Overview

overview

10

Static

static

5

ffa0cf8126...79.exe

windows7_x64

10

ffa0cf8126...79.exe

windows10-2004_x64

7

Analysis

  • max time kernel
    116s
  • max time network
    173s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220310-en
  • submitted
    15-03-2022 16:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ffa0cf81269e68c80a9d882cbd719633b4e758267359a9b91449312cf904c879.exe

  • Size

    1.9MB

  • MD5

    cfadbb067cbbe594fed876fe1152f40d

  • SHA1

    0fdec001b048b52fdbe29e527bdf3a4be675a3e6

  • SHA256

    ffa0cf81269e68c80a9d882cbd719633b4e758267359a9b91449312cf904c879

  • SHA512

    849cfd08accf3b24536bf42b160b5aa4d9ba0694ce6488ab4ebc5f0183892697b2bd7f2d6443d5f6346b944f1fc40beb3a6852754d0c0cbb0a23c7b6cd4285d9

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ffa0cf81269e68c80a9d882cbd719633b4e758267359a9b91449312cf904c879.exe
    "C:\Users\Admin\AppData\Local\Temp\ffa0cf81269e68c80a9d882cbd719633b4e758267359a9b91449312cf904c879.exe"
    1⤵
    • Drops startup file
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4772-134-0x00000000016F0000-0x00000000016F1000-memory.dmp

    Filesize

    4KB

    Download