Overview

overview

10

Static

static

FSOC/libeay32.dll

windows7_x64

1

FSOC/libeay32.dll

windows10_x64

1

FSOC/ssleay32.dll

windows7_x64

1

FSOC/ssleay32.dll

windows10_x64

1

FSOC/vmtools.exe

windows7_x64

10

FSOC/vmtools.exe

windows10_x64

10

FSOC/vmworktool.exe

windows7_x64

7

FSOC/vmworktool.exe

windows10_x64

7

Analysis

  • max time kernel
    527s
  • max time network
    530s
  • platform
    windows7_x64
  • resource
    win7-en
  • submitted
    07-09-2021 17:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FSOC/vmworktool.exe

  • Size

    10.7MB

  • MD5

    2bda9b1a12fea5b3b0eed375dd60b1b8

  • SHA1

    ce4de9d0cfba59ccb33cf4cd482c9c6d178df6df

  • SHA256

    315f8684e73b9cee6e599a07a1b61cf3680b8165108ba0be82209e1a4073f65b

  • SHA512

    7f420dcd4ad8612e5076da857213556a196084c7bc570b6f0837da405dd5d8d30d299b312d3ca162e6eb93852d11f3b51f58cd5ec8b1e2a736b53b2be0a127f4

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FSOC\vmworktool.exe
    "C:\Users\Admin\AppData\Local\Temp\FSOC\vmworktool.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    PID:1192

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1192-53-0x00000000762A1000-0x00000000762A3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1192-54-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download