Overview

overview

7

Static

static

3

FabFilter ...d).exe

windows7-x64

7

FabFilter ...d).exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-01-2024 20:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FabFilter - Total Bundle (Pre-Patched).exe

  • Size

    35.7MB

  • MD5

    b6eb4552608d2d391a112d9f7678e73f

  • SHA1

    3d6644ac84c0cb1ec17597501dab1ae585e372b3

  • SHA256

    81111a85eca803f5f432a210d4f9adb3f140e57eea3cbe1374a17111792a596d

  • SHA512

    03aab4ae48799f21be9362e6ea6cdac00ca3a1c4fc49108e318a7e12a25ed786898fafc92c12f0b3eb81ba92aeaf510b97fe83d17c1bec357572f76f2b822a4c

  • SSDEEP

    786432:sNtW0zOslXqLKs4vL8tbO1iiCkUHDE8zwNoS/:sXb7gZ4AdO1iiX6DEhT/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FabFilter - Total Bundle (Pre-Patched).exe
    "C:\Users\Admin\AppData\Local\Temp\FabFilter - Total Bundle (Pre-Patched).exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4580
    • C:\Users\Admin\AppData\Local\Temp\is-K1MDV.tmp\FabFilter - Total Bundle (Pre-Patched).tmp
      "C:\Users\Admin\AppData\Local\Temp\is-K1MDV.tmp\FabFilter - Total Bundle (Pre-Patched).tmp" /SL5="$501DA,36419687,1187328,C:\Users\Admin\AppData\Local\Temp\FabFilter - Total Bundle (Pre-Patched).exe"
      2⤵
      • Executes dropped EXE
      PID:3652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-K1MDV.tmp\FabFilter - Total Bundle (Pre-Patched).tmp
    Filesize

    3.4MB

    MD5

    0c434412f378948c1fad963b4816d535

    SHA1

    8e4e847ac78910804f7a4d23aca3e816d68e340b

    SHA256

    1d65a564f6c75b35c7fcb98fe9bee4c73579def130fe3be9ce11c43f7cc2c71e

    SHA512

    d3c0877eaa05534e92f49364651aab67932594e8bdcb302dbb3bd81dcc386a32bfbe5c3600cfeda7f1949a8eb6b82b9f65b2606d8f1fcdc3ff9edc60cd1239be

    Download Submit

  • memory/3652-5-0x0000000002770000-0x0000000002771000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3652-8-0x0000000000400000-0x000000000076A000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/3652-11-0x0000000002770000-0x0000000002771000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4580-0-0x0000000000400000-0x000000000052F000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4580-7-0x0000000000400000-0x000000000052F000-memory.dmp

    Filesize

    1.2MB

    Download