Analysis Overview
SHA256
43f7709a6c3408eca55af1a45a829b8ed72d37480fe21afa6470c5c45f079017
Threat Level: Likely malicious
The file 43f7709a6c3408eca55af1a45a829b8ed72d37480fe21afa6470c5c45f079017 was found to be: Likely malicious.
Malicious Activity Summary
detect oss ak
UPX packed file
Writes to the Master Boot Record (MBR)
Unsigned PE
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-30 16:22
Signatures
detect oss ak
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-30 16:22
Reported
2024-06-30 16:25
Platform
win10v2004-20240508-en
Max time kernel
54s
Max time network
63s
Command Line
Signatures
detect oss ak
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\43f7709a6c3408eca55af1a45a829b8ed72d37480fe21afa6470c5c45f079017.exe | N/A |
Suspicious use of SetWindowsHookEx
Processes
C:\Users\Admin\AppData\Local\Temp\43f7709a6c3408eca55af1a45a829b8ed72d37480fe21afa6470c5c45f079017.exe
"C:\Users\Admin\AppData\Local\Temp\43f7709a6c3408eca55af1a45a829b8ed72d37480fe21afa6470c5c45f079017.exe"
Network
| Country | Destination | Domain | Proto |
| CN | 122.51.207.195:9010 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| CN | 122.51.207.195:9010 | tcp |
Files
memory/1224-0-0x00000000006F3000-0x00000000006F4000-memory.dmp
memory/1224-33-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-35-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-31-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-43-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-41-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-39-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-37-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-27-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-25-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-23-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-21-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-45-0x0000000000400000-0x0000000000D1B000-memory.dmp
memory/1224-19-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-17-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-15-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-46-0x0000000000400000-0x0000000000D1B000-memory.dmp
memory/1224-13-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-47-0x0000000000400000-0x0000000000D1B000-memory.dmp
memory/1224-11-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-9-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-48-0x0000000000400000-0x0000000000D1B000-memory.dmp
memory/1224-7-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-5-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-3-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-2-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-1-0x0000000002A60000-0x0000000002A9E000-memory.dmp
memory/1224-29-0x0000000002A60000-0x0000000002A9E000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-30 16:22
Reported
2024-06-30 16:25
Platform
win7-20240611-en
Max time kernel
118s
Max time network
124s
Command Line
Signatures
detect oss ak
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\43f7709a6c3408eca55af1a45a829b8ed72d37480fe21afa6470c5c45f079017.exe | N/A |
Suspicious use of SetWindowsHookEx
Processes
C:\Users\Admin\AppData\Local\Temp\43f7709a6c3408eca55af1a45a829b8ed72d37480fe21afa6470c5c45f079017.exe
"C:\Users\Admin\AppData\Local\Temp\43f7709a6c3408eca55af1a45a829b8ed72d37480fe21afa6470c5c45f079017.exe"
Network
| Country | Destination | Domain | Proto |
| CN | 122.51.207.195:9010 | tcp | |
| CN | 122.51.207.195:9010 | tcp |
Files
memory/2140-0-0x00000000006F3000-0x00000000006F4000-memory.dmp
memory/2140-3-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-2-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-1-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-44-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-42-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-46-0x0000000000400000-0x0000000000D1B000-memory.dmp
memory/2140-40-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-38-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-36-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-34-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-47-0x0000000000400000-0x0000000000D1B000-memory.dmp
memory/2140-32-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-30-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-28-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-48-0x0000000000400000-0x0000000000D1B000-memory.dmp
memory/2140-26-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-24-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-49-0x0000000000400000-0x0000000000D1B000-memory.dmp
memory/2140-22-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-20-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-50-0x0000000000400000-0x0000000000D1B000-memory.dmp
memory/2140-18-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-16-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-14-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-12-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-10-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-8-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-5-0x00000000003C0000-0x00000000003FE000-memory.dmp
memory/2140-6-0x0000000000400000-0x0000000000D1B000-memory.dmp