Overview

overview

10

Static

static

10

33c51b4336...67.exe

windows7_x64

10

33c51b4336...67.exe

windows10_x64

10

Resubmissions

25-06-2021 20:02

210625-fblvfqm7an 10

18-05-2021 05:37

210518-8s36lqvle2 10

Analysis

  • max time kernel
    6s
  • max time network
    14s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    25-06-2021 20:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    33c51b43362ef9a681a851d192942ef3857f550a3d36ca808b7d2c37abd9ea67.exe

  • Size

    711KB

  • MD5

    1cbd59d894ee4a48ec6aee6d149f4ab1

  • SHA1

    bd1b2c9041cd3bdc801db90234412f7b60c04b23

  • SHA256

    33c51b43362ef9a681a851d192942ef3857f550a3d36ca808b7d2c37abd9ea67

  • SHA512

    e101e817ca76ad90f4c736200cd6ada83f7072aa58a4139d61ba1f9df15bee39c2c6c3efa574509a3d1b9fec4a781d4a3a5763a2d0b075bd8b5e7dcd3a0faba1

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Signatures

  • FakeAV, RogueAntivirus

    FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    fakeavspywarefakeav
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\33c51b43362ef9a681a851d192942ef3857f550a3d36ca808b7d2c37abd9ea67.exe
    "C:\Users\Admin\AppData\Local\Temp\33c51b43362ef9a681a851d192942ef3857f550a3d36ca808b7d2c37abd9ea67.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:940

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/940-59-0x0000000075051000-0x0000000075053000-memory.dmp

    Filesize

    8KB

    Download

  • memory/940-60-0x0000000000170000-0x0000000000171000-memory.dmp

    Filesize

    4KB

    Download