Overview

overview

3

Static

static

3

FosMeg.exe

windows7-x64

3

FosMeg.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    31s
  • max time network
    36s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    09-05-2023 19:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FosMeg.exe

  • Size

    6.3MB

  • MD5

    bbf4cdbeb5ca5502e83fb0f33b369039

  • SHA1

    aac536a851b7a778a926a18bd48f7ed49aade999

  • SHA256

    a4a74682c9e1da8f74cf55ba6d6182f8df6e0bc6e8779e326a8b430b7b5072f1

  • SHA512

    054a99338018241620fab8dda716c57b923f1df76a41910495c6293735616fd3fa000958f5148d4016a4b948ca9105be75c48ce7da6d4762c4312563adb477a6

  • SSDEEP

    98304:1nHLaZYRHMqoms1k7sygTN/A55IblUjUM2HaEXwrNqcCmgSJetrVTETuDFofo:1HOcFts1YMTN+yM3glJmgOTzA

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FosMeg.exe
    "C:\Users\Admin\AppData\Local\Temp\FosMeg.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1468
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\3380.tmp\3390.tmp\3391.bat C:\Users\Admin\AppData\Local\Temp\FosMeg.exe"
      2⤵
        PID:1728

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\3380.tmp\3390.tmp\3391.bat
      Filesize

      494B

      MD5

      1b234c28d48e926cb5c7a05a71e5d9a7

      SHA1

      c25b821b5346ac9b4a5344453ede71cc12bdbe60

      SHA256

      aa10cb4be3b37b44ceb2c9fa8941a76ab2106b2befc50c2e39428628faf3ecf5

      SHA512

      a8dc8a69ad00c34a2166a2b7041a7b0ef9a5cc32e79466d19406e4c6558fdb9455e1d041fdbaf8e78911d799ce08dd4f806a0244284031e478786aacb34eee18

      Download Submit