Overview

overview

10

Static

static

7

0hS8ndFapM...Jf.exe

windows7-x64

10

0hS8ndFapM...Jf.exe

windows10-2004-x64

10

0rr48RlGuy...xg.exe

windows7-x64

8

0rr48RlGuy...xg.exe

windows10-2004-x64

8

21oenuW1qn...e5.exe

windows7-x64

10

21oenuW1qn...e5.exe

windows10-2004-x64

10

25jZMPTiQq...9r.exe

windows7-x64

10

25jZMPTiQq...9r.exe

windows10-2004-x64

10

28NEs4WOAb...Dx.exe

windows7-x64

9

28NEs4WOAb...Dx.exe

windows10-2004-x64

9

2DWwzYoIDs...wH.exe

windows7-x64

10

2DWwzYoIDs...wH.exe

windows10-2004-x64

10

4sqg3EO3n4...E3.exe

windows7-x64

10

4sqg3EO3n4...E3.exe

windows10-2004-x64

10

6IvhC9RrHt...Qm.exe

windows7-x64

10

6IvhC9RrHt...Qm.exe

windows10-2004-x64

10

6K69WRpYoP...wA.exe

windows7-x64

3

6K69WRpYoP...wA.exe

windows10-2004-x64

7

6RVcR1WSzn...fp.exe

windows7-x64

3

6RVcR1WSzn...fp.exe

windows10-2004-x64

7

7UwyHmKx00...KA.exe

windows7-x64

9

7UwyHmKx00...KA.exe

windows10-2004-x64

9

88wncypnTK...tt.exe

windows7-x64

88wncypnTK...tt.exe

windows10-2004-x64

1

8Jw_RggGj5...71.exe

windows7-x64

7

8Jw_RggGj5...71.exe

windows10-2004-x64

7

A04WVFPeCH...H9.exe

windows7-x64

10

A04WVFPeCH...H9.exe

windows10-2004-x64

10

A5ulgq_bFX...0Z.exe

windows7-x64

10

A5ulgq_bFX...0Z.exe

windows10-2004-x64

10

AU3ie6Mv1v...zZ.exe

windows7-x64

10

AU3ie6Mv1v...zZ.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/11/2024, 12:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    88wncypnTKvKj7Uwab0iiutt.exe

  • Size

    900KB

  • MD5

    7714deedb24c3dcfa81dc660dd383492

  • SHA1

    56fae3ab1186009430e175c73b914c77ed714cc0

  • SHA256

    435badbad2fc138245a4771a74ebb9075658e294d1bcfcf191ccea466eea825c

  • SHA512

    2cf05ac9470ab4e6d487ec9e4d7ab36fb2c8ce1405dba01b58934778829c7c4db703818087e0c5fbffe6cf821dfa190427e1205530409359ace2ad416e781c58

  • SSDEEP

    12288:jx1vJUpzeLkTqhqeEmC7QOZGafeei7fqiHf:H2zIkTgqeEVQO5fess

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 12 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 4 IoCs
  • Modifies data under HKEY_USERS 27 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\88wncypnTKvKj7Uwab0iiutt.exe
    "C:\Users\Admin\AppData\Local\Temp\88wncypnTKvKj7Uwab0iiutt.exe"
    1⤵
      PID:2336
    • C:\Windows\system32\dwm.exe
      "dwm.exe"
      1⤵
      • Checks SCSI registry key(s)
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:2696
    • C:\Windows\system32\dwm.exe
      "dwm.exe"
      1⤵
      • Checks SCSI registry key(s)
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:4504
    • C:\Windows\system32\dwm.exe
      "dwm.exe"
      1⤵
        PID:1844
      • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
        "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
        1⤵
        • Modifies data under HKEY_USERS
        PID:2536

      Network

      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        209.205.72.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        209.205.72.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        88.210.23.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        88.210.23.2.in-addr.arpa
        IN PTR
        Response
        88.210.23.2.in-addr.arpa
        IN PTR
        a2-23-210-88deploystaticakamaitechnologiescom
      • flag-us
        DNS
        73.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        73.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        228.249.119.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        228.249.119.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      • flag-us
        DNS
        s.lletlee.com
        88wncypnTKvKj7Uwab0iiutt.exe
        Remote address:
        8.8.8.8:53
        Request
        s.lletlee.com
        IN A
        Response
      No results found
      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        209.205.72.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        209.205.72.20.in-addr.arpa

      • 8.8.8.8:53
        88.210.23.2.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        88.210.23.2.in-addr.arpa

      • 8.8.8.8:53
        73.159.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        73.159.190.20.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        228.249.119.40.in-addr.arpa
        dns
        73 B
         159 B
         1
        1

        DNS Request

        228.249.119.40.in-addr.arpa

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        118 B
         258 B
         2
        2

        DNS Request

        s.lletlee.com

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      • 8.8.8.8:53
        s.lletlee.com
        dns
        88wncypnTKvKj7Uwab0iiutt.exe
        59 B
         129 B
         1
        1

        DNS Request

        s.lletlee.com

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1844-2-0x00007FF78ABE0000-0x00007FF78ABFF000-memory.dmp

        Filesize

        124KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.