7d9b3402ab0a58fd1e36c07fe92502b15c195e697f3a4c492d08798c9dd872f1

Analysis

max time kernel
124s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 22:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d9b3402ab0a58fd1e36c07fe92502b15c195e697f3a4c492d08798c9dd872f1.exe
Size

144KB
MD5

5411b3b45ec58d39c8572f84f0caf520
SHA1

e6ae9cb89c9c889435f3c991f607785cc7305daa
SHA256

7d9b3402ab0a58fd1e36c07fe92502b15c195e697f3a4c492d08798c9dd872f1
SHA512

dbd72c38f1e91c4ac7051e2e58d70efcbfe17f2916fcc44db0079c471d21503e0a821017b4c779d4bdac28ba6b0de4b0d62253893ebd43ce49c3d51fe3b7a52b
SSDEEP

3072:BO8vGaQ3xPFO6yQWSvAtZJoYIXp0Tr14bAHK3cd/A:BO8+aqtLy2vA7eYIX2J4a8cdY

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
840	fabyope.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\kybuain.dll	fabyope.exe
File created	C:\PROGRA~3\Mozilla\fabyope.exe	7d9b3402ab0a58fd1e36c07fe92502b15c195e697f3a4c492d08798c9dd872f1.exe

C:\Users\Admin\AppData\Local\Temp\7d9b3402ab0a58fd1e36c07fe92502b15c195e697f3a4c492d08798c9dd872f1.exe
"C:\Users\Admin\AppData\Local\Temp\7d9b3402ab0a58fd1e36c07fe92502b15c195e697f3a4c492d08798c9dd872f1.exe"
1⤵
- Drops file in Program Files directory
PID:1264

C:\PROGRA~3\Mozilla\fabyope.exe
C:\PROGRA~3\Mozilla\fabyope.exe -pbtetmh
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:840

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fabyope.exe

Filesize
144KB

MD5
e41fef1945e471929dcfdb90052d7f9a

SHA1
6849cb6df4b74d96db5946cb108519848c0f1e4e

SHA256
31fa4801364fa95eddd9fb03a8f428436d88a3fb499f4b0f525774143dedef31

SHA512
31b64885ed3d026d0c1f0d56b88b437e74c78a23a7d5c6173ccd4440db504a9eefc5145ae15dbb0590957c8b7408e6922625a349095b41d21cf8cbcd81400436

Download Submit
C:\ProgramData\Mozilla\fabyope.exe

Filesize
144KB

MD5
e41fef1945e471929dcfdb90052d7f9a

SHA1
6849cb6df4b74d96db5946cb108519848c0f1e4e

SHA256
31fa4801364fa95eddd9fb03a8f428436d88a3fb499f4b0f525774143dedef31

SHA512
31b64885ed3d026d0c1f0d56b88b437e74c78a23a7d5c6173ccd4440db504a9eefc5145ae15dbb0590957c8b7408e6922625a349095b41d21cf8cbcd81400436

Download Submit
memory/840-140-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/840-144-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/840-145-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/1264-133-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/1264-132-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/1264-136-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/1264-137-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download