Analysis Overview
SHA256
299afa0d4eb6aee26835f649723d41684c55a1d302a051479c4736d77e3a15ee
Threat Level: Likely malicious
The file 299afa0d4eb6aee26835f649723d41684c55a1d302a051479c4736d77e3a15ee was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-06 20:25
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-06 20:25
Reported
2024-06-06 20:35
Platform
win7-20240220-en
Max time kernel
131s
Max time network
121s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\299afa0d4eb6aee26835f649723d41684c55a1d302a051479c4736d77e3a15ee.exe
"C:\Users\Admin\AppData\Local\Temp\299afa0d4eb6aee26835f649723d41684c55a1d302a051479c4736d77e3a15ee.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-06 20:25
Reported
2024-06-06 20:35
Platform
win10v2004-20240508-en
Max time kernel
126s
Max time network
159s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203309525.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203318150.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203329166.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203339760.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203350666.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203401885.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203412478.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203421760.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203433697.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203445119.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242606203454916.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\299afa0d4eb6aee26835f649723d41684c55a1d302a051479c4736d77e3a15ee.exe
"C:\Users\Admin\AppData\Local\Temp\299afa0d4eb6aee26835f649723d41684c55a1d302a051479c4736d77e3a15ee.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203309525.exe 000001
C:\Users\Admin\AppData\Local\Temp\242606203309525.exe
C:\Users\Admin\AppData\Local\Temp\242606203309525.exe 000001
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203318150.exe 000002
C:\Users\Admin\AppData\Local\Temp\242606203318150.exe
C:\Users\Admin\AppData\Local\Temp\242606203318150.exe 000002
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203329166.exe 000003
C:\Users\Admin\AppData\Local\Temp\242606203329166.exe
C:\Users\Admin\AppData\Local\Temp\242606203329166.exe 000003
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203339760.exe 000004
C:\Users\Admin\AppData\Local\Temp\242606203339760.exe
C:\Users\Admin\AppData\Local\Temp\242606203339760.exe 000004
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203350666.exe 000005
C:\Users\Admin\AppData\Local\Temp\242606203350666.exe
C:\Users\Admin\AppData\Local\Temp\242606203350666.exe 000005
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203401885.exe 000006
C:\Users\Admin\AppData\Local\Temp\242606203401885.exe
C:\Users\Admin\AppData\Local\Temp\242606203401885.exe 000006
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203412478.exe 000007
C:\Users\Admin\AppData\Local\Temp\242606203412478.exe
C:\Users\Admin\AppData\Local\Temp\242606203412478.exe 000007
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203421760.exe 000008
C:\Users\Admin\AppData\Local\Temp\242606203421760.exe
C:\Users\Admin\AppData\Local\Temp\242606203421760.exe 000008
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203433697.exe 000009
C:\Users\Admin\AppData\Local\Temp\242606203433697.exe
C:\Users\Admin\AppData\Local\Temp\242606203433697.exe 000009
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203445119.exe 00000a
C:\Users\Admin\AppData\Local\Temp\242606203445119.exe
C:\Users\Admin\AppData\Local\Temp\242606203445119.exe 00000a
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203454916.exe 00000b
C:\Users\Admin\AppData\Local\Temp\242606203454916.exe
C:\Users\Admin\AppData\Local\Temp\242606203454916.exe 00000b
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203511619.exe 00000c
C:\Users\Admin\AppData\Local\Temp\242606203511619.exe
C:\Users\Admin\AppData\Local\Temp\242606203511619.exe 00000c
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242606203523197.exe 00000d
C:\Users\Admin\AppData\Local\Temp\242606203523197.exe
C:\Users\Admin\AppData\Local\Temp\242606203523197.exe 00000d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| BE | 2.17.107.122:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tvlp.wije.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | tvlp.wije.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 19.94.70.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kicn.vghh.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | kicn.vghh.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | jjow.fqln.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | jjow.fqln.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xbta.ckkc.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | xbta.ckkc.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | eabk.srcr.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | eabk.srcr.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | kazl.dpkg.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | kazl.dpkg.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | neqv.fxrp.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | neqv.fxrp.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | ijua.oerc.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | ijua.oerc.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 52.111.229.48:443 | tcp | |
| US | 8.8.8.8:53 | tnov.pamd.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | tnov.pamd.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | jaud.kkwx.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | jaud.kkwx.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | ufpv.bpfc.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | ufpv.bpfc.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | ifde.rpfm.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | ifde.rpfm.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | qwzm.sntk.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | qwzm.sntk.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 213.143.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\242606203309525.exe
| MD5 | 6769c52cd5ff08b25a199fa7cdbd1768 |
| SHA1 | 79b40d8ac95fe4a8a6bf6317341677ea889e548c |
| SHA256 | c9765a2097b5160a57e89ede620e53c775f3d8a64f5dae233e5823f0ae30b1ec |
| SHA512 | c442fddfdf7172e93c1309d8903d0b7a2fec535e7f253b952b09159d2e1a05275c531ef82fc18c345c693cecc9f95b1d02457850fa7f929945a489b7e9d94ee6 |
C:\Users\Admin\AppData\Local\Temp\242606203318150.exe
| MD5 | 073953a8bc246df27bc22b8024c8316a |
| SHA1 | b11a2df4846da1996c939d26d92c57f80e1125eb |
| SHA256 | e8202d16bd459b353b7439187e89f2233546696e716f6544e472cc7cb499d265 |
| SHA512 | 74decfb49c5007a46e80b64afd0a962f70d4e17ab92b50780c2f771c852e5b0042a5d16c2257c9ac1df4ab0d3ca5d408a5c2460492ee3b40581b7b1e2216edf9 |
C:\Users\Admin\AppData\Local\Temp\242606203329166.exe
| MD5 | 358e279f96c5326de739e3dcc96b3921 |
| SHA1 | ebe46ea0d3856163dfefa75bc66f404178341bcc |
| SHA256 | da3d15696317bc7a3afafb8622fbf07bd53c29d46a7ac206b5ec5784b0f3245b |
| SHA512 | e26fa277758c0684d882e1ed24a3f8518dcc7989840009d90ee9e3c4ab794061919eac06e52e4a1d9b308e533f8c292312f60a11eeb3c3f8e2dc495ca1e811ea |
C:\Users\Admin\AppData\Local\Temp\242606203339760.exe
| MD5 | f548a71606553c7d2687feb1bd261173 |
| SHA1 | 4e36e74bc925e2dfd3f237290703e54cde6183f3 |
| SHA256 | 442a2d0f2dc643547da6d6632ca2ea3beab3f50bd5f452865cb8147366659994 |
| SHA512 | c2deef63c1ac6668276db7592c8ebc4574a04272e6a08b159ebf45cc78c417cbe0cca6e53642a85616cd8909d9bae2f2bfa032dac2d8b026f03d6c2abdaec2cb |
C:\Users\Admin\AppData\Local\Temp\242606203350666.exe
| MD5 | a6d564e6f6c7027c8fc4f3001e3ae818 |
| SHA1 | d8b737c94fba713ea94fb4ba42221894be6ce98b |
| SHA256 | 6639e6c6cc97ffa886002c51cc0d5b49d1a63646e5194374742941325ce4a6ef |
| SHA512 | 259a8b617441e94d3e0663b79efabe49f0607c180d38fe0eae8aecb56239ca630302c85cb19e02ecc24f763c58ec22949ae4672fee5b25f73647cb15a8540e15 |
C:\Users\Admin\AppData\Local\Temp\242606203401885.exe
| MD5 | 2a482612181404ddb1c670ec9257575b |
| SHA1 | 41cde184dd9911a92191ff1b8d0da430973cb088 |
| SHA256 | 30c77ea4deb3307079d897d5840b16ce7687f4c3bfb43d8c4d05393300af76e4 |
| SHA512 | 51fe788380dc2fe39944744632b205baafcd068e6e14976f29c645ba95dc0e7acfc62c7409b65b919c39a1664158a98e4d4152a67ddb523227f72ce720012de9 |
C:\Users\Admin\AppData\Local\Temp\242606203412478.exe
| MD5 | 14ea85411aee25a41d1ac29761d537b2 |
| SHA1 | f1fd1723781a24c18145d2c9b917fbd8cd28f61e |
| SHA256 | 5578bc3ddbe61f4473697867a412edd71560f5c56bd4c3881e60507b38b3a296 |
| SHA512 | c4d9109243ff4e7c9560b479565ab1b342e8d874070dd4ecbe5c12675775a3f81e3a076a3f592dbe6dce2c6cd8cfb2122c54fcf8bedff4b5923073e8d160ff5f |
C:\Users\Admin\AppData\Local\Temp\242606203421760.exe
| MD5 | 0192658ff91a4019a6f92265353cd47c |
| SHA1 | 410f097a6f28002f4c5246e8fdcb0f7a4c9c86bd |
| SHA256 | fe02488d3548e826c75ec6db8636e3b22a8d2e80fc6b18691e6c015c855c290a |
| SHA512 | 31b0094b3eda2eb655b70bc13607e1b0e460f3c560570e855076fa0b23bc84018fae0f624475ad2992bdfcb3c53bd6a9871a087eb149bc1abacfbfec4529d338 |
C:\Users\Admin\AppData\Local\Temp\242606203433697.exe
| MD5 | f0dbba78657109200efc97c2f18256e2 |
| SHA1 | 9851838e5f7ee0945dd5a27a694687541528abe4 |
| SHA256 | ddee56fa1d41f4aaf4f2bb0d7f2c411cf0f4278e4747c77bf986b81a79dad682 |
| SHA512 | 6d2d06a2ea4d1b57d9f6afaad99bc382754e21cfc416f40e8be722d1e50e288616f6f5bac21005037fe2122a9bcd9e090409701261542c0578b4cd0254b0bfda |
C:\Users\Admin\AppData\Local\Temp\242606203445119.exe
| MD5 | e34bba41a37e9423227c6704f3113e32 |
| SHA1 | 53f0f1c7c6eb943d17fc6dff010dcfc917dab434 |
| SHA256 | c99cbbded3b57cf37fabbcac672affc687b2342f085f592918022bf78a1371ee |
| SHA512 | 486159e3c81df8bad3eecfe18da6e86827e2c079bac1c31bb084c15f42832c5603daf55463cfffb5bca8ad1307926f80494eae062ac10908221f5c356a4903bd |
C:\Users\Admin\AppData\Local\Temp\242606203454916.exe
| MD5 | 5ad56445b924bf71d7cde1016416be9a |
| SHA1 | 6874663fa4489fa9a7644b0e346a60d520abc588 |
| SHA256 | c5ba65e0e66a06af2027e9afa431e049f1fe8b3f337c1f3f1bb33c56a678c8f8 |
| SHA512 | 84394107140ce4350a7b54ead71cb1bb1097d55a9910f9b3bdbdc601c5a1948ca7d3fa9b97301e3a7172d1ebea00b707dc6f933c4686656f6793786c8e1901ad |
C:\Users\Admin\AppData\Local\Temp\242606203511619.exe
| MD5 | 9ea31969ef6789ba06b9694b370f37b2 |
| SHA1 | f00ed6c58396fc71089fb796f23585db49a820f8 |
| SHA256 | a0845ca6a437dd78f1b088bc6b909909e00d5a15560a7bf44b69aa2b3eac4a8a |
| SHA512 | 8c04841d5b8e3d60b01790670561390bc4fa4a3974be0f236af4a0c2ce0b5b4e9b984ae113acb7e8e66f9699721e00e720631212d91b6b60d4d89f0e772726ea |
C:\Users\Admin\AppData\Local\Temp\242606203523197.exe
| MD5 | 2c4da28c22af477ef1f4147a27f2c7f7 |
| SHA1 | 5dee555535641c60b72bbcab806c94bb73a0e329 |
| SHA256 | 6e4860ddda230a965af4dcfc39f442b58441a6d5dccef4f2f2fbb2dca014d8cb |
| SHA512 | 5e4ca6a760a80187a88bbb12310402153c31b74825bf6a8d01624678a100eabf5476268e85de5d0ff840bc2d17414398debfb748606a847ecabaea71b9ef0cd7 |