Overview

overview

10

Static

static

10

e896e2a08b...92.exe

windows7_x64

10

e896e2a08b...92.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    181s
  • max time network
    178s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    12-05-2022 00:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e896e2a08ba8d53ae2f3d5b98b853a3daecb63431de52171b8e492fddd0c7c92.exe

  • Size

    27.8MB

  • MD5

    009c9dca4476201b05080ca09ea29c5a

  • SHA1

    e3bef5c680c0a3919199b8a7487e4b3d642aa8cd

  • SHA256

    e896e2a08ba8d53ae2f3d5b98b853a3daecb63431de52171b8e492fddd0c7c92

  • SHA512

    7e9bfdda7461dd5821ca94c077396163739057c742e60ae4ff07971594fc415af5f627d7dc6cb7329fef79969f3b29228c6113d53bd94b5d436fedfd9d9437d2

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Signatures

  • FakeAV, RogueAntivirus

    FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    fakeavspywarefakeav
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e896e2a08ba8d53ae2f3d5b98b853a3daecb63431de52171b8e492fddd0c7c92.exe
    "C:\Users\Admin\AppData\Local\Temp\e896e2a08ba8d53ae2f3d5b98b853a3daecb63431de52171b8e492fddd0c7c92.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:1340

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads