Overview

overview

10

Static

static

tmp/fem0.exe

windows7_x64

1

tmp/fem0.exe

windows10_x64

10

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    14-12-2021 12:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp/fem0.exe

  • Size

    463KB

  • MD5

    6429aa83e4bc083b4f0b3f44b0d7950f

  • SHA1

    0ead59881f054284f611accb61451ed1ffc818fc

  • SHA256

    96c57ae661562e958e01bb0b490c09a0a51bb367931620223174963de88bdfcb

  • SHA512

    186383701c591db2c011c8ae24920759c10880068dd217e32110ae54b9c7f0863b7fb04e893f601a234742deb5838a22820dc8835ba9198d66b7bb297d502f9b

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp\fem0.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp\fem0.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Users\Admin\AppData\Local\Temp\tmp\fem0.exe
      "C:\Users\Admin\AppData\Local\Temp\tmp\fem0.exe"
      2⤵
        PID:576
      • C:\Users\Admin\AppData\Local\Temp\tmp\fem0.exe
        "C:\Users\Admin\AppData\Local\Temp\tmp\fem0.exe"
        2⤵
          PID:848
        • C:\Users\Admin\AppData\Local\Temp\tmp\fem0.exe
          "C:\Users\Admin\AppData\Local\Temp\tmp\fem0.exe"
          2⤵
            PID:304
          • C:\Users\Admin\AppData\Local\Temp\tmp\fem0.exe
            "C:\Users\Admin\AppData\Local\Temp\tmp\fem0.exe"
            2⤵
              PID:1464
            • C:\Users\Admin\AppData\Local\Temp\tmp\fem0.exe
              "C:\Users\Admin\AppData\Local\Temp\tmp\fem0.exe"
              2⤵
                PID:1472

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1724-54-0x0000000000390000-0x0000000000391000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1724-56-0x0000000075B11000-0x0000000075B13000-memory.dmp
              Filesize

              8KB

              Download
            • memory/1724-57-0x00000000046B0000-0x00000000046B1000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1724-58-0x0000000000440000-0x0000000000445000-memory.dmp
              Filesize

              20KB

              Download
            • memory/1724-59-0x0000000005130000-0x000000000517B000-memory.dmp
              Filesize

              300KB

              Download