Overview

overview

10

Static

static

BNK0002334...00.exe

windows7-x64

10

BNK0002334...00.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2022, 22:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BNK0002334789532_USD28,770.00.exe

  • Size

    637KB

  • MD5

    d7efd600d714d6d2f6b7fadc6adec0c9

  • SHA1

    ba35f96a741637af1d1319074396f1bf891f13e1

  • SHA256

    fe199e437de02d997427dfea4e864f386e12887c5ae16d2acc465417cd539521

  • SHA512

    f4e1558763fb4527ca464c7a7f8a533e4fa0d4725e97c956b83acd2ef503a056930526c6e1eeb28263d9e6bbc820be2fc110548e0ef8cd28dc003cfccfda8f18

  • SSDEEP

    12288:90zcBpbKbfzdHP/FvT9mzyK8DzVlCxlASlDAMTQu1c66XZp+:9hbbKnlJRKyKUBExjjcp

Score
10/10
formbookuxperatspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

uxpe

Decoy

a/CzoooH+7KLDxBh

pxq/4D9rqoY0CaqhS2ZJ3MoWxcQ=

54a97EJkYRruxKJBfg==

afibyRo7bSK3cepm9suqXQ==

2kIxy7hmdVItO11ceeC9

DsTkiAgZVGD7jykdq/ZFa8oWxcQ=

euyGFrS1t1r0xKJBfg==

ANUDttiRvXoVxcknM8L7cgli

vIWhu8Bb36VDR+udD2O2cn8=

CqdCYLyzwb5fWRlX5kY=

cis/39CB6vGMg5OqTrUoWvz177Fk

tl6GKyac14QX

HMzbyJUrUh3Ao80fOcr7cgli

7yKNGCGy57KLDxBh

hlormOKMBCD8uyrMw9QkUg==

3r/fZtwBUey8xw==

vlyJEwWudUHi2g==

214r37lXtmpLQWC0snrI5gjDdR0mPOKnDA==

YS1hgtPl0lz0xKJBfg==

3pa6XND7NgJ4Y3uxqO0nPnY=

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Suspicious use of SetThreadContext 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 50 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:652
    • C:\Users\Admin\AppData\Local\Temp\BNK0002334789532_USD28,770.00.exe
      "C:\Users\Admin\AppData\Local\Temp\BNK0002334789532_USD28,770.00.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1316
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
        3⤵
          PID:1444
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
          3⤵
          • Suspicious use of SetThreadContext
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of AdjustPrivilegeToken
          PID:4836
      • C:\Windows\SysWOW64\control.exe
        "C:\Windows\SysWOW64\control.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:5116
        • C:\Program Files\Mozilla Firefox\Firefox.exe
          "C:\Program Files\Mozilla Firefox\Firefox.exe"
          3⤵
            PID:4312

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/652-157-0x00000000088F0000-0x0000000008A79000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/652-155-0x00000000088F0000-0x0000000008A79000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/652-147-0x0000000002FC0000-0x00000000030A4000-memory.dmp

        Filesize

        912KB

        Download

      • memory/1316-132-0x0000000000870000-0x0000000000916000-memory.dmp

        Filesize

        664KB

        Download

      • memory/1316-133-0x00000000058A0000-0x0000000005E44000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/1316-134-0x00000000052F0000-0x0000000005382000-memory.dmp

        Filesize

        584KB

        Download

      • memory/1316-135-0x00000000052C0000-0x00000000052CA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/1316-136-0x0000000009020000-0x00000000090BC000-memory.dmp

        Filesize

        624KB

        Download

      • memory/4836-146-0x00000000015B0000-0x00000000015C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4836-150-0x0000000000400000-0x000000000042F000-memory.dmp

        Filesize

        188KB

        Download

      • memory/4836-145-0x0000000000422000-0x0000000000424000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4836-142-0x0000000000401000-0x000000000042F000-memory.dmp

        Filesize

        184KB

        Download

      • memory/4836-141-0x0000000000400000-0x000000000042F000-memory.dmp

        Filesize

        188KB

        Download

      • memory/4836-149-0x0000000000401000-0x000000000042F000-memory.dmp

        Filesize

        184KB

        Download

      • memory/4836-144-0x0000000001680000-0x00000000019CA000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/4836-139-0x0000000000400000-0x000000000042F000-memory.dmp

        Filesize

        188KB

        Download

      • memory/5116-152-0x00000000027B0000-0x0000000002AFA000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/5116-153-0x00000000005C0000-0x00000000005ED000-memory.dmp

        Filesize

        180KB

        Download

      • memory/5116-151-0x0000000000710000-0x0000000000737000-memory.dmp

        Filesize

        156KB

        Download

      • memory/5116-154-0x00000000024E0000-0x000000000256F000-memory.dmp

        Filesize

        572KB

        Download

      • memory/5116-156-0x00000000005C0000-0x00000000005ED000-memory.dmp

        Filesize

        180KB

        Download