Malware Analysis Report

2025-01-17 22:46

Sample ID 240603-pxtprsgb72
Target 8d7ba555cf35e088abd92c8a1183ad8c97bd95766eb9dc7c7d1f8470b9b34bae
SHA256 8d7ba555cf35e088abd92c8a1183ad8c97bd95766eb9dc7c7d1f8470b9b34bae
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

8d7ba555cf35e088abd92c8a1183ad8c97bd95766eb9dc7c7d1f8470b9b34bae

Threat Level: Likely benign

The file 8d7ba555cf35e088abd92c8a1183ad8c97bd95766eb9dc7c7d1f8470b9b34bae was found to be: Likely benign.

Malicious Activity Summary


Unsigned PE

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 12:42

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 12:42

Reported

2024-06-03 12:45

Platform

win7-20240221-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8d7ba555cf35e088abd92c8a1183ad8c97bd95766eb9dc7c7d1f8470b9b34bae.exe"

Signatures

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d7ba555cf35e088abd92c8a1183ad8c97bd95766eb9dc7c7d1f8470b9b34bae.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8d7ba555cf35e088abd92c8a1183ad8c97bd95766eb9dc7c7d1f8470b9b34bae.exe

"C:\Users\Admin\AppData\Local\Temp\8d7ba555cf35e088abd92c8a1183ad8c97bd95766eb9dc7c7d1f8470b9b34bae.exe"

Network

N/A

Files

memory/2068-0-0x0000000000400000-0x0000000000439000-memory.dmp

memory/2068-12-0x0000000000400000-0x0000000000439000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Bugreport_error.ini

MD5 db55bf845279ade48a1fee5f57545ac5
SHA1 884051e426af3b59f85f232a6808a81ebde453af
SHA256 eb02f3baf4945310a03d24702693168af376e0df76c7d1920da089dcac18459d
SHA512 ce88c59feb9d37cec54a7ab5fdda537dfdc79f7edc43ada2010cca198ac73f71f444772cc991c4a5a1da851c902ff4c11687bcd74cfcbb89cd8756c3f56fce33

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 12:42

Reported

2024-06-03 12:45

Platform

win10v2004-20240426-en

Max time kernel

92s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8d7ba555cf35e088abd92c8a1183ad8c97bd95766eb9dc7c7d1f8470b9b34bae.exe"

Signatures

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8d7ba555cf35e088abd92c8a1183ad8c97bd95766eb9dc7c7d1f8470b9b34bae.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8d7ba555cf35e088abd92c8a1183ad8c97bd95766eb9dc7c7d1f8470b9b34bae.exe

"C:\Users\Admin\AppData\Local\Temp\8d7ba555cf35e088abd92c8a1183ad8c97bd95766eb9dc7c7d1f8470b9b34bae.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

memory/5080-0-0x0000000000400000-0x0000000000439000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Bugreport_error.ini

MD5 783319115fc852b7629aeea318d2f4b6
SHA1 3e55112ac52a7688680d5e0a4f774215b4bcbeee
SHA256 8854f9cafe38d4ea1a40d9006c96b63b694680e05224a7f0905e567c8db3a1a9
SHA512 d2754f5a59450226254b483cd1d9e21a1232b8e42ff919611e794e5b1e5f0dc5bea0cdf0fadf09072bceb7bfc3749662d66aa740c3cad0761697d8a8f4d7b001

memory/5080-12-0x0000000000400000-0x0000000000439000-memory.dmp