Analysis
-
max time kernel
122s -
max time network
138s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
22-10-2021 18:42
Static task
static1
Behavioral task
behavioral1
Sample
fe803ea3f3af2409f1c39331dc0d02fe.exe
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
General
-
Target
fe803ea3f3af2409f1c39331dc0d02fe.exe
-
Size
713KB
-
MD5
fe803ea3f3af2409f1c39331dc0d02fe
-
SHA1
7d9c231e4e029ae71e647e1943e671a942755c5c
-
SHA256
e70637e0f44ec169c93a2634b8f7750bc671044651bbbbf48a622a82dfd319b7
-
SHA512
2561f39d262172ead7b5be2ca6516970809e9d1bdca2c10623f7004e0e1dbe96b54d3589e026691d52109bb3303357aa47e5025568acdb8e4159c67d6fc0f191
Score
10/10
Malware Config
Signatures
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
fe803ea3f3af2409f1c39331dc0d02fe.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 fe803ea3f3af2409f1c39331dc0d02fe.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString fe803ea3f3af2409f1c39331dc0d02fe.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1120-54-0x00000000009D9000-0x0000000000A45000-memory.dmpFilesize
432KB
-
memory/1120-55-0x00000000755A1000-0x00000000755A3000-memory.dmpFilesize
8KB
-
memory/1120-56-0x00000000008F0000-0x00000000009BF000-memory.dmpFilesize
828KB
-
memory/1120-57-0x0000000000400000-0x00000000008E2000-memory.dmpFilesize
4.9MB