Overview

overview

10

Static

static

75cdfaec4d...48.exe

windows7-x64

10

75cdfaec4d...48.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    95s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    07-12-2022 12:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75cdfaec4d70a869f819702c2a553048.exe

  • Size

    860KB

  • MD5

    75cdfaec4d70a869f819702c2a553048

  • SHA1

    f720990a2ba4fdce268d923d464489a57cab9978

  • SHA256

    ddaf9934762825fb0168b9c861d81cbc664ee2248c912e0ed8bd980289577ee5

  • SHA512

    4548cc1e2713f9b87ca0a0b05ca6b4315e2825d4d02f49a3f1a55227899d33a5845adf0438febaddc797a6d5c2297c53002104fc7f2313de1443e035e37cfc68

  • SSDEEP

    24576:s35LjrZx3bwurBhQbxa1Q+SDkzR9FskHFt:s3drZx3bwurBhQbxa1lzhHFt

Score
10/10
formbookdv22ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dv22

Decoy

ivk-muc.com

theplantgranny.net

efefefficient.buzz

car-deals-87506.com

yangcongzhibo.net

empiralventures.com

latexpillo.com

ferramentafivizzanese.shop

kx1553.com

timamollo.africa

paran6787.net

fabicilio.online

kreativnettchen.shop

manakamana.co.uk

andreapeverelli.shop

jianf.site

kmqan.xyz

aoshilang.com

dnsmctmu.com

pumpkinsmp.net

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75cdfaec4d70a869f819702c2a553048.exe
    "C:\Users\Admin\AppData\Local\Temp\75cdfaec4d70a869f819702c2a553048.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:972
    • C:\Users\Admin\AppData\Local\Temp\75cdfaec4d70a869f819702c2a553048.exe
      "C:\Users\Admin\AppData\Local\Temp\75cdfaec4d70a869f819702c2a553048.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/336-60-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/336-61-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/336-63-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/336-64-0x000000000041F140-mapping.dmp
    Download
  • memory/336-65-0x00000000008F0000-0x0000000000BF3000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/972-54-0x0000000000F80000-0x000000000105E000-memory.dmp
    Filesize

    888KB

    Download
  • memory/972-55-0x0000000074D81000-0x0000000074D83000-memory.dmp
    Filesize

    8KB

    Download
  • memory/972-56-0x00000000004A0000-0x00000000004B6000-memory.dmp
    Filesize

    88KB

    Download
  • memory/972-57-0x00000000004C0000-0x00000000004CE000-memory.dmp
    Filesize

    56KB

    Download
  • memory/972-58-0x0000000005D40000-0x0000000005DD2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/972-59-0x0000000004780000-0x00000000047D8000-memory.dmp
    Filesize

    352KB

    Download