Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11-06-2024 01:07

General

  • Target

    01535f848bb62396cb5bf1fc9c12e150.exe

  • Size

    46KB

  • MD5

    01535f848bb62396cb5bf1fc9c12e150

  • SHA1

    d88b03f859e560f98e6c38608b67d0bfebfa2adf

  • SHA256

    c40efbf93b7feaf8fa9ceb44f03c0fa1093faca4f050f29937f3ac0d591f457e

  • SHA512

    09f18313408ce91a9707d56c875d0ca2d9073bbb61c53fb3a5666b84709f32bf2439d736c6c729c8864bf317949bfcc08d00af037d7a33a30d178b29293cb7b6

  • SSDEEP

    768:r8eRH+MlFh0pXrL4i6sh7iQroCHmmbk26b5:r9l+Gi6sh7iQroCL2

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01535f848bb62396cb5bf1fc9c12e150.exe
    "C:\Users\Admin\AppData\Local\Temp\01535f848bb62396cb5bf1fc9c12e150.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1596
    • C:\Users\Admin\AppData\Local\Temp\bkgrnd.exe
      "C:\Users\Admin\AppData\Local\Temp\bkgrnd.exe"
      2⤵
      • Executes dropped EXE
      PID:2432

Network

  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    gwentcarsales.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    gwentcarsales.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
  • flag-us
    DNS
    lanoguard.co.uk
    bkgrnd.exe
    Remote address:
    8.8.8.8:53
    Request
    lanoguard.co.uk
    IN A
No results found
  • 8.8.8.8:53
    gwentcarsales.co.uk
    dns
    bkgrnd.exe
    325 B
    5

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

  • 8.8.8.8:53
    gwentcarsales.co.uk
    dns
    bkgrnd.exe
    325 B
    5

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

  • 8.8.8.8:53
    lanoguard.co.uk
    dns
    bkgrnd.exe
    305 B
    5

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

  • 8.8.8.8:53
    lanoguard.co.uk
    dns
    bkgrnd.exe
    305 B
    5

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

  • 8.8.8.8:53
    gwentcarsales.co.uk
    dns
    bkgrnd.exe
    325 B
    5

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

  • 8.8.8.8:53
    gwentcarsales.co.uk
    dns
    bkgrnd.exe
    325 B
    5

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

  • 8.8.8.8:53
    lanoguard.co.uk
    dns
    bkgrnd.exe
    305 B
    5

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

  • 8.8.8.8:53
    lanoguard.co.uk
    dns
    bkgrnd.exe
    305 B
    5

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

  • 8.8.8.8:53
    gwentcarsales.co.uk
    dns
    bkgrnd.exe
    325 B
    5

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

  • 8.8.8.8:53
    gwentcarsales.co.uk
    dns
    bkgrnd.exe
    325 B
    5

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

    DNS Request

    gwentcarsales.co.uk

  • 8.8.8.8:53
    lanoguard.co.uk
    dns
    bkgrnd.exe
    305 B
    5

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

  • 8.8.8.8:53
    lanoguard.co.uk
    dns
    bkgrnd.exe
    244 B
    4

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

    DNS Request

    lanoguard.co.uk

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\bkgrnd.exe

    Filesize

    46KB

    MD5

    2156d0806f102f96720e424551a02d73

    SHA1

    ad540454b155e0f954a54ee488fbc882c4c2e41e

    SHA256

    18cbe68e1061e75250bc474708d4801374229996a98c44df14cafd0a151078b9

    SHA512

    2389721e4b45d68062fc93ebbeef37f0677cc9c9e6257eda48a4b442f8810bd12584d2cef88225d36356523233342f22b5f0a73a6fa0aa2a197b28ff554af306

  • memory/1596-0-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

  • memory/1596-1-0x0000000004000000-0x0000000004006000-memory.dmp

    Filesize

    24KB

  • memory/1596-2-0x0000000004000000-0x0000000004006000-memory.dmp

    Filesize

    24KB

  • memory/1596-9-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

  • memory/2432-13-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.