Overview

overview

10

Static

static

10

2d20a87b01...3b.exe

windows7_x64

10

2d20a87b01...3b.exe

windows10_x64

10

Analysis

  • max time kernel
    128s
  • max time network
    131s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    11-05-2021 12:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d20a87b01c7f0080298fecde72b6e544f8e0d2dce1929ecb72d5432f8ce4f3b.exe

  • Size

    711KB

  • MD5

    21924e99d3219df993bead44300d54d8

  • SHA1

    0feb97ffe1fbb669781db6b3bfe79c94ca8267d2

  • SHA256

    2d20a87b01c7f0080298fecde72b6e544f8e0d2dce1929ecb72d5432f8ce4f3b

  • SHA512

    09a06963587db9279be0b6c0c32c374b0555da875f74f8e9739d5d1d8eed305205dad1bae6dcc21191e3f71d08528e6111ebc4e2357950abf2a52410eb4e6621

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Signatures

  • FakeAV, RogueAntivirus

    FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    fakeavspywarefakeav
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d20a87b01c7f0080298fecde72b6e544f8e0d2dce1929ecb72d5432f8ce4f3b.exe
    "C:\Users\Admin\AppData\Local\Temp\2d20a87b01c7f0080298fecde72b6e544f8e0d2dce1929ecb72d5432f8ce4f3b.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:4432

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4432-114-0x0000000000680000-0x0000000000681000-memory.dmp

    Filesize

    4KB

    Download