Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
19-04-2024 17:55
Static task
static1
Behavioral task
behavioral1
Sample
FA Installer.bat
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
FA Installer.bat
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
FA Installer.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
FA Installer.bat
Resource
win11-20240412-en
General
-
Target
FA Installer.bat
-
Size
42KB
-
MD5
ac48f9875234a4e5649d152672903198
-
SHA1
6795362296194a79770a385a1a81efa89c6fe203
-
SHA256
e5f0efdb833e0b8ec06d88d13039ac9ab2b46a70a26a6c9c07868a79b8f11f62
-
SHA512
b5a8cf484eca8afde45a78b6768970a3ccd9f4731f4f9a227ac22e02cb3c9c158c8221c136fef191ce9967b2b4bc8c7f4aa6a4310e04dc5e3e5b8b7fc712df44
-
SSDEEP
768:lnwnjP9zogqnrT9AHuhUcKhnuxGTBmF5p8yJVS5LTf+iA0:FI89nf9tUc+nuxGIFwyKhTf+r0
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 2368 wrote to memory of 2184 2368 cmd.exe 29 PID 2368 wrote to memory of 2184 2368 cmd.exe 29 PID 2368 wrote to memory of 2184 2368 cmd.exe 29 PID 2368 wrote to memory of 2648 2368 cmd.exe 30 PID 2368 wrote to memory of 2648 2368 cmd.exe 30 PID 2368 wrote to memory of 2648 2368 cmd.exe 30 PID 2368 wrote to memory of 2612 2368 cmd.exe 31 PID 2368 wrote to memory of 2612 2368 cmd.exe 31 PID 2368 wrote to memory of 2612 2368 cmd.exe 31 PID 2368 wrote to memory of 1972 2368 cmd.exe 32 PID 2368 wrote to memory of 1972 2368 cmd.exe 32 PID 2368 wrote to memory of 1972 2368 cmd.exe 32
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\FA Installer.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:2368 -
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\FA_Antivira\FAinfo4.vbs"2⤵PID:2184
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\FA_Antivira\FAinfo3.vbs"2⤵PID:2648
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\FA_Antivira\FAinfo2.vbs"2⤵PID:2612
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\FA_Antivira\FAinfo1.vbs"2⤵PID:1972
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
84B
MD5fad7cd2a49837444cde4548abdf478b6
SHA1376a4ff6acc6ca44f2b660286633c5a31eddd764
SHA2569c08b7d014ab766305e4525478bf8a1bc2f8cbe4f04aedf38f7daa0660ba3cda
SHA512287223fdf6ec6347c37b51fc7913ab8931d1fe87c03fae93e1cf8bcacf1b4a2dc13605b08506a0299e5536fac5b02fc15ab387781b5b16873ea3c686daa81cc5
-
Filesize
87B
MD55a1fc5e5db483c5926a50ee931581cd9
SHA1419644277a92e109d4ce6739a0d5e2d0ba8f2d42
SHA2560f79e391fe889e01a6ef37619023af6672e98f1551753a10021efda8dee607ab
SHA5120351928a53a5586c560e8155d99eb1838c873cbc2b554ae25c6be1433cdae41cea7508b60c016e23e0d2687d99bcc96066bc72f15c1ffb922f348f81e044c240
-
Filesize
71B
MD5a61c87927d31edff281df2818dde924d
SHA1f076867cb0411e0c584f2f9052d4c1e550cd53b7
SHA2569220b169c1f0179caa92218990b05bc48cf75c9c36d4e45dd1c2b5f973910517
SHA512ce5c730e3dea3c9b1a565b02925ca95ee0c50abfe15a5a8a43c21b4cb7daedd1b582ebf264dba5d7dc3fad98e1014e0557a810baa111e83596ecd22fde8fc970
-
Filesize
97B
MD5d912098669bc85cc04cccf0248617120
SHA1a817741d0ce4427cf0a0fceb7ba483972789fc60
SHA256e044130f2e60f76a963f3e903af9d077f0ff1a8437d1c7d52ff42345e7e28422
SHA512578127a4aedf65bb415602b08c16c29724a874b35a40dce0e116b4bf6daf513e8a511f3aed2cee8756efd45ee9245a34381433abbef91ab3908859f47f013a48