Analysis Overview
SHA256
a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56
Threat Level: Shows suspicious behavior
The file a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Loads dropped DLL
Enumerates connected drives
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-04 00:58
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 00:58
Reported
2024-06-04 01:01
Platform
win7-20240215-en
Max time kernel
150s
Max time network
117s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe | N/A |
Reads user/profile data of web browsers
Enumerates connected drives
Processes
C:\Users\Admin\AppData\Local\Temp\a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe
"C:\Users\Admin\AppData\Local\Temp\a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\pdl11CC.tmp
| MD5 | 1bc225e0c1c2f54cc877b654ccf04684 |
| SHA1 | 66b37d20f580e14efa3312821aa1b44eccd0f1fe |
| SHA256 | 19486800845b74be3487f1319d6f249ce85e8b47df586dd8e9b9cbb46875ae93 |
| SHA512 | 9e4604f5cb06c498b53ac91eb8b37e923dc5d6629984b77ecbbc149abac5c94352cd8ab64488a3516083a39988282f0fb5b7fc2aa5e81426685a5a039e96f283 |
memory/1512-4-0x0000000010000000-0x000000001003A000-memory.dmp
memory/1512-3-0x0000000000400000-0x0000000000442000-memory.dmp
memory/1512-6-0x0000000010000000-0x000000001003A000-memory.dmp
memory/1512-8-0x0000000010000000-0x000000001003A000-memory.dmp
memory/1512-10-0x0000000010000000-0x000000001003A000-memory.dmp
memory/1512-12-0x0000000010000000-0x000000001003A000-memory.dmp
memory/1512-14-0x0000000010000000-0x000000001003A000-memory.dmp
memory/1512-16-0x0000000010000000-0x000000001003A000-memory.dmp
memory/1512-18-0x0000000010000000-0x000000001003A000-memory.dmp
memory/1512-20-0x0000000010000000-0x000000001003A000-memory.dmp
memory/1512-22-0x0000000010000000-0x000000001003A000-memory.dmp
memory/1512-24-0x0000000010000000-0x000000001003A000-memory.dmp
memory/1512-26-0x0000000010000000-0x000000001003A000-memory.dmp
memory/1512-30-0x0000000010000000-0x000000001003A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-04 00:58
Reported
2024-06-04 01:01
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe | N/A |
Reads user/profile data of web browsers
Enumerates connected drives
Processes
C:\Users\Admin\AppData\Local\Temp\a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe
"C:\Users\Admin\AppData\Local\Temp\a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Temp\pdl34DB.tmp
| MD5 | 1bc225e0c1c2f54cc877b654ccf04684 |
| SHA1 | 66b37d20f580e14efa3312821aa1b44eccd0f1fe |
| SHA256 | 19486800845b74be3487f1319d6f249ce85e8b47df586dd8e9b9cbb46875ae93 |
| SHA512 | 9e4604f5cb06c498b53ac91eb8b37e923dc5d6629984b77ecbbc149abac5c94352cd8ab64488a3516083a39988282f0fb5b7fc2aa5e81426685a5a039e96f283 |
memory/5112-5-0x0000000010000000-0x000000001003A000-memory.dmp
memory/5112-4-0x0000000000400000-0x0000000000442000-memory.dmp
memory/5112-7-0x0000000010000000-0x000000001003A000-memory.dmp
memory/5112-9-0x0000000010000000-0x000000001003A000-memory.dmp
memory/5112-11-0x0000000010000000-0x000000001003A000-memory.dmp
memory/5112-13-0x0000000010000000-0x000000001003A000-memory.dmp
memory/5112-15-0x0000000010000000-0x000000001003A000-memory.dmp
memory/5112-19-0x0000000010000000-0x000000001003A000-memory.dmp
memory/5112-21-0x0000000010000000-0x000000001003A000-memory.dmp
memory/5112-23-0x0000000010000000-0x000000001003A000-memory.dmp
memory/5112-25-0x0000000010000000-0x000000001003A000-memory.dmp
memory/5112-27-0x0000000010000000-0x000000001003A000-memory.dmp
memory/5112-29-0x0000000010000000-0x000000001003A000-memory.dmp
memory/5112-31-0x0000000010000000-0x000000001003A000-memory.dmp