Overview

overview

10

Static

static

10

bc4e3205fd...51.exe

windows7_x64

10

bc4e3205fd...51.exe

windows10_x64

10

Analysis

  • max time kernel
    2s
  • max time network
    11s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    09-05-2021 17:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc4e3205fd8f82aa435a4a340c6e297b178eca97539b9086b2ccd6d858cf5051.exe

  • Size

    711KB

  • MD5

    fb4324105b8a7af417163d6204a695b9

  • SHA1

    d266ff18e1603afb8e5e3eb8c5767746e40d2a16

  • SHA256

    bc4e3205fd8f82aa435a4a340c6e297b178eca97539b9086b2ccd6d858cf5051

  • SHA512

    572fa4a03354540d8fd32113d2cfca69256c76d0cabd619bbf3b0715d6bc642cf4d545149af492a857458a3d92337bdf8b391bbdaabab4698d698eebf3b43a0f

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Signatures

  • FakeAV, RogueAntivirus

    FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    fakeavspywarefakeav
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc4e3205fd8f82aa435a4a340c6e297b178eca97539b9086b2ccd6d858cf5051.exe
    "C:\Users\Admin\AppData\Local\Temp\bc4e3205fd8f82aa435a4a340c6e297b178eca97539b9086b2ccd6d858cf5051.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:788

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/788-59-0x0000000075551000-0x0000000075553000-memory.dmp

    Filesize

    8KB

    Download

  • memory/788-60-0x0000000000170000-0x0000000000171000-memory.dmp

    Filesize

    4KB

    Download