f690a7212b79e89a4905e6e2f02cc968e6b579a7e0c22ebcab5e894991741051

Analysis

max time kernel
141s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2022, 21:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f690a7212b79e89a4905e6e2f02cc968e6b579a7e0c22ebcab5e894991741051.exe
Size

166KB
MD5

a1dda39d4e85c4a3d76db7579c564b90
SHA1

ddb49c805c017b70b7a22fb888fd58f971a3d397
SHA256

f690a7212b79e89a4905e6e2f02cc968e6b579a7e0c22ebcab5e894991741051
SHA512

d6ac8e8a77369f38f676e271c62bed7bec251754dcc4bd95ee93cc3f780a523a287f6824ba539d4b2d4ae9c14fc09034217721cfdbbc891ead762544d1931b4f
SSDEEP

3072:olLCHXaCdhv4DVwveIa1PU1hN6OhFHU1XsQoTN3uDuFdUsu1oMyQ:4Cv3W71PUJ6OhFHU+QSNHRc

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4700	fabyope.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\fabyope.exe	f690a7212b79e89a4905e6e2f02cc968e6b579a7e0c22ebcab5e894991741051.exe
File created	C:\PROGRA~3\Mozilla\kybuain.dll	fabyope.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	f690a7212b79e89a4905e6e2f02cc968e6b579a7e0c22ebcab5e894991741051.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	fabyope.exe

C:\Users\Admin\AppData\Local\Temp\f690a7212b79e89a4905e6e2f02cc968e6b579a7e0c22ebcab5e894991741051.exe
"C:\Users\Admin\AppData\Local\Temp\f690a7212b79e89a4905e6e2f02cc968e6b579a7e0c22ebcab5e894991741051.exe"
1⤵
- Drops file in Program Files directory
- Enumerates system info in registry
PID:3440

C:\PROGRA~3\Mozilla\fabyope.exe
C:\PROGRA~3\Mozilla\fabyope.exe -pbtetmh
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Enumerates system info in registry
PID:4700

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fabyope.exe

Filesize
166KB

MD5
fb535cb7e44d0728a6d09bb543ddd13f

SHA1
8c6b5cd0015ed5de019920da5009a6630942ab67

SHA256
bbec88426b984c794c8d47dc59254b1427561f76a45be125842ab45b7ad17a8d

SHA512
e13402d82763f694586ac452013a563952a82ff699b7ae5a740a53fe533e12c464aeab034f40b236ce1f7163238d094f4483f3d7de602f72712353ca56d0a091

Download Submit
C:\ProgramData\Mozilla\fabyope.exe

Filesize
166KB

MD5
fb535cb7e44d0728a6d09bb543ddd13f

SHA1
8c6b5cd0015ed5de019920da5009a6630942ab67

SHA256
bbec88426b984c794c8d47dc59254b1427561f76a45be125842ab45b7ad17a8d

SHA512
e13402d82763f694586ac452013a563952a82ff699b7ae5a740a53fe533e12c464aeab034f40b236ce1f7163238d094f4483f3d7de602f72712353ca56d0a091

Download Submit
memory/3440-132-0x00000000020C0000-0x000000000211B000-memory.dmp

Filesize
364KB

Download
memory/4700-139-0x0000000000C70000-0x0000000000CCB000-memory.dmp

Filesize
364KB

Download