Overview

overview

10

Static

static

fb86a94659...10.exe

windows7-x64

10

fb86a94659...10.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    165s
  • max time network
    172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 12:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fb86a946596855ebbb737d5f9d2730309a835a356ed15db681468b59d4b81610.exe

  • Size

    34KB

  • MD5

    5e37e536c8730d394a99679b7a158902

  • SHA1

    656d074b9d339db9a2d0f252690329c75eb543f9

  • SHA256

    fb86a946596855ebbb737d5f9d2730309a835a356ed15db681468b59d4b81610

  • SHA512

    e472acbe9b029201aef6724558d09e2c404bad8e1d8743f8dc1152b65463293c73e9540f00127907fef63dcb418815992e6e31e6e08502b38190a17c14744f37

  • SSDEEP

    384:gote5/uISlmPKP9kEq3BKKlWcyIWGYGQVf78UR0ptyX6BBODscU:g2w25l1e7EUYRVIUa/nxh

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies firewall policy service 2 TTPs 4 IoCs
    evasion
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb86a946596855ebbb737d5f9d2730309a835a356ed15db681468b59d4b81610.exe
    "C:\Users\Admin\AppData\Local\Temp\fb86a946596855ebbb737d5f9d2730309a835a356ed15db681468b59d4b81610.exe"
    1⤵
    • Modifies firewall policy service
    • Adds Run key to start application
    • Drops file in System32 directory
    PID:3140

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads