8b66a265bd5bebfbc57d5e55178b72f5148d372efbe775ce51d0d439079cdf14 | Triage

Analysis

max time kernel
127s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2023 05:06

Sharing

Report Analysis Logs

General

Target

FRST.exe
Size

2.0MB
MD5

1bcdf89dc46070e32aa12468bfae117d
SHA1

fd5ac5525192c0a59f4a2fed02211aa556f696de
SHA256

8b66a265bd5bebfbc57d5e55178b72f5148d372efbe775ce51d0d439079cdf14
SHA512

e958873ee4294ed901ccf82b63c1b40e998f5ce0d2c2136a15cd0113cc08914af5fd4e82faed474259bae4cde6146369da07af769fd52446fb20e88539dd692a
SSDEEP

49152:tTvC/MTQYxsWR7awPZ1Ob8/0uWflstI1jE6BS+GBPwYixzC:BjTQYxsWRPSbVuuetIxG+sPbixu

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
396	FRST.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
396	FRST.exe
396	FRST.exe
396	FRST.exe
396	FRST.exe
396	FRST.exe
396	FRST.exe
396	FRST.exe
396	FRST.exe
396	FRST.exe

Suspicious use of SendNotifyMessage 9 IoCs

pid	Process
396	FRST.exe
396	FRST.exe
396	FRST.exe
396	FRST.exe
396	FRST.exe
396	FRST.exe
396	FRST.exe
396	FRST.exe
396	FRST.exe

C:\Users\Admin\AppData\Local\Temp\FRST.exe
"C:\Users\Admin\AppData\Local\Temp\FRST.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads