9979c649036650bf639fcb19fe28272d42a4882240ca18d608a107afaf06389b

Analysis

max time kernel
87s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2022 14:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9979c649036650bf639fcb19fe28272d42a4882240ca18d608a107afaf06389b.exe
Size

131KB
MD5

4f7a290cc29d5e7e0a32cef602497320
SHA1

037aeadbb39137ea260398a90caff15aed67ddb5
SHA256

9979c649036650bf639fcb19fe28272d42a4882240ca18d608a107afaf06389b
SHA512

80c3b668ec237caf5f8a4434d621b0dbb18649d953c34ce8fb06fc48d7b2f846a51c6fa71f9b09aebdb64e3108df0fd4de0066eac56157ac5c1e6477819f40f0
SSDEEP

3072:4CRg3fScL7qmJOXRlU30A7G1mcJ7oygOJdhyjbBv0sBZa0BX:KqcK2wL674ZojOvEtvTZaWX

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
380	fabyope.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\fabyope.exe	9979c649036650bf639fcb19fe28272d42a4882240ca18d608a107afaf06389b.exe
File created	C:\PROGRA~3\Mozilla\kybuain.dll	fabyope.exe

C:\Users\Admin\AppData\Local\Temp\9979c649036650bf639fcb19fe28272d42a4882240ca18d608a107afaf06389b.exe
"C:\Users\Admin\AppData\Local\Temp\9979c649036650bf639fcb19fe28272d42a4882240ca18d608a107afaf06389b.exe"
1⤵
- Drops file in Program Files directory
PID:3576

C:\PROGRA~3\Mozilla\fabyope.exe
C:\PROGRA~3\Mozilla\fabyope.exe -pbtetmh
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:380

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fabyope.exe

Filesize
131KB

MD5
e6fcd7e7446b3c13a93f6c1e7899cf76

SHA1
9c39e3ce575b23dd6bd139895de115feec5b269b

SHA256
5a35e7003fc1bb8e0317057a2bf7f4e61a6f237c10fbc7384817ab49a72d7c70

SHA512
248da69502e32bee72f70bfba5830fd37a75a23fc8eda2357b2ed770e4344b289742a07855c70b0c65c91c14ca8d640c77d487ef4ef86e372d07585537899c0e

Download Submit
C:\ProgramData\Mozilla\fabyope.exe

Filesize
131KB

MD5
e6fcd7e7446b3c13a93f6c1e7899cf76

SHA1
9c39e3ce575b23dd6bd139895de115feec5b269b

SHA256
5a35e7003fc1bb8e0317057a2bf7f4e61a6f237c10fbc7384817ab49a72d7c70

SHA512
248da69502e32bee72f70bfba5830fd37a75a23fc8eda2357b2ed770e4344b289742a07855c70b0c65c91c14ca8d640c77d487ef4ef86e372d07585537899c0e

Download Submit
memory/380-140-0x0000000000E10000-0x0000000000E6B000-memory.dmp

Filesize
364KB

Download
memory/3576-132-0x0000000000680000-0x00000000006DB000-memory.dmp

Filesize
364KB

Download
memory/3576-137-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download