Analysis

  • max time kernel
    147s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    18-09-2024 01:36

General

  • Target

    c3a3e14fe23932fae3b25d5845274b981ca64a465ec56fe2f042dbfe05568d16.exe

  • Size

    483KB

  • MD5

    f4e63286a64b5f4ac456af21c0959113

  • SHA1

    cf775ac158f2cfb38c1b42eb7518c5fba3df29e0

  • SHA256

    c3a3e14fe23932fae3b25d5845274b981ca64a465ec56fe2f042dbfe05568d16

  • SHA512

    a9eddabad172b1ecb9c5ea66a0221fa7615e8ad6cfa8c91a0eaeefaaa5d2724d8856714a7f58ee8917f0730f1cb4a1b43a49fbbaa7dd84db2283ba05f2c3918c

  • SSDEEP

    6144:wTz+c6KHYBhDc1RGJdv//NkUn+N5Bkf/0TELRvIZPjbsAOZZBAXccroT4:wTlrYw1RUh3NFn+N5WfIQIjbs/ZBrT4

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\c3a3e14fe23932fae3b25d5845274b981ca64a465ec56fe2f042dbfe05568d16.exe
    "C:\Users\Admin\AppData\Local\Temp\c3a3e14fe23932fae3b25d5845274b981ca64a465ec56fe2f042dbfe05568d16.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1308

Network

  • flag-us
    DNS
    remcosco222.duckdns.org
    c3a3e14fe23932fae3b25d5845274b981ca64a465ec56fe2f042dbfe05568d16.exe
    Remote address:
    8.8.8.8:53
    Request
    remcosco222.duckdns.org
    IN A
    Response
    remcosco222.duckdns.org
    IN A
    91.92.247.86
  • flag-us
    DNS
    geoplugin.net
    c3a3e14fe23932fae3b25d5845274b981ca64a465ec56fe2f042dbfe05568d16.exe
    Remote address:
    8.8.8.8:53
    Request
    geoplugin.net
    IN A
    Response
    geoplugin.net
    IN A
    178.237.33.50
  • flag-nl
    GET
    http://geoplugin.net/json.gp
    c3a3e14fe23932fae3b25d5845274b981ca64a465ec56fe2f042dbfe05568d16.exe
    Remote address:
    178.237.33.50:80
    Request
    GET /json.gp HTTP/1.1
    Host: geoplugin.net
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    date: Wed, 18 Sep 2024 01:36:57 GMT
    server: Apache
    content-length: 955
    content-type: application/json; charset=utf-8
    cache-control: public, max-age=300
    access-control-allow-origin: *
  • 91.92.247.86:7877
    remcosco222.duckdns.org
    tls
    c3a3e14fe23932fae3b25d5845274b981ca64a465ec56fe2f042dbfe05568d16.exe
    3.6kB
    1.7kB
    13
    18
  • 178.237.33.50:80
    http://geoplugin.net/json.gp
    http
    c3a3e14fe23932fae3b25d5845274b981ca64a465ec56fe2f042dbfe05568d16.exe
    623 B
    1.3kB
    12
    3

    HTTP Request

    GET http://geoplugin.net/json.gp

    HTTP Response

    200
  • 8.8.8.8:53
    remcosco222.duckdns.org
    dns
    c3a3e14fe23932fae3b25d5845274b981ca64a465ec56fe2f042dbfe05568d16.exe
    69 B
    85 B
    1
    1

    DNS Request

    remcosco222.duckdns.org

    DNS Response

    91.92.247.86

  • 8.8.8.8:53
    geoplugin.net
    dns
    c3a3e14fe23932fae3b25d5845274b981ca64a465ec56fe2f042dbfe05568d16.exe
    59 B
    75 B
    1
    1

    DNS Request

    geoplugin.net

    DNS Response

    178.237.33.50

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.