f4feea206506975eb847bfe0b7a1cc3682b2476a1564e220e51eb758cccc7a32

Analysis

max time kernel
135s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2022 19:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4feea206506975eb847bfe0b7a1cc3682b2476a1564e220e51eb758cccc7a32.exe
Size

265KB
MD5

8159cabbe92cfeca80e1566a79c03d98
SHA1

2def67525fc30294701a167c1a83bfd3995727c4
SHA256

f4feea206506975eb847bfe0b7a1cc3682b2476a1564e220e51eb758cccc7a32
SHA512

37c7b207e5081d939cf605679fe19771c6feb5fcfc5e5aecc5210d92b39ad9081433c3348017470d97f00334eb14291e248242674eaff8235889b8d81e37ee73
SSDEEP

3072:aIJ8MJJ/pqo6Xjy1wXesId9H8gVQO+5/c2ddLM6hMLIokjwrhpcSvMrq5kUL2iZm:t5XMoi2wO+FdddLM6njNSqmdOasn7

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4936	fabyope.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\fabyope.exe	f4feea206506975eb847bfe0b7a1cc3682b2476a1564e220e51eb758cccc7a32.exe
File created	C:\PROGRA~3\Mozilla\kybuain.dll	fabyope.exe

C:\Users\Admin\AppData\Local\Temp\f4feea206506975eb847bfe0b7a1cc3682b2476a1564e220e51eb758cccc7a32.exe
"C:\Users\Admin\AppData\Local\Temp\f4feea206506975eb847bfe0b7a1cc3682b2476a1564e220e51eb758cccc7a32.exe"
1⤵
- Drops file in Program Files directory
PID:4384

C:\PROGRA~3\Mozilla\fabyope.exe
C:\PROGRA~3\Mozilla\fabyope.exe -pbtetmh
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4936

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fabyope.exe

Filesize
265KB

MD5
07780aa5fba7bc74d26486eda11f7846

SHA1
9def6211d636d01e4e6db346c1b0ee3cd13083d0

SHA256
6443e96dd19f7d295c080aec67e700bc3c5673707826d23711cf9ba4f15922bc

SHA512
af96630b96a3128ab651962350a7ea459875825a9065115069316e245a677642c120a287799b22521da5cf9491b4f55621c9109ccf93af1b2966fa11649faefa

Download Submit
C:\ProgramData\Mozilla\fabyope.exe

Filesize
265KB

MD5
07780aa5fba7bc74d26486eda11f7846

SHA1
9def6211d636d01e4e6db346c1b0ee3cd13083d0

SHA256
6443e96dd19f7d295c080aec67e700bc3c5673707826d23711cf9ba4f15922bc

SHA512
af96630b96a3128ab651962350a7ea459875825a9065115069316e245a677642c120a287799b22521da5cf9491b4f55621c9109ccf93af1b2966fa11649faefa

Download Submit
memory/4384-132-0x0000000000510000-0x000000000056B000-memory.dmp

Filesize
364KB

Download
memory/4384-133-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4384-134-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4384-135-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4936-138-0x0000000000D40000-0x0000000000D9B000-memory.dmp

Filesize
364KB

Download
memory/4936-139-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4936-140-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download