Overview

overview

8

Static

static

FileOpenInstaller.exe

windows7_x64

8

FileOpenInstaller.exe

windows10_x64

8

Analysis

  • max time kernel
    151s
  • max time network
    114s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    21-04-2021 18:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FileOpenInstaller.exe

  • Size

    6.8MB

  • MD5

    ab92733eecc19ba622bea402e36217d7

  • SHA1

    0b989591194acec8782070b4d92db2963bfb17a0

  • SHA256

    1363a87825c3c707e04e181932702eb2258a9b87adfded21909ea58b722047e5

  • SHA512

    382b6fb60bbc4e8f9f8f0b8615f3bab247546f209aec35b2cab8a2038216319067a14073f1f0df8558183261fb387fb7bfb519d2052aa5bcfb09980a64f24213

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FileOpenInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\FileOpenInstaller.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:648
    • C:\Users\Admin\AppData\Local\Temp\is-G874F.tmp\FileOpenInstaller.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-G874F.tmp\FileOpenInstaller.tmp" /SL5="$90030,6349734,1320960,C:\Users\Admin\AppData\Local\Temp\FileOpenInstaller.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:3584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-G874F.tmp\FileOpenInstaller.tmp
    MD5

    9d8408c9bf6f711b668ef36084757f7d

    SHA1

    1c5fdb3445fbc80d7e7ab877424148155868d352

    SHA256

    63ed8734dd7859fadef2fc184d8a25f90efc898e321358c73e876d97f5ceec72

    SHA512

    60605cfc3a27cd3ad7ce73534405b17b671dce47177ddc2b7f72178e628d7a949d2924d552f738e8f4c837d86a148b78d687bd1885cc7efc37ebce3e06b07bde

    Download Submit
  • \Users\Admin\AppData\Local\Temp\is-LOKEC.tmp\UtilDll.dll
    MD5

    79f2386cf7296e8661997193cf01baad

    SHA1

    726fea5eabc5b38981b1d6cc5b8be01212c90616

    SHA256

    101eba215ef5f833ec332da2c803fbff060eb55f32a88ec261b5c4192528e6dd

    SHA512

    123f4ffa772fde8f901abf12c49b78eb81975e5e5f38a8ef80c10b4ca08da422c42ee72f51155fc87a6726217a29b0e8bf22cb927347d324d41e87485c5eff7e

    Download Submit
  • memory/648-114-0x0000000000400000-0x0000000000550000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/3584-115-0x0000000000000000-mapping.dmp
    Download
  • memory/3584-118-0x00000000007F0000-0x000000000093A000-memory.dmp
    Filesize

    1.3MB

    Download