Analysis
-
max time kernel
155s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
07/01/2024, 19:37
Static task
static1
Behavioral task
behavioral1
Sample
FREE_INTERNET_TV_V3_8_0_0_V3_patch_by_FUTURiTY.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
FREE_INTERNET_TV_V3_8_0_0_V3_patch_by_FUTURiTY.exe
Resource
win10v2004-20231215-en
General
-
Target
FREE_INTERNET_TV_V3_8_0_0_V3_patch_by_FUTURiTY.exe
-
Size
202KB
-
MD5
6844009e77c318557b56321ef774e997
-
SHA1
081dec0183da2e2bff23a677e33f432830bc6544
-
SHA256
7303b66f166c3986b0559091eeae3ca799493362e6ed7b2522c00a209faa4d87
-
SHA512
c595dee2821c479f11fedec5ee858e488f85709405bcd4cdb4c42e96da9975b667fb2aef4e3623ced7495de0c42c9b6950793c3125f6d9fead9bfee079bb3bc5
-
SSDEEP
6144:4ZJyuMNTL2Nt+gvuIwC3bPuxpagWcR8fyT:4wV5iX+gvB3y/agxYyT
Malware Config
Signatures
-
Unexpected DNS network traffic destination 2 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 83.133.123.20 Destination IP 83.133.123.20 -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 5072 FREE_INTERNET_TV_V3_8_0_0_V3_patch_by_FUTURiTY.exe 5072 FREE_INTERNET_TV_V3_8_0_0_V3_patch_by_FUTURiTY.exe 5072 FREE_INTERNET_TV_V3_8_0_0_V3_patch_by_FUTURiTY.exe 5072 FREE_INTERNET_TV_V3_8_0_0_V3_patch_by_FUTURiTY.exe 5072 FREE_INTERNET_TV_V3_8_0_0_V3_patch_by_FUTURiTY.exe 5072 FREE_INTERNET_TV_V3_8_0_0_V3_patch_by_FUTURiTY.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 5072 FREE_INTERNET_TV_V3_8_0_0_V3_patch_by_FUTURiTY.exe Token: SeDebugPrivilege 5072 FREE_INTERNET_TV_V3_8_0_0_V3_patch_by_FUTURiTY.exe Token: SeDebugPrivilege 5072 FREE_INTERNET_TV_V3_8_0_0_V3_patch_by_FUTURiTY.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 3500 Explorer.EXE -
Suspicious use of WriteProcessMemory 1 IoCs
description pid Process procid_target PID 5072 wrote to memory of 3500 5072 FREE_INTERNET_TV_V3_8_0_0_V3_patch_by_FUTURiTY.exe 61
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
- Suspicious use of UnmapMainImage
PID:3500 -
C:\Users\Admin\AppData\Local\Temp\FREE_INTERNET_TV_V3_8_0_0_V3_patch_by_FUTURiTY.exe"C:\Users\Admin\AppData\Local\Temp\FREE_INTERNET_TV_V3_8_0_0_V3_patch_by_FUTURiTY.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5072
-