Analysis Overview
SHA256
3cfbcfba218eac5d9f083109d9266689d87199eda0471c5f2363a7350e153db9
Threat Level: Shows suspicious behavior
The file SeedGen.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Looks up external IP address via web service
Browser Information Discovery
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-25 21:24
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-25 21:24
Reported
2024-10-25 21:27
Platform
win7-20240729-en
Max time kernel
23s
Max time network
18s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SeedGen.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SeedGen.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2528 wrote to memory of 788 | N/A | C:\Users\Admin\AppData\Local\Temp\SeedGen.exe | C:\Windows\system32\cmd.exe |
| PID 2528 wrote to memory of 788 | N/A | C:\Users\Admin\AppData\Local\Temp\SeedGen.exe | C:\Windows\system32\cmd.exe |
| PID 2528 wrote to memory of 788 | N/A | C:\Users\Admin\AppData\Local\Temp\SeedGen.exe | C:\Windows\system32\cmd.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\SeedGen.exe
"C:\Users\Admin\AppData\Local\Temp\SeedGen.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
Network
Files
memory/2528-0-0x00000000001F0000-0x00000000001F2000-memory.dmp
memory/2528-1-0x00000000021A0000-0x0000000002304000-memory.dmp
memory/2528-2-0x00000000021A0000-0x0000000002304000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-25 21:24
Reported
2024-10-25 21:27
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
152s
Command Line
Signatures
Reads user/profile data of web browsers
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.myip.com | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SeedGen.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SeedGen.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SeedGen.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SeedGen.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SeedGen.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SeedGen.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1952 wrote to memory of 1748 | N/A | C:\Users\Admin\AppData\Local\Temp\SeedGen.exe | C:\Windows\system32\cmd.exe |
| PID 1952 wrote to memory of 1748 | N/A | C:\Users\Admin\AppData\Local\Temp\SeedGen.exe | C:\Windows\system32\cmd.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\SeedGen.exe
"C:\Users\Admin\AppData\Local\Temp\SeedGen.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| US | 104.26.9.59:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 59.9.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
memory/1952-0-0x000001E836BD0000-0x000001E836BD2000-memory.dmp
memory/1952-1-0x000001E836D80000-0x000001E836EE4000-memory.dmp
memory/1952-8-0x000001E836D80000-0x000001E836EE4000-memory.dmp
memory/1952-9-0x000001E836D80000-0x000001E836EE4000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-25 21:24
Reported
2024-10-25 21:27
Platform
win11-20241007-en
Max time kernel
101s
Max time network
126s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SeedGen.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SeedGen.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2124 wrote to memory of 1448 | N/A | C:\Users\Admin\AppData\Local\Temp\SeedGen.exe | C:\Windows\system32\cmd.exe |
| PID 2124 wrote to memory of 1448 | N/A | C:\Users\Admin\AppData\Local\Temp\SeedGen.exe | C:\Windows\system32\cmd.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\SeedGen.exe
"C:\Users\Admin\AppData\Local\Temp\SeedGen.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |