Overview

overview

10

Static

static

10

065f0e39d7...61.exe

windows7_x64

10

065f0e39d7...61.exe

windows10_x64

10

Resubmissions

11-05-2021 12:48

210511-32gzd4xhdj 10

11-05-2021 12:45

210511-vw3tn1wp3n 10

Analysis

  • max time kernel
    13s
  • max time network
    116s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    11-05-2021 12:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    065f0e39d74bcce0cdfb4cddc9a1a287c4a9f3473152398b5f24e477f80ad361.exe

  • Size

    711KB

  • MD5

    257108b962b0b824f0324915284b367b

  • SHA1

    0361039a5b893b8789d5af611ddd68bef18c2bf0

  • SHA256

    065f0e39d74bcce0cdfb4cddc9a1a287c4a9f3473152398b5f24e477f80ad361

  • SHA512

    6d2560de16e1f6a75759722aabbf85c12022fee1fa2ba58e5ea1a72d6ba6557862ea3be299214ea2e04c2ca9e2e8f84567565db3fb38bce14b35c0ca93337950

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Signatures

  • FakeAV, RogueAntivirus

    FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    fakeavspywarefakeav
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\065f0e39d74bcce0cdfb4cddc9a1a287c4a9f3473152398b5f24e477f80ad361.exe
    "C:\Users\Admin\AppData\Local\Temp\065f0e39d74bcce0cdfb4cddc9a1a287c4a9f3473152398b5f24e477f80ad361.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:788

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/788-114-0x00000000004C0000-0x000000000060A000-memory.dmp

    Filesize

    1.3MB

    Download