Overview

overview

10

Static

static

3

4363463463...63.exe

windows7-x64

8

4363463463...63.exe

windows10-2004-x64

8

4363463463...63.exe

windows11-21h2-x64

10

Resubmissions

14-02-2025 01:10

250214-bjsnnayne1 10

14-02-2025 01:00

250214-bc5pmsymhw 10

13-02-2025 05:01

250213-fnkwtstpgw 10

13-02-2025 04:24

250213-e1kk6atmaz 10

13-02-2025 04:08

250213-eqe8patkgx 8

12-02-2025 23:56

250212-3yzt3azrdx 10

12-02-2025 23:44

250212-3rgd5szmbm 10

12-02-2025 23:19

250212-3a9dlazkep 10

12-02-2025 13:32

250212-qs211ssrfr 10

Analysis

  • max time kernel
    150s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14-02-2025 01:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4363463463464363463463463.exe

  • Size

    10KB

  • MD5

    2a94f3960c58c6e70826495f76d00b85

  • SHA1

    e2a1a5641295f5ebf01a37ac1c170ac0814bb71a

  • SHA256

    2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce

  • SHA512

    fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f

  • SSDEEP

    192:xlwayyHOXGc20L7BIW12n/ePSjiTlzkGu8stYcFwVc03KY:xlwwHe/20PKn/cLTlHuptYcFwVc03K

Score
8/10
discovery

Malware Config

Signatures

  • Downloads MZ/PE file 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 3 IoCs
    defense_evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe
    "C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe"
    1⤵
    • Downloads MZ/PE file
    • System Location Discovery: System Language Discovery
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    PID:2692
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2276
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2180

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7861d1fcb4e9548d8bd1549279f2ec7d

    SHA1

    bb264871951ba92ccadcb9a93259a5dd8ddff2ec

    SHA256

    4dc2992de8268dc47a7ef68ecadb4c74d4bee11c433f783cce236cf43f2f115d

    SHA512

    8d9851453ba836b74b2831d84196dc15487f6570561aa3c4b19d63540d30cd54f5edb69cbf2b11eaf33d4c9b94ebbb7d166110301e809c0d5e382f50b85accb6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab28B8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar28DA.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2180-157-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2180-158-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2180-159-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2180-160-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2692-0-0x000000007497E000-0x000000007497F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2692-1-0x0000000001390000-0x0000000001398000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2692-2-0x0000000074970000-0x000000007505E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2692-12-0x000000007497E000-0x000000007497F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2692-13-0x0000000074970000-0x000000007505E000-memory.dmp

    Filesize

    6.9MB

    Download