Malware Analysis Report

2025-08-10 20:54

Sample ID 240825-hqfq1a1clb
Target 7a71f59d2ca32497a08d0cf9f05790d0N.exe
SHA256 547c316e16556fca838a6cc40bfe9b3906e5301a69b0f577946e031564ee59be
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

547c316e16556fca838a6cc40bfe9b3906e5301a69b0f577946e031564ee59be

Threat Level: Likely benign

The file 7a71f59d2ca32497a08d0cf9f05790d0N.exe was found to be: Likely benign.

Malicious Activity Summary

discovery

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 06:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 06:56

Reported

2024-08-25 06:58

Platform

win7-20240708-en

Max time kernel

118s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre7\bin\javaw.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe

"C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe"

C:\Program Files\Java\jre7\bin\javaw.exe

"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 bhop.in udp
RU 88.212.247.68:443 bhop.in tcp

Files

memory/1872-0-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1880-3-0x0000000002490000-0x0000000002700000-memory.dmp

memory/1880-15-0x0000000001CC0000-0x0000000001CCA000-memory.dmp

memory/1880-14-0x0000000001CC0000-0x0000000001CCA000-memory.dmp

memory/1880-20-0x0000000000140000-0x0000000000141000-memory.dmp

memory/1880-26-0x0000000002490000-0x0000000002700000-memory.dmp

memory/1880-27-0x0000000001CC0000-0x0000000001CCA000-memory.dmp

memory/1880-28-0x0000000001CC0000-0x0000000001CCA000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-25 06:56

Reported

2024-08-25 06:58

Platform

win10v2004-20240802-en

Max time kernel

102s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe

"C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe"

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\7a71f59d2ca32497a08d0cf9f05790d0N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 bhop.in udp
RU 88.212.247.68:443 bhop.in tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 68.247.212.88.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/4976-0-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1808-3-0x000001CF5FAE0000-0x000001CF5FD50000-memory.dmp

memory/1808-20-0x000001CF5E2F0000-0x000001CF5E2F1000-memory.dmp

memory/1808-22-0x000001CF5FD50000-0x000001CF5FD60000-memory.dmp

memory/1808-24-0x000001CF5FD60000-0x000001CF5FD70000-memory.dmp

memory/1808-26-0x000001CF5FD70000-0x000001CF5FD80000-memory.dmp

memory/1808-29-0x000001CF5FD80000-0x000001CF5FD90000-memory.dmp

memory/1808-30-0x000001CF5FD90000-0x000001CF5FDA0000-memory.dmp

memory/1808-33-0x000001CF5FDA0000-0x000001CF5FDB0000-memory.dmp

memory/1808-34-0x000001CF5FDB0000-0x000001CF5FDC0000-memory.dmp

memory/1808-37-0x000001CF5FDC0000-0x000001CF5FDD0000-memory.dmp

memory/1808-39-0x000001CF5FDD0000-0x000001CF5FDE0000-memory.dmp

memory/1808-38-0x000001CF5FAE0000-0x000001CF5FD50000-memory.dmp

memory/1808-44-0x000001CF5FD50000-0x000001CF5FD60000-memory.dmp

memory/1808-43-0x000001CF5FDF0000-0x000001CF5FE00000-memory.dmp

memory/1808-42-0x000001CF5FDE0000-0x000001CF5FDF0000-memory.dmp

memory/1808-47-0x000001CF5FE00000-0x000001CF5FE10000-memory.dmp

memory/1808-46-0x000001CF5FD60000-0x000001CF5FD70000-memory.dmp

memory/1808-50-0x000001CF5FD70000-0x000001CF5FD80000-memory.dmp

memory/1808-51-0x000001CF5FE10000-0x000001CF5FE20000-memory.dmp

memory/1808-55-0x000001CF5FE20000-0x000001CF5FE30000-memory.dmp

memory/1808-54-0x000001CF5FD90000-0x000001CF5FDA0000-memory.dmp

memory/1808-53-0x000001CF5FD80000-0x000001CF5FD90000-memory.dmp

memory/1808-60-0x000001CF5FDB0000-0x000001CF5FDC0000-memory.dmp

memory/1808-59-0x000001CF5FDA0000-0x000001CF5FDB0000-memory.dmp

memory/1808-58-0x000001CF5FE40000-0x000001CF5FE50000-memory.dmp

memory/1808-62-0x000001CF5FE50000-0x000001CF5FE60000-memory.dmp

memory/1808-57-0x000001CF5FE30000-0x000001CF5FE40000-memory.dmp

memory/1808-66-0x000001CF5FE60000-0x000001CF5FE70000-memory.dmp

memory/1808-65-0x000001CF5FDC0000-0x000001CF5FDD0000-memory.dmp

memory/1808-70-0x000001CF5FDD0000-0x000001CF5FDE0000-memory.dmp

memory/1808-71-0x000001CF5FE70000-0x000001CF5FE80000-memory.dmp

memory/1808-77-0x000001CF5FE80000-0x000001CF5FE90000-memory.dmp

memory/1808-76-0x000001CF5FDF0000-0x000001CF5FE00000-memory.dmp

memory/1808-75-0x000001CF5FDE0000-0x000001CF5FDF0000-memory.dmp

memory/1808-80-0x000001CF5FE90000-0x000001CF5FEA0000-memory.dmp

memory/1808-81-0x000001CF5FE00000-0x000001CF5FE10000-memory.dmp

memory/1808-82-0x000001CF5FEA0000-0x000001CF5FEB0000-memory.dmp

memory/1808-85-0x000001CF5FE10000-0x000001CF5FE20000-memory.dmp

memory/1808-88-0x000001CF5FE20000-0x000001CF5FE30000-memory.dmp

memory/1808-87-0x000001CF5FEC0000-0x000001CF5FED0000-memory.dmp

memory/1808-86-0x000001CF5FEB0000-0x000001CF5FEC0000-memory.dmp

memory/1808-91-0x000001CF5FE30000-0x000001CF5FE40000-memory.dmp

memory/1808-93-0x000001CF5FED0000-0x000001CF5FEE0000-memory.dmp

memory/1808-92-0x000001CF5FE40000-0x000001CF5FE50000-memory.dmp

memory/1808-94-0x000001CF5FEE0000-0x000001CF5FEF0000-memory.dmp

memory/1808-97-0x000001CF5E2F0000-0x000001CF5E2F1000-memory.dmp

memory/1808-99-0x000001CF5FEF0000-0x000001CF5FF00000-memory.dmp

memory/1808-98-0x000001CF5FE50000-0x000001CF5FE60000-memory.dmp

memory/1808-102-0x000001CF5FE60000-0x000001CF5FE70000-memory.dmp

memory/1808-104-0x000001CF5FE70000-0x000001CF5FE80000-memory.dmp

memory/1808-105-0x000001CF5FE80000-0x000001CF5FE90000-memory.dmp

memory/1808-106-0x000001CF5FE90000-0x000001CF5FEA0000-memory.dmp

memory/1808-107-0x000001CF5FEA0000-0x000001CF5FEB0000-memory.dmp

memory/1808-108-0x000001CF5FEB0000-0x000001CF5FEC0000-memory.dmp

memory/1808-109-0x000001CF5FEC0000-0x000001CF5FED0000-memory.dmp

memory/1808-110-0x000001CF5FED0000-0x000001CF5FEE0000-memory.dmp

memory/1808-111-0x000001CF5FEE0000-0x000001CF5FEF0000-memory.dmp

memory/1808-112-0x000001CF5FEF0000-0x000001CF5FF00000-memory.dmp

memory/1808-114-0x000001CF5FF00000-0x000001CF5FF10000-memory.dmp

memory/1808-115-0x000001CF5FF00000-0x000001CF5FF10000-memory.dmp