Analysis

  • max time kernel
    135s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-10-2024 23:26

General

  • Target

    77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747.exe

  • Size

    1.5MB

  • MD5

    64a3ffbb49a5949cec4e96fd6d08f0b0

  • SHA1

    63467fa69285103af0892d1a56cf8553c96a3871

  • SHA256

    77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747

  • SHA512

    29aa554cb4d4232c47f9ab8b8bd7a2ffe9c0c6777f715b15df9f6020ba4ac28161031f874feafd234ca97d99a8fe27b02b29488a900f386be47de5c1a7d9ef6b

  • SSDEEP

    24576:srKa/pcZGFSUp3DpiDDsIiBqnN8K97kGgX73S0DhEjr2aSpUXTwG3T:sIZ4rpKKX7ZarhwU

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747.exe
    "C:\Users\Admin\AppData\Local\Temp\77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:1484

Network

  • flag-us
    DNS
    www.baidu.com
    77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747.exe
    Remote address:
    8.8.8.8:53
    Request
    www.baidu.com
    IN A
    Response
    www.baidu.com
    IN CNAME
    www.a.shifen.com
    www.a.shifen.com
    IN CNAME
    www.wshifen.com
    www.wshifen.com
    IN A
    103.235.46.96
    www.wshifen.com
    IN A
    103.235.47.188
  • flag-hk
    GET
    http://www.baidu.com/
    77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747.exe
    Remote address:
    103.235.46.96:80
    Request
    GET / HTTP/1.1
    User-Agent: test
    Host: www.baidu.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cache-Control: no-cache
    Connection: keep-alive
    Content-Length: 9508
    Content-Type: text/html
    Date: Sat, 12 Oct 2024 23:26:57 GMT
    P3p: CP=" OTI DSP COR IVA OUR IND COM "
    P3p: CP=" OTI DSP COR IVA OUR IND COM "
    Pragma: no-cache
    Server: BWS/1.1
    Set-Cookie: BAIDUID=63F2AAC78DFCD053DD3EC3E206D4890A:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
    Set-Cookie: BIDUPSID=63F2AAC78DFCD053DD3EC3E206D4890A; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
    Set-Cookie: PSTM=1728775617; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
    Set-Cookie: BAIDUID=63F2AAC78DFCD053696253225F03DC32:FG=1; max-age=31536000; expires=Sun, 12-Oct-25 23:26:57 GMT; domain=.baidu.com; path=/; version=1; comment=bd
    Traceid: 1728775617029676135411892079367656485618
    Vary: Accept-Encoding
    X-Ua-Compatible: IE=Edge,chrome=1
    X-Xss-Protection: 1;mode=block
  • flag-us
    DNS
    z645507158.blog.163.com
    77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747.exe
    Remote address:
    8.8.8.8:53
    Request
    z645507158.blog.163.com
    IN A
    Response
    z645507158.blog.163.com
    IN A
    59.111.160.244
  • flag-us
    DNS
    96.46.235.103.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    96.46.235.103.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    73.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    31.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    31.243.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    211.143.182.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    211.143.182.52.in-addr.arpa
    IN PTR
    Response
  • 103.235.46.96:80
    http://www.baidu.com/
    http
    77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747.exe
    1.3kB
    23.1kB
    26
    23

    HTTP Request

    GET http://www.baidu.com/

    HTTP Response

    200
  • 59.111.160.244:80
    z645507158.blog.163.com
    77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747.exe
    260 B
    5
  • 8.8.8.8:53
    www.baidu.com
    dns
    77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747.exe
    59 B
    144 B
    1
    1

    DNS Request

    www.baidu.com

    DNS Response

    103.235.46.96
    103.235.47.188

  • 8.8.8.8:53
    z645507158.blog.163.com
    dns
    77908403a31233152151c3dfac7f315dfec2fd868b985f7456bdedc9d750d747.exe
    69 B
    85 B
    1
    1

    DNS Request

    z645507158.blog.163.com

    DNS Response

    59.111.160.244

  • 8.8.8.8:53
    96.46.235.103.in-addr.arpa
    dns
    72 B
    160 B
    1
    1

    DNS Request

    96.46.235.103.in-addr.arpa

  • 8.8.8.8:53
    73.31.126.40.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    73.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
    156 B
    1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    31.243.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    31.243.111.52.in-addr.arpa

  • 8.8.8.8:53
    211.143.182.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    211.143.182.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.