Malware Analysis Report

2024-11-15 05:35

Sample ID 240614-cqdnravhnl
Target a28537c4576f86cb779ab5218a597770.bin
SHA256 1542f3a1489a338ef9931c0390090e576d12eebcc08ff60e44f8b123b64e3c3a
Tags
discovery
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

1542f3a1489a338ef9931c0390090e576d12eebcc08ff60e44f8b123b64e3c3a

Threat Level: Shows suspicious behavior

The file a28537c4576f86cb779ab5218a597770.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Checks installed software on the system

Drops file in Windows directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:16

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:16

Reported

2024-06-14 02:19

Platform

win7-20231129-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a28537c4576f86cb779ab5218a597770.exe"

Signatures

Checks installed software on the system

discovery

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\SideScreenControls.job C:\Users\Admin\AppData\Local\Temp\a28537c4576f86cb779ab5218a597770.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a28537c4576f86cb779ab5218a597770.exe

"C:\Users\Admin\AppData\Local\Temp\a28537c4576f86cb779ab5218a597770.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 get-multiple.link udp
US 8.8.8.8:53 first-usapro.info udp
US 8.8.8.8:53 get-bluesee.info udp

Files

memory/1752-1-0x00000000009A0000-0x00000000009E0000-memory.dmp

memory/1752-0-0x0000000000770000-0x00000000007B0000-memory.dmp

memory/1752-3-0x0000000000820000-0x0000000000860000-memory.dmp

memory/1752-4-0x0000000000250000-0x000000000027F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:16

Reported

2024-06-14 02:19

Platform

win10v2004-20240611-en

Max time kernel

125s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a28537c4576f86cb779ab5218a597770.exe"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\SideScreenControls.job C:\Users\Admin\AppData\Local\Temp\a28537c4576f86cb779ab5218a597770.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a28537c4576f86cb779ab5218a597770.exe

"C:\Users\Admin\AppData\Local\Temp\a28537c4576f86cb779ab5218a597770.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1292,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=3060 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 get-multiple.link udp
US 8.8.8.8:53 allmodel-pro.com udp
US 8.8.8.8:53 first-usapro.info udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 get-bluesee.info udp
US 204.11.56.48:80 allmodel-pro.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 200.131.50.23.in-addr.arpa udp

Files

memory/4544-0-0x00000000014B0000-0x00000000014C0000-memory.dmp

memory/4544-3-0x0000000001360000-0x0000000001460000-memory.dmp

memory/4544-2-0x0000000001490000-0x00000000014A0000-memory.dmp

memory/4544-4-0x00000000011C0000-0x00000000011EF000-memory.dmp