Analysis

  • max time kernel
    122s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 15:28

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.21070.exe

  • Size

    852KB

  • MD5

    9db2aef89a0872e99d266cfb6ed00999

  • SHA1

    4ff386a6dc8f254c76215243d28ca3efbd934c1b

  • SHA256

    ce345574366b94994a2aade4a96ade0eee23ad088211416b5695166cd251ec61

  • SHA512

    07b568f24429c68ec06b87457ff969f7b70e12720d656d91e0680f3251ec6600f7ac559b8e858ebd71c09e067dd09c009bb791e7a3333ed9e95babf70f970c48

  • SSDEEP

    12288:vP27U0WWObWpf57f6ESknqQrQJfI2CiPQfP12Xk/Nl1dSQ1Ulx3/z6OAq7hxfZuk:veD4+f5eEn1mxCiPQfP28NX0Qulxw

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

v93r

Decoy

labourcommunitymarket.com

nba82.com

datahabitsales.site

rosstony.link

baliorganic.farm

qefhyjngrxcbjfvgft.autos

bippttcg.click

tldrschool.com

vcdaawug.click

garage2mats.com

soulrin.store

themezodermacream.com

522fairwaylookout.com

jmhoa.cyou

sygcb.link

thanhpresident.com

biy-home.com

imtmlife.online

dijitalpasaj.app

105261.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

  • Formbook payload 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.21070.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.21070.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.21070.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.21070.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2804

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2676-6-0x00000000003B0000-0x00000000003BC000-memory.dmp

          Filesize

          48KB

        • memory/2676-15-0x0000000073F70000-0x000000007465E000-memory.dmp

          Filesize

          6.9MB

        • memory/2676-2-0x00000000073E0000-0x0000000007420000-memory.dmp

          Filesize

          256KB

        • memory/2676-3-0x0000000000380000-0x0000000000394000-memory.dmp

          Filesize

          80KB

        • memory/2676-4-0x0000000073F70000-0x000000007465E000-memory.dmp

          Filesize

          6.9MB

        • memory/2676-5-0x00000000073E0000-0x0000000007420000-memory.dmp

          Filesize

          256KB

        • memory/2676-7-0x0000000000E00000-0x0000000000E6E000-memory.dmp

          Filesize

          440KB

        • memory/2676-0-0x0000000001070000-0x000000000114A000-memory.dmp

          Filesize

          872KB

        • memory/2676-1-0x0000000073F70000-0x000000007465E000-memory.dmp

          Filesize

          6.9MB

        • memory/2804-10-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

        • memory/2804-12-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

          Filesize

          4KB

        • memory/2804-14-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

        • memory/2804-8-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

        • memory/2804-16-0x0000000000880000-0x0000000000B83000-memory.dmp

          Filesize

          3.0MB