Malware Analysis Report

2025-04-03 13:55

Sample ID 241109-2ebsfstemh
Target 5773adb23199c7e0bab8e02090900eb96e42cff0c4825f58bdd6debc61863a25
SHA256 5773adb23199c7e0bab8e02090900eb96e42cff0c4825f58bdd6debc61863a25
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5773adb23199c7e0bab8e02090900eb96e42cff0c4825f58bdd6debc61863a25

Threat Level: Shows suspicious behavior

The file 5773adb23199c7e0bab8e02090900eb96e42cff0c4825f58bdd6debc61863a25 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Executes dropped EXE

Loads dropped DLL

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 22:29

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 22:29

Reported

2024-11-09 22:31

Platform

win7-20240903-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5773adb23199c7e0bab8e02090900eb96e42cff0c4825f58bdd6debc61863a25.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\.Trash-100\ActivateDesktop.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\.Trash-100\ActivateDesktop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\5773adb23199c7e0bab8e02090900eb96e42cff0c4825f58bdd6debc61863a25.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5773adb23199c7e0bab8e02090900eb96e42cff0c4825f58bdd6debc61863a25.exe

"C:\Users\Admin\AppData\Local\Temp\5773adb23199c7e0bab8e02090900eb96e42cff0c4825f58bdd6debc61863a25.exe"

C:\.Trash-100\ActivateDesktop.exe

C:\.Trash-100\ActivateDesktop.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 raumjr.ru.swtest.ru udp
US 8.8.8.8:53 api.vk.com udp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp
RU 87.240.190.75:80 api.vk.com tcp

Files

\.Trash-100\ActivateDesktop.exe

MD5 d2fa3a33c74cf8b5118358e323ae0d64
SHA1 6a1e4255fbc8945cd1ee4fc2b1ad31d385d8329b
SHA256 19f5a8931d2ae300b15246edc5727a5f2722f84c06f13db205e1fc629d3a2089
SHA512 2697d0ad9d2e9a9f9116a9e9304397bc52f856ff4dead2f5c631772204f78847d9681190bc79869264729bf158656e735b3f068d6138ecd3778ad4ced3072aca

C:\.Trash-100\db\version

MD5 d9f5e405a7f74ed652a8f0b31a87f636
SHA1 8f7a4cf1d8fb52d12619fb0c6cafc42abf5a5e61
SHA256 ab4cbdd8d697c57b18419764dffd2f4f39eff2bc0ff9ee1019cf1b68cf34f86d
SHA512 cf7b04462ec6f47966cb9c456ef3c1260ba4953543aed0b28e093508a1c732cd87ee20d506e33133b84c9ebe6e8553fe7dc0b884b5ac7f1a9b18efe30822b12a

C:\.Trash-100\db\framework_exe

MD5 665009c6d258a06e710ff8c7810f4697
SHA1 abf7abc9bae75e5323a12b1d58336dfe0fd58e22
SHA256 98dcba6d93cc19d148e629c278d99243009359eb08816c1e7eae125fce78b53a
SHA512 a27669035751658896afe937847a3752525b548208d5b8929f9c3b576ccc3528820d3faf10ac80047ada1d47acc5d6246f877f15cec9b4a032eb04da1ee63635

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 22:29

Reported

2024-11-09 22:31

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5773adb23199c7e0bab8e02090900eb96e42cff0c4825f58bdd6debc61863a25.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\.Trash-100\ActivateDesktop.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\5773adb23199c7e0bab8e02090900eb96e42cff0c4825f58bdd6debc61863a25.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\.Trash-100\ActivateDesktop.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5773adb23199c7e0bab8e02090900eb96e42cff0c4825f58bdd6debc61863a25.exe

"C:\Users\Admin\AppData\Local\Temp\5773adb23199c7e0bab8e02090900eb96e42cff0c4825f58bdd6debc61863a25.exe"

C:\.Trash-100\ActivateDesktop.exe

C:\.Trash-100\ActivateDesktop.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 raumjr.ru.swtest.ru udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 api.vk.com udp
RU 87.240.137.130:80 api.vk.com tcp
US 8.8.8.8:53 130.137.240.87.in-addr.arpa udp
RU 87.240.137.130:80 api.vk.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
RU 87.240.137.130:80 api.vk.com tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 72.209.201.84.in-addr.arpa udp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp
RU 87.240.137.130:80 api.vk.com tcp

Files

C:\.Trash-100\ActivateDesktop.exe

MD5 40f98cef980824cb6398e4577be6575c
SHA1 bbad8ccf0ab6d997a30164b11dd3089f6c3fd8b2
SHA256 5223f4e1ea7b4ed24eacec06b92545cba06e19d4abed8bcef9fb1c03f272631c
SHA512 916bcc209a75ec8f59116a8716d6aaeb3fe78ab4dd7dc143350a5c87b12ea165ab33568016da20cba50111971cce58d432423871176c3da4776ac1dc3ced77c8

C:\.Trash-100\db\framework_exe

MD5 665009c6d258a06e710ff8c7810f4697
SHA1 abf7abc9bae75e5323a12b1d58336dfe0fd58e22
SHA256 98dcba6d93cc19d148e629c278d99243009359eb08816c1e7eae125fce78b53a
SHA512 a27669035751658896afe937847a3752525b548208d5b8929f9c3b576ccc3528820d3faf10ac80047ada1d47acc5d6246f877f15cec9b4a032eb04da1ee63635

C:\.Trash-100\db\version

MD5 d9f5e405a7f74ed652a8f0b31a87f636
SHA1 8f7a4cf1d8fb52d12619fb0c6cafc42abf5a5e61
SHA256 ab4cbdd8d697c57b18419764dffd2f4f39eff2bc0ff9ee1019cf1b68cf34f86d
SHA512 cf7b04462ec6f47966cb9c456ef3c1260ba4953543aed0b28e093508a1c732cd87ee20d506e33133b84c9ebe6e8553fe7dc0b884b5ac7f1a9b18efe30822b12a