Analysis

  • max time kernel
    184s
  • max time network
    218s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    08/05/2022, 03:53 UTC

General

  • Target

    6faa2f0a3deee3445cbe82da91f7cfbb029725002dcf9a23a2f5670f5fbff923.exe

  • Size

    711KB

  • MD5

    009ea8b18446221d93108d742af3efc8

  • SHA1

    1da585ea827ae791215253162f4c4958b8c3faf6

  • SHA256

    6faa2f0a3deee3445cbe82da91f7cfbb029725002dcf9a23a2f5670f5fbff923

  • SHA512

    8eaeb2c64dfca5d535fa83d661d8346b794af37da78dbcf74ae5622c9f798a22f8eded04788b6138f73241989831ae967cec2e3b7f8a785e99e6772a7cb4d900

Malware Config

Signatures

  • FakeAV, RogueAntivirus

    FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

  • Adds Run key to start application 2 TTPs 4 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6faa2f0a3deee3445cbe82da91f7cfbb029725002dcf9a23a2f5670f5fbff923.exe
    "C:\Users\Admin\AppData\Local\Temp\6faa2f0a3deee3445cbe82da91f7cfbb029725002dcf9a23a2f5670f5fbff923.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:4108

Network

    No results found
  • 2.18.109.224:443
    tls, https
    436 B
    40 B
    1
    1
  • 2.18.109.224:443
    storesdk.dsx.mp.microsoft.com
    tls
    1.4kB
    7.5kB
    16
    14
  • 20.189.173.1:443
    322 B
    7
  • 104.18.25.243:80
    322 B
    7
  • 178.79.208.1:80
    322 B
    7
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.