Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-12-2024 16:42

General

  • Target

    CyberGate v1.07.5/CyberGate v1.07.5/CyberGate v1.07.5.exe

  • Size

    2.3MB

  • MD5

    fc6ee683f28c4d867b069841b45cde8b

  • SHA1

    7ba5b8f07bd86a85b583f8c92d27bb94792b6373

  • SHA256

    d2119d9dce199cab558514bb1de19a59b207a9d654d0ed1477fa2d98f20e3dc3

  • SHA512

    a74f81bb2fa4806abb61e7c8b66fe60b2827120a5558ced95076d3af37e517a4395f28750875fb7cca197258502d8eee3221ee6c4a9fd76e5ec95c4ec5563f56

  • SSDEEP

    49152:jBcY9bLMtRGHMTy+hjt2cTl4XRsme9qwwoHXi3Ic+8R1Hg3wx:iftRmsy+l4cIe9qn2XsIcHrx

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 8 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CyberGate v1.07.5\CyberGate v1.07.5\CyberGate v1.07.5.exe
    "C:\Users\Admin\AppData\Local\Temp\CyberGate v1.07.5\CyberGate v1.07.5\CyberGate v1.07.5.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1640

Network

  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.210.23.2.in-addr.arpa
    IN PTR
    Response
    88.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-88deploystaticakamaitechnologiescom
  • flag-us
    DNS
    88.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.210.23.2.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    88.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.210.23.2.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    71.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.193.132.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.193.132.51.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    88.210.23.2.in-addr.arpa
    dns
    210 B
    133 B
    3
    1

    DNS Request

    88.210.23.2.in-addr.arpa

    DNS Request

    88.210.23.2.in-addr.arpa

    DNS Request

    88.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    71.31.126.40.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    71.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    140 B
    144 B
    2
    1

    DNS Request

    58.55.71.13.in-addr.arpa

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
    156 B
    1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    48.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    104.193.132.51.in-addr.arpa
    dns
    73 B
    159 B
    1
    1

    DNS Request

    104.193.132.51.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\CyberGate v1.07.5\CyberGate v1.07.5\Language\Default.ini

    Filesize

    16KB

    MD5

    c31f9719e10071c3591a5ab99f8bb6c3

    SHA1

    123b4045ed0a4094cc5ea7f5456ee48fa567e7cd

    SHA256

    c2349fec416c3d0fcd12050b647d000a9049619002219ff45d2d1855a7739afd

    SHA512

    103839c5dcb2e25d4e6f7ce24f5a800988de58fb156b946c6bb794b510a2a102dda67cba826ffadca7ee52af13daf8e0e94ecfec1fd2f2d04c6557653234784c

  • memory/1640-1011-0x0000000000400000-0x0000000000BDE000-memory.dmp

    Filesize

    7.9MB

  • memory/1640-2-0x0000000000996000-0x0000000000BDD000-memory.dmp

    Filesize

    2.3MB

  • memory/1640-1012-0x0000000000400000-0x0000000000BDE000-memory.dmp

    Filesize

    7.9MB

  • memory/1640-1014-0x0000000000400000-0x0000000000BDE000-memory.dmp

    Filesize

    7.9MB

  • memory/1640-1013-0x0000000000400000-0x0000000000BDE000-memory.dmp

    Filesize

    7.9MB

  • memory/1640-1007-0x0000000000400000-0x0000000000BDE000-memory.dmp

    Filesize

    7.9MB

  • memory/1640-1008-0x0000000000400000-0x0000000000BDE000-memory.dmp

    Filesize

    7.9MB

  • memory/1640-1009-0x0000000000400000-0x0000000000BDE000-memory.dmp

    Filesize

    7.9MB

  • memory/1640-1010-0x0000000000400000-0x0000000000BDE000-memory.dmp

    Filesize

    7.9MB

  • memory/1640-0-0x0000000000400000-0x0000000000BDE000-memory.dmp

    Filesize

    7.9MB

  • memory/1640-3-0x0000000000400000-0x0000000000BDE000-memory.dmp

    Filesize

    7.9MB

  • memory/1640-1-0x0000000000400000-0x0000000000BDE000-memory.dmp

    Filesize

    7.9MB

  • memory/1640-5-0x0000000000400000-0x0000000000BDE000-memory.dmp

    Filesize

    7.9MB

  • memory/1640-1015-0x0000000000400000-0x0000000000BDE000-memory.dmp

    Filesize

    7.9MB

  • memory/1640-1016-0x0000000000400000-0x0000000000BDE000-memory.dmp

    Filesize

    7.9MB

  • memory/1640-1017-0x0000000000400000-0x0000000000BDE000-memory.dmp

    Filesize

    7.9MB

  • memory/1640-1018-0x0000000000400000-0x0000000000BDE000-memory.dmp

    Filesize

    7.9MB

  • memory/1640-1019-0x0000000000400000-0x0000000000BDE000-memory.dmp

    Filesize

    7.9MB

  • memory/1640-1020-0x0000000000400000-0x0000000000BDE000-memory.dmp

    Filesize

    7.9MB

  • memory/1640-1021-0x0000000000400000-0x0000000000BDE000-memory.dmp

    Filesize

    7.9MB

  • memory/1640-1022-0x0000000000400000-0x0000000000BDE000-memory.dmp

    Filesize

    7.9MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.