Malware Analysis Report

2025-08-05 15:57

Sample ID 240612-fjzjes1erj
Target d85cc9daba2c1b5a439e8df523a56ebcef2eb5fdabd94485707b3903c4c8f4cc
SHA256 d85cc9daba2c1b5a439e8df523a56ebcef2eb5fdabd94485707b3903c4c8f4cc
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d85cc9daba2c1b5a439e8df523a56ebcef2eb5fdabd94485707b3903c4c8f4cc

Threat Level: Shows suspicious behavior

The file d85cc9daba2c1b5a439e8df523a56ebcef2eb5fdabd94485707b3903c4c8f4cc was found to be: Shows suspicious behavior.

Malicious Activity Summary


Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 04:54

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 04:54

Reported

2024-06-12 04:57

Platform

win7-20240221-en

Max time kernel

149s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d85cc9daba2c1b5a439e8df523a56ebcef2eb5fdabd94485707b3903c4c8f4cc.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\d85cc9daba2c1b5a439e8df523a56ebcef2eb5fdabd94485707b3903c4c8f4cc.exe

"C:\Users\Admin\AppData\Local\Temp\d85cc9daba2c1b5a439e8df523a56ebcef2eb5fdabd94485707b3903c4c8f4cc.exe"

C:\Users\Admin\AppData\Local\Temp\cnwog.exe

"C:\Users\Admin\AppData\Local\Temp\cnwog.exe"

Network

N/A

Files

memory/2192-0-0x0000000000090000-0x0000000000093000-memory.dmp

\Users\Admin\AppData\Local\Temp\cnwog.exe

MD5 668c687c9f4ed82fd0fab32baa6e09ef
SHA1 f26e29099f33180aa923951968c130719ef36810
SHA256 672fe0045c0c4954ae935f7504c6a156ec1ac51162233f4bf03168225541ce5d
SHA512 bef76851a502290e78097ec6e1cb8c28e244101ea42b00e3218edde867f40be7800812c43390ce7080f6c7898569ccc9a13ff2f12bdf78f798c25a3de605e67c

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 04:54

Reported

2024-06-12 04:57

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

57s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d85cc9daba2c1b5a439e8df523a56ebcef2eb5fdabd94485707b3903c4c8f4cc.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\d85cc9daba2c1b5a439e8df523a56ebcef2eb5fdabd94485707b3903c4c8f4cc.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cnwog.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\d85cc9daba2c1b5a439e8df523a56ebcef2eb5fdabd94485707b3903c4c8f4cc.exe

"C:\Users\Admin\AppData\Local\Temp\d85cc9daba2c1b5a439e8df523a56ebcef2eb5fdabd94485707b3903c4c8f4cc.exe"

C:\Users\Admin\AppData\Local\Temp\cnwog.exe

"C:\Users\Admin\AppData\Local\Temp\cnwog.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\cnwog.exe >> NUL

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/2520-1-0x0000000000760000-0x0000000000763000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cnwog.exe

MD5 668c687c9f4ed82fd0fab32baa6e09ef
SHA1 f26e29099f33180aa923951968c130719ef36810
SHA256 672fe0045c0c4954ae935f7504c6a156ec1ac51162233f4bf03168225541ce5d
SHA512 bef76851a502290e78097ec6e1cb8c28e244101ea42b00e3218edde867f40be7800812c43390ce7080f6c7898569ccc9a13ff2f12bdf78f798c25a3de605e67c