Overview

overview

10

Static

static

10

1be3df86f2...8d.exe

windows7_x64

10

1be3df86f2...8d.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    173s
  • max time network
    194s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    08-05-2022 05:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1be3df86f2e5a8165d4f04ec0290de15d60db343d01f762f9de125d7dac7738d.exe

  • Size

    711KB

  • MD5

    004c8205704cdb9f09252a6f6b7358cf

  • SHA1

    e8eab0136519fa12545824dc18a3a6c8edb1747a

  • SHA256

    1be3df86f2e5a8165d4f04ec0290de15d60db343d01f762f9de125d7dac7738d

  • SHA512

    6469fd36b63e5ac97c5a999589e7cb267a93902ed9ef65f7c49ee0a4899f4338270a879c6b064f2c99b608c742b8a92a383f854c9aa883368e45562f18a1ae84

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Signatures

  • FakeAV, RogueAntivirus

    FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    fakeavspywarefakeav
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1be3df86f2e5a8165d4f04ec0290de15d60db343d01f762f9de125d7dac7738d.exe
    "C:\Users\Admin\AppData\Local\Temp\1be3df86f2e5a8165d4f04ec0290de15d60db343d01f762f9de125d7dac7738d.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:1076

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads