported

2024-06-02 22:32

Platform

win7-20240508-en

Max time kernel

117s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5c8fc022fbe712cba4b8285d2464a9d72c98f80036fb403db0599a57ca262769.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\true_update.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\5c8fc022fbe712cba4b8285d2464a9d72c98f80036fb403db0599a57ca262769.exe

"C:\Users\Admin\AppData\Local\Temp\5c8fc022fbe712cba4b8285d2464a9d72c98f80036fb403db0599a57ca262769.exe"

C:\Users\Admin\AppData\Local\Temp\true_update.exe

"C:\Users\Admin\AppData\Local\Temp\true_update.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 adultagencyads.com udp
DE 136.243.60.66:80 adultagencyads.com tcp

Files

memory/1684-1-0x0000000000403000-0x0000000000404000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\true_update.exe

MD5 887a720bd7433ffc7a3546c22122acde
SHA1 51bdbb69387e0989adb47cbfdd77355450bd71ee
SHA256 ad5ab19740a0db433d88b21cce5e9d345626006446a34334c55c60ef05a08928
SHA512 6584e2856e39b266e26dc57b7997ab77990d28251424e161672042bf292030b6e5f183eb194123b1648aa74f29e96cd1c1debb79da15311ddb42de580e29ae41

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 22:29

Reported

2024-06-02 22:32

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5c8fc022fbe712cba4b8285d2464a9d72c98f80036fb403db0599a57ca262769.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5c8fc022fbe712cba4b8285d2464a9d72c98f80036fb403db0599a57ca262769.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\true_update.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\true_update.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\5c8fc022fbe712cba4b8285d2464a9d72c98f80036fb403db0599a57ca262769.exe

"C:\Users\Admin\AppData\Local\Temp\5c8fc022fbe712cba4b8285d2464a9d72c98f80036fb403db0599a57ca262769.exe"

C:\Users\Admin\AppData\Local\Temp\true_update.exe

"C:\Users\Admin\AppData\Local\Temp\true_update.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 adultagencyads.com udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
DE 136.243.60.66:80 adultagencyads.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 66.60.243.136.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/1176-1-0x0000000000403000-0x0000000000404000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\true_update.exe

MD5 887a720bd7433ffc7a3546c22122acde
SHA1 51bdbb69387e0989adb47cbfdd77355450bd71ee
SHA256 ad5ab19740a0db433d88b21cce5e9d345626006446a34334c55c60ef05a08928
SHA512 6584e2856e39b266e26dc57b7997ab77990d28251424e161672042bf292030b6e5f183eb194123b1648aa74f29e96cd1c1debb79da15311ddb42de580e29ae41

memory/3932-9-0x0000000000400000-0x0000000000407000-memory.dmp