Overview

overview

8

Static

static

b1a2dba183...79.exe

windows7-x64

8

b1a2dba183...79.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    135s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 09:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b1a2dba1838771dac05f2b68d50c9852bd69de3ccc4cf80d330afd62db90d779.exe

  • Size

    194KB

  • MD5

    052ad7e725fec79c754266a872f54060

  • SHA1

    4a572f46a8defea6ab774b84cb922ad8adfd60e3

  • SHA256

    b1a2dba1838771dac05f2b68d50c9852bd69de3ccc4cf80d330afd62db90d779

  • SHA512

    fac04244702622bf56d6197278bbce47ac7bb6cd6edf8f67a4a31738c9315b0fdecee30e5bb8de3c1f06f60a618dfc0c0c1eb4293bf62a5b8dbfe59b1881a306

  • SSDEEP

    3072:BuIKgTsDAJJRjOJ7e8a5eCqKh5bWavuWLFZhh2D+0caj3kyRACzo:BuIzJJ27e8a5eCqKPZGWn9ozk

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b1a2dba1838771dac05f2b68d50c9852bd69de3ccc4cf80d330afd62db90d779.exe
    "C:\Users\Admin\AppData\Local\Temp\b1a2dba1838771dac05f2b68d50c9852bd69de3ccc4cf80d330afd62db90d779.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2252
  • C:\PROGRA~3\Mozilla\fabyope.exe
    C:\PROGRA~3\Mozilla\fabyope.exe -pbtetmh
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:3972

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\PROGRA~3\Mozilla\fabyope.exe
          Filesize

          194KB

          MD5

          bf46697420e45788e8fe3c07dd076cae

          SHA1

          5efd9572ff7f0c11ef7e1285f34c703c37c28fe4

          SHA256

          710682d232a54b49c07c17d123961b43bc748a82891d25a8b1a7f83aa063ec78

          SHA512

          8aaef7ea3cd3549f30e9fbf31f607f4b3a949eecf5bb32e6707e25f1211b65aec1dfe54f999a8597b5a1cfd8cf2043b0228e4c5ba0a61946f50ce0cd9cf3638e

          Download Submit

        • C:\ProgramData\Mozilla\fabyope.exe
          Filesize

          194KB

          MD5

          bf46697420e45788e8fe3c07dd076cae

          SHA1

          5efd9572ff7f0c11ef7e1285f34c703c37c28fe4

          SHA256

          710682d232a54b49c07c17d123961b43bc748a82891d25a8b1a7f83aa063ec78

          SHA512

          8aaef7ea3cd3549f30e9fbf31f607f4b3a949eecf5bb32e6707e25f1211b65aec1dfe54f999a8597b5a1cfd8cf2043b0228e4c5ba0a61946f50ce0cd9cf3638e

          Download Submit

        • memory/2252-132-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/2252-133-0x0000000002090000-0x00000000020EB000-memory.dmp

          Filesize

          364KB

          Download

        • memory/2252-134-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/2252-135-0x0000000002090000-0x00000000020EB000-memory.dmp

          Filesize

          364KB

          Download

        • memory/2252-136-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/3972-139-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/3972-140-0x0000000000DA0000-0x0000000000DFB000-memory.dmp

          Filesize

          364KB

          Download

        • memory/3972-141-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download