Analysis
-
max time kernel
135s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
12-10-2024 23:26
Static task
static1
Behavioral task
behavioral1
Sample
77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747.exe
Resource
win10v2004-20241007-en
General
-
Target
77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747.exe
-
Size
1.5MB
-
MD5
64a3ffbb49a5949cec4e96fd6d08f0b0
-
SHA1
63467fa69285103af0892d1a56cf8553c96a3871
-
SHA256
77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747
-
SHA512
29aa554cb4d4232c47f9ab8b8bd7a2ffe9c0c6777f715b15df9f6020ba4ac28161031f874feafd234ca97d99a8fe27b02b29488a900f386be47de5c1a7d9ef6b
-
SSDEEP
24576:srKa/pcZGFSUp3DpiDDsIiBqnN8K97kGgX73S0DhEjr2aSpUXTwG3T:sIZ4rpKKX7ZarhwU
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1484 77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747.exe 1484 77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747.exe"C:\Users\Admin\AppData\Local\Temp\77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1484
Network
-
Remote address:8.8.8.8:53Requestwww.baidu.comIN AResponsewww.baidu.comIN CNAMEwww.a.shifen.comwww.a.shifen.comIN CNAMEwww.wshifen.comwww.wshifen.comIN A103.235.46.96www.wshifen.comIN A103.235.47.188
-
Remote address:103.235.46.96:80RequestGET / HTTP/1.1
User-Agent: test
Host: www.baidu.com
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 9508
Content-Type: text/html
Date: Sat, 12 Oct 2024 23:26:57 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Pragma: no-cache
Server: BWS/1.1
Set-Cookie: BAIDUID=63F2AAC78DFCD053DD3EC3E206D4890A:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: BIDUPSID=63F2AAC78DFCD053DD3EC3E206D4890A; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: PSTM=1728775617; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: BAIDUID=63F2AAC78DFCD053696253225F03DC32:FG=1; max-age=31536000; expires=Sun, 12-Oct-25 23:26:57 GMT; domain=.baidu.com; path=/; version=1; comment=bd
Traceid: 1728775617029676135411892079367656485618
Vary: Accept-Encoding
X-Ua-Compatible: IE=Edge,chrome=1
X-Xss-Protection: 1;mode=block
-
Remote address:8.8.8.8:53Requestz645507158.blog.163.comIN AResponsez645507158.blog.163.comIN A59.111.160.244
-
Remote address:8.8.8.8:53Request96.46.235.103.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request73.31.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request205.47.74.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request50.23.12.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request31.243.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request211.143.182.52.in-addr.arpaIN PTRResponse
-
103.235.46.96:80http://www.baidu.com/http77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747.exe1.3kB 23.1kB 26 23
HTTP Request
GET http://www.baidu.com/HTTP Response
200 -
59.111.160.244:80z645507158.blog.163.com77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747.exe260 B 5
-
59 B 144 B 1 1
DNS Request
www.baidu.com
DNS Response
103.235.46.96103.235.47.188
-
8.8.8.8:53z645507158.blog.163.comdns77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747.exe69 B 85 B 1 1
DNS Request
z645507158.blog.163.com
DNS Response
59.111.160.244
-
72 B 160 B 1 1
DNS Request
96.46.235.103.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
73.31.126.40.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
205.47.74.20.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
50.23.12.20.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
18.31.95.13.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
31.243.111.52.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
211.143.182.52.in-addr.arpa