Analysis Overview
SHA256
56a800cc0f9bb992ac57c7810939d65770b968500ea51808dbfc1a74352f5a77
Threat Level: Shows suspicious behavior
The file 53cdb0713b0006f3489951f60123a825.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Unsigned PE
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-14 01:48
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 01:48
Reported
2024-06-14 01:51
Platform
win7-20240611-en
Max time kernel
140s
Max time network
119s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Processes
C:\Users\Admin\AppData\Local\Temp\f5dae53f21975cee51baa1f955783ede6d26c4eb5a9427c85829709eaed8b1c0.exe
"C:\Users\Admin\AppData\Local\Temp\f5dae53f21975cee51baa1f955783ede6d26c4eb5a9427c85829709eaed8b1c0.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dssp.ymb008.cn | udp |
| CN | 183.134.106.59:80 | dssp.ymb008.cn | tcp |
| US | 8.8.8.8:53 | eccb.ymb008.cn | udp |
| CN | 1.117.135.144:443 | eccb.ymb008.cn | tcp |
| CN | 1.117.135.144:80 | eccb.ymb008.cn | tcp |
| CN | 183.134.106.59:80 | dssp.ymb008.cn | tcp |
Files
memory/2560-0-0x0000000000E20000-0x0000000000EDA000-memory.dmp
memory/2560-1-0x0000000000E20000-0x0000000000EDA000-memory.dmp
memory/2560-2-0x0000000000E20000-0x0000000000EDA000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 01:48
Reported
2024-06-14 01:51
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Processes
C:\Users\Admin\AppData\Local\Temp\f5dae53f21975cee51baa1f955783ede6d26c4eb5a9427c85829709eaed8b1c0.exe
"C:\Users\Admin\AppData\Local\Temp\f5dae53f21975cee51baa1f955783ede6d26c4eb5a9427c85829709eaed8b1c0.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dssp.ymb008.cn | udp |
| US | 8.8.8.8:53 | eccb.ymb008.cn | udp |
| US | 8.8.8.8:53 | eccb.ymb008.cn | udp |
| US | 8.8.8.8:53 | dssp.ymb008.cn | udp |
Files
memory/4480-0-0x00000000004F0000-0x00000000005AA000-memory.dmp
memory/4480-1-0x00000000004F0000-0x00000000005AA000-memory.dmp
memory/4480-2-0x00000000004F0000-0x00000000005AA000-memory.dmp
memory/4480-4-0x00000000004F0000-0x00000000005AA000-memory.dmp