Overview

overview

8

Static

static

8

FateInjector.exe

windows7_x64

1

FateInjector.exe

windows10_x64

1

Ambrosial ...21.exe

windows7_x64

8

Ambrosial ...21.exe

windows10_x64

8

Ambrosial.exe

windows7_x64

4

Ambrosial.exe

windows10_x64

7

Release_Ve...on.dll

windows7_x64

1

Release_Ve...on.dll

windows10_x64

3

BadManPublic.dll

windows7_x64

1

BadManPublic.dll

windows10_x64

1

HorionInjector.exe

windows7_x64

8

HorionInjector.exe

windows10_x64

8

MetroSet UI.dll

windows7_x64

1

MetroSet UI.dll

windows10_x64

1

Newtonsoft.Json.dll

windows7_x64

1

Newtonsoft.Json.dll

windows10_x64

1

System.Run...fe.dll

windows7_x64

1

System.Run...fe.dll

windows10_x64

1

ure tyjk5_...]_.exe

windows7_x64

1

ure tyjk5_...]_.exe

windows10_x64

1

Coffee (1).exe

windows7_x64

1

Coffee (1).exe

windows10_x64

1

Coffee 1.16.220.exe

windows7_x64

1

Coffee 1.16.220.exe

windows10_x64

1

Coffee NOT...ON.exe

windows7_x64

1

Coffee NOT...ON.exe

windows10_x64

1

Fate.Client.dll

windows7_x64

3

Fate.Client.dll

windows10_x64

3

FateInjector.exe

windows7_x64

1

FateInjector.exe

windows10_x64

1

Fate.Client.dll

windows7_x64

3

Fate.Client.dll

windows10_x64

1

Analysis

  • max time kernel
    165s
  • max time network
    121s
  • platform
    windows10_x64
  • resource
    win10-en-20211104
  • submitted
    17-11-2021 16:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Coffee (1).exe

  • Size

    1.4MB

  • MD5

    235aa72b4fb4b2306ece386b744a24c8

  • SHA1

    ba38baa996854dd6ed41f62626d6bdd66e6ef247

  • SHA256

    4bcc29096d98a0707de7159f42fdd90e81a2d9274a68a3e44da66bf114e48438

  • SHA512

    173db0a30d1fd9fb45b27d214af63dd31e7e60b7aab301a4d9f5de1e8ce6e365817996080591bd7ade7295000e696696cb62d3662154e033e2ae7bbcd374b721

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Coffee (1).exe
    "C:\Users\Admin\AppData\Local\Temp\Coffee (1).exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2612-118-0x00007FF76BF70000-0x00007FF76BF71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2612-120-0x0000027DA8DC0000-0x0000027DA8DC2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2612-121-0x0000027DA8DC2000-0x0000027DA8DC4000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2612-122-0x0000027DA8DC4000-0x0000027DA8DC5000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2612-123-0x0000027DA8DC5000-0x0000027DA8DC7000-memory.dmp
    Filesize

    8KB

    Download