Overview

overview

10

Static

static

10

af80eae6be...ee.exe

windows7_x64

10

af80eae6be...ee.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    153s
  • max time network
    169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    08-05-2022 17:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af80eae6be843eeecbd3e9acb3180f2d10123b7f3744134e80a3a93a7e1676ee.exe

  • Size

    2.8MB

  • MD5

    02d6d2add914b2cc9c7f8c62885e8b7c

  • SHA1

    338ae22742408c829bd9887269bceca54c5dbf12

  • SHA256

    af80eae6be843eeecbd3e9acb3180f2d10123b7f3744134e80a3a93a7e1676ee

  • SHA512

    eed323bf3550e4bb7a03b5e526902b2e1693d37bdc3988a58192245f850fae48793cf003ae6e2d0b7bff4a05c1fbe06d67cdf8622f4dde6ef38dd4319b1f69d5

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Signatures

  • FakeAV, RogueAntivirus

    FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    fakeavspywarefakeav
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\af80eae6be843eeecbd3e9acb3180f2d10123b7f3744134e80a3a93a7e1676ee.exe
    "C:\Users\Admin\AppData\Local\Temp\af80eae6be843eeecbd3e9acb3180f2d10123b7f3744134e80a3a93a7e1676ee.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:2596

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads