Overview

overview

10

Static

static

nizanmfts_fr/??.exe

windows7_x64

5

nizanmfts_fr/??.exe

windows10-2004_x64

5

nizanmfts_fr/????.url

windows7_x64

6

nizanmfts_fr/????.url

windows10-2004_x64

6

nizanmfts_...??.url

windows7_x64

6

nizanmfts_...??.url

windows10-2004_x64

6

nizanmfts_fr/load.dll

windows7_x64

10

nizanmfts_fr/load.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    152s
  • max time network
    172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    16-06-2022 08:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nizanmfts_fr/??.exe

  • Size

    3.3MB

  • MD5

    e1997a27641510d0700ccb7cbe11b530

  • SHA1

    ff6f583f40494250acea810fdb3126356807645c

  • SHA256

    dd76a68797960e242e385175fc16c0b291374bdd2fcc71a04fcdbc3b17cc86bf

  • SHA512

    e54dd30c7e761680a12565a4ed74c70c5a82e93968444a4fc66b16491b1606743e9264a18c7a47ec57641c1b24b7353397859575a1bdddb00480778eaac0ea37

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 25 IoCs
  • Program crash 1 IoCs
  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\nizanmfts_fr\__.exe
    "C:\Users\Admin\AppData\Local\Temp\nizanmfts_fr\__.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Enumerates system info in registry
    • Suspicious use of SetWindowsHookEx
    PID:3192
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 1296
      2⤵
      • Program crash
      PID:2868
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3192 -ip 3192
    1⤵
      PID:4036

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3192-130-0x0000000000400000-0x0000000000741000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/3192-131-0x0000000076F60000-0x0000000077103000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3192-132-0x0000000076B10000-0x0000000076D25000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/3192-134-0x0000000076400000-0x00000000765A0000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3192-135-0x0000000075940000-0x00000000759BA000-memory.dmp

      Filesize

      488KB

      Download

    • memory/3192-1479-0x0000000002530000-0x0000000002630000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/3192-1480-0x0000000002530000-0x0000000002630000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/3192-1481-0x0000000000400000-0x0000000000741000-memory.dmp

      Filesize

      3.3MB

      Download