Overview

overview

7

Static

static

3

Backdoor.W...sh.exe

windows7-x64

7

Backdoor.W...sh.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/02/2024, 06:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Backdoor.Win32.Finfish.exe

  • Size

    6.0MB

  • MD5

    8ccf739275036c08c043e1b4485db1dc

  • SHA1

    8c72b7aa505fc4e44db0105ac76db1959f858cf3

  • SHA256

    7b2c047b655e818056339e5d33c5c1d922664757d79aea7216de3149a7fe543c

  • SHA512

    6df67f75eb6c67a3dd755d41e4528c899ac1bf9fd112bd31eb81cab6b9626d6b96896bc80196084b622250a15adddb23ea78bb6b910011bda005fa1147729343

  • SSDEEP

    98304:emhd1UryezoqQf9EgX2a0ctEsV7wQqZUha5jtSyZIUS:ely1h2aos2QbaZtlir

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Backdoor.Win32.Finfish.exe
    "C:\Users\Admin\AppData\Local\Temp\Backdoor.Win32.Finfish.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3644
    • C:\Users\Admin\AppData\Local\Temp\8378.tmp
      "C:\Users\Admin\AppData\Local\Temp\8378.tmp" --splashC:\Users\Admin\AppData\Local\Temp\Backdoor.Win32.Finfish.exe 4EE4C789694A7068DFFB7C698F78B291DB71AED9FCE8DB349143897B155BE6E56F717D6A73B9226EAF0D7152ACB8A48D4BDBFA788E331ED496239AA6C4ADDCC0
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8378.tmp
    Filesize

    6.0MB

    MD5

    a89b0c6ad8082ec6b60ecc3e09a2356e

    SHA1

    920feaead70b3a3a22dadbf26e2031504d6b9b03

    SHA256

    38154c3690ab1b5cb0199d6bef6bbfab22d24f72ec291b16e49f218ed9f469cd

    SHA512

    c5ec55d6c46094df2a9df6019341555661785f3c098340d9db621c3dadb58a31b7af5309487ddb234b904d88d17baf813780379fee4abf6ba3ffacb24837c0a7

    Download Submit

  • memory/3052-5-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/3644-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download