Overview

overview

7

Static

static

7

faf8ff1494...a6.exe

windows7-x64

3

faf8ff1494...a6.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    74s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-05-2023 07:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    faf8ff1494cd86df68533b06b059f0939d5c9e204169a0ae4e7a55ba99dfe9a6.exe

  • Size

    3.3MB

  • MD5

    71941168e679741c72ed16e6d11afdde

  • SHA1

    f4a541a6c2f79422d5ceb712670f7a70f8dc417d

  • SHA256

    faf8ff1494cd86df68533b06b059f0939d5c9e204169a0ae4e7a55ba99dfe9a6

  • SHA512

    ac5c9d09dffb5ff73c9e84a984680b59c45c6a4291387c3d426e62d5f2fed528a8a882f8c5c4d32dbacd87f7c1e2623885070d4bf0447ff297edde68410d63ff

  • SSDEEP

    49152:eR5kCZYmV8HMimGdsx1yTsQkEb11f3Ig+zzwD3WqrxAqsgtBRSC5NmVwD77YT:eRf0HMpukED7+za3M037

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\faf8ff1494cd86df68533b06b059f0939d5c9e204169a0ae4e7a55ba99dfe9a6.exe
    "C:\Users\Admin\AppData\Local\Temp\faf8ff1494cd86df68533b06b059f0939d5c9e204169a0ae4e7a55ba99dfe9a6.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4284

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\config.ini
    Filesize

    20B

    MD5

    9179d9a5b1fab288a4f1f9fbdb0d2e1c

    SHA1

    338cef72da9bc61707a95fc7fb12789cdee6d383

    SHA256

    fa571b6600d9db9fade7fc554ed4796372c3df5756b332ed95c204adcda6871e

    SHA512

    17112244e077ee549287fdc83f5a36a614343d144d95fe4a0f1aae40e71e34fb7bdd428927279d4e4bb4aa72d47bee7a0744c97de0234c3cfa29bfdeaeac96f7

    Download Submit
  • memory/4284-133-0x0000000000400000-0x0000000000D27000-memory.dmp
    Filesize

    9.2MB

    Download
  • memory/4284-135-0x0000000000400000-0x0000000000D27000-memory.dmp
    Filesize

    9.2MB

    Download
  • memory/4284-136-0x0000000000400000-0x0000000000D27000-memory.dmp
    Filesize

    9.2MB

    Download
  • memory/4284-137-0x0000000000400000-0x0000000000D27000-memory.dmp
    Filesize

    9.2MB

    Download
  • memory/4284-138-0x0000000000400000-0x0000000000D27000-memory.dmp
    Filesize

    9.2MB

    Download
  • memory/4284-139-0x0000000002AA0000-0x0000000002AA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4284-145-0x0000000000400000-0x0000000000D27000-memory.dmp
    Filesize

    9.2MB

    Download
  • memory/4284-146-0x0000000002AA0000-0x0000000002AA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4284-147-0x0000000000400000-0x0000000000D27000-memory.dmp
    Filesize

    9.2MB

    Download