Analysis Overview
SHA256
58f66df637abdb60a40f578009a1735079d7a3d0a833e81f4587fd2fa332093c
Threat Level: Shows suspicious behavior
The file 58f66df637abdb60a40f578009a1735079d7a3d0a833e81f4587fd2fa332093c was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obfuscated with Agile.Net obfuscator
UPX packed file
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-23 20:08
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-23 20:08
Reported
2024-09-23 20:11
Platform
win7-20240729-en
Max time kernel
15s
Max time network
16s
Command Line
Signatures
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\58f66df637abdb60a40f578009a1735079d7a3d0a833e81f4587fd2fa332093c.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\58f66df637abdb60a40f578009a1735079d7a3d0a833e81f4587fd2fa332093c.exe | N/A |
Suspicious use of SetWindowsHookEx
Processes
C:\Users\Admin\AppData\Local\Temp\58f66df637abdb60a40f578009a1735079d7a3d0a833e81f4587fd2fa332093c.exe
"C:\Users\Admin\AppData\Local\Temp\58f66df637abdb60a40f578009a1735079d7a3d0a833e81f4587fd2fa332093c.exe"
Network
Files
memory/2296-36-0x0000000001C6B000-0x0000000002035000-memory.dmp
memory/2296-34-0x0000000000340000-0x0000000000341000-memory.dmp
memory/2296-82-0x0000000000400000-0x0000000002AC3000-memory.dmp
memory/2296-83-0x0000000000400000-0x0000000002AC3000-memory.dmp
memory/2296-67-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2296-65-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2296-63-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2296-61-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2296-59-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2296-57-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2296-55-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2296-53-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2296-51-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2296-49-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2296-47-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2296-45-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2296-43-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2296-41-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2296-40-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2296-39-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2296-32-0x0000000000340000-0x0000000000341000-memory.dmp
memory/2296-29-0x0000000000330000-0x0000000000331000-memory.dmp
memory/2296-27-0x0000000000330000-0x0000000000331000-memory.dmp
memory/2296-24-0x00000000002A0000-0x00000000002A1000-memory.dmp
memory/2296-22-0x00000000002A0000-0x00000000002A1000-memory.dmp
memory/2296-19-0x0000000000290000-0x0000000000291000-memory.dmp
memory/2296-17-0x0000000000290000-0x0000000000291000-memory.dmp
memory/2296-14-0x0000000000280000-0x0000000000281000-memory.dmp
memory/2296-12-0x0000000000280000-0x0000000000281000-memory.dmp
memory/2296-10-0x0000000000280000-0x0000000000281000-memory.dmp
memory/2296-9-0x0000000000270000-0x0000000000271000-memory.dmp
memory/2296-7-0x0000000000270000-0x0000000000271000-memory.dmp
memory/2296-5-0x0000000000270000-0x0000000000271000-memory.dmp
memory/2296-4-0x0000000000260000-0x0000000000261000-memory.dmp
memory/2296-2-0x0000000000260000-0x0000000000261000-memory.dmp
memory/2296-0-0x0000000000260000-0x0000000000261000-memory.dmp
memory/2296-84-0x0000000000400000-0x0000000002AC3000-memory.dmp
memory/2296-85-0x0000000000400000-0x0000000002AC3000-memory.dmp
memory/2296-86-0x0000000001C6B000-0x0000000002035000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-23 20:08
Reported
2024-09-23 20:11
Platform
win10v2004-20240802-en
Max time kernel
94s
Max time network
122s
Command Line
Signatures
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\58f66df637abdb60a40f578009a1735079d7a3d0a833e81f4587fd2fa332093c.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\58f66df637abdb60a40f578009a1735079d7a3d0a833e81f4587fd2fa332093c.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\58f66df637abdb60a40f578009a1735079d7a3d0a833e81f4587fd2fa332093c.exe | N/A |
Suspicious use of SetWindowsHookEx
Processes
C:\Users\Admin\AppData\Local\Temp\58f66df637abdb60a40f578009a1735079d7a3d0a833e81f4587fd2fa332093c.exe
"C:\Users\Admin\AppData\Local\Temp\58f66df637abdb60a40f578009a1735079d7a3d0a833e81f4587fd2fa332093c.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
memory/2560-0-0x0000000001C6B000-0x0000000002035000-memory.dmp
memory/2560-7-0x00000000049C0000-0x00000000049C1000-memory.dmp
memory/2560-6-0x00000000049B0000-0x00000000049B1000-memory.dmp
memory/2560-5-0x00000000049A0000-0x00000000049A1000-memory.dmp
memory/2560-4-0x0000000004990000-0x0000000004991000-memory.dmp
memory/2560-3-0x00000000031B0000-0x00000000031B1000-memory.dmp
memory/2560-2-0x00000000031A0000-0x00000000031A1000-memory.dmp
memory/2560-1-0x0000000003090000-0x0000000003091000-memory.dmp
memory/2560-11-0x0000000000400000-0x0000000002AC3000-memory.dmp
memory/2560-37-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-46-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-54-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-52-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-50-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-48-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-44-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-42-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-40-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-38-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-34-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-32-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-30-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-28-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-24-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-23-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-20-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-18-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-16-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-14-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-13-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-27-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-12-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-55-0x0000000000400000-0x0000000002AC3000-memory.dmp
memory/2560-56-0x0000000000400000-0x0000000002AC3000-memory.dmp
memory/2560-58-0x0000000001C6B000-0x0000000002035000-memory.dmp
memory/2560-57-0x0000000010000000-0x000000001003E000-memory.dmp
memory/2560-59-0x0000000000400000-0x0000000002AC3000-memory.dmp