f7a50aad3ada13c7b13c1fe1e82a140e3c31b1dd3810b1bfe7e970371bcff89d

Analysis

max time kernel
152s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 02:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7a50aad3ada13c7b13c1fe1e82a140e3c31b1dd3810b1bfe7e970371bcff89d.exe
Size

361KB
MD5

6c9bdaf8ca27f8ef0f1cc340d002ecb0
SHA1

3576ea4ef8f1e1d189000fb114a414572bafe310
SHA256

f7a50aad3ada13c7b13c1fe1e82a140e3c31b1dd3810b1bfe7e970371bcff89d
SHA512

083fc8887b05d758691f99c75cb0a96690dc4a509c7adaedefd0a788d0042cda6249714517677582c00937b4133f592420ba94039b929323d814f9e4e56ba175
SSDEEP

6144:ktAkOVfKzEdaqmGrEU+jqgPIOEnyyPWWMA9RPjf:yxEdpExqgwpnyyPWNA9RPjf

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1904	fabyope.exe

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\kybuain.dll	fabyope.exe
File created	C:\PROGRA~3\Mozilla\fabyope.exe	f7a50aad3ada13c7b13c1fe1e82a140e3c31b1dd3810b1bfe7e970371bcff89d.exe

C:\Users\Admin\AppData\Local\Temp\f7a50aad3ada13c7b13c1fe1e82a140e3c31b1dd3810b1bfe7e970371bcff89d.exe
"C:\Users\Admin\AppData\Local\Temp\f7a50aad3ada13c7b13c1fe1e82a140e3c31b1dd3810b1bfe7e970371bcff89d.exe"
1⤵
- Drops file in Program Files directory
PID:1268

C:\PROGRA~3\Mozilla\fabyope.exe
C:\PROGRA~3\Mozilla\fabyope.exe -pbtetmh
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1904

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\fabyope.exe

Filesize
361KB

MD5
f491680731200576b46fd86d1bec316e

SHA1
fca48dae651058a55f4e3b521bf5292f14ce5404

SHA256
c821c7df1c52ac5387a8613d63d7f058318c10ea576ed989cb8348b88fb6ff12

SHA512
62e454080a514bebc255558d64a2cc87aeb838156d3e3f277808c42f89311cd5c1b26007191eff4285993fe4f3c7932213d72b85a3cee62ab39b8bcbf15bc443

Download Submit
C:\ProgramData\Mozilla\fabyope.exe

Filesize
361KB

MD5
f491680731200576b46fd86d1bec316e

SHA1
fca48dae651058a55f4e3b521bf5292f14ce5404

SHA256
c821c7df1c52ac5387a8613d63d7f058318c10ea576ed989cb8348b88fb6ff12

SHA512
62e454080a514bebc255558d64a2cc87aeb838156d3e3f277808c42f89311cd5c1b26007191eff4285993fe4f3c7932213d72b85a3cee62ab39b8bcbf15bc443

Download Submit
memory/1268-132-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1268-133-0x00000000021F0000-0x000000000224B000-memory.dmp

Filesize
364KB

Download
memory/1268-134-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1268-137-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1904-138-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1904-139-0x0000000000D80000-0x0000000000DDB000-memory.dmp

Filesize
364KB

Download
memory/1904-140-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download