Analysis

  • max time kernel
    121s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 15:28

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.21070.31490.exe

  • Size

    852KB

  • MD5

    9db2aef89a0872e99d266cfb6ed00999

  • SHA1

    4ff386a6dc8f254c76215243d28ca3efbd934c1b

  • SHA256

    ce345574366b94994a2aade4a96ade0eee23ad088211416b5695166cd251ec61

  • SHA512

    07b568f24429c68ec06b87457ff969f7b70e12720d656d91e0680f3251ec6600f7ac559b8e858ebd71c09e067dd09c009bb791e7a3333ed9e95babf70f970c48

  • SSDEEP

    12288:vP27U0WWObWpf57f6ESknqQrQJfI2CiPQfP12Xk/Nl1dSQ1Ulx3/z6OAq7hxfZuk:veD4+f5eEn1mxCiPQfP28NX0Qulxw

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

v93r

Decoy

labourcommunitymarket.com

nba82.com

datahabitsales.site

rosstony.link

baliorganic.farm

qefhyjngrxcbjfvgft.autos

bippttcg.click

tldrschool.com

vcdaawug.click

garage2mats.com

soulrin.store

themezodermacream.com

522fairwaylookout.com

jmhoa.cyou

sygcb.link

thanhpresident.com

biy-home.com

imtmlife.online

dijitalpasaj.app

105261.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

  • Formbook payload 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.21070.31490.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.21070.31490.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.21070.31490.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.21070.31490.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2712

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2044-6-0x0000000000230000-0x000000000023C000-memory.dmp

          Filesize

          48KB

        • memory/2044-15-0x0000000074920000-0x000000007500E000-memory.dmp

          Filesize

          6.9MB

        • memory/2044-2-0x0000000074920000-0x000000007500E000-memory.dmp

          Filesize

          6.9MB

        • memory/2044-3-0x0000000007410000-0x0000000007450000-memory.dmp

          Filesize

          256KB

        • memory/2044-4-0x0000000000220000-0x0000000000234000-memory.dmp

          Filesize

          80KB

        • memory/2044-5-0x0000000007410000-0x0000000007450000-memory.dmp

          Filesize

          256KB

        • memory/2044-7-0x0000000007380000-0x00000000073EE000-memory.dmp

          Filesize

          440KB

        • memory/2044-0-0x0000000000960000-0x0000000000A3A000-memory.dmp

          Filesize

          872KB

        • memory/2044-1-0x0000000074920000-0x000000007500E000-memory.dmp

          Filesize

          6.9MB

        • memory/2712-10-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

        • memory/2712-12-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

          Filesize

          4KB

        • memory/2712-14-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

        • memory/2712-8-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

        • memory/2712-16-0x0000000000BD0000-0x0000000000ED3000-memory.dmp

          Filesize

          3.0MB