Overview

overview

8

Static

static

1

base/DAutils.dll

windows7-x64

1

base/DAutils.dll

windows10-2004-x64

1

base/FCUI.exe

windows7-x64

6

base/FCUI.exe

windows10-2004-x64

6

base/FCUI.exe.xml

windows7-x64

1

base/FCUI.exe.xml

windows10-2004-x64

1

base/Insta...ls.bat

windows7-x64

1

base/Insta...ls.bat

windows10-2004-x64

1

base/Insta...xp.bat

windows7-x64

1

base/Insta...xp.bat

windows10-2004-x64

1

base/Inter...Vw.dll

windows7-x64

1

base/Inter...Vw.dll

windows10-2004-x64

1

base/Loader.exe

windows7-x64

1

base/Loader.exe

windows10-2004-x64

1

base/Newto...on.dll

windows7-x64

1

base/Newto...on.dll

windows10-2004-x64

1

base/Regis...rt.exe

windows7-x64

3

base/Regis...rt.exe

windows10-2004-x64

3

base/Regis...ll.exe

windows7-x64

6

base/Regis...ll.exe

windows10-2004-x64

6

base/Regis...xe.xml

windows7-x64

1

base/Regis...xe.xml

windows10-2004-x64

1

base/RunAp...or.bat

windows7-x64

6

base/RunAp...or.bat

windows10-2004-x64

6

base/openThankYou.bat

windows7-x64

1

base/openThankYou.bat

windows10-2004-x64

6

base/runApp.bat

windows7-x64

6

base/runApp.bat

windows10-2004-x64

6

base/uninst.exe

windows7-x64

8

base/uninst.exe

windows10-2004-x64

8

base/verif...ll.bat

windows7-x64

1

base/verif...ll.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    221s
  • max time network
    285s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2022 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    base/FCUI.exe

  • Size

    365KB

  • MD5

    376167b2e31a2af37f27cba5fd66467d

  • SHA1

    e7812d3631dbe9d68e86151705a21c0f845a31b5

  • SHA256

    735d089135087ee6b9bbac999eace92939dd4c33a60b5d72049df15bc01854bb

  • SHA512

    fef3a6d708e13e548dce554b1aee224ff7f851970e3eae01805ec0e856c797e8ef25db853a1ce2c6098f68148c2c2c233768dc3db650b034582bed335e700fd5

  • SSDEEP

    6144:8WpaPLItYxGc8G5zD2yFtqLItYxGc8G5z/2yF/d+o5JVHT0xAd3TpDS16UHXrOwN:6PLIWGw5zD2yCLIWGw5z/2yD+mXzgG3k

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\base\FCUI.exe
    "C:\Users\Admin\AppData\Local\Temp\base\FCUI.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1500

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1500-54-0x0000000000030000-0x0000000000090000-memory.dmp
    Filesize

    384KB

    Download
  • memory/1500-55-0x00000000001A0000-0x00000000001B4000-memory.dmp
    Filesize

    80KB

    Download
  • memory/1500-56-0x0000000000530000-0x0000000000598000-memory.dmp
    Filesize

    416KB

    Download
  • memory/1500-57-0x000007FEFC451000-0x000007FEFC453000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1500-58-0x000000001B186000-0x000000001B1A5000-memory.dmp
    Filesize

    124KB

    Download
  • memory/1500-59-0x000000001B186000-0x000000001B1A5000-memory.dmp
    Filesize

    124KB

    Download
  • memory/1500-60-0x000000001FD50000-0x00000000204F6000-memory.dmp
    Filesize

    7.6MB

    Download