Analysis
-
max time kernel
155s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20220310-en -
submitted
15-03-2022 22:05
Static task
static1
Behavioral task
behavioral1
Sample
afbx.exe
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
afbx.exe
Resource
win10v2004-20220310-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
afbx.exe
-
Size
240KB
-
MD5
396ba06fff00da05029c40502778b3fb
-
SHA1
803b0fbe68ecf2f76a7463125ae1e55b9431924c
-
SHA256
fbc66b75d41324979e33746db3865526f64388a2dc3f8dc50e7fdc1d7bcbd763
-
SHA512
c44ed8401091d1a44b8510df83347807041eb6a78864699c4837f295891efa0f972ba5d4c11b587e50fa1917bb38fe6375822899a97b11bb98c37be9d1097153
Score
10/10
Malware Config
Signatures
-
Adds policy Run key to start application 2 TTPs 4 IoCs
Processes:
afbx.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run afbx.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\VLXHCMT5KJ = "C:\\Users\\Admin\\AppData\\Roaming\\AG58FPQON.exe" afbx.exe Key created \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run afbx.exe Set value (str) \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\VLXHCMT5KJ = "C:\\Users\\Admin\\AppData\\Roaming\\AG58FPQON.exe" afbx.exe -
Adds Run key to start application 2 TTPs 4 IoCs
Processes:
afbx.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\VLXHCMT5KJ = "C:\\Users\\Admin\\AppData\\Roaming\\AG58FPQON.exe" afbx.exe Key created \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000\Software\Microsoft\Windows\CurrentVersion\Run afbx.exe Set value (str) \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLXHCMT5KJ = "C:\\Users\\Admin\\AppData\\Roaming\\AG58FPQON.exe" afbx.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run afbx.exe -
Script User-Agent 2 IoCs
Uses user-agent string associated with script host/environment.
Processes:
description flow ioc HTTP User-Agent header 30 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 43 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
afbx.exepid process 2824 afbx.exe -
Suspicious behavior: RenamesItself 1 IoCs
Processes:
afbx.exepid process 2824 afbx.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
afbx.exepid process 2824 afbx.exe 2824 afbx.exe
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2824-134-0x0000000000400000-0x0000000000434000-memory.dmpFilesize
208KB