Analysis

  • max time kernel
    136s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 15:28

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.21070.exe

  • Size

    852KB

  • MD5

    9db2aef89a0872e99d266cfb6ed00999

  • SHA1

    4ff386a6dc8f254c76215243d28ca3efbd934c1b

  • SHA256

    ce345574366b94994a2aade4a96ade0eee23ad088211416b5695166cd251ec61

  • SHA512

    07b568f24429c68ec06b87457ff969f7b70e12720d656d91e0680f3251ec6600f7ac559b8e858ebd71c09e067dd09c009bb791e7a3333ed9e95babf70f970c48

  • SSDEEP

    12288:vP27U0WWObWpf57f6ESknqQrQJfI2CiPQfP12Xk/Nl1dSQ1Ulx3/z6OAq7hxfZuk:veD4+f5eEn1mxCiPQfP28NX0Qulxw

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

v93r

Decoy

labourcommunitymarket.com

nba82.com

datahabitsales.site

rosstony.link

baliorganic.farm

qefhyjngrxcbjfvgft.autos

bippttcg.click

tldrschool.com

vcdaawug.click

garage2mats.com

soulrin.store

themezodermacream.com

522fairwaylookout.com

jmhoa.cyou

sygcb.link

thanhpresident.com

biy-home.com

imtmlife.online

dijitalpasaj.app

105261.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

  • Formbook payload 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.21070.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.21070.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4888
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.21070.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.21070.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1636

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1636-12-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

        • memory/1636-14-0x00000000013E0000-0x000000000172A000-memory.dmp

          Filesize

          3.3MB

        • memory/4888-6-0x0000000007190000-0x00000000071A4000-memory.dmp

          Filesize

          80KB

        • memory/4888-3-0x00000000071B0000-0x0000000007242000-memory.dmp

          Filesize

          584KB

        • memory/4888-4-0x0000000007400000-0x0000000007410000-memory.dmp

          Filesize

          64KB

        • memory/4888-5-0x0000000007180000-0x000000000718A000-memory.dmp

          Filesize

          40KB

        • memory/4888-1-0x0000000074870000-0x0000000075020000-memory.dmp

          Filesize

          7.7MB

        • memory/4888-7-0x0000000074870000-0x0000000075020000-memory.dmp

          Filesize

          7.7MB

        • memory/4888-8-0x0000000007400000-0x0000000007410000-memory.dmp

          Filesize

          64KB

        • memory/4888-9-0x00000000073F0000-0x00000000073FC000-memory.dmp

          Filesize

          48KB

        • memory/4888-10-0x0000000007E70000-0x0000000007EDE000-memory.dmp

          Filesize

          440KB

        • memory/4888-11-0x0000000005EC0000-0x0000000005F5C000-memory.dmp

          Filesize

          624KB

        • memory/4888-2-0x00000000076C0000-0x0000000007C64000-memory.dmp

          Filesize

          5.6MB

        • memory/4888-0-0x00000000001E0000-0x00000000002BA000-memory.dmp

          Filesize

          872KB

        • memory/4888-15-0x0000000074870000-0x0000000075020000-memory.dmp

          Filesize

          7.7MB