Overview

overview

8

Static

static

8

2a3c507536...b0.rar

windows7-x64

3

2a3c507536...b0.rar

windows10-2004-x64

3

faturanet.exe

windows7-x64

8

faturanet.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    40s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2022 08:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    faturanet.exe

  • Size

    212KB

  • MD5

    4f964a479250bc6307c448323eba3dda

  • SHA1

    52c5950806b0e2126caec6c58aba7d7ec3e4ea4f

  • SHA256

    f90a15ae0725ee8d3b2f1a6d840370ef0c7b463537688f02250c5a53dbcf4479

  • SHA512

    13491dafe9e92dc0e60f39eaf23b020eb8f1c3aa7ac3450aafa07db2f50e89b74361e36b06a9335ee7502198233640d446251fc1a5c4bc5802f68739468bc0ac

  • SSDEEP

    6144:2QBgEWmvH1nmXHJF3zB2ivUDec7BEOmZMi:EERvwZNZvCec7LuMi

Score
8/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\faturanet.exe
    "C:\Users\Admin\AppData\Local\Temp\faturanet.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1304
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 480
      2⤵
      • Program crash
      PID:1300

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1300-56-0x0000000000000000-mapping.dmp
    Download
  • memory/1304-54-0x00000000762E1000-0x00000000762E3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1304-55-0x0000000000400000-0x0000000000491000-memory.dmp
    Filesize

    580KB

    Download
  • memory/1304-57-0x0000000000400000-0x0000000000491000-memory.dmp
    Filesize

    580KB

    Download