d00136f53e9a79326ca0f0979bdcad1492efb6216daa07a14939503c82cc9e8b

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
23/01/2024, 23:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

$APPDATA/fastwinutl/fastwinutl.exe
Size

251KB
MD5

e97796d9487db7cdc66b836704050fd4
SHA1

6e25bca3dfeeab155082e25816117ecb3c15915c
SHA256

879ae79db4c74b9e216ed8efc262e6630a5de2588fca547ac6406c6cd4ede24b
SHA512

720b33ff0a6228fe1541ffd5e7cf146333bd21a93af82453550aed7cd28d396d4074df922a1243dfb5ee9ec048fc916ca508fdffecfcf8dd616a01395dc793e7
SSDEEP

6144:vmrhOQl5FbpiROMWQt5bCeY9D7Nby2h81p6nBoPSoTM:vmrhLtSO7QtTYtNe266nBqSoTM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2376	fastwinutl.exe

Loads dropped DLL 6 IoCs

pid	Process
2992	fastwinutl.exe
2744	rundll32.exe
2744	rundll32.exe
2744	rundll32.exe
2744	rundll32.exe
2744	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 2376	2992	fastwinutl.exe	28
PID 2992 wrote to memory of 2376	2992	fastwinutl.exe	28
PID 2992 wrote to memory of 2376	2992	fastwinutl.exe	28
PID 2992 wrote to memory of 2376	2992	fastwinutl.exe	28
PID 2376 wrote to memory of 2744	2376	fastwinutl.exe	29
PID 2376 wrote to memory of 2744	2376	fastwinutl.exe	29
PID 2376 wrote to memory of 2744	2376	fastwinutl.exe	29
PID 2376 wrote to memory of 2744	2376	fastwinutl.exe	29
PID 2376 wrote to memory of 2744	2376	fastwinutl.exe	29
PID 2376 wrote to memory of 2744	2376	fastwinutl.exe	29
PID 2376 wrote to memory of 2744	2376	fastwinutl.exe	29

C:\Users\Admin\AppData\Local\Temp\$APPDATA\fastwinutl\fastwinutl.exe
"C:\Users\Admin\AppData\Local\Temp\$APPDATA\fastwinutl\fastwinutl.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Users\Admin\AppData\Roaming\fastwinutl\fastwinutl.exe
  C:\Users\Admin\AppData\Roaming\fastwinutl\fastwinutl.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2376
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Roaming\FASTWI~1\FASTWI~1.DLL 000
    3⤵
    - Loads dropped DLL
    PID:2744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\FASTWI~1\FASTWI~1.DLL

Filesize
240KB

MD5
fb955e4d9848b983432207a85f44e4e6

SHA1
619ff8ef8bb036c03f9ef827e73aaf735caaa518

SHA256
99e51aa3af8834cb7ecec5109516b7cd4f6a0706c40ec9f23a6b30a9d79aee6a

SHA512
577aa6e523fafa0bbfbb5842dd5ffa659b73a976e837e5d38c4cd52013fcc6448e82d734309b47af74c0be93767c461ece2600d9a0cdb7ce43012f16935bf36d

Download Submit
C:\Users\Admin\AppData\Roaming\fastwinutl\fastwinutl.exe

Filesize
72KB

MD5
3454dd4b845ede351d9455df28512128

SHA1
d3f634aa39529ea726331f92ddb5c55f4fca9ef3

SHA256
b5fe6fb0777bfedb71ca149e9e03d3371ffda3b8818a5b30c40488a6baf34a9b

SHA512
c6d28dab01339caaf6ab70c78d3449ecacb53ab74869f495c6487ee88129b857f9170c747cece13e6640dd6df0dc986def64f2c650a6a7aefca43a70f84b069f

Download Submit
\Users\Admin\AppData\Roaming\FASTWI~1\hnnkinossggbmb.dll

Filesize
160KB

MD5
9a422a0a2e213225702ecb3c43836af6

SHA1
68c617226565379e135fc6597f9ee04e9292fa87

SHA256
fc8636f3dd9da67eee08b1e598384715dc21fda681ec4f6a31e76e2a5bad79e2

SHA512
d68d94fb0dd6de1b075fbf313da46569ee9c2ff4d4448784f5fbda16cc75fa2a8a5f6192b10e7b96a375f34abea674aac17386bd5f96b7548a4530c6dd0c5e50

Download Submit
\Users\Admin\AppData\Roaming\fastwinutl\fastwinutl.exe

Filesize
221KB

MD5
64017405a48b3ccdfa0142bde9dddd83

SHA1
cc761cc5831bcd6303eb30c2a02a184a947a94db

SHA256
e9968cfa3b8fbb73f567cdc292f05994ce42823f7728b1f35046e6c998678ee3

SHA512
81dcb05f9413b8d59a12413c61dbad0cd17c7c6823ec5613cc57e4199f03a732f76a069e6f0d787faad0dc9276719adf2fc7989a22a1cc55d9e295b36d6e675c

Download Submit
memory/2376-11-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2376-10-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2744-19-0x0000000010000000-0x0000000010045000-memory.dmp

Filesize
276KB

Download
memory/2744-29-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2744-14-0x0000000010000000-0x0000000010045000-memory.dmp

Filesize
276KB

Download
memory/2744-18-0x0000000010000000-0x0000000010045000-memory.dmp

Filesize
276KB

Download
memory/2744-32-0x0000000000100000-0x000000000012A000-memory.dmp

Filesize
168KB

Download
memory/2744-20-0x0000000010000000-0x0000000010045000-memory.dmp

Filesize
276KB

Download
memory/2744-21-0x0000000010000000-0x0000000010045000-memory.dmp

Filesize
276KB

Download
memory/2744-31-0x0000000010000000-0x0000000010045000-memory.dmp

Filesize
276KB

Download
memory/2744-27-0x0000000000100000-0x000000000012A000-memory.dmp

Filesize
168KB

Download
memory/2744-26-0x0000000000100000-0x000000000012A000-memory.dmp

Filesize
168KB

Download
memory/2744-28-0x0000000000100000-0x000000000012A000-memory.dmp

Filesize
168KB

Download
memory/2744-30-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2992-0-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2992-1-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2992-6-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads