Malware Analysis Report

2025-01-18 01:36

Sample ID 240613-jyd3tathpn
Target 2024-06-13_93f7607d4dcc80bf6673196646cdcb36_snatch
SHA256 3e229bb986eb4df02ad555095ba637ea3c76af712bb0b3b5095e5f3728e01667
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

3e229bb986eb4df02ad555095ba637ea3c76af712bb0b3b5095e5f3728e01667

Threat Level: Likely benign

The file 2024-06-13_93f7607d4dcc80bf6673196646cdcb36_snatch was found to be: Likely benign.

Malicious Activity Summary


Unsigned PE

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:04

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:04

Reported

2024-06-13 08:07

Platform

win7-20240611-en

Max time kernel

147s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-13_93f7607d4dcc80bf6673196646cdcb36_snatch.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-13_93f7607d4dcc80bf6673196646cdcb36_snatch.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-13_93f7607d4dcc80bf6673196646cdcb36_snatch.exe"

Network

Country Destination Domain Proto
N/A 192.168.141.130:4443 tcp
N/A 192.168.141.130:4443 tcp
N/A 192.168.141.130:4443 tcp
N/A 192.168.141.130:4443 tcp
N/A 192.168.141.130:4443 tcp
N/A 192.168.141.130:4443 tcp
N/A 192.168.141.130:4443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:04

Reported

2024-06-13 08:06

Platform

win10v2004-20240508-en

Max time kernel

146s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-13_93f7607d4dcc80bf6673196646cdcb36_snatch.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-13_93f7607d4dcc80bf6673196646cdcb36_snatch.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-13_93f7607d4dcc80bf6673196646cdcb36_snatch.exe"

Network

Country Destination Domain Proto
N/A 192.168.141.130:4443 tcp
N/A 192.168.141.130:4443 tcp
N/A 192.168.141.130:4443 tcp
N/A 192.168.141.130:4443 tcp
N/A 192.168.141.130:4443 tcp
N/A 192.168.141.130:4443 tcp
N/A 192.168.141.130:4443 tcp

Files

N/A