Overview
overview
10Static
static
FastCopy/FastCopy.exe
windows7-x64
6FastCopy/FastCopy.exe
windows10-2004-x64
6FastCopy/FastEx64.dll
windows7-x64
10FastCopy/FastEx64.dll
windows10-2004-x64
10FastCopy/FastExt.dll
windows7-x64
10FastCopy/FastExt.dll
windows10-2004-x64
10FastCopy/FastExt1.dll
windows7-x64
10FastCopy/FastExt1.dll
windows10-2004-x64
10FastCopy/FcHash.exe
windows7-x64
1FastCopy/FcHash.exe
windows10-2004-x64
1FastCopy/fcp.exe
windows7-x64
6FastCopy/fcp.exe
windows10-2004-x64
6FastCopy/setup.exe
windows7-x64
1FastCopy/setup.exe
windows10-2004-x64
1FastCopy64...py.exe
windows7-x64
6FastCopy64...py.exe
windows10-2004-x64
6FastCopy64...64.dll
windows7-x64
10FastCopy64...64.dll
windows10-2004-x64
10FastCopy64...xt.dll
windows7-x64
10FastCopy64...xt.dll
windows10-2004-x64
10FastCopy64...t1.dll
windows7-x64
10FastCopy64...t1.dll
windows10-2004-x64
10FastCopy64/FcHash.exe
windows7-x64
1FastCopy64/FcHash.exe
windows10-2004-x64
1FastCopy64/fcp.exe
windows7-x64
6FastCopy64/fcp.exe
windows10-2004-x64
6FastCopy64/setup.exe
windows7-x64
1FastCopy64/setup.exe
windows10-2004-x64
1Analysis
-
max time kernel
134s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
05-11-2022 13:06
Static task
static1
Behavioral task
behavioral1
Sample
FastCopy/FastCopy.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
FastCopy/FastCopy.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
FastCopy/FastEx64.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral4
Sample
FastCopy/FastEx64.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
FastCopy/FastExt.dll
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral6
Sample
FastCopy/FastExt.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
FastCopy/FastExt1.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral8
Sample
FastCopy/FastExt1.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
FastCopy/FcHash.exe
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral10
Sample
FastCopy/FcHash.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
FastCopy/fcp.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral12
Sample
FastCopy/fcp.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
FastCopy/setup.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral14
Sample
FastCopy/setup.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
FastCopy64/FastCopy.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral16
Sample
FastCopy64/FastCopy.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
FastCopy64/FastEx64.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral18
Sample
FastCopy64/FastEx64.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
FastCopy64/FastExt.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral20
Sample
FastCopy64/FastExt.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
FastCopy64/FastExt1.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral22
Sample
FastCopy64/FastExt1.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
FastCopy64/FcHash.exe
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral24
Sample
FastCopy64/FcHash.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
FastCopy64/fcp.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral26
Sample
FastCopy64/fcp.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
FastCopy64/setup.exe
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral28
Sample
FastCopy64/setup.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
FastCopy64/FastEx64.dll
-
Size
255KB
-
MD5
07d933b296ebd2d95f8957918e17d856
-
SHA1
f35381f2048f0d51832632cbfae100b6c8d285f4
-
SHA256
f1a71ca5f2859befa7e5c098342ea2a36dd54c5a3d4b8e8b2c02439ce77b38b1
-
SHA512
bcf52c94dd88b5bc3c355a2a6fd21677aa4d730d27c33a19d68b7f6d043267d460d53d3045ac3a93d79e3b4e22506028ddb9a5b657b81890f0ce3974cf4b9e7e
-
SSDEEP
6144:avn7m7fGtlq8jJtUWqCQmn7j68TBAwQrOu:5Gtlq+HhP68T6Su
Malware Config
Signatures
-
Modifies system executable filetype association 2 TTPs 3 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\FastCopy regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe -
Registers COM server for autorun 1 TTPs 3 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{72FF462B-AB7D-427A-A268-E22E414933D7}\InProcServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{72FF462B-AB7D-427A-A268-E22E414933D7}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\FastCopy64\\FastEx64.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{72FF462B-AB7D-427A-A268-E22E414933D7}\InProcServer32\ThreadingModel = "Apartment" regsvr32.exe -
Modifies registry class 38 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\FastCopy regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\FastCopy regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\ShellEx\ContextMenuHandlers\FastCopy regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\ShellEx\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{72FF462B-AB7D-427A-A268-E22E414933D7} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\DragDropHandlers regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\FastCopy regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\FastCopy regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\FastCopy regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\FastCopy regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InternetShortcut\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\FastCopy regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{72FF462B-AB7D-427A-A268-E22E414933D7}\ = "FastCopy" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{72FF462B-AB7D-427A-A268-E22E414933D7}\InProcServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{72FF462B-AB7D-427A-A268-E22E414933D7}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\FastCopy64\\FastEx64.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\DragDropHandlers\FastCopy regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\background\shellex\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\FastCopy regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\background\shellex\ContextMenuHandlers\FastCopy regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{72FF462B-AB7D-427A-A268-E22E414933D7}\InProcServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\DragDropHandlers\FastCopy\ = "{72FF462B-AB7D-427A-A268-E22E414933D7}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers regsvr32.exe