9359142737587c62bc16faf2595b042072431596f8bdcb8f840ed1a891ee548e

Analysis

max time kernel
141s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 08:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9359142737587c62bc16faf2595b042072431596f8bdcb8f840ed1a891ee548e.exe
Size

201KB
MD5

808c085467bde042eaa985986277dab0
SHA1

9ac7aabba441da229687ffc690524df575ff1501
SHA256

9359142737587c62bc16faf2595b042072431596f8bdcb8f840ed1a891ee548e
SHA512

64bc5b401305a3f198730398cfddeb608ec8e9c7efcc15a2f9ff1c6fce2cca59cfa64b9a319ab8af624bb31331ea4c9f1a529a4eb40e404508f6848ed061cfb2
SSDEEP

3072:g7KEcx/PGumsUbjdor/7BS4e9rPSFgLccpFQSZK+IyrfY2Nmo3bb0sBDID:gGt/hU1YjBS4A7SqRhjrfYozLb0sKD

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1280	fabyope.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\fabyope.exe	9359142737587c62bc16faf2595b042072431596f8bdcb8f840ed1a891ee548e.exe
File created	C:\PROGRA~3\Mozilla\kybuain.dll	fabyope.exe

C:\Users\Admin\AppData\Local\Temp\9359142737587c62bc16faf2595b042072431596f8bdcb8f840ed1a891ee548e.exe
"C:\Users\Admin\AppData\Local\Temp\9359142737587c62bc16faf2595b042072431596f8bdcb8f840ed1a891ee548e.exe"
1⤵
- Drops file in Program Files directory
PID:2924

C:\PROGRA~3\Mozilla\fabyope.exe
C:\PROGRA~3\Mozilla\fabyope.exe -pbtetmh
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1280

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fabyope.exe

Filesize
201KB

MD5
8639f4ea3e4fdc7a499af740d92017f9

SHA1
1a9c77b95a20d74aa93c5dda75c1d959a8527a4e

SHA256
cb24d608a69f9894bebce861bd671f9c54121d1b3f7e5556b0fc6298a33f59c9

SHA512
8b5985251e887fe9d9872660a4388cb0ee3f9d17091372ad6cb74eb483101f8a7da358eed0061f9d7a7793dc053e39a85c491c4e5fcaad179667adb41529f827

Download Submit
C:\ProgramData\Mozilla\fabyope.exe

Filesize
201KB

MD5
8639f4ea3e4fdc7a499af740d92017f9

SHA1
1a9c77b95a20d74aa93c5dda75c1d959a8527a4e

SHA256
cb24d608a69f9894bebce861bd671f9c54121d1b3f7e5556b0fc6298a33f59c9

SHA512
8b5985251e887fe9d9872660a4388cb0ee3f9d17091372ad6cb74eb483101f8a7da358eed0061f9d7a7793dc053e39a85c491c4e5fcaad179667adb41529f827

Download Submit
memory/1280-140-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1280-141-0x0000000000D30000-0x0000000000D8B000-memory.dmp

Filesize
364KB

Download
memory/1280-146-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2924-132-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2924-133-0x0000000002190000-0x00000000021EB000-memory.dmp

Filesize
364KB

Download