Resubmissions

01-11-2024 12:33

241101-pradyaypdv 10

27-10-2024 23:08

241027-24hmasskhj 10

20-10-2024 16:28

241020-tyzdvsxgqb 3

20-10-2024 16:26

241020-tx2gtszekk 3

02-10-2024 11:53

241002-n2j6fsycqb 3

13-09-2024 04:59

240913-fmwxpswcpb 3

11-09-2024 15:54

240911-tcmg6sygmm 3

11-09-2024 15:53

240911-tbsmsszbnh 10

25-08-2024 22:53

240825-2t6als1gll 10

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19-08-2024 16:15

General

  • Target

    dl2.exe

  • Size

    849KB

  • MD5

    c2055b7fbaa041d9f68b9d5df9b45edd

  • SHA1

    e4bd443bd4ce9029290dcd4bb47cb1a01f3b1b06

  • SHA256

    342f04c4720590c40d24078d46d9b19d8175565f0af460598171d58f5ffc48f3

  • SHA512

    18905b75938b8af9468b1aa3ffbae796a139c2762e623aa6ffb9ec2b293dd04aa1f90d1ed5a7dbda7853795a3688e368121a134c7f63e527a8e5e7679301a1dc

  • SSDEEP

    12288:A3RY3yNqMRTF4q2rxHn2ot/81xpNQyjUXlmoe7ufjHAtjXD7r2:A3RY3R24q+xn/8Xp2yOl5fzQ/2

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dl2.exe
    "C:\Users\Admin\AppData\Local\Temp\dl2.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2628
  • C:\Users\Admin\AppData\Local\Temp\dl2.exe
    C:\Users\Admin\AppData\Local\Temp\dl2.exe {247B7B44-7F59-4037-9263-F13E150E9540}
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2648

Network

  • flag-us
    DNS
    google.com
    Remote address:
    8.8.8.8:53
    Request
    google.com
    IN A
    Response
    google.com
    IN A
    142.250.201.174
  • flag-fr
    HEAD
    https://google.com/update.exe
    Remote address:
    142.250.201.174:443
    Request
    HEAD /update.exe HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Encoding: identity
    User-Agent: Microsoft BITS/7.5
    Host: google.com
    Response
    HTTP/1.1 404 Not Found
    Transfer-Encoding: chunked
    Date: Mon, 19 Aug 2024 16:15:23 GMT
    Content-Type: text/html; charset=UTF-8
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • 31.214.240.203:443
    dl2.exe
    152 B
    3
  • 142.250.201.174:443
    https://google.com/update.exe
    tls, http
    883 B
    7.5kB
    10
    11

    HTTP Request

    HEAD https://google.com/update.exe

    HTTP Response

    404
  • 31.214.240.203:443
    dl2.exe
    152 B
    3
  • 31.214.240.203:443
    dl2.exe
    152 B
    3
  • 31.214.240.203:443
    dl2.exe
    152 B
    3
  • 31.214.240.203:443
    dl2.exe
    152 B
    3
  • 31.214.240.203:443
    dl2.exe
    152 B
    3
  • 78.108.216.13:443
    dl2.exe
    152 B
    3
  • 78.108.216.13:443
    dl2.exe
    52 B
    1
  • 8.8.8.8:53
    google.com
    dns
    56 B
    72 B
    1
    1

    DNS Request

    google.com

    DNS Response

    142.250.201.174

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2628-1-0x0000000000350000-0x0000000000380000-memory.dmp

    Filesize

    192KB

  • memory/2628-8-0x0000000000250000-0x0000000000350000-memory.dmp

    Filesize

    1024KB

  • memory/2628-18-0x0000000000250000-0x0000000000350000-memory.dmp

    Filesize

    1024KB

  • memory/2648-10-0x0000000000310000-0x0000000000340000-memory.dmp

    Filesize

    192KB

  • memory/2648-17-0x00000000001A0000-0x00000000002A0000-memory.dmp

    Filesize

    1024KB

  • memory/2648-19-0x00000000001A0000-0x00000000002A0000-memory.dmp

    Filesize

    1024KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.