Malware Analysis Report

2025-01-22 13:29

Sample ID 241122-yf5kdatjhm
Target 107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe
SHA256 107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8
Tags
osiris banker botnet discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8

Threat Level: Known bad

The file 107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe was found to be: Known bad.

Malicious Activity Summary

osiris banker botnet discovery

Osiris

Osiris family

Loads dropped DLL

Executes dropped EXE

Looks up external IP address via web service

Uses Tor communications

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-22 19:44

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-22 19:44

Reported

2024-11-22 19:46

Platform

win7-20240903-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe"

Signatures

Osiris

banker botnet osiris

Osiris family

osiris

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Uses Tor communications

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe

"C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe"

C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe

"C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe"

Network

Country Destination Domain Proto
US 154.35.175.225:80 tcp
US 204.13.164.118:80 204.13.164.118 tcp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.13.205:443 api.ipify.org tcp
NL 45.66.35.11:80 45.66.35.11 tcp
FI 65.109.67.182:443 tcp
US 8.8.8.8:53 time-a.nist.gov udp
US 129.6.15.28:13 time-a.nist.gov tcp
US 216.218.219.41:80 216.218.219.41 tcp
US 172.86.74.6:443 tcp
NL 45.66.35.11:80 45.66.35.11 tcp
PL 185.241.208.242:443 tcp

Files

memory/2736-0-0x0000000000400000-0x000000000047C000-memory.dmp

memory/2736-3-0x0000000000400000-0x0000000000456000-memory.dmp

memory/2736-4-0x0000000000400000-0x000000000047C000-memory.dmp

memory/2736-2-0x0000000000540000-0x0000000000640000-memory.dmp

memory/2736-5-0x0000000000400000-0x000000000047C000-memory.dmp

memory/2736-7-0x0000000000350000-0x00000000003EF000-memory.dmp

memory/2736-6-0x0000000000350000-0x00000000003EF000-memory.dmp

memory/2736-10-0x0000000000350000-0x00000000003EF000-memory.dmp

memory/2736-9-0x0000000000350000-0x00000000003EF000-memory.dmp

memory/2736-8-0x0000000000350000-0x00000000003EF000-memory.dmp

\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe

MD5 b4cd27f2b37665f51eb9fe685ec1d373
SHA1 7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0
SHA256 91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581
SHA512 e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e

C:\Users\Admin\AppData\Local\Temp\x64btit.txt

MD5 e87f9dc1ff0a80585af0bb5350dad55a
SHA1 fc982378a5cd5ec5fa571b29119a24462179ef2d
SHA256 c7e24756ba074b7b40016e4331fbfe5de52614990742d09b0d5c4f09fe133bd3
SHA512 4b81eda50b2cbecbd775d72a4995aec940350ec5f538208e68e2ce9e018fbbd0032c4eed691e46592ed761d0cb9cb90f3a291f187f63e9d4c01287976cc53866

memory/2736-18-0x0000000010000000-0x0000000010015000-memory.dmp

memory/2736-20-0x0000000000790000-0x00000000007AE000-memory.dmp

memory/2736-23-0x0000000000350000-0x00000000003EF000-memory.dmp

memory/2736-22-0x0000000000350000-0x00000000003EF000-memory.dmp

memory/2736-24-0x0000000000540000-0x0000000000640000-memory.dmp

memory/2736-25-0x0000000000400000-0x0000000000456000-memory.dmp

memory/2736-28-0x0000000000350000-0x00000000003EF000-memory.dmp

memory/2736-29-0x0000000000350000-0x00000000003EF000-memory.dmp

memory/2736-34-0x0000000000350000-0x00000000003EF000-memory.dmp

memory/2736-39-0x0000000000350000-0x00000000003EF000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-22 19:44

Reported

2024-11-22 19:46

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe"

Signatures

Osiris

banker botnet osiris

Osiris family

osiris

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Uses Tor communications

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe

"C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe"

C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe

"C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
SE 171.25.193.9:443 171.25.193.9 tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 9.193.25.171.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.12.205:443 api.ipify.org tcp
US 216.218.219.41:80 216.218.219.41 tcp
US 138.68.47.190:443 tcp
US 8.8.8.8:53 time-a.nist.gov udp
US 129.6.15.28:13 time-a.nist.gov tcp
DE 193.23.244.244:80 193.23.244.244 tcp
US 8.8.8.8:53 205.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 41.219.218.216.in-addr.arpa udp
US 8.8.8.8:53 190.47.68.138.in-addr.arpa udp
NL 45.66.35.11:80 45.66.35.11 tcp
US 8.8.8.8:53 28.15.6.129.in-addr.arpa udp
US 8.8.8.8:53 244.244.23.193.in-addr.arpa udp
US 216.218.219.41:80 216.218.219.41 tcp
US 8.8.8.8:53 11.35.66.45.in-addr.arpa udp
US 216.218.219.41:80 216.218.219.41 tcp
US 216.218.219.41:80 216.218.219.41 tcp
US 216.218.219.41:80 216.218.219.41 tcp
DE 193.23.244.244:80 193.23.244.244 tcp
DE 193.23.244.244:80 193.23.244.244 tcp
US 216.218.219.41:80 216.218.219.41 tcp
GB 94.72.98.8:443 tcp
DE 193.23.244.244:80 193.23.244.244 tcp
US 8.8.8.8:53 8.98.72.94.in-addr.arpa udp
US 216.218.219.41:80 216.218.219.41 tcp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 142.53.16.96.in-addr.arpa udp
US 216.218.219.41:80 216.218.219.41 tcp
US 65.43.218.203:443 tcp
US 216.218.219.41:80 216.218.219.41 tcp
US 8.8.8.8:53 203.218.43.65.in-addr.arpa udp
NL 45.66.35.11:80 45.66.35.11 tcp
DE 193.23.244.244:80 193.23.244.244 tcp
SE 193.189.100.194:443 tcp
DE 193.23.244.244:80 193.23.244.244 tcp
DE 193.23.244.244:80 193.23.244.244 tcp
US 8.8.8.8:53 194.100.189.193.in-addr.arpa udp
DE 193.23.244.244:80 193.23.244.244 tcp
US 23.92.34.106:443 tcp
DE 193.23.244.244:80 193.23.244.244 tcp
NL 45.66.35.11:80 45.66.35.11 tcp
US 8.8.8.8:53 106.34.92.23.in-addr.arpa udp
NL 45.66.35.11:80 45.66.35.11 tcp
CH 185.195.71.8:443 tcp
NL 45.66.35.11:80 45.66.35.11 tcp
NL 45.66.35.11:80 45.66.35.11 tcp
US 8.8.8.8:53 8.71.195.185.in-addr.arpa udp
US 8.8.8.8:53 24.125.209.23.in-addr.arpa udp

Files

memory/4812-0-0x0000000000400000-0x000000000047C000-memory.dmp

memory/4812-2-0x0000000000610000-0x0000000000710000-memory.dmp

memory/4812-3-0x0000000000A10000-0x0000000000A64000-memory.dmp

memory/4812-4-0x0000000000400000-0x0000000000456000-memory.dmp

memory/4812-5-0x0000000000400000-0x000000000047C000-memory.dmp

memory/4812-8-0x0000000000A80000-0x0000000000B1F000-memory.dmp

memory/4812-6-0x0000000000A80000-0x0000000000B1F000-memory.dmp

memory/4812-7-0x0000000000A80000-0x0000000000B1F000-memory.dmp

memory/4812-9-0x0000000000A80000-0x0000000000B1F000-memory.dmp

memory/4812-10-0x0000000000A80000-0x0000000000B1F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe

MD5 b4cd27f2b37665f51eb9fe685ec1d373
SHA1 7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0
SHA256 91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581
SHA512 e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e

C:\Users\Admin\AppData\Local\Temp\x64btit.txt

MD5 01a253ed9300c4067dd07b4d6753407d
SHA1 85b496cb57f24d660b0bff2cfbe04c75021f8e82
SHA256 94edd4bc14314b7507ac1087705d3132b22aab913e7069daed88bb97ea412cd9
SHA512 5fe6ffc1892874b9bf26f078236b9b36464b1efcb8179c7517b5b3354f2f2b334e0fe1482113568818c88c21b1cdc70fcb004227972d88b3bf2f24bb86fb0228

memory/4812-18-0x0000000000A80000-0x0000000000B1F000-memory.dmp

memory/4812-17-0x0000000000A80000-0x0000000000B1F000-memory.dmp

memory/4812-19-0x0000000000610000-0x0000000000710000-memory.dmp

memory/4812-20-0x0000000000A10000-0x0000000000A64000-memory.dmp

memory/4812-21-0x0000000000400000-0x0000000000456000-memory.dmp

memory/4812-23-0x0000000000A80000-0x0000000000B1F000-memory.dmp

memory/4812-25-0x0000000000A80000-0x0000000000B1F000-memory.dmp

memory/4812-28-0x0000000000A80000-0x0000000000B1F000-memory.dmp

memory/4812-30-0x0000000000A80000-0x0000000000B1F000-memory.dmp

memory/4812-33-0x0000000000A80000-0x0000000000B1F000-memory.dmp

memory/4812-35-0x0000000000A80000-0x0000000000B1F000-memory.dmp

memory/4812-37-0x0000000000A80000-0x0000000000B1F000-memory.dmp

memory/4812-39-0x0000000000A80000-0x0000000000B1F000-memory.dmp

memory/4812-42-0x0000000000A80000-0x0000000000B1F000-memory.dmp