Overview

overview

8

Static

static

3

FabFilter ...le.exe

windows7-x64

7

FabFilter ...le.exe

windows10-2004-x64

8

Resubmissions

22-11-2023 11:11

231122-narq8acf2z 8

Analysis

  • max time kernel
    144s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    22-11-2023 11:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FabFilter Total Bundle.exe

  • Size

    42.7MB

  • MD5

    3acf9965d7a4974cc4be307b52e6b8b1

  • SHA1

    da68941d40b75eda0d78c2fa416693dca49e341f

  • SHA256

    48f947f1028e665251875c1ddcbba74e521ec2694a816e365b390689233ca405

  • SHA512

    01a46a4d069a1ecc2ec2c4620e520e1c6f08d918ea8340caeb04234ae1598796ac97fa2c2bf18a797a6e511840b3e8e3d13850344fd324f3bc8008e89a79f34b

  • SSDEEP

    786432:8uw/TQBk3loOAO2CY4wKkc0ONkBVYGHdxWZ/yPCzbTyyf9PqunO8:Fw/TQBk3GJQkr/dxWZ/yab19Pqunn

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FabFilter Total Bundle.exe
    "C:\Users\Admin\AppData\Local\Temp\FabFilter Total Bundle.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2824
    • C:\Users\Admin\AppData\Local\Temp\is-Q4663.tmp\FabFilter Total Bundle.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-Q4663.tmp\FabFilter Total Bundle.tmp" /SL5="$70122,43822614,966656,C:\Users\Admin\AppData\Local\Temp\FabFilter Total Bundle.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-Q4663.tmp\FabFilter Total Bundle.tmp
    Filesize

    3.1MB

    MD5

    e6c773ab7860a6139a061ad99d6f61a5

    SHA1

    2c3a55abe5d8d2711b3d29d021f91ed62ff1863c

    SHA256

    444847d8b25b06c6a183d25ab1bde71e6f29fe9a4594b88703c7c5af4027c03d

    SHA512

    9011f6a582adc3fa5e2ba272c836e95cbc850e09e637788f37726b5e3cc145acd79347173ebef3b2da1ffa6be29b0e0120bf0d95cc72064b51f00efe7176eea2

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-H9G23.tmp\_isetup\_iscrypt.dll
    Filesize

    2KB

    MD5

    a69559718ab506675e907fe49deb71e9

    SHA1

    bc8f404ffdb1960b50c12ff9413c893b56f2e36f

    SHA256

    2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

    SHA512

    e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-Q4663.tmp\FabFilter Total Bundle.tmp
    Filesize

    3.1MB

    MD5

    e6c773ab7860a6139a061ad99d6f61a5

    SHA1

    2c3a55abe5d8d2711b3d29d021f91ed62ff1863c

    SHA256

    444847d8b25b06c6a183d25ab1bde71e6f29fe9a4594b88703c7c5af4027c03d

    SHA512

    9011f6a582adc3fa5e2ba272c836e95cbc850e09e637788f37726b5e3cc145acd79347173ebef3b2da1ffa6be29b0e0120bf0d95cc72064b51f00efe7176eea2

    Download Submit

  • memory/1920-8-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1920-14-0x0000000000400000-0x0000000000735000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/1920-17-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1920-27-0x0000000000400000-0x0000000000735000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2824-1-0x0000000000400000-0x00000000004F9000-memory.dmp

    Filesize

    996KB

    Download

  • memory/2824-13-0x0000000000400000-0x00000000004F9000-memory.dmp

    Filesize

    996KB

    Download