Malware Analysis Report

2025-01-17 21:19

Sample ID 240603-n6qh2adg3t
Target 8cf4f02d6d97813310c7778bac555d00f4eab8b4
SHA256 b53a20869d2145b135c61cb1fbe5b027f47e2cff1f3dbcf2aa4284ad982b581b
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

b53a20869d2145b135c61cb1fbe5b027f47e2cff1f3dbcf2aa4284ad982b581b

Threat Level: Shows suspicious behavior

The file 8cf4f02d6d97813310c7778bac555d00f4eab8b4 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Executes dropped EXE

Loads dropped DLL

Enumerates physical storage devices

Unsigned PE

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 12:00

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 12:00

Reported

2024-06-03 12:03

Platform

win7-20240221-en

Max time kernel

117s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8cf4f02d6d97813310c7778bac555d00f4eab8b4.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GPS-1688\GPS_ServicePack.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\8cf4f02d6d97813310c7778bac555d00f4eab8b4.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8cf4f02d6d97813310c7778bac555d00f4eab8b4.exe

"C:\Users\Admin\AppData\Local\Temp\8cf4f02d6d97813310c7778bac555d00f4eab8b4.exe"

C:\Users\Admin\AppData\Local\Temp\GPS-1688\GPS_ServicePack.exe

"C:\Users\Admin\AppData\Local\Temp\GPS-1688\GPS_ServicePack.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 dn-cn.gpscamera.org udp
TW 61.61.97.160:80 dn-cn.gpscamera.org tcp

Files

\Users\Admin\AppData\Local\Temp\GPS-1688\GPS_ServicePack.exe

MD5 09bfec3c1327db1dc47d29ba857277e2
SHA1 af946352e3f5e48f9c4b4dcd059ff45bb75df881
SHA256 847c58bd3df8277d2a00541dc014c3b026961f5f3a247dcf7e2bc28b2c32ddcb
SHA512 ec4ce365b4d6e13385f60d83cff95d0c543acbf269b08696c50f17fe17b4451a1e97374867f80d76373274fafeb3756dc3aad66bdd2f32b15a9b7fa1adc0d0d0

C:\Users\Admin\AppData\Local\Temp\GPS-1688\config.xml

MD5 6583e082bc147c12331ae49dce7e1268
SHA1 8be14590b5f23fd73373b3bfed1d21cf88fe4e5d
SHA256 6c00c4063f1b87c046bd34c05030cd790debabbccda11aa21d8dfd30ada520a6
SHA512 67e63b9a46842392127d006e578cb16f8238ec9f6952e74752a46b61004c4932cd50a357a280328cb7630d706b257c8b63aa8060db44b544cdda846dcc5bfb49

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 12:00

Reported

2024-06-03 12:03

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8cf4f02d6d97813310c7778bac555d00f4eab8b4.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\8cf4f02d6d97813310c7778bac555d00f4eab8b4.exe

"C:\Users\Admin\AppData\Local\Temp\8cf4f02d6d97813310c7778bac555d00f4eab8b4.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3808 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp

Files

N/A