709d67eb1a7dc6bffa7cd50f978d261f06018af57e47fc4bf45574b1da043964

Analysis

max time kernel
151s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 14:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

709d67eb1a7dc6bffa7cd50f978d261f06018af57e47fc4bf45574b1da043964.exe
Size

223KB
MD5

3093e6b47aaacbe13aa8b54f0bb55110
SHA1

5cce706aa4f38ea811b2f34a7f6395332f5ccf69
SHA256

709d67eb1a7dc6bffa7cd50f978d261f06018af57e47fc4bf45574b1da043964
SHA512

56b02880750a5d5ca4a67b287369b35780fdb772d64e5739bebed5172bdda1a9e7117417e8a85110fcf95e5fde6cee2cef88c804d7ab8b3c2064ef983fb7675b
SSDEEP

3072:d5+iiVM2EB1GG/66WXrAdyUFVdhxDdiht1wNyY9y74W:3FiVdI3S6EabFbiD11R0W

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4760	fabyope.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\fabyope.exe	709d67eb1a7dc6bffa7cd50f978d261f06018af57e47fc4bf45574b1da043964.exe
File created	C:\PROGRA~3\Mozilla\kybuain.dll	fabyope.exe

C:\Users\Admin\AppData\Local\Temp\709d67eb1a7dc6bffa7cd50f978d261f06018af57e47fc4bf45574b1da043964.exe
"C:\Users\Admin\AppData\Local\Temp\709d67eb1a7dc6bffa7cd50f978d261f06018af57e47fc4bf45574b1da043964.exe"
1⤵
- Drops file in Program Files directory
PID:2592

C:\PROGRA~3\Mozilla\fabyope.exe
C:\PROGRA~3\Mozilla\fabyope.exe -pbtetmh
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4760

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fabyope.exe

Filesize
223KB

MD5
7923d473738df787a5dadbca6cdc9e12

SHA1
7b386dbb429c172749fd37e5fb35317bdb4b6a6e

SHA256
f89315f7724d3d5e47e5e4c17f0fb1a02b0936d48a224ac7930e52bde5cf264a

SHA512
f081202c957ac232d26db70a59e7d310e0c54199bdfb354f2d83937a0d79c7e934abdf53e56f03744f9b90e379fd9434896e497670bc0f5fb288a84e86f61bc3

Download Submit
C:\ProgramData\Mozilla\fabyope.exe

Filesize
223KB

MD5
7923d473738df787a5dadbca6cdc9e12

SHA1
7b386dbb429c172749fd37e5fb35317bdb4b6a6e

SHA256
f89315f7724d3d5e47e5e4c17f0fb1a02b0936d48a224ac7930e52bde5cf264a

SHA512
f081202c957ac232d26db70a59e7d310e0c54199bdfb354f2d83937a0d79c7e934abdf53e56f03744f9b90e379fd9434896e497670bc0f5fb288a84e86f61bc3

Download Submit
memory/2592-132-0x00000000021F0000-0x000000000224B000-memory.dmp

Filesize
364KB

Download
memory/2592-133-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2592-136-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4760-137-0x0000000000C40000-0x0000000000C9B000-memory.dmp

Filesize
364KB

Download
memory/4760-138-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4760-139-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download