Malware Analysis Report

2024-11-15 05:35

Sample ID 240614-ck1lbs1fqf
Target a28223d61c86de0061330bdcda890a45.bin
SHA256 0601884653e665bf25bf10ab338d342f06a104d678245c18719e8236d14a619a
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

0601884653e665bf25bf10ab338d342f06a104d678245c18719e8236d14a619a

Threat Level: Shows suspicious behavior

The file a28223d61c86de0061330bdcda890a45.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Executes dropped EXE

Checks installed software on the system

Maps connected drives based on registry

Drops file in Windows directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:08

Reported

2024-06-14 02:11

Platform

win7-20240611-en

Max time kernel

118s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a28223d61c86de0061330bdcda890a45.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Intent Caravan\Intent Caravan.exe N/A

Checks installed software on the system

discovery

Maps connected drives based on registry

Description Indicator Process Target
Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\a28223d61c86de0061330bdcda890a45.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\disk\enum C:\Users\Admin\AppData\Local\Temp\a28223d61c86de0061330bdcda890a45.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\LifeCare.job C:\Users\Admin\AppData\Local\Temp\a28223d61c86de0061330bdcda890a45.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a28223d61c86de0061330bdcda890a45.exe

"C:\Users\Admin\AppData\Local\Temp\a28223d61c86de0061330bdcda890a45.exe"

C:\Users\Admin\AppData\Roaming\Intent Caravan\Intent Caravan.exe

"C:\Users\Admin\AppData\Roaming\Intent Caravan\Intent Caravan.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 ringmynorth.biz udp
US 8.8.8.8:53 allmodel-pro.com udp
US 204.11.56.48:80 allmodel-pro.com tcp
US 8.8.8.8:53 center-ring.link udp
US 45.33.2.79:80 center-ring.link tcp
US 8.8.8.8:53 get-bluesee.info udp

Files

memory/2408-0-0x0000000000A70000-0x0000000000AB0000-memory.dmp

memory/2408-2-0x0000000000140000-0x000000000016F000-memory.dmp

memory/2408-11-0x0000000000760000-0x0000000000787000-memory.dmp

C:\Users\Admin\AppData\Roaming\Intent Caravan\Intent Caravan.exe

MD5 02446070cb56d8cadd602ff2c76ad7c3
SHA1 0b29794ba3335c718780df39ee9931df7990670f
SHA256 80e8d1c27ad79ef100aad5704d51a1fe87861a2d5bf5a84c6b8dcbb4650d1841
SHA512 49290d7923bf8c93e3556fdedae764abbe95a40407b8abb0913579c4d02a421dff995ac1adc62f8289ee988a56e379677c381549425c01a865b117c34f5d6333

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:08

Reported

2024-06-14 02:11

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a28223d61c86de0061330bdcda890a45.exe"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\LifeCare.job C:\Users\Admin\AppData\Local\Temp\a28223d61c86de0061330bdcda890a45.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a28223d61c86de0061330bdcda890a45.exe

"C:\Users\Admin\AppData\Local\Temp\a28223d61c86de0061330bdcda890a45.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 ringmynorth.biz udp
US 8.8.8.8:53 allmodel-pro.com udp
US 8.8.8.8:53 center-ring.link udp
US 8.8.8.8:53 get-bluesee.info udp

Files

memory/960-1-0x0000000001590000-0x00000000015BF000-memory.dmp

memory/960-8-0x0000000001440000-0x0000000001540000-memory.dmp

memory/960-9-0x0000000005180000-0x00000000051A7000-memory.dmp

memory/960-23-0x0000000001440000-0x0000000001540000-memory.dmp