Resubmissions

27-11-2024 13:29

241127-qrb37svpcv 10

27-11-2024 09:27

241127-le54astrfj 10

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2024 13:29

General

  • Target

    5ab93bd4225586706037be1870f84d4bd124b38df01f78de5648e3e0f30b8911.exe

  • Size

    189KB

  • MD5

    edf55c47be55365e15be64ed8240fbf0

  • SHA1

    e240ec08e175e7a9739c4f3e3b9797c6f8f27d6a

  • SHA256

    5ab93bd4225586706037be1870f84d4bd124b38df01f78de5648e3e0f30b8911

  • SHA512

    aaa439ca2bcf0ee832f54942b37960f66262d696e4964244e5c3c47209c173de803de46e567efc9df5d2af34cafcf1049cd5a247c0049b6dfdaf5091b320247a

  • SSDEEP

    1536:/y29YoWallrxCka5FMXKe0fobM/zrzhzrY:K297rVKFKKe0fobM/dg

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5ab93bd4225586706037be1870f84d4bd124b38df01f78de5648e3e0f30b8911.exe
    "C:\Users\Admin\AppData\Local\Temp\5ab93bd4225586706037be1870f84d4bd124b38df01f78de5648e3e0f30b8911.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1144
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 1472
      2⤵
      • Program crash
      PID:2248

Network

  • flag-us
    DNS
    computernewb.com
    5ab93bd4225586706037be1870f84d4bd124b38df01f78de5648e3e0f30b8911.exe
    Remote address:
    8.8.8.8:53
    Request
    computernewb.com
    IN A
    Response
    computernewb.com
    IN A
    104.21.69.77
    computernewb.com
    IN A
    172.67.206.74
  • flag-us
    DNS
    computernewb.com
    5ab93bd4225586706037be1870f84d4bd124b38df01f78de5648e3e0f30b8911.exe
    Remote address:
    8.8.8.8:53
    Request
    computernewb.com
    IN A
  • flag-us
    GET
    https://computernewb.com/wiki/User:LGHUJgdhnjfhgdWR3Z6HN/MNVCBNRETJUWEI3333333
    5ab93bd4225586706037be1870f84d4bd124b38df01f78de5648e3e0f30b8911.exe
    Remote address:
    104.21.69.77:443
    Request
    GET /wiki/User:LGHUJgdhnjfhgdWR3Z6HN/MNVCBNRETJUWEI3333333 HTTP/1.1
    Host: computernewb.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Wed, 27 Nov 2024 13:29:30 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    vary: Accept-Encoding, Cookie, Authorization
    x-content-type-options: nosniff
    content-language: en
    Cache-Control: s-maxage=18000, must-revalidate, max-age=0
    x-request-id: fe82ac84b92210f7f40d1af4
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XwOlVTbqQxOf6u4EDYhbH4cLst5TxcepWBKb5SD9qhvTTFk9M6nyA3Vb%2BxB0LhPoLkPHY8jQkgMoFQZ2RZ%2FBiG4q8El%2BtYBqF5NUrYtcjaKIFMXupU9S%2B1HhtJBqGiZYFlpH"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8e9277aed9fe653d-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=67486&min_rtt=62834&rtt_var=22264&sent=6&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=432&delivery_rate=60628&cwnd=253&unsent_bytes=0&cid=5631b9db602c8073&ts=385&x=0"
  • 104.21.69.77:443
    https://computernewb.com/wiki/User:LGHUJgdhnjfhgdWR3Z6HN/MNVCBNRETJUWEI3333333
    tls, http
    5ab93bd4225586706037be1870f84d4bd124b38df01f78de5648e3e0f30b8911.exe
    1.2kB
    21.7kB
    18
    26

    HTTP Request

    GET https://computernewb.com/wiki/User:LGHUJgdhnjfhgdWR3Z6HN/MNVCBNRETJUWEI3333333

    HTTP Response

    404
  • 8.8.8.8:53
    computernewb.com
    dns
    5ab93bd4225586706037be1870f84d4bd124b38df01f78de5648e3e0f30b8911.exe
    124 B
    94 B
    2
    1

    DNS Request

    computernewb.com

    DNS Request

    computernewb.com

    DNS Response

    104.21.69.77
    172.67.206.74

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1144-0-0x000000007463E000-0x000000007463F000-memory.dmp

    Filesize

    4KB

  • memory/1144-1-0x0000000000AC0000-0x0000000000AF0000-memory.dmp

    Filesize

    192KB

  • memory/1144-2-0x0000000074630000-0x0000000074D1E000-memory.dmp

    Filesize

    6.9MB

  • memory/1144-3-0x0000000074630000-0x0000000074D1E000-memory.dmp

    Filesize

    6.9MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.