Resubmissions

17-01-2025 20:14

250117-yz7h3s1qfw 10

17-01-2025 20:12

250117-yy9l2sslcr 10

17-01-2025 17:25

250117-vy9p9sxpez 10

17-01-2025 17:21

250117-vw8eesyjfp 10

17-01-2025 14:16

250117-rk9ass1rhk 10

17-01-2025 14:12

250117-rhv1ds1lds 10

16-01-2025 12:52

250116-p4et7a1mez 10

16-01-2025 12:50

250116-p29xjssjep 10

16-01-2025 12:49

250116-p2cbaasjam 10

13-01-2025 04:35

250113-e7x5tswlfz 10

Analysis

  • max time kernel
    122s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    12-01-2025 15:53

General

  • Target

    Malware-1-master/Download.exe

  • Size

    247KB

  • MD5

    6a97f4f16e7879967a5c02d143d0bd46

  • SHA1

    0898ccf65770813f69bf339462a05a8c6e17be69

  • SHA256

    de2274da8cf00dfc6e6e52db43f82210a1fb7fd30016ebdc81347fb2d1f248fa

  • SHA512

    0bc14103518a2e234f4e3f4ddc46e91a1ed21c2885fd4eb27d3cf8cd088e4fa4fffcc221ddb404f52794c57d6693b2ce080e797bf33f2322490030e0fce0ac27

  • SSDEEP

    3072:ZV3bDzHY2weWeFoyUWfMRBsfpVZynzK4ChhO2IGmXf3Ur3CvZJnodCKJYsUH+Iun:ZBbDzHY0UsfPwUIvOd1

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\Malware-1-master\Download.exe
    "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\Download.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2304

Network

  • flag-us
    DNS
    www.google.ru
    Download.exe
    Remote address:
    8.8.8.8:53
    Request
    www.google.ru
    IN A
    Response
    www.google.ru
    IN A
    142.250.187.227
  • flag-gb
    GET
    https://www.google.ru/
    Download.exe
    Remote address:
    142.250.187.227:443
    Request
    GET / HTTP/1.1
    Host: www.google.ru
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    Location: https://www.google.com/sorry/index?continue=https://www.google.ru/&q=EgS117BTGKTLj7wGIjCrGOzUewh42K4S24IkCZL8P1VmAOU2sBu3xMXATs4Ek-feNNNyHSlf2XunbdsLlpgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    x-hallmonitor-challenge: CgwIpMuPvAYQv-_NoAMSBLXXsFM
    Content-Type: text/html; charset=UTF-8
    Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-L8j8wEywb4TCPln039nVRQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
    Date: Sun, 12 Jan 2025 15:54:12 GMT
    Server: gws
    Content-Length: 397
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Set-Cookie: AEC=AZ6Zc-WTXcWOyWEokiKULe_CXe0A7ozKAuMdrjFs_SSC6Mivo7hgPoPLeMo; expires=Fri, 11-Jul-2025 15:54:12 GMT; path=/; domain=.google.ru; Secure; HttpOnly; SameSite=lax
    Set-Cookie: __Secure-ENID=25.SE=bypNR83NsPTD_M44JiUgC-pQKOFxndwGaklDA-AjhHWu_zuqz8R7k1YSU659apU6S5BRwlpwrkFwv4XNZH1_SgRtBKPLRJZ4_Ysr13FM7pq36k0jYque20LcHxEpTkz7Wlbxo_rNf9ytDUSdUDr0jhdTl4o5VzULMk19WAz0sC2o4nwsUG6nxjLaf6M6kUwDzgk-gwDBldM; expires=Thu, 12-Feb-2026 08:12:30 GMT; path=/; domain=.google.ru; Secure; HttpOnly; SameSite=lax
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    www.google.com
    Download.exe
    Remote address:
    8.8.8.8:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.187.196
  • flag-gb
    GET
    https://www.google.com/sorry/index?continue=https://www.google.ru/&q=EgS117BTGKTLj7wGIjCrGOzUewh42K4S24IkCZL8P1VmAOU2sBu3xMXATs4Ek-feNNNyHSlf2XunbdsLlpgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    Download.exe
    Remote address:
    142.250.187.196:443
    Request
    GET /sorry/index?continue=https://www.google.ru/&q=EgS117BTGKTLj7wGIjCrGOzUewh42K4S24IkCZL8P1VmAOU2sBu3xMXATs4Ek-feNNNyHSlf2XunbdsLlpgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
    Host: www.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 429 Too Many Requests
    Date: Sun, 12 Jan 2025 15:54:13 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Content-Type: text/html
    Server: HTTP server (unknown)
    Content-Length: 3075
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • 142.250.187.227:443
    https://www.google.ru/
    tls, http
    Download.exe
    800 B
    6.4kB
    10
    11

    HTTP Request

    GET https://www.google.ru/

    HTTP Response

    302
  • 142.250.187.196:443
    https://www.google.com/sorry/index?continue=https://www.google.ru/&q=EgS117BTGKTLj7wGIjCrGOzUewh42K4S24IkCZL8P1VmAOU2sBu3xMXATs4Ek-feNNNyHSlf2XunbdsLlpgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    tls, http
    Download.exe
    885 B
    8.1kB
    8
    10

    HTTP Request

    GET https://www.google.com/sorry/index?continue=https://www.google.ru/&q=EgS117BTGKTLj7wGIjCrGOzUewh42K4S24IkCZL8P1VmAOU2sBu3xMXATs4Ek-feNNNyHSlf2XunbdsLlpgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

    HTTP Response

    429
  • 8.8.8.8:53
    www.google.ru
    dns
    Download.exe
    59 B
    75 B
    1
    1

    DNS Request

    www.google.ru

    DNS Response

    142.250.187.227

  • 8.8.8.8:53
    www.google.com
    dns
    Download.exe
    60 B
    76 B
    1
    1

    DNS Request

    www.google.com

    DNS Response

    142.250.187.196

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2304-0-0x00000000741C1000-0x00000000741C2000-memory.dmp

    Filesize

    4KB

  • memory/2304-1-0x00000000741C0000-0x000000007476B000-memory.dmp

    Filesize

    5.7MB

  • memory/2304-2-0x00000000741C0000-0x000000007476B000-memory.dmp

    Filesize

    5.7MB

  • memory/2304-3-0x00000000741C0000-0x000000007476B000-memory.dmp

    Filesize

    5.7MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.