Overview

overview

10

Static

static

fa21bc66b1...a2.exe

windows7-x64

10

fa21bc66b1...a2.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    246s
  • max time network
    304s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2022 06:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fa21bc66b1024ede6ec86ab054350cd738dea8ad68c63bef8eeadf27661a97a2.exe

  • Size

    747KB

  • MD5

    c0f8d6e6de7e66c2fac32b5a8909574d

  • SHA1

    6b04d553eb612a53e3a56b0785db8bd1031e0efe

  • SHA256

    fa21bc66b1024ede6ec86ab054350cd738dea8ad68c63bef8eeadf27661a97a2

  • SHA512

    d8eaea3476682f394c41b8a0a4c25eb73c71e8346b40d6c9f4698abce4bb4d133197fa824c27c31b22663b5b568dd61fdd190cc56055a5988cf66f4bdcfe900f

  • SSDEEP

    12288:V/nLsOy/13K4rAPJYLGMLTYEG/jiLkMfe3d1Y1YExsL7a1Zhn1p:VfLBIK4raJx4O1OYExsL7eZl

Score
9/10

Malware Config

Signatures

  • NirSoft MailPassView 1 IoCs

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView 1 IoCs

    Password recovery tool for various web browsers

  • Nirsoft 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fa21bc66b1024ede6ec86ab054350cd738dea8ad68c63bef8eeadf27661a97a2.exe
    "C:\Users\Admin\AppData\Local\Temp\fa21bc66b1024ede6ec86ab054350cd738dea8ad68c63bef8eeadf27661a97a2.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4012
    • C:\Users\Admin\AppData\Local\Temp\fa21bc66b1024ede6ec86ab054350cd738dea8ad68c63bef8eeadf27661a97a2.exe
      C:\Users\Admin\AppData\Local\Temp\fa21bc66b1024ede6ec86ab054350cd738dea8ad68c63bef8eeadf27661a97a2.exe
      2⤵
        PID:4788

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\fa21bc66b1024ede6ec86ab054350cd738dea8ad68c63bef8eeadf27661a97a2.exe.log
      Filesize

      594B

      MD5

      fdb26b3b547022b45cfaeee57eafd566

      SHA1

      11c6798b8a59233f404014c5e79b3363cd564b37

      SHA256

      2707fc7f074413881b7bafca05079327b188db6005709951e7f69d39a2af97c0

      SHA512

      44d9bb8c0f0b341690d00eda86e15a50f7f29ce9595925c1a2a7e19ad26202d10049a7a97bea278ecb7d429ad555de8edceeffff664d4b06309a9410a09bb700

      Download Submit
    • memory/4012-132-0x00000000746E0000-0x0000000074C91000-memory.dmp
      Filesize

      5.7MB

      Download
    • memory/4012-133-0x00000000746E0000-0x0000000074C91000-memory.dmp
      Filesize

      5.7MB

      Download
    • memory/4012-137-0x00000000746E0000-0x0000000074C91000-memory.dmp
      Filesize

      5.7MB

      Download
    • memory/4788-134-0x0000000000000000-mapping.dmp
      Download
    • memory/4788-135-0x0000000000400000-0x0000000000484000-memory.dmp
      Filesize

      528KB

      Download
    • memory/4788-138-0x00000000746E0000-0x0000000074C91000-memory.dmp
      Filesize

      5.7MB

      Download