Overview

overview

10

Static

static

7

0hS8ndFapM...Jf.exe

windows7-x64

10

0hS8ndFapM...Jf.exe

windows10-2004-x64

10

0rr48RlGuy...xg.exe

windows7-x64

8

0rr48RlGuy...xg.exe

windows10-2004-x64

8

21oenuW1qn...e5.exe

windows7-x64

10

21oenuW1qn...e5.exe

windows10-2004-x64

10

25jZMPTiQq...9r.exe

windows7-x64

10

25jZMPTiQq...9r.exe

windows10-2004-x64

10

28NEs4WOAb...Dx.exe

windows7-x64

9

28NEs4WOAb...Dx.exe

windows10-2004-x64

9

2DWwzYoIDs...wH.exe

windows7-x64

10

2DWwzYoIDs...wH.exe

windows10-2004-x64

10

4sqg3EO3n4...E3.exe

windows7-x64

10

4sqg3EO3n4...E3.exe

windows10-2004-x64

10

6IvhC9RrHt...Qm.exe

windows7-x64

10

6IvhC9RrHt...Qm.exe

windows10-2004-x64

10

6K69WRpYoP...wA.exe

windows7-x64

3

6K69WRpYoP...wA.exe

windows10-2004-x64

7

6RVcR1WSzn...fp.exe

windows7-x64

3

6RVcR1WSzn...fp.exe

windows10-2004-x64

7

7UwyHmKx00...KA.exe

windows7-x64

9

7UwyHmKx00...KA.exe

windows10-2004-x64

9

88wncypnTK...tt.exe

windows7-x64

88wncypnTK...tt.exe

windows10-2004-x64

1

8Jw_RggGj5...71.exe

windows7-x64

7

8Jw_RggGj5...71.exe

windows10-2004-x64

7

A04WVFPeCH...H9.exe

windows7-x64

10

A04WVFPeCH...H9.exe

windows10-2004-x64

10

A5ulgq_bFX...0Z.exe

windows7-x64

10

A5ulgq_bFX...0Z.exe

windows10-2004-x64

10

AU3ie6Mv1v...zZ.exe

windows7-x64

10

AU3ie6Mv1v...zZ.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/11/2024, 12:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6K69WRpYoPgt3vIoWRXmpAwA.exe

  • Size

    90KB

  • MD5

    ff2d2b1250ae2706f6550893e12a25f8

  • SHA1

    5819d925377d38d921f6952add575a6ca19f213b

  • SHA256

    ca46080e121408d9624322e505dc2178ba99e15871c90e101b54e42ea7b54a96

  • SHA512

    c66544678f3dd49aa1a23cd459a556d923ba44c5d88334a165ea7bd16e4561955536546627b7e83bf1e759428c04b6312e08fdc8c2f6fab69cd29f3b62ce3d23

  • SSDEEP

    1536:lWvNrof2xIZ2ToPCt6VkPRYLUbrjhd3d7t20WYwuIJLO+s8jcdd1vzGHY:lWufhgTeCt0uREWrdhdY0W5uIVO77vKH

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6K69WRpYoPgt3vIoWRXmpAwA.exe
    "C:\Users\Admin\AppData\Local\Temp\6K69WRpYoPgt3vIoWRXmpAwA.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Users\Admin\AppData\Local\Temp\6K69WRpYoPgt3vIoWRXmpAwA.exe
      "C:\Users\Admin\AppData\Local\Temp\6K69WRpYoPgt3vIoWRXmpAwA.exe" -q
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1112
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 896
        3⤵
        • Program crash
        PID:1644
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1112 -ip 1112
    1⤵
      PID:2984

    Network

    • flag-us
      DNS
      241.150.49.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.150.49.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      73.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      209.205.72.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.205.72.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      197.87.175.4.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      197.87.175.4.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      22.236.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      22.236.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    • flag-us
      DNS
      a.goatgame.co
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      Remote address:
      8.8.8.8:53
      Request
      a.goatgame.co
      IN A
      Response
    No results found
    • 8.8.8.8:53
      241.150.49.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      241.150.49.20.in-addr.arpa

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      73.159.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      73.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      209.205.72.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      209.205.72.20.in-addr.arpa

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      197.87.175.4.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      197.87.175.4.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      22.236.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      22.236.111.52.in-addr.arpa

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      59 B
       130 B
       1
      1

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      118 B
       260 B
       2
      2

      DNS Request

      a.goatgame.co

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      118 B
       130 B
       2
      1

      DNS Request

      a.goatgame.co

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53
      a.goatgame.co
      dns
      6K69WRpYoPgt3vIoWRXmpAwA.exe
      118 B
       260 B
       2
      2

      DNS Request

      a.goatgame.co

      DNS Request

      a.goatgame.co

    • 8.8.8.8:53

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.