Overview

overview

10

Static

static

10

3bf33f1f0b...dd.exe

windows7_x64

10

3bf33f1f0b...dd.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    43s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    03-07-2022 09:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3bf33f1f0b788dad2130b64225748cd36d7718f49e700ec098760ff977f912dd.exe

  • Size

    711KB

  • MD5

    4a2922100e5f291318ffd12b61a445c3

  • SHA1

    b8e916152100e06cd72cc75070df1973a9ec6fb5

  • SHA256

    3bf33f1f0b788dad2130b64225748cd36d7718f49e700ec098760ff977f912dd

  • SHA512

    2bd5b0afafb873164051758afc2af82608bdbacbb43eda7f1858de1d6e5a90c43cc070d67d4b844825f1fa3449f9414df98379d7a46456be3d3539f74c9ccf72

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Signatures

  • FakeAV, RogueAntivirus

    FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    fakeavspywarefakeav
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3bf33f1f0b788dad2130b64225748cd36d7718f49e700ec098760ff977f912dd.exe
    "C:\Users\Admin\AppData\Local\Temp\3bf33f1f0b788dad2130b64225748cd36d7718f49e700ec098760ff977f912dd.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:1564

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1564-54-0x0000000075CD1000-0x0000000075CD3000-memory.dmp

    Filesize

    8KB

    Download