Overview

overview

6

Static

static

3

FAKEFLASHTEST.exe

windows7-x64

6

FAKEFLASHTEST.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    10s
  • max time network
    15s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/09/2023, 22:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FAKEFLASHTEST.exe

  • Size

    144KB

  • MD5

    626ec93b727b3b84a7244185eb34a221

  • SHA1

    afbf781783e73ffdd3110dc9ca60c3a0f3d75c77

  • SHA256

    cfb3c948d496397fe436f6f636ca324cc778af796b8664d91f63904a9ed132b0

  • SHA512

    7cd973a87a365ac9980047a7b42835bea00dcdd7632ab8571733a6a1b59c8b50c9000d8bb44d92f4db91551148a4e0e7b1068177816fd8f72603e4dd2b6a59ca

  • SSDEEP

    3072:pIpzmXXghCbwtrh21FFauAgyV5+lI1/IfpZDh5fEDDGpytZxNaGpy7vjyBF:p6yXYCbarh21MgyV5+lI1/IfpZDh58DB

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FAKEFLASHTEST.exe
    "C:\Users\Admin\AppData\Local\Temp\FAKEFLASHTEST.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of SetWindowsHookEx
    PID:1640

Network

  • flag-us
    DNS
    75.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    75.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    54.120.234.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    54.120.234.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    75.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    75.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    57.169.31.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    57.169.31.20.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    54.120.234.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    54.120.234.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.