Overview

overview

10

Static

static

3

1b48e40cda...bb.exe

windows7-x64

10

1b48e40cda...bb.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 14:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1b48e40cda3744429f11e3674b9152bb.exe

  • Size

    96KB

  • MD5

    1b48e40cda3744429f11e3674b9152bb

  • SHA1

    e682c74470a646c3bd5722ba540959ac575f81a8

  • SHA256

    26a031938693f74ada748df448e7f7cc291f21b42b91262ea8cd6c28dc180967

  • SHA512

    671e2689149af37a8167749546379d5a161ed69d767000afd6751d874e92316f82477a3f6bbd0217e60c9b4b50cb88c8423a7f35c76890a256987902f63ce7e5

  • SSDEEP

    1536:kceSb998Q89H1UbLSLnxpwFJ0T72mocT:Bj4nIFJ0T72mBT

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b48e40cda3744429f11e3674b9152bb.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48e40cda3744429f11e3674b9152bb.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:948
    • C:\Users\Admin\foizat.exe
      "C:\Users\Admin\foizat.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2172

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\foizat.exe
          Filesize

          96KB

          MD5

          60de2884f2b7cc291e592b268bc0e2b1

          SHA1

          f31147525f2a2a4baa7ca77323a845735dfb0c02

          SHA256

          f3df8b327c816f1394ae2fe9e2df04ee9efad0ad2dba0d460342c86bec906b07

          SHA512

          e77c289fbea9060446dd2735dd80f7f846bd55493df63bf2e61fc05902cdb5f337cd39b196d823d9e4480081509185d8b7014b25437a8213255321911316b4c5

          Download Submit