Overview

overview

10

Static

static

3

4363463463...63.exe

windows7-x64

8

4363463463...63.exe

windows10-2004-x64

8

4363463463...63.exe

windows11-21h2-x64

10

Resubmissions

14-02-2025 01:10

250214-bjsnnayne1 10

14-02-2025 01:00

250214-bc5pmsymhw 10

13-02-2025 05:01

250213-fnkwtstpgw 10

13-02-2025 04:24

250213-e1kk6atmaz 10

13-02-2025 04:08

250213-eqe8patkgx 8

12-02-2025 23:56

250212-3yzt3azrdx 10

12-02-2025 23:44

250212-3rgd5szmbm 10

12-02-2025 23:19

250212-3a9dlazkep 10

12-02-2025 13:32

250212-qs211ssrfr 10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250211-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250211-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-02-2025 01:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4363463463464363463463463.exe

  • Size

    10KB

  • MD5

    2a94f3960c58c6e70826495f76d00b85

  • SHA1

    e2a1a5641295f5ebf01a37ac1c170ac0814bb71a

  • SHA256

    2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce

  • SHA512

    fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f

  • SSDEEP

    192:xlwayyHOXGc20L7BIW12n/ePSjiTlzkGu8stYcFwVc03KY:xlwwHe/20PKn/cLTlHuptYcFwVc03K

Score
8/10
discovery

Malware Config

Signatures

  • Downloads MZ/PE file 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 35 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 47 IoCs
  • Suspicious use of SendNotifyMessage 46 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe
    "C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe"
    1⤵
    • Downloads MZ/PE file
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:2952
  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Nzg5N0EwMDktQ0RCMC00Mjg5LUJERjItNDA0REMwRDJBODE2fSIgdXNlcmlkPSJ7MUVGOUY2QzMtRDlCMS00QzA1LThBNzEtNTdERkU0MDAwMDc4fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NDE3M0FCQTEtRjQ2My00MDA3LUJFRjUtM0ZEQkM1RkNDMEE0fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODM0MTAiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1NTUzNjg2NzAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MjU0ODAyOTcxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
    1⤵
    • System Location Discovery: System Language Discovery
    • System Network Configuration Discovery: Internet Connection Discovery
    PID:1152
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /0
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4564
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3548

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2952-0-0x00000000744BE000-0x00000000744BF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2952-1-0x0000000000E70000-0x0000000000E78000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2952-2-0x0000000005820000-0x00000000058BC000-memory.dmp

      Filesize

      624KB

      Download

    • memory/2952-3-0x00000000744B0000-0x0000000074C60000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2952-4-0x00000000744BE000-0x00000000744BF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2952-5-0x00000000744B0000-0x0000000074C60000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4564-7-0x00000281A38F0000-0x00000281A38F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4564-9-0x00000281A38F0000-0x00000281A38F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4564-8-0x00000281A38F0000-0x00000281A38F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4564-19-0x00000281A38F0000-0x00000281A38F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4564-13-0x00000281A38F0000-0x00000281A38F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4564-18-0x00000281A38F0000-0x00000281A38F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4564-17-0x00000281A38F0000-0x00000281A38F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4564-16-0x00000281A38F0000-0x00000281A38F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4564-15-0x00000281A38F0000-0x00000281A38F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4564-14-0x00000281A38F0000-0x00000281A38F1000-memory.dmp

      Filesize

      4KB

      Download