c1325329d28e4ddd619e3858a4e0c9d4f3a212e38d482b82708445c551ee8c2e

Analysis

max time kernel
89s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2022 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1325329d28e4ddd619e3858a4e0c9d4f3a212e38d482b82708445c551ee8c2e.exe
Size

164KB
MD5

066d779cc852e8fb9e53e6187ff22fc0
SHA1

1f533c5d1b12bbc0ad8785290bd35ec896d9c558
SHA256

c1325329d28e4ddd619e3858a4e0c9d4f3a212e38d482b82708445c551ee8c2e
SHA512

4286206c4804b796700a43e97d862dddd60107167392c20fd25cc9f40736cfea3d4364cdbd85a6a29cafee4f639e6c09e4a47ad18d11b95e1e1872ff4d440e99
SSDEEP

3072:ZliwDUWyFcB9fu+JMl2uU82Ws7f9sjboPACTQembG4hY/i1vA+k:ZldD1Yc7GIBgbzjbfLhRW+k

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
808	fabyope.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\kybuain.dll	fabyope.exe
File created	C:\PROGRA~3\Mozilla\fabyope.exe	c1325329d28e4ddd619e3858a4e0c9d4f3a212e38d482b82708445c551ee8c2e.exe

C:\Users\Admin\AppData\Local\Temp\c1325329d28e4ddd619e3858a4e0c9d4f3a212e38d482b82708445c551ee8c2e.exe
"C:\Users\Admin\AppData\Local\Temp\c1325329d28e4ddd619e3858a4e0c9d4f3a212e38d482b82708445c551ee8c2e.exe"
1⤵
- Drops file in Program Files directory
PID:712

C:\PROGRA~3\Mozilla\fabyope.exe
C:\PROGRA~3\Mozilla\fabyope.exe -pbtetmh
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:808

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fabyope.exe

Filesize
164KB

MD5
16c1b04649f50a538bad60245bf9fc95

SHA1
ade3faadd9ecec1d328b118b7eb7032015ccebeb

SHA256
e36413f5853aa9034db1f45c1be9634b8986b78640acf462d036402d6203c283

SHA512
707f24f1b02452e8f24eba2f6b8929e64bb1bead43ff96adfe46354815171ee8ab274d48da11c2ab187225ec432c9a17d57e4c20b6a6f346ad63c86269b0d4c6

Download Submit
C:\ProgramData\Mozilla\fabyope.exe

Filesize
164KB

MD5
16c1b04649f50a538bad60245bf9fc95

SHA1
ade3faadd9ecec1d328b118b7eb7032015ccebeb

SHA256
e36413f5853aa9034db1f45c1be9634b8986b78640acf462d036402d6203c283

SHA512
707f24f1b02452e8f24eba2f6b8929e64bb1bead43ff96adfe46354815171ee8ab274d48da11c2ab187225ec432c9a17d57e4c20b6a6f346ad63c86269b0d4c6

Download Submit
memory/712-132-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/712-133-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/712-134-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/712-137-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/808-140-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/808-141-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/808-144-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/808-145-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download