Resubmissions

13-06-2024 22:31

240613-2fdy7sshlh 9

13-06-2024 22:08

240613-12p3xswclr 7

Analysis

  • max time kernel
    455s
  • max time network
    1174s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13-06-2024 22:08

General

  • Target

    UDP Flashflood v1.0/UDP Flashflood v1.0 by BrutuS.exe

  • Size

    48KB

  • MD5

    5e2bed0f69ceef0fbd181db6de19968a

  • SHA1

    fd9b1c2b9df237cb8f81ff74a4de9dbd83b25690

  • SHA256

    cf272129a609777249355a1a1bef6d0748f0d096f01ce753fca83c0087062199

  • SHA512

    ead9984e551897877838256b521486bc54990526b00451f05ed887453c4f0ce471f4fffde58bce8e36c545c121b8221df08e5dcf7378f2443f47f631fbf514f6

  • SSDEEP

    384:IHZ8f14uBhVwLpxtaZSJCI/Qu5GbcelVCkOe:Iaf2uB7ZS4WqceDCX

Score
7/10

Malware Config

Signatures

  • Unexpected DNS network traffic destination 64 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\UDP Flashflood v1.0\UDP Flashflood v1.0 by BrutuS.exe
    "C:\Users\Admin\AppData\Local\Temp\UDP Flashflood v1.0\UDP Flashflood v1.0 by BrutuS.exe"
    1⤵
      PID:2732
    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1660

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
      Filesize

      10KB

      MD5

      e0236413295e49948baeeb46d884acef

      SHA1

      c24f80184264ef596722c1a84b8dedde9bdad557

      SHA256

      11af5d1895a6e5952ebf08f72ad5121d828a5e2f8dc0656875d527e886ca54e8

      SHA512

      d99fd945c37dee141ea4e4f2e2460f482230bb679d8a63131348685a7dbebce074c9543161672fc525cd0c84d41d29e2ee78f6e3a7b8f7d18ca40eefcb95e5c6

    • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
      Filesize

      10KB

      MD5

      870b0b2057b02c012ae660a60a8cf3a8

      SHA1

      de36df30678ecf716189eb86179904bfbf9c11bc

      SHA256

      a143251cd1964f2b8cb7921b647b49e5d95f9a93bd7af1bc338335600df8a1b1

      SHA512

      b2fb5741233398b049eea5a561c2e8af478957a4b2e189fcd3b738cd610c8778428ffb9c1bcaf382a334255fe090ad6b6c1b4e0e51e1495cc22390f890221ec9

    • memory/2732-0-0x00007FFD5D785000-0x00007FFD5D786000-memory.dmp
      Filesize

      4KB

    • memory/2732-1-0x000000001B760000-0x000000001B806000-memory.dmp
      Filesize

      664KB

    • memory/2732-2-0x00007FFD5D4D0000-0x00007FFD5DE71000-memory.dmp
      Filesize

      9.6MB

    • memory/2732-3-0x00007FFD5D4D0000-0x00007FFD5DE71000-memory.dmp
      Filesize

      9.6MB

    • memory/2732-4-0x00007FFD5D785000-0x00007FFD5D786000-memory.dmp
      Filesize

      4KB

    • memory/2732-5-0x00007FFD5D4D0000-0x00007FFD5DE71000-memory.dmp
      Filesize

      9.6MB