Overview

overview

10

Static

static

3dd400266e...d1.exe

windows7_x64

10

3dd400266e...d1.exe

windows10-2004_x64

1

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    31-01-2022 12:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3dd400266e418778615ef84a247687d1.exe

  • Size

    514KB

  • MD5

    3dd400266e418778615ef84a247687d1

  • SHA1

    995b055ae2eb4f7ed8dd0d603cc3690a2bbe5c3c

  • SHA256

    da00ad76bb648365108fb03a95cf69a56608e4605cfe02fcaf933af239ce7ac2

  • SHA512

    8a202b59dc234c35a4538c2040ba3b2855df073ef3f32ce06fa7f784f22971362a4efd98ff2a41cb7a3b77ad6f6c840b00fcc55f8662ab10d9edf3d38d8bc16e

Score
10/10
formbookcw22ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cw22

Decoy

betvoy206.com

nftstoners.com

tirupatibuilder.com

gulldesigns.com

shemhq.com

boricosmetic.com

bitcoinbillionaireboy.com

theflypaperplanes.com

retrocartours.com

yangzhie326.com

cheepchain.com

sentryr.com

luckirentalhomes.com

pointssquashers.com

dianasarabiantreasures.com

calendarsilo.com

sublike21.xyz

gajubg0up.xyz

lousfoodreviews.com

fades.site

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook Payload 1 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3dd400266e418778615ef84a247687d1.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd400266e418778615ef84a247687d1.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1680
    • C:\Users\Admin\AppData\Local\Temp\3dd400266e418778615ef84a247687d1.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd400266e418778615ef84a247687d1.exe"
      2⤵
        PID:848
      • C:\Users\Admin\AppData\Local\Temp\3dd400266e418778615ef84a247687d1.exe
        "C:\Users\Admin\AppData\Local\Temp\3dd400266e418778615ef84a247687d1.exe"
        2⤵
          PID:572
        • C:\Users\Admin\AppData\Local\Temp\3dd400266e418778615ef84a247687d1.exe
          "C:\Users\Admin\AppData\Local\Temp\3dd400266e418778615ef84a247687d1.exe"
          2⤵
            PID:844
          • C:\Users\Admin\AppData\Local\Temp\3dd400266e418778615ef84a247687d1.exe
            "C:\Users\Admin\AppData\Local\Temp\3dd400266e418778615ef84a247687d1.exe"
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:384

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/384-60-0x0000000000400000-0x000000000042F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/384-59-0x0000000000400000-0x000000000042F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/384-61-0x0000000000400000-0x000000000042F000-memory.dmp
          Filesize

          188KB

          Download
        • memory/384-62-0x00000000008B0000-0x0000000000BB3000-memory.dmp
          Filesize

          3.0MB

          Download
        • memory/1680-54-0x0000000000170000-0x00000000001F6000-memory.dmp
          Filesize

          536KB

          Download
        • memory/1680-55-0x0000000075AC1000-0x0000000075AC3000-memory.dmp
          Filesize

          8KB

          Download
        • memory/1680-56-0x0000000004E10000-0x0000000004E11000-memory.dmp
          Filesize

          4KB

          Download
        • memory/1680-57-0x00000000002A0000-0x00000000002B4000-memory.dmp
          Filesize

          80KB

          Download
        • memory/1680-58-0x0000000004960000-0x00000000049C6000-memory.dmp
          Filesize

          408KB

          Download