Analysis

  • max time kernel
    4294181s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20220223-en
  • submitted
    09-03-2022 05:40

General

  • Target

    ab1a6d28b54fa5a83402f868aa2031fdebf68cdd6c0ad1bbdc3fc354225bfd7f.exe

  • Size

    711KB

  • MD5

    00013a69b22a88dd166f3caf7c5350ec

  • SHA1

    edde0d67542ac602917135e13c6f843f1c54af76

  • SHA256

    ab1a6d28b54fa5a83402f868aa2031fdebf68cdd6c0ad1bbdc3fc354225bfd7f

  • SHA512

    b2e62522da34e7f09e969620d85d9bcac1c1dae56d715312bff727659589a6817bddffdfe3784c7dcda7430d52bc05bb765136346ee45f9e1b50072c2c39b88f

Malware Config

Signatures

  • FakeAV, RogueAntivirus

    FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

  • Adds Run key to start application 2 TTPs 4 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab1a6d28b54fa5a83402f868aa2031fdebf68cdd6c0ad1bbdc3fc354225bfd7f.exe
    "C:\Users\Admin\AppData\Local\Temp\ab1a6d28b54fa5a83402f868aa2031fdebf68cdd6c0ad1bbdc3fc354225bfd7f.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:1516

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1516-54-0x0000000075751000-0x0000000075753000-memory.dmp

    Filesize

    8KB

  • memory/1516-55-0x0000000000170000-0x0000000000171000-memory.dmp

    Filesize

    4KB