Malware Analysis Report

2025-01-17 22:38

Sample ID 240603-pxalwseg6s
Target 3b2e1b47e7bc4a2b145f6eb310bb9b97c8bbfc46bc70015217305965ec295654
SHA256 3b2e1b47e7bc4a2b145f6eb310bb9b97c8bbfc46bc70015217305965ec295654
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

3b2e1b47e7bc4a2b145f6eb310bb9b97c8bbfc46bc70015217305965ec295654

Threat Level: Likely benign

The file 3b2e1b47e7bc4a2b145f6eb310bb9b97c8bbfc46bc70015217305965ec295654 was found to be: Likely benign.

Malicious Activity Summary


Unsigned PE

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 12:41

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 12:41

Reported

2024-06-03 12:44

Platform

win7-20240220-en

Max time kernel

118s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3b2e1b47e7bc4a2b145f6eb310bb9b97c8bbfc46bc70015217305965ec295654.exe"

Signatures

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3b2e1b47e7bc4a2b145f6eb310bb9b97c8bbfc46bc70015217305965ec295654.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3b2e1b47e7bc4a2b145f6eb310bb9b97c8bbfc46bc70015217305965ec295654.exe

"C:\Users\Admin\AppData\Local\Temp\3b2e1b47e7bc4a2b145f6eb310bb9b97c8bbfc46bc70015217305965ec295654.exe"

Network

N/A

Files

memory/2904-0-0x0000000000400000-0x0000000000439000-memory.dmp

memory/2904-12-0x0000000000400000-0x0000000000439000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Bugreport_error.ini

MD5 c018fdcc6cdc48834094af024b3377bc
SHA1 0b919287243c5615db0f035413a8891aad068a9e
SHA256 06f7cff91eeb18d6df9f300217c91162b1e03d0e06129070dab3b724b919de1f
SHA512 acaab55a1d337bafb6b2d334292374c76d9f1a19a9eb13031181522e57f68dfbcdab3040806876cadae124dc80c0ce27cbc6e19fab9d10c22605dcc96ff517c9

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 12:41

Reported

2024-06-03 12:44

Platform

win10v2004-20240508-en

Max time kernel

132s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3b2e1b47e7bc4a2b145f6eb310bb9b97c8bbfc46bc70015217305965ec295654.exe"

Signatures

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3b2e1b47e7bc4a2b145f6eb310bb9b97c8bbfc46bc70015217305965ec295654.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3b2e1b47e7bc4a2b145f6eb310bb9b97c8bbfc46bc70015217305965ec295654.exe

"C:\Users\Admin\AppData\Local\Temp\3b2e1b47e7bc4a2b145f6eb310bb9b97c8bbfc46bc70015217305965ec295654.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp

Files

memory/2020-0-0x0000000000400000-0x0000000000439000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Bugreport_error.ini

MD5 2dff3d21cef0a108c4408ce5f1a98278
SHA1 5f109e394eb620c7c9cb0654ba79d2edc9c67e61
SHA256 4d809c73cc4d581434259fa166938a024ab39eee5c52c64a3a570a33d02fcbde
SHA512 1592608df49fa07ccf64cb2a2a0a6c9bec65f2cc5dbcb0c240b88675b3f905b135e68153dd166660f8068291a16b784b6c1ea2a148606810bc079b124f822293

memory/2020-12-0x0000000000400000-0x0000000000439000-memory.dmp