Malware Analysis Report

2025-08-10 13:02

Sample ID 241109-mg764ssfrq
Target 22c2a3a652b3497a270f5c73a123e4ccbd7a856da1d9fdbcf6f343eb6c8947e8
SHA256 22c2a3a652b3497a270f5c73a123e4ccbd7a856da1d9fdbcf6f343eb6c8947e8
Tags
discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

22c2a3a652b3497a270f5c73a123e4ccbd7a856da1d9fdbcf6f343eb6c8947e8

Threat Level: Likely benign

The file 22c2a3a652b3497a270f5c73a123e4ccbd7a856da1d9fdbcf6f343eb6c8947e8 was found to be: Likely benign.

Malicious Activity Summary

discovery

Suspicious use of NtSetInformationThreadHideFromDebugger

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 10:27

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 10:27

Reported

2024-11-09 10:29

Platform

win7-20241010-en

Max time kernel

151s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe"

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe

"C:\Users\Admin\AppData\Local\Temp\1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe"

Network

Country Destination Domain Proto
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp

Files

memory/1104-2-0x0000000001E70000-0x0000000001EB6000-memory.dmp

memory/1104-1-0x0000000000020000-0x0000000000265000-memory.dmp

memory/1104-0-0x0000000074C00000-0x0000000074C4A000-memory.dmp

memory/1104-6-0x0000000000340000-0x0000000000341000-memory.dmp

memory/1104-7-0x0000000000022000-0x0000000000061000-memory.dmp

memory/1104-5-0x0000000001E70000-0x0000000001EB6000-memory.dmp

memory/1104-4-0x0000000000020000-0x0000000000265000-memory.dmp

memory/1104-3-0x0000000000020000-0x0000000000265000-memory.dmp

memory/1104-10-0x0000000076C60000-0x0000000076CA7000-memory.dmp

memory/1104-12-0x0000000074D00000-0x0000000074D09000-memory.dmp

memory/1104-11-0x0000000076C00000-0x0000000076C57000-memory.dmp

memory/1104-9-0x0000000074EE0000-0x0000000074F8C000-memory.dmp

memory/1104-14-0x0000000000020000-0x0000000000265000-memory.dmp

memory/1104-13-0x0000000000020000-0x0000000000265000-memory.dmp

memory/1104-15-0x0000000000020000-0x0000000000265000-memory.dmp

memory/1104-17-0x0000000075290000-0x00000000753EC000-memory.dmp

memory/1104-18-0x0000000000020000-0x0000000000265000-memory.dmp

memory/1104-19-0x00000000753F0000-0x000000007547F000-memory.dmp

memory/1104-20-0x00000000741D0000-0x0000000074250000-memory.dmp

memory/1104-21-0x0000000000020000-0x0000000000265000-memory.dmp

memory/1104-22-0x0000000000020000-0x0000000000265000-memory.dmp

memory/1104-23-0x0000000000020000-0x0000000000265000-memory.dmp

memory/1104-24-0x0000000075E70000-0x0000000076ABA000-memory.dmp

memory/1104-26-0x0000000000020000-0x0000000000265000-memory.dmp

memory/1104-25-0x0000000001E70000-0x0000000001EB6000-memory.dmp

memory/1104-27-0x0000000073B70000-0x0000000073B87000-memory.dmp

memory/1104-28-0x0000000000022000-0x0000000000061000-memory.dmp

memory/1104-29-0x0000000000020000-0x0000000000265000-memory.dmp

memory/1104-30-0x0000000076CB0000-0x0000000076CE5000-memory.dmp

memory/1104-31-0x0000000000020000-0x0000000000265000-memory.dmp

memory/1104-32-0x0000000000020000-0x0000000000265000-memory.dmp

memory/1104-33-0x0000000000020000-0x0000000000265000-memory.dmp

memory/1104-42-0x0000000074A40000-0x0000000074ABD000-memory.dmp

memory/1104-41-0x0000000075290000-0x00000000753EC000-memory.dmp

memory/1104-39-0x0000000076C00000-0x0000000076C57000-memory.dmp

memory/1104-36-0x0000000074EE0000-0x0000000074F8C000-memory.dmp

memory/1104-34-0x0000000076C60000-0x0000000076CA7000-memory.dmp

memory/1104-40-0x0000000074C00000-0x0000000074C4A000-memory.dmp

memory/1104-50-0x0000000077430000-0x0000000077435000-memory.dmp

memory/1104-44-0x0000000074350000-0x0000000074A3E000-memory.dmp

memory/1104-49-0x0000000074B50000-0x0000000074B63000-memory.dmp

memory/1104-47-0x00000000741D0000-0x0000000074250000-memory.dmp

memory/1104-46-0x0000000074CF0000-0x0000000074CF3000-memory.dmp

memory/1104-45-0x0000000074250000-0x0000000074345000-memory.dmp

memory/1104-51-0x0000000073C30000-0x0000000073D65000-memory.dmp

memory/1104-52-0x000000006F2E0000-0x000000006F429000-memory.dmp

memory/1104-53-0x0000000073BB0000-0x0000000073C28000-memory.dmp

memory/1104-57-0x0000000076DD0000-0x0000000076DD6000-memory.dmp

memory/1104-56-0x0000000076CB0000-0x0000000076CE5000-memory.dmp

memory/1104-54-0x000000006F210000-0x000000006F2DA000-memory.dmp

memory/1104-58-0x000000006CF50000-0x000000006D038000-memory.dmp

memory/1104-59-0x0000000000020000-0x0000000000265000-memory.dmp

memory/1104-60-0x0000000000020000-0x0000000000265000-memory.dmp

memory/1104-61-0x0000000000020000-0x0000000000265000-memory.dmp

memory/1104-62-0x0000000000020000-0x0000000000265000-memory.dmp

memory/1104-73-0x0000000074350000-0x0000000074A3E000-memory.dmp

memory/1104-88-0x0000000000020000-0x0000000000265000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 10:27

Reported

2024-11-09 10:29

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe"

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe

"C:\Users\Admin\AppData\Local\Temp\1fadf1c1dce0bea5d0dbbe3d5f59a0cd69c713ba7fa2677d66dfaf8e6ffe30d2.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
RU 185.215.113.7:5186 tcp
US 8.8.8.8:53 226.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
RU 185.215.113.7:5186 tcp
US 8.8.8.8:53 89.82.67.80.in-addr.arpa udp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
US 8.8.8.8:53 70.208.201.84.in-addr.arpa udp
RU 185.215.113.7:5186 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp
RU 185.215.113.7:5186 tcp

Files

memory/4860-0-0x0000000000440000-0x0000000000685000-memory.dmp

memory/4860-1-0x00007FFE41AD0000-0x00007FFE41CC5000-memory.dmp

memory/4860-5-0x00000000008C0000-0x00000000008C1000-memory.dmp

memory/4860-4-0x00000000025C0000-0x0000000002606000-memory.dmp

memory/4860-3-0x0000000000440000-0x0000000000685000-memory.dmp

memory/4860-2-0x0000000000440000-0x0000000000685000-memory.dmp

memory/4860-6-0x0000000075D50000-0x0000000075F65000-memory.dmp

memory/4860-8-0x00007FFE41AD0000-0x00007FFE41CC5000-memory.dmp

memory/4860-7-0x0000000076930000-0x0000000076BB1000-memory.dmp

memory/4860-9-0x0000000076D60000-0x0000000076E43000-memory.dmp

memory/4860-10-0x0000000000440000-0x0000000000685000-memory.dmp

memory/4860-11-0x0000000000440000-0x0000000000685000-memory.dmp

memory/4860-12-0x0000000073090000-0x0000000073119000-memory.dmp

memory/4860-13-0x0000000076210000-0x00000000767C3000-memory.dmp

memory/4860-14-0x0000000005700000-0x0000000005D18000-memory.dmp

memory/4860-15-0x0000000005090000-0x00000000050A2000-memory.dmp

memory/4860-16-0x00000000051F0000-0x00000000052FA000-memory.dmp

memory/4860-17-0x0000000005120000-0x000000000515C000-memory.dmp

memory/4860-18-0x0000000005160000-0x00000000051AC000-memory.dmp

memory/4860-19-0x0000000000440000-0x0000000000685000-memory.dmp

memory/4860-20-0x00007FFE41AD0000-0x00007FFE41CC5000-memory.dmp

memory/4860-23-0x0000000076CF0000-0x0000000076D14000-memory.dmp

memory/4860-24-0x00000000759A0000-0x0000000075A1B000-memory.dmp

memory/4860-25-0x0000000076EB0000-0x0000000076FD0000-memory.dmp

memory/4860-22-0x0000000075D50000-0x0000000075F65000-memory.dmp

memory/4860-21-0x0000000000440000-0x0000000000685000-memory.dmp

memory/4860-26-0x0000000075F70000-0x000000007602F000-memory.dmp

memory/4860-29-0x0000000075570000-0x00000000755C2000-memory.dmp

memory/4860-27-0x0000000076070000-0x000000007612F000-memory.dmp

memory/4860-31-0x0000000076BC0000-0x0000000076C56000-memory.dmp

memory/4860-32-0x0000000075860000-0x00000000758A5000-memory.dmp

memory/4860-30-0x0000000076930000-0x0000000076BB1000-memory.dmp

memory/4860-35-0x0000000074DB0000-0x0000000074DB8000-memory.dmp

memory/4860-34-0x0000000074DC0000-0x0000000074DCF000-memory.dmp

memory/4860-33-0x0000000074DD0000-0x0000000074E5D000-memory.dmp

memory/4860-38-0x0000000074530000-0x00000000745DB000-memory.dmp

memory/4860-42-0x0000000076050000-0x0000000076069000-memory.dmp

memory/4860-43-0x000000006F750000-0x000000006F960000-memory.dmp

memory/4860-44-0x000000006F5C0000-0x000000006F74D000-memory.dmp

memory/4860-48-0x000000006E730000-0x000000006E835000-memory.dmp

memory/4860-47-0x00000000767D0000-0x0000000076833000-memory.dmp

memory/4860-46-0x000000006F460000-0x000000006F543000-memory.dmp

memory/4860-45-0x000000006F550000-0x000000006F5BB000-memory.dmp

memory/4860-41-0x00000000757F0000-0x00000000757F6000-memory.dmp

memory/4860-40-0x0000000073090000-0x0000000073119000-memory.dmp

memory/4860-36-0x0000000074600000-0x0000000074DB0000-memory.dmp

memory/4860-37-0x00000000745E0000-0x00000000745F4000-memory.dmp

memory/4860-49-0x0000000000440000-0x0000000000685000-memory.dmp

memory/4860-64-0x0000000074600000-0x0000000074DB0000-memory.dmp