Malware Analysis Report

2025-01-22 13:29

Sample ID 241122-yhmscatkdl
Target 107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe
SHA256 107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8
Tags
osiris banker botnet discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8

Threat Level: Known bad

The file 107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe was found to be: Known bad.

Malicious Activity Summary

osiris banker botnet discovery

Osiris

Osiris family

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

Uses Tor communications

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-22 19:47

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-22 19:47

Reported

2024-11-22 19:49

Platform

win7-20240903-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe"

Signatures

Osiris

banker botnet osiris

Osiris family

osiris

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Uses Tor communications

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe

"C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe"

C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe

"C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe"

Network

Country Destination Domain Proto
DE 193.23.244.244:80 193.23.244.244 tcp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.12.205:443 api.ipify.org tcp
US 216.218.219.41:80 216.218.219.41 tcp
US 162.251.119.2:443 tcp
US 8.8.8.8:53 time-a.nist.gov udp
US 129.6.15.28:13 time-a.nist.gov tcp
US 216.218.219.41:80 216.218.219.41 tcp
IE 193.1.12.167:443 tcp
NL 45.66.35.11:80 45.66.35.11 tcp
NL 45.66.35.11:80 45.66.35.11 tcp
US 216.218.219.41:80 216.218.219.41 tcp
NL 45.66.35.11:80 45.66.35.11 tcp
US 216.218.219.41:80 216.218.219.41 tcp
US 216.218.219.41:80 216.218.219.41 tcp
DE 193.23.244.244:80 193.23.244.244 tcp
DE 193.23.244.244:80 193.23.244.244 tcp
DE 193.23.244.244:80 193.23.244.244 tcp
US 108.181.22.201:443 tcp
NL 45.66.35.11:80 45.66.35.11 tcp
PL 185.241.208.164:443 tcp
NL 45.66.35.11:80 45.66.35.11 tcp
US 216.218.219.41:80 216.218.219.41 tcp
DE 193.23.244.244:80 193.23.244.244 tcp
NL 80.82.76.55:443 tcp
US 216.218.219.41:80 216.218.219.41 tcp
US 199.250.204.206:443 tcp

Files

memory/2232-0-0x0000000000400000-0x000000000047C000-memory.dmp

memory/2232-2-0x0000000000570000-0x0000000000670000-memory.dmp

memory/2232-3-0x0000000000220000-0x0000000000274000-memory.dmp

memory/2232-4-0x0000000000400000-0x0000000000456000-memory.dmp

memory/2232-5-0x0000000000400000-0x000000000047C000-memory.dmp

memory/2232-7-0x0000000000480000-0x000000000051F000-memory.dmp

memory/2232-6-0x0000000000480000-0x000000000051F000-memory.dmp

memory/2232-10-0x0000000000480000-0x000000000051F000-memory.dmp

memory/2232-9-0x0000000000480000-0x000000000051F000-memory.dmp

memory/2232-8-0x0000000000480000-0x000000000051F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe

MD5 b4cd27f2b37665f51eb9fe685ec1d373
SHA1 7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0
SHA256 91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581
SHA512 e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e

C:\Users\Admin\AppData\Local\Temp\x64btit.txt

MD5 e54affface1f009cf8ec205c4e886156
SHA1 9c5a5b12ec02f0b0944c812ac2faa0dec0d82da0
SHA256 80a450dd3f6840d37a904ace63200c94eb246a4625618ec94c2f27baf8ce2775
SHA512 fcbf0f0ec4090d843867454a93328306f5b26fae038505091ce2b148c06ca1bd320e14f708915f46ec6e4ddacd3a9f19a53dd9eb4b0226cb8876fcaa4a2c3bf4

memory/2232-20-0x00000000007B0000-0x00000000007CE000-memory.dmp

memory/2232-18-0x0000000010000000-0x0000000010015000-memory.dmp

memory/2232-22-0x0000000000480000-0x000000000051F000-memory.dmp

memory/2232-23-0x0000000000480000-0x000000000051F000-memory.dmp

memory/2232-24-0x0000000000480000-0x000000000051F000-memory.dmp

memory/2232-25-0x0000000000480000-0x000000000051F000-memory.dmp

memory/2232-26-0x0000000000570000-0x0000000000670000-memory.dmp

memory/2232-27-0x0000000000220000-0x0000000000274000-memory.dmp

memory/2232-28-0x0000000000400000-0x0000000000456000-memory.dmp

memory/2232-34-0x0000000000480000-0x000000000051F000-memory.dmp

memory/2232-36-0x0000000000480000-0x000000000051F000-memory.dmp

memory/2232-42-0x0000000000480000-0x000000000051F000-memory.dmp

memory/2232-47-0x0000000000480000-0x000000000051F000-memory.dmp

memory/2232-46-0x0000000000480000-0x000000000051F000-memory.dmp

memory/2232-52-0x0000000000480000-0x000000000051F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-22 19:47

Reported

2024-11-22 19:49

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe"

Signatures

Osiris

banker botnet osiris

Osiris family

osiris

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Uses Tor communications

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe

"C:\Users\Admin\AppData\Local\Temp\107c83149d4b19b7875d6ec1e0251899662d48dcd13996b9e07a93d378f156b8.exe"

C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe

"C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe"

Network

Country Destination Domain Proto
NL 194.109.206.212:80 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
SE 171.25.193.9:443 171.25.193.9 tcp
US 8.8.8.8:53 9.193.25.171.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.12.205:443 api.ipify.org tcp
NL 45.66.35.11:80 45.66.35.11 tcp
SE 193.189.100.205:443 tcp
US 8.8.8.8:53 time-a.nist.gov udp
US 129.6.15.28:13 time-a.nist.gov tcp
US 8.8.8.8:53 205.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 11.35.66.45.in-addr.arpa udp
US 8.8.8.8:53 205.100.189.193.in-addr.arpa udp
US 216.218.219.41:80 216.218.219.41 tcp
US 216.218.219.41:80 216.218.219.41 tcp
US 8.8.8.8:53 28.15.6.129.in-addr.arpa udp
US 8.8.8.8:53 139.53.16.96.in-addr.arpa udp
NL 45.66.35.11:80 45.66.35.11 tcp
US 8.8.8.8:53 41.219.218.216.in-addr.arpa udp
NL 45.66.35.11:80 45.66.35.11 tcp
US 216.218.219.41:80 216.218.219.41 tcp
NL 45.66.35.11:80 45.66.35.11 tcp
NL 45.66.35.11:80 45.66.35.11 tcp
NL 45.66.35.11:80 45.66.35.11 tcp
NL 45.66.35.11:80 45.66.35.11 tcp
US 23.129.64.214:443 tcp
US 8.8.8.8:53 214.64.129.23.in-addr.arpa udp
DE 193.23.244.244:80 193.23.244.244 tcp
US 216.218.219.41:80 216.218.219.41 tcp
US 8.8.8.8:53 244.244.23.193.in-addr.arpa udp
NL 45.66.35.11:80 45.66.35.11 tcp
FR 80.67.167.81:443 tcp
US 8.8.8.8:53 81.167.67.80.in-addr.arpa udp
DE 193.23.244.244:80 193.23.244.244 tcp
DE 193.23.244.244:80 193.23.244.244 tcp
NL 45.66.35.11:80 45.66.35.11 tcp
US 23.82.137.28:443 tcp
DE 193.23.244.244:80 193.23.244.244 tcp
US 8.8.8.8:53 28.137.82.23.in-addr.arpa udp
US 216.218.219.41:80 216.218.219.41 tcp
US 8.8.8.8:53 66.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
DE 84.161.144.132:443 tcp
US 8.8.8.8:53 132.144.161.84.in-addr.arpa udp
NL 45.66.35.11:80 45.66.35.11 tcp
US 216.218.219.41:80 216.218.219.41 tcp
DE 193.23.244.244:80 193.23.244.244 tcp
SE 46.246.44.53:443 tcp
NL 45.66.35.11:80 45.66.35.11 tcp
DE 193.23.244.244:80 193.23.244.244 tcp
US 8.8.8.8:53 53.44.246.46.in-addr.arpa udp

Files

memory/5076-0-0x0000000000400000-0x000000000047C000-memory.dmp

memory/5076-2-0x0000000000590000-0x0000000000690000-memory.dmp

memory/5076-4-0x0000000000400000-0x000000000047C000-memory.dmp

memory/5076-3-0x0000000000400000-0x0000000000456000-memory.dmp

memory/5076-5-0x0000000000400000-0x000000000047C000-memory.dmp

memory/5076-6-0x0000000000960000-0x00000000009FF000-memory.dmp

memory/5076-7-0x0000000000960000-0x00000000009FF000-memory.dmp

memory/5076-8-0x0000000000960000-0x00000000009FF000-memory.dmp

memory/5076-9-0x0000000000960000-0x00000000009FF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe

MD5 b4cd27f2b37665f51eb9fe685ec1d373
SHA1 7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0
SHA256 91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581
SHA512 e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e

memory/5076-10-0x0000000000960000-0x00000000009FF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\x64btit.txt

MD5 f6c63267dc26d028b216899884727fe5
SHA1 3dc14c9238e5a21a87b809a613bbd602a08a9c17
SHA256 03752ec747a148b54b9e190129a37365d5a694201830cadcbb93880b7393f2ec
SHA512 0f25b0cdf79335091661798cbdc754e4833a833e1ca7a49253cfe2bb7650829b91e5187569a5a41aa7a0417880387542f9c8b0c1404cbe2e299abede8b1dc2f0

memory/5076-17-0x0000000000960000-0x00000000009FF000-memory.dmp

memory/5076-18-0x0000000000960000-0x00000000009FF000-memory.dmp

memory/5076-19-0x0000000000590000-0x0000000000690000-memory.dmp

memory/5076-20-0x0000000000400000-0x0000000000456000-memory.dmp

memory/5076-24-0x0000000000960000-0x00000000009FF000-memory.dmp

memory/5076-26-0x0000000000960000-0x00000000009FF000-memory.dmp

memory/5076-29-0x0000000000960000-0x00000000009FF000-memory.dmp

memory/5076-31-0x0000000000960000-0x00000000009FF000-memory.dmp

memory/5076-33-0x0000000000960000-0x00000000009FF000-memory.dmp

memory/5076-36-0x0000000000960000-0x00000000009FF000-memory.dmp

memory/5076-39-0x0000000000960000-0x00000000009FF000-memory.dmp

memory/5076-40-0x0000000000960000-0x00000000009FF000-memory.dmp

memory/5076-43-0x0000000000960000-0x00000000009FF000-memory.dmp