af1e6d8e83255ddaace2cb486be7111dc7b5868cd415d59600fdf8f23c39bd50

Analysis

max time kernel
136s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 12:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

af1e6d8e83255ddaace2cb486be7111dc7b5868cd415d59600fdf8f23c39bd50.exe
Size

156KB
MD5

6fab30709974036c30e459ef697e4bb0
SHA1

874722e09089448925c8c7c23216d4fbf7c092a6
SHA256

af1e6d8e83255ddaace2cb486be7111dc7b5868cd415d59600fdf8f23c39bd50
SHA512

02b15945749b4206892be7894f2b2eba2c08b57e259697be4ff28cb2849cf64c053b1d277c71100550b20892622258e0f5e096960450226caf129dfd28f044bd
SSDEEP

3072:Q1uis3Hb+Q5Xq8+5zQWFDsJrmVyzACeJwi72jlQpBW/RsFPPtuui/g20NdyF:y0bR1+5kWFQBYAcJDpo6FPPt6g2D

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4580	fabyope.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\fabyope.exe	af1e6d8e83255ddaace2cb486be7111dc7b5868cd415d59600fdf8f23c39bd50.exe
File created	C:\PROGRA~3\Mozilla\kybuain.dll	fabyope.exe

C:\Users\Admin\AppData\Local\Temp\af1e6d8e83255ddaace2cb486be7111dc7b5868cd415d59600fdf8f23c39bd50.exe
"C:\Users\Admin\AppData\Local\Temp\af1e6d8e83255ddaace2cb486be7111dc7b5868cd415d59600fdf8f23c39bd50.exe"
1⤵
- Drops file in Program Files directory
PID:4920

C:\PROGRA~3\Mozilla\fabyope.exe
C:\PROGRA~3\Mozilla\fabyope.exe -pbtetmh
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4580

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fabyope.exe

Filesize
156KB

MD5
883784f22af4e8555d5c367b226beb86

SHA1
f7d68fa3c34a12ab5eec4256ca2ebac585001980

SHA256
9d49e9ee511deec9423a14b462b95a35969cee60c45f0e7f0151dcd82f62d86a

SHA512
4c0c7ed7ad6301edc3699b0216cdc74729763c478dd0b1d5778870de0a476eaf201f0c0c2661bbf3e74bcf09c7ce6f83525228fb3b9a294e32f868fbef3103ac

Download Submit
C:\ProgramData\Mozilla\fabyope.exe

Filesize
156KB

MD5
883784f22af4e8555d5c367b226beb86

SHA1
f7d68fa3c34a12ab5eec4256ca2ebac585001980

SHA256
9d49e9ee511deec9423a14b462b95a35969cee60c45f0e7f0151dcd82f62d86a

SHA512
4c0c7ed7ad6301edc3699b0216cdc74729763c478dd0b1d5778870de0a476eaf201f0c0c2661bbf3e74bcf09c7ce6f83525228fb3b9a294e32f868fbef3103ac

Download Submit
memory/4580-138-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/4580-139-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/4920-132-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/4920-133-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download