Analysis

  • max time kernel
    86s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    08/05/2022, 17:51 UTC

General

  • Target

    b17c425c9c2fd087178e36a971bd43051f5592f96cf5c0eb201b38afae7dc2e5.exe

  • Size

    711KB

  • MD5

    01f558edab5e39527f3ec00d89783964

  • SHA1

    20abb6c52fd987a05831fb3e28aa13d7b3f817c6

  • SHA256

    b17c425c9c2fd087178e36a971bd43051f5592f96cf5c0eb201b38afae7dc2e5

  • SHA512

    a91efea1e9eec8c73cc133f1478293a5dd2b058f303b2c4cc055caa4f3074aef08b59df9ab9240e8b4deb6a4fae9ceb337147598e0312e29379101a1762b8ad0

Malware Config

Signatures

  • FakeAV, RogueAntivirus

    FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

  • Adds Run key to start application 2 TTPs 4 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b17c425c9c2fd087178e36a971bd43051f5592f96cf5c0eb201b38afae7dc2e5.exe
    "C:\Users\Admin\AppData\Local\Temp\b17c425c9c2fd087178e36a971bd43051f5592f96cf5c0eb201b38afae7dc2e5.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:4324

Network

    No results found
  • 67.24.25.254:80
    322 B
    7
  • 20.189.173.12:443
    322 B
    7
  • 8.238.20.126:80
    322 B
    7
  • 8.238.20.126:80
    322 B
    7
  • 8.238.20.126:80
    322 B
    7
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.