Overview

overview

10

Static

static

10

f22c5c0368...73.exe

windows7_x64

10

f22c5c0368...73.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    118s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    09-03-2022 03:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f22c5c0368baa97100cd60aefc96fe5b0b95b62d05004ac8930674cb72e67d73.exe

  • Size

    711KB

  • MD5

    004fadadf89ff20454cddd727f2022be

  • SHA1

    2f4b35f6c8a8d708ecf9db8fe1f490dea6f3b1fe

  • SHA256

    f22c5c0368baa97100cd60aefc96fe5b0b95b62d05004ac8930674cb72e67d73

  • SHA512

    c3d2782c09c726fedd6b4a5e7b8a06704e5f3f0ba8fbade73f56babf69cc8398a2d4fcd01a2ce536c0c373819fa83785b4227ec5ef5f5727a85efdca72f729f4

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Signatures

  • FakeAV, RogueAntivirus

    FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    fakeavspywarefakeav
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f22c5c0368baa97100cd60aefc96fe5b0b95b62d05004ac8930674cb72e67d73.exe
    "C:\Users\Admin\AppData\Local\Temp\f22c5c0368baa97100cd60aefc96fe5b0b95b62d05004ac8930674cb72e67d73.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:1908

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1908-55-0x0000000076731000-0x0000000076733000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1908-56-0x00000000001F0000-0x00000000001F1000-memory.dmp

    Filesize

    4KB

    Download