Overview

overview

10

Static

static

10

6a624dc3e2...32.exe

windows7_x64

10

6a624dc3e2...32.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    32s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    08-05-2022 18:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6a624dc3e28cada408d965494d951dd22cbdaab828b7fca7b5e6d2c6b0ed1632.exe

  • Size

    711KB

  • MD5

    00e23c0fee69ba546f419abd03951e82

  • SHA1

    3b3e8e8ab14e09bfc0a1fdc91ba0bcdd1ac3dbaf

  • SHA256

    6a624dc3e28cada408d965494d951dd22cbdaab828b7fca7b5e6d2c6b0ed1632

  • SHA512

    df0f2eab3b57c71e13afaf6eb5eb02fe4ff20a814cec7716c37e208b03c21a8cf33a609c3d0d4226a4765c7da7422ee33df2ca66577c50461d75da0387558d82

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Signatures

  • FakeAV, RogueAntivirus

    FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    fakeavspywarefakeav
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6a624dc3e28cada408d965494d951dd22cbdaab828b7fca7b5e6d2c6b0ed1632.exe
    "C:\Users\Admin\AppData\Local\Temp\6a624dc3e28cada408d965494d951dd22cbdaab828b7fca7b5e6d2c6b0ed1632.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:888

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/888-54-0x0000000075D21000-0x0000000075D23000-memory.dmp

    Filesize

    8KB

    Download