95a32d9975a8aedb0a2f9b6e11249a5e20163c7088a228f9b034fe02e17b8289

Analysis

max time kernel
186s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02/01/2024, 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2782bcf6afd7aed4919a9b435c92bf8b.exe
Size

410KB
MD5

2782bcf6afd7aed4919a9b435c92bf8b
SHA1

f3364e83a613458bb022c4c5a7fe1f0c6eb51621
SHA256

95a32d9975a8aedb0a2f9b6e11249a5e20163c7088a228f9b034fe02e17b8289
SHA512

21d2f1e3852a4b66fb73b32e53d9b59fda9aec65998dcf33a502939432bfa63a2d88db9b697630e16079f46b95b9c3f8c8f15f6856814e6077422af7d9b62737
SSDEEP

12288:CxIK9V14ImyHY155cfoFEu4iZ+2bNCNYUoXEG8m8jrIiG55x2eupA/hVBCk94NuX:CJEyYlas5F1qR7rPRm

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4684	fenat.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows® Operating System = "C:\\ProgramData\\fenat.exe"	fenat.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 4684	1276	2782bcf6afd7aed4919a9b435c92bf8b.exe	90
PID 1276 wrote to memory of 4684	1276	2782bcf6afd7aed4919a9b435c92bf8b.exe	90
PID 1276 wrote to memory of 4684	1276	2782bcf6afd7aed4919a9b435c92bf8b.exe	90

C:\Users\Admin\AppData\Local\Temp\2782bcf6afd7aed4919a9b435c92bf8b.exe
"C:\Users\Admin\AppData\Local\Temp\2782bcf6afd7aed4919a9b435c92bf8b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1276
- C:\ProgramData\fenat.exe
  "C:\ProgramData\fenat.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:4684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\DumpStack.log.tmp .exe

Filesize
410KB

MD5
a3bbbce59edc2a10953af2832666cc59

SHA1
710861a241e8c76e4cdfea205672d4c1312b5837

SHA256
974a75e9943ad223e4ad4466818a4426b1d873c709e979045305540f3228a5bb

SHA512
5b8fe7e5753cbfa656555bb56373a7dbd5902e92b9d01f208f95ec941eba1263778126a5d97f6e6794794fb7604c439dc5825ec317f69138e8f2bbcbcc496035

Download Submit
C:\ProgramData\Saaaalamm\Mira.h

Filesize
150KB

MD5
a52d6cb53c4c31e9f5ad53a356adf9dd

SHA1
4e9b2d208dc3c3a6e23decb0a7d7381c73f7b101

SHA256
f6bc441488529eadccfef115d11fa10c5cb8cb125b6c08c52a2bbc144bd4f7d8

SHA512
6d86153ffb8c803092d4fe30f1df1371657023eb10fd56dfeca684ff13a3222f64b11592576d3990f14cf915987a3372cf89774f811ef33dbd5f1b7db5ba681b

Download Submit
C:\ProgramData\fenat.exe

Filesize
260KB

MD5
d5b72abf243270ad735fa8ad6fd5b94e

SHA1
00fe5a9601fb84c8e6d11990ec4c83ddc6f6aab9

SHA256
48525342cc6d03370ceaf3e95b199cc92e5cf9899805f15c072c3e2971b71b06

SHA512
15bce429dfeabf7cee803a09dd1081b49a8f4690752f7e07e67ef6ef3cd55433bfc0914dd7e4709c4dc67664853cf863cae6657fc06cbacfa935689907b4f7b8

Download Submit
memory/1276-0-0x0000000000400000-0x000000000047C000-memory.dmp

Filesize
496KB

Download
memory/1276-1-0x0000000000400000-0x000000000047C000-memory.dmp

Filesize
496KB

Download
memory/1276-9-0x0000000000400000-0x000000000047C000-memory.dmp

Filesize
496KB

Download
memory/4684-130-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/4684-161-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/4684-250-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads