Overview

overview

7

Static

static

3

fac1303cd5...4a.exe

windows7-x64

7

fac1303cd5...4a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    2s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/12/2023, 21:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    fac1303cd5bc47afb6bf4bb066dfad4a.exe

  • Size

    72KB

  • MD5

    fac1303cd5bc47afb6bf4bb066dfad4a

  • SHA1

    ad3452240e5bbadbfbdcace3fd670c28359e4bb1

  • SHA256

    4efef724e83e6905c1ff46b0be77c2fa079aee032d6a998a18368981c01c6acc

  • SHA512

    391cbbda9e31d66cc2ec472c906bc326644f80df9d1994c03729b0aa380e1e9a21fbf5c0801a358edfbd8e89f44589fd1fc4b0efbbc6557eb5464f2bcc39899b

  • SSDEEP

    1536:p4q8Q1xZtffrb8sjPFNhTYsFFrzckH2fmitA7HeNs/adCE:qKtfDwsjPThTYszDH2f+eNsyb

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fac1303cd5bc47afb6bf4bb066dfad4a.exe
    "C:\Users\Admin\AppData\Local\Temp\fac1303cd5bc47afb6bf4bb066dfad4a.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4272
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a68FB.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2996
      • C:\Users\Admin\AppData\Local\Temp\fac1303cd5bc47afb6bf4bb066dfad4a.exe
        "C:\Users\Admin\AppData\Local\Temp\fac1303cd5bc47afb6bf4bb066dfad4a.exe"
        3⤵
        • Executes dropped EXE
        PID:1556
    • C:\Windows\Logo1_.exe
      C:\Windows\Logo1_.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2116
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3444

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files\7-Zip\7zFM.exe
            Filesize

            4KB

            MD5

            101fac4e5e29b4a304b2f8a1189ef0c1

            SHA1

            858e0659f8f380d4c026a597c0cdf65063205339

            SHA256

            f8d40b2a63bd39c5789723a2fe9c84395ad743d7ef9a77bc653b0828b785591d

            SHA512

            14fb9dd7d1186dd774c3415d05ea1a293d11a930f151d3df4fc8edbc996ca66f7dcaf1d3fdf65228faec89b5fdf45c57208a8706437c7acc10419bea1fb79a44

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\$$a68FB.bat
            Filesize

            530B

            MD5

            12687e548f87902a263b9eb5869007e6

            SHA1

            050c812f92147838da669257d9eaec98c3393b0c

            SHA256

            965459b221220ab8d639123b7ca51b9c3fe80f119afe8c0713c0a25464b56e83

            SHA512

            cf3415f2b09c45181ac0f8aaaeb2fc8a096070dbe24d5f7fc986ffe2e2572f7ba5136d25a6e680258442693db4bb4571eb8f56374107a1476e83244a9dabcd54

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\fac1303cd5bc47afb6bf4bb066dfad4a.exe
            Filesize

            9KB

            MD5

            3c9e771f5d212bb6d95e458db3bae34d

            SHA1

            b9d139c158f1481ea31e499f2fa318b6dc996043

            SHA256

            f504b17e609d942d385654fd47113276efee433c17aa2023b20e125ab990c162

            SHA512

            923f10f6cb14b51f53ad8ac8d33d101a793b13dc63d06483b1c1e0ee372303a0bb97923f929c72a817ede289953f8f6fd76ed9a1b184cfc4bc4434563d04caff

            Download Submit

          • C:\Windows\Logo1_.exe
            Filesize

            10KB

            MD5

            8d6fd24cfd19263f02495032ac059e6e

            SHA1

            8a45d7ea9f0df73ad0aa59d6d1a5c6aaa14fcd91

            SHA256

            0e7d75805396a16df487b4ab0b6c047a6077aee3bafb901c84d1029d369888e9

            SHA512

            c68a16973b7cbee352a7aa16aa26f682e7bcfdb49e8e162d03cb37e67dd1921d1b013d1415a8f7652e1b6daea412e716cf86ffa897c171099f85e95179929510

            Download Submit

          • C:\Windows\Logo1_.exe
            Filesize

            1KB

            MD5

            b31337d0852539fc7ca159f0404f543a

            SHA1

            cdaff3b686ea7e3a651a2ebb45e36a1e6f92b45e

            SHA256

            ff47ba7d41af739beeed0f7d0e74dada46d382e6bd3c7473ff5a377b01766ac1

            SHA512

            3de339df77c18b19b3590a8efeecd450fb3ba7f6908a0da4e26e734696796b430d7cd45bd5ace1634685e4ff4399f2aee7f2c6a40d92092e0eda5acb75245dc3

            Download Submit

          • memory/2116-222-0x0000000000400000-0x0000000000422000-memory.dmp

            Filesize

            136KB

            Download

          • memory/4272-7-0x0000000000400000-0x0000000000422000-memory.dmp

            Filesize

            136KB

            Download