Malware Analysis Report

2025-08-05 14:41

Sample ID 250703-f6dv8stydw
Target 24ebf31ad2a81a35b52ec5b878dc820fc4604d1df226db86819f05524a956a39
SHA256 24ebf31ad2a81a35b52ec5b878dc820fc4604d1df226db86819f05524a956a39
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

24ebf31ad2a81a35b52ec5b878dc820fc4604d1df226db86819f05524a956a39

Threat Level: Shows suspicious behavior

The file 24ebf31ad2a81a35b52ec5b878dc820fc4604d1df226db86819f05524a956a39 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Executes dropped EXE

Suspicious use of NtSetInformationThreadHideFromDebugger

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-03 05:28

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-03 05:28

Reported

2025-07-03 05:31

Platform

win10v2004-20250610-en

Max time kernel

103s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\24ebf31ad2a81a35b52ec5b878dc820fc4604d1df226db86819f05524a956a39.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1E0D0B0E120D156D155D15A0B0A160A0D160F.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\24ebf31ad2a81a35b52ec5b878dc820fc4604d1df226db86819f05524a956a39.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1E0D0B0E120D156D155D15A0B0A160A0D160F.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\24ebf31ad2a81a35b52ec5b878dc820fc4604d1df226db86819f05524a956a39.exe

"C:\Users\Admin\AppData\Local\Temp\24ebf31ad2a81a35b52ec5b878dc820fc4604d1df226db86819f05524a956a39.exe"

C:\Users\Admin\AppData\Local\Temp\1E0D0B0E120D156D155D15A0B0A160A0D160F.exe

C:\Users\Admin\AppData\Local\Temp\1E0D0B0E120D156D155D15A0B0A160A0D160F.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

memory/2416-0-0x0000000000400000-0x00000000005AB000-memory.dmp

memory/2416-1-0x0000000000400000-0x00000000005AB000-memory.dmp

memory/2416-7-0x0000000000400000-0x00000000005AB000-memory.dmp

memory/2560-6-0x0000000000400000-0x00000000005AB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1E0D0B0E120D156D155D15A0B0A160A0D160F.exe

MD5 d23c7735f5c6516ddacc17daf069a3e3
SHA1 9eb26f21e789065616d9594211a171b43d76186c
SHA256 1a1b9206c8300de428f8aec2d47c6ee7a1b1241dad301bdb93b274c5f0ddd914
SHA512 0eb19c054a899fd253058f38ab4e03c9f13dd88468d1d488686640c0dbe81f4b4e91bc0de95a49ca7c41c6037e75f9f9245d790c34b0ba7d77e61fc60fe85b6c

memory/2560-10-0x0000000000400000-0x00000000005AB000-memory.dmp

memory/2560-9-0x0000000000400000-0x00000000005AB000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-07-03 05:28

Reported

2025-07-03 05:31

Platform

win11-20250619-en

Max time kernel

101s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\24ebf31ad2a81a35b52ec5b878dc820fc4604d1df226db86819f05524a956a39.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1B0B0B0B120C156B155F15C0F0B160A0E160D.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\24ebf31ad2a81a35b52ec5b878dc820fc4604d1df226db86819f05524a956a39.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1B0B0B0B120C156B155F15C0F0B160A0E160D.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\24ebf31ad2a81a35b52ec5b878dc820fc4604d1df226db86819f05524a956a39.exe

"C:\Users\Admin\AppData\Local\Temp\24ebf31ad2a81a35b52ec5b878dc820fc4604d1df226db86819f05524a956a39.exe"

C:\Users\Admin\AppData\Local\Temp\1B0B0B0B120C156B155F15C0F0B160A0E160D.exe

C:\Users\Admin\AppData\Local\Temp\1B0B0B0B120C156B155F15C0F0B160A0E160D.exe

Network

Files

memory/3616-0-0x0000000000400000-0x00000000005AB000-memory.dmp

memory/3616-1-0x0000000000400000-0x00000000005AB000-memory.dmp

memory/2760-8-0x0000000000400000-0x00000000005AB000-memory.dmp

memory/2760-9-0x0000000000400000-0x00000000005AB000-memory.dmp

memory/2760-10-0x0000000000400000-0x00000000005AB000-memory.dmp

memory/3616-7-0x0000000000400000-0x00000000005AB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1B0B0B0B120C156B155F15C0F0B160A0E160D.exe

MD5 72c48e9edd7bea7981e848dc3a4a6a8d
SHA1 cad7868ef8abf462aeff52e40fc9fbd629e0b1b8
SHA256 7b2b7a0ee06584e53729704e1046f809fa44107dd2b4de59228d7d21b4d8c3a2
SHA512 501dd2292ff9c75e23363b355614ab0ea7a5448fec6dc5da7e02ecca6672298d326cf256d6416fa1b3f4ac28346fc7d19ab0d022e55a7ee718e2ad97251c3ab7