Malware Analysis Report

2024-10-16 06:33

Sample ID 240608-3kvm7aah34
Target cookie_exporter.exe
SHA256 e38ecdbb67f41dbd1b19e124e52dc78036befd7442b9d8a05a7c1348de7b9a1a
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

e38ecdbb67f41dbd1b19e124e52dc78036befd7442b9d8a05a7c1348de7b9a1a

Threat Level: No (potentially) malicious behavior was detected

The file cookie_exporter.exe was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 23:34

Signatures

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-08 23:34

Reported

2024-06-08 23:48

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Command Line

[/tmp/cookie_exporter.exe]

Signatures

N/A

Processes

/tmp/cookie_exporter.exe

[/tmp/cookie_exporter.exe]

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 23:34

Reported

2024-06-09 00:12

Platform

win10-20240404-en

Max time kernel

316s

Max time network

1587s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cookie_exporter.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cookie_exporter.exe

"C:\Users\Admin\AppData\Local\Temp\cookie_exporter.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 253.15.104.51.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-08 23:34

Reported

2024-06-09 00:17

Platform

win10v2004-20240508-en

Max time kernel

1794s

Max time network

1799s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cookie_exporter.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cookie_exporter.exe

"C:\Users\Admin\AppData\Local\Temp\cookie_exporter.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3960,i,6166776566165096562,4582328833313060853,262144 --variations-seed-version --mojo-platform-channel-handle=3804 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=2176,i,6166776566165096562,4582328833313060853,262144 --variations-seed-version --mojo-platform-channel-handle=4152 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-08 23:34

Reported

2024-06-09 00:17

Platform

win11-20240508-en

Max time kernel

447s

Max time network

1166s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cookie_exporter.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cookie_exporter.exe

"C:\Users\Admin\AppData\Local\Temp\cookie_exporter.exe"

Network

Country Destination Domain Proto
IE 52.111.236.22:443 tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-08 23:34

Reported

2024-06-08 23:48

Platform

debian12-armhf-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-08 23:34

Reported

2024-06-08 23:48

Platform

debian9-armhf-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 23:34

Reported

2024-06-09 00:15

Platform

win7-20240215-en

Max time kernel

1558s

Max time network

1558s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cookie_exporter.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cookie_exporter.exe

"C:\Users\Admin\AppData\Local\Temp\cookie_exporter.exe"

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-08 23:34

Reported

2024-06-08 23:48

Platform

android-x64-arm64-20240603-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-08 23:34

Reported

2024-06-08 23:48

Platform

android-x86-arm-20240603-en

Max time network

3s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-08 23:34

Reported

2024-06-08 23:48

Platform

debian12-mipsel-20240221-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-08 23:34

Reported

2024-06-08 23:48

Platform

ubuntu2004-amd64-20240508-en

Max time kernel

0s

Max time network

0s

Command Line

[/tmp/cookie_exporter.exe]

Signatures

N/A

Processes

/tmp/cookie_exporter.exe

[/tmp/cookie_exporter.exe]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-08 23:34

Reported

2024-06-08 23:48

Platform

android-x64-20240603-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-08 23:34

Reported

2024-06-08 23:48

Platform

android-33-x64-arm64-20240603-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.200.36:443 udp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 udp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-08 23:34

Reported

2024-06-09 00:18

Platform

macos-20240410-en

Max time kernel

1619s

Max time network

1582s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/cookie_exporter.exe"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/cookie_exporter.exe"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/cookie_exporter.exe"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/cookie_exporter.exe]

/bin/zsh

[/bin/zsh -c /Users/run/cookie_exporter.exe]

/Users/run/cookie_exporter.exe

[/Users/run/cookie_exporter.exe]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.diagnosticd]

/usr/libexec/diagnosticd

[/usr/libexec/diagnosticd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.systemstats.daily]

Network

Country Destination Domain Proto
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
IE 17.57.146.88:5223 tcp
GB 17.57.146.11:5223 32-courier.push.apple.com tcp
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-08 23:34

Reported

2024-06-08 23:48

Platform

debian9-mipsbe-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-08 23:34

Reported

2024-06-08 23:48

Platform

debian9-mipsel-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A