Overview

overview

8

Static

static

3

fb4d816600...85.exe

windows7-x64

8

fb4d816600...85.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    26s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28-12-2023 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fb4d81660045eb7432ade6adf20c3385.exe

  • Size

    200KB

  • MD5

    fb4d81660045eb7432ade6adf20c3385

  • SHA1

    2ef72289927b09778516474b194e78d43467cfda

  • SHA256

    5cd4ef16b0c4009cdc01d9d7c493c22008ca29834b3748582781297be4624f27

  • SHA512

    c7bbce9e476842a60d537ce3ecf76869627f334f2158c1891ef041e73d233f314a86e3071c9a221d1152e72bb6acdffe87d08a725a8f6f4078b52ec5c71de79e

  • SSDEEP

    6144:k50zTTCTee2f2cKpFynL/w6Nz40VCk0unquc6LdMjB:G0BKpUnTw6NziF

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb4d81660045eb7432ade6adf20c3385.exe
    "C:\Users\Admin\AppData\Local\Temp\fb4d81660045eb7432ade6adf20c3385.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1940
    • C:\Windows\SysWOW64\reg.exe
      reg delete "HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{E7CAADA6-66CA-ABC1-366A-E35E125B9CB8}" /f
      2⤵
        PID:1992
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\FB4D81~1.EXE > nul
        2⤵
          PID:3032

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads