Analysis Overview
SHA256
1542f3a1489a338ef9931c0390090e576d12eebcc08ff60e44f8b123b64e3c3a
Threat Level: Shows suspicious behavior
The file a28537c4576f86cb779ab5218a597770.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks installed software on the system
Drops file in Windows directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-14 02:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 02:16
Reported
2024-06-14 02:19
Platform
win7-20231129-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Checks installed software on the system
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\SideScreenControls.job | C:\Users\Admin\AppData\Local\Temp\a28537c4576f86cb779ab5218a597770.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a28537c4576f86cb779ab5218a597770.exe
"C:\Users\Admin\AppData\Local\Temp\a28537c4576f86cb779ab5218a597770.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | get-multiple.link | udp |
| US | 8.8.8.8:53 | first-usapro.info | udp |
| US | 8.8.8.8:53 | get-bluesee.info | udp |
Files
memory/1752-1-0x00000000009A0000-0x00000000009E0000-memory.dmp
memory/1752-0-0x0000000000770000-0x00000000007B0000-memory.dmp
memory/1752-3-0x0000000000820000-0x0000000000860000-memory.dmp
memory/1752-4-0x0000000000250000-0x000000000027F000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 02:16
Reported
2024-06-14 02:19
Platform
win10v2004-20240611-en
Max time kernel
125s
Max time network
127s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\SideScreenControls.job | C:\Users\Admin\AppData\Local\Temp\a28537c4576f86cb779ab5218a597770.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a28537c4576f86cb779ab5218a597770.exe
"C:\Users\Admin\AppData\Local\Temp\a28537c4576f86cb779ab5218a597770.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1292,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=3060 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | get-multiple.link | udp |
| US | 8.8.8.8:53 | allmodel-pro.com | udp |
| US | 8.8.8.8:53 | first-usapro.info | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | get-bluesee.info | udp |
| US | 204.11.56.48:80 | allmodel-pro.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.131.50.23.in-addr.arpa | udp |
Files
memory/4544-0-0x00000000014B0000-0x00000000014C0000-memory.dmp
memory/4544-3-0x0000000001360000-0x0000000001460000-memory.dmp
memory/4544-2-0x0000000001490000-0x00000000014A0000-memory.dmp
memory/4544-4-0x00000000011C0000-0x00000000011EF000-memory.dmp