Overview

overview

10

Static

static

8

22221d5e43...45.exe

windows7_x64

8

22221d5e43...45.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    93s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    12-06-2022 06:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22221d5e43e091a1c03113d1bb37d8dd95dcf07d8756c87d2df6c0d1ab944845.exe

  • Size

    804KB

  • MD5

    afd33b39cc87ff4d2e7047e199b911f0

  • SHA1

    71adba01096df16f501b202b07d24d5c3fee37df

  • SHA256

    22221d5e43e091a1c03113d1bb37d8dd95dcf07d8756c87d2df6c0d1ab944845

  • SHA512

    9802fdf92b9735740bf23b943fd9fa15c374d09a2a13c90823a96654cc0a3fd157148b9600153d66721ee57023227339c30bab4cc7780737cd8a0a9844be3671

Score
10/10
ffdroiderevasionspywarestealertrojanvmprotect

Malware Config

Signatures

  • FFDroider

    Stealer targeting social media platform users first seen in April 2022.

    stealerffdroider
  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22221d5e43e091a1c03113d1bb37d8dd95dcf07d8756c87d2df6c0d1ab944845.exe
    "C:\Users\Admin\AppData\Local\Temp\22221d5e43e091a1c03113d1bb37d8dd95dcf07d8756c87d2df6c0d1ab944845.exe"
    1⤵
    • Checks whether UAC is enabled
    • Suspicious use of AdjustPrivilegeToken
    PID:4180

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4180-130-0x0000000000400000-0x000000000064F000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/4180-131-0x0000000000400000-0x000000000064F000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/4180-132-0x0000000000400000-0x000000000064F000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/4180-134-0x00000000037C0000-0x00000000037D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4180-140-0x0000000003920000-0x0000000003930000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4180-146-0x0000000004400000-0x0000000004408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4180-147-0x0000000004420000-0x0000000004428000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4180-148-0x00000000044C0000-0x00000000044C8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4180-149-0x0000000004610000-0x0000000004618000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4180-150-0x0000000004770000-0x0000000004778000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4180-151-0x0000000004B10000-0x0000000004B18000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4180-152-0x0000000004A10000-0x0000000004A18000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4180-153-0x0000000004880000-0x0000000004888000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4180-154-0x0000000004420000-0x0000000004428000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4180-155-0x0000000004880000-0x0000000004888000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4180-156-0x0000000004420000-0x0000000004428000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4180-157-0x0000000004880000-0x0000000004888000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4180-184-0x00000000045D0000-0x00000000045D8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4180-185-0x0000000004540000-0x0000000004548000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4180-187-0x0000000004540000-0x0000000004548000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4180-309-0x0000000000400000-0x000000000064F000-memory.dmp

    Filesize

    2.3MB

    Download