Malware Analysis Report

2025-05-06 01:18

Sample ID 241109-1ge28avrfp
Target a789571fe1090d394f3d694b1f5535032f29b1db1a385f93c72b80d0eb419160
SHA256 a789571fe1090d394f3d694b1f5535032f29b1db1a385f93c72b80d0eb419160
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

a789571fe1090d394f3d694b1f5535032f29b1db1a385f93c72b80d0eb419160

Threat Level: Likely benign

The file a789571fe1090d394f3d694b1f5535032f29b1db1a385f93c72b80d0eb419160 was found to be: Likely benign.

Malicious Activity Summary

discovery

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 21:37

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 21:37

Reported

2024-11-09 21:39

Platform

win7-20241023-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a789571fe1090d394f3d694b1f5535032f29b1db1a385f93c72b80d0eb419160.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a789571fe1090d394f3d694b1f5535032f29b1db1a385f93c72b80d0eb419160.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a789571fe1090d394f3d694b1f5535032f29b1db1a385f93c72b80d0eb419160.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a789571fe1090d394f3d694b1f5535032f29b1db1a385f93c72b80d0eb419160.exe

"C:\Users\Admin\AppData\Local\Temp\a789571fe1090d394f3d694b1f5535032f29b1db1a385f93c72b80d0eb419160.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 21:37

Reported

2024-11-09 21:39

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a789571fe1090d394f3d694b1f5535032f29b1db1a385f93c72b80d0eb419160.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a789571fe1090d394f3d694b1f5535032f29b1db1a385f93c72b80d0eb419160.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a789571fe1090d394f3d694b1f5535032f29b1db1a385f93c72b80d0eb419160.exe

"C:\Users\Admin\AppData\Local\Temp\a789571fe1090d394f3d694b1f5535032f29b1db1a385f93c72b80d0eb419160.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

N/A