110c5eec940f3abb8b3a671cd292bc9ef65772168325a7949290e9828353824a

Analysis

max time kernel
30s
max time network
32s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2024, 17:46 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

110c5eec940f3abb8b3a671cd292bc9ef65772168325a7949290e9828353824a.exe
Size

1.7MB
MD5

e397775e130add76d0140c413efd183f
SHA1

b5263b23ee594e06f42dfe95266dbc2d5d394a29
SHA256

110c5eec940f3abb8b3a671cd292bc9ef65772168325a7949290e9828353824a
SHA512

fa3dad95d1ddab891b21222b735103403b81fbfd2cff3bc7daa567920b5f7a75ff0043d7b3df246d042376e79180ff5b6948c4014a22a73f2c29056974a7abea
SSDEEP

49152:y4T8JANOZtUWtr4CiVKyWtsPNdxfAeDFyQoo4I6+uyF6:yiNOHtr4CiVKyWtsPNVDFTohGL

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1192	110c5eec940f3abb8b3a671cd292bc9ef65772168325a7949290e9828353824a.exe
1192	110c5eec940f3abb8b3a671cd292bc9ef65772168325a7949290e9828353824a.exe
1192	110c5eec940f3abb8b3a671cd292bc9ef65772168325a7949290e9828353824a.exe
1192	110c5eec940f3abb8b3a671cd292bc9ef65772168325a7949290e9828353824a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 3712	1192	110c5eec940f3abb8b3a671cd292bc9ef65772168325a7949290e9828353824a.exe	84
PID 1192 wrote to memory of 3712	1192	110c5eec940f3abb8b3a671cd292bc9ef65772168325a7949290e9828353824a.exe	84
PID 3712 wrote to memory of 2960	3712	cmd.exe	86
PID 3712 wrote to memory of 2960	3712	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\110c5eec940f3abb8b3a671cd292bc9ef65772168325a7949290e9828353824a.exe
"C:\Users\Admin\AppData\Local\Temp\110c5eec940f3abb8b3a671cd292bc9ef65772168325a7949290e9828353824a.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe -c
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3712
- - C:\Windows\system32\chcp.com
    chcp
    3⤵
    PID:2960

Network

DNS

associate.freeonlinelearningtech.com

110c5eec940f3abb8b3a671cd292bc9ef65772168325a7949290e9828353824a.exe

Remote address:

8.8.8.8:53

Request

associate.freeonlinelearningtech.com

IN A

Response

associate.freeonlinelearningtech.com

IN A

100.79.176.201
DNS

88.233.82.100.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.233.82.100.in-addr.arpa

IN PTR

Response

88.233.82.100.in-addr.arpa

IN A

100.69.227.89
DNS

26.10.105.100.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.10.105.100.in-addr.arpa

IN PTR

Response

26.10.105.100.in-addr.arpa

IN A

100.75.87.248
DNS

201.176.79.100.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.176.79.100.in-addr.arpa

IN PTR

Response

201.176.79.100.in-addr.arpa

IN A

100.96.84.0
DNS

85.98.76.100.in-addr.arpa

Remote address:

8.8.8.8:53

Request

85.98.76.100.in-addr.arpa

IN PTR

Response

85.98.76.100.in-addr.arpa

IN A

100.97.75.135
DNS

157.170.80.100.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.170.80.100.in-addr.arpa

IN PTR

Response

157.170.80.100.in-addr.arpa

IN A

100.90.158.174

100.79.176.201:443

associate.freeonlinelearningtech.com

https

110c5eec940f3abb8b3a671cd292bc9ef65772168325a7949290e9828353824a.exe

1.1kB
212 B
6
5
100.79.176.201:8443

associate.freeonlinelearningtech.com

110c5eec940f3abb8b3a671cd292bc9ef65772168325a7949290e9828353824a.exe

1.1kB
212 B
6
5
100.79.176.201:443

associate.freeonlinelearningtech.com

tls

110c5eec940f3abb8b3a671cd292bc9ef65772168325a7949290e9828353824a.exe

1.6kB
1.5kB
7
6
100.79.176.201:8443

associate.freeonlinelearningtech.com

tls

110c5eec940f3abb8b3a671cd292bc9ef65772168325a7949290e9828353824a.exe

1.7kB
1.6kB
9
9

8.8.8.8:53

associate.freeonlinelearningtech.com

dns

110c5eec940f3abb8b3a671cd292bc9ef65772168325a7949290e9828353824a.exe

82 B
134 B
1
1

DNS Request

associate.freeonlinelearningtech.com

DNS Response

100.79.176.201
8.8.8.8:53

88.233.82.100.in-addr.arpa

dns

72 B
114 B
1
1

DNS Request

88.233.82.100.in-addr.arpa

DNS Response

100.69.227.89
8.8.8.8:53

26.10.105.100.in-addr.arpa

dns

72 B
114 B
1
1

DNS Request

26.10.105.100.in-addr.arpa

DNS Response

100.75.87.248
8.8.8.8:53

201.176.79.100.in-addr.arpa

dns

73 B
116 B
1
1

DNS Request

201.176.79.100.in-addr.arpa

DNS Response

100.96.84.0
8.8.8.8:53

85.98.76.100.in-addr.arpa

dns

71 B
112 B
1
1

DNS Request

85.98.76.100.in-addr.arpa

DNS Response

100.97.75.135
8.8.8.8:53

157.170.80.100.in-addr.arpa

dns

73 B
116 B
1
1

DNS Request

157.170.80.100.in-addr.arpa

DNS Response

100.90.158.174

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1192-0-0x0000000180000000-0x00000001801EA000-memory.dmp

Filesize
1.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.