Overview

overview

10

Static

static

3

FieroHack.exe

windows7-x64

7

FieroHack.exe

windows10-2004-x64

10

#/LoadeSirus.exe

windows7-x64

#/LoadeSirus.exe

windows10-2004-x64

Analysis

  • max time kernel
    117s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-04-2024 14:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FieroHack.exe

  • Size

    676.2MB

  • MD5

    76a3bd6e846f46f5e8b6c7b2f0d29c57

  • SHA1

    cb78a890bdfdb2f499e3d734f9caa0153bf9add0

  • SHA256

    d41b139970b0bab5449bc61bf9d79cd0287e04a7267d19df87dc7b295718cdcf

  • SHA512

    791f68758768373950df5e4dc77385e1f84fa0ac001846b5d4baeb7e330a03bc1b62048c17cfe5f2818b5b8fc06ab5b9c7d3e3b856498be7f11c05db2dd4bf6d

  • SSDEEP

    196608:OY9faXEN+pIePaH5Yl38xc0l6zedTuSkM0da2o:OY+EN+KeyHm6B6z4TuSk5M2o

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 7 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FieroHack.exe
    "C:\Users\Admin\AppData\Local\Temp\FieroHack.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Users\Admin\AppData\Roaming\Sirus.exe
      C:\Users\Admin\AppData\Roaming\Sirus.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      PID:2548
    • C:\Users\Admin\AppData\Roaming\LoadeSirus.exe
      C:\Users\Admin\AppData\Roaming\LoadeSirus.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2256
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 48
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:2580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\LoadeSirus.exe
    Filesize

    221.9MB

    MD5

    ca04ca9362cb25e2da9e13c264e48412

    SHA1

    510bb1042c5e07634d2ad30ea4f3c05d3c5cb760

    SHA256

    310c10fb8b5e02c83dd21081f6f9484658a6e7b82012bd8bef5a56afb6ce427d

    SHA512

    1bd35b1e1fd567a13fdcacb728318f1e02bf401024553b5beb91a3f794837744495b43c196ea27f1075a2058e69c9344afd9ad0ea695e747c15aed23cd8954ad

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Sirus.exe
    Filesize

    226.5MB

    MD5

    9eb0407f94ec581ac7320a024cbcdaec

    SHA1

    6ca9de0c74e0f796fe81b6c5dcaea9450670e0e3

    SHA256

    ec40088099cdcb73287b5ddc1033b06b6807fbbb0baf2ec2de8c5e2b25e9d9e6

    SHA512

    a617372a8f1ec6d7d4bc7d434dff99a31a4fd7c671e93d734ee31a3352138ad98d985b6075ece3ae38f3c6fd30aa9fed83e5eb46855c188c45035e502ef4ef4a

    Download Submit

  • \Users\Admin\AppData\Roaming\LoadeSirus.exe
    Filesize

    216.8MB

    MD5

    f45a85f7e56fb4a21875ae3bceb9068c

    SHA1

    ddd9913babac77179a6d16433c9f21c886b297fc

    SHA256

    f14f853e44b915cef89ea4493aec4e94f06228d253825cdedee5e988c7d43c83

    SHA512

    da2321bec45f87404ac0e858ebb4f9ab1166726cdecba7116a4b9feaba904fbac051993bb4737ce8f175427e9ef7d42bcc924f096ceed0971b82d7eec71843a6

    Download Submit

  • \Users\Admin\AppData\Roaming\LoadeSirus.exe
    Filesize

    217.4MB

    MD5

    d78620571ddd4c56839301d2167a42a9

    SHA1

    ee3a5c36ea244afd1df0be5b02dff26b3ba4a55a

    SHA256

    35bdbd7507f80b95a02e294e2fbe825c9224960f80ff4726e92b1f0b8b7280b3

    SHA512

    1c9ca96bd549b7afa0ed82ac69861258baf48708744f59ddd0f58e84fa847df3921228fc91fc78f4de50b6e96c4dd0cdd2d146bf3deadc71ebdbd8315e27a377

    Download Submit

  • \Users\Admin\AppData\Roaming\LoadeSirus.exe
    Filesize

    215.5MB

    MD5

    a0ea62dd51d0816c2bacb07619dfbfd2

    SHA1

    35e96c43e67751ec2e3e4aa34378e3a5b5d02702

    SHA256

    4615366ab7fc6c0ad35fc7299ee7740c44e5eb514e949934b17c563d1c299a5c

    SHA512

    735eb15d63734aad7c5e3d9b1c6753b8faeab6293da21a51032a4012b85ffb0c266834498457c5ad8d839e905d1781bd3974dc911bf6bd02de77d20692918763

    Download Submit

  • \Users\Admin\AppData\Roaming\LoadeSirus.exe
    Filesize

    219.8MB

    MD5

    ada79ac283ef8362080cfcabce1ac276

    SHA1

    48b1961348227647d7bb5e5dfdc27ff69bb34f11

    SHA256

    11fce475ce9da8cc209b824c01aea0c6857cdf1cbd00a7dc6efc6a6b69d879d6

    SHA512

    920d6726ffe86e23e46c448ecf6c5c82b41eb08bd6216853171ac7e85523a9481fb5a424c4e4f3fbdb240f1201c5038cca2b44012df0d27b941c12444c91e284

    Download Submit

  • \Users\Admin\AppData\Roaming\LoadeSirus.exe
    Filesize

    218.0MB

    MD5

    e5361ab45580db6f8d2ec5dce13e32ea

    SHA1

    2028b91b95bcae7097917b8cd054e65987f5f428

    SHA256

    f68b98e26887cdd9477c910068c4b618921134bd27f8de263da05b1501320d70

    SHA512

    a0d3efa634a89eb1efda62eb37a86dc8f3f7790139afb04b0c1de0b8987c23fb469dae04a5ec428be17a005c5ba4e714c3b8e8203e5d3b2d23bc10c899e0475c

    Download Submit

  • \Users\Admin\AppData\Roaming\Sirus.exe
    Filesize

    172.0MB

    MD5

    644dc0cd1271672d8caf03a8716b3848

    SHA1

    d674a106462d89c4eebf433d5ee1d86889cbb080

    SHA256

    e084485dc1b52046cf1a53e0d9ead43815e3ba78e075db8301b89f04d9ad5278

    SHA512

    155feaf04767e79baae68323711d96435871394ef50df150592d2cc7d588a5f821d10b2de95a55b74b731aa3eb6637a39b0915e044d15f4a99dc4bb1e9e29727

    Download Submit

  • \Users\Admin\AppData\Roaming\Sirus.exe
    Filesize

    166.3MB

    MD5

    c36d8fd3d37ba7b4eeaf89af3000e9db

    SHA1

    df07fdc2ed3093e9fe7c375251e639955ba8bcdb

    SHA256

    6d7b7d7b2642e76aa4f25ab9310cb6d9a95cead740683d4e5bdeaa7df3acd264

    SHA512

    d3678fa4b444b0e07462544c79adb91b46ffbf055bd02bf86edb39a8dfd33678bbe754de17251912d2089542c5e15ee6ac9e35191fd5f501bf3fdac54d51e738

    Download Submit

  • memory/2256-30-0x0000000000820000-0x000000000094D000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2548-15-0x00000000001D0000-0x0000000000215000-memory.dmp

    Filesize

    276KB

    Download

  • memory/2548-19-0x000007FEFDA10000-0x000007FEFDA7C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2548-20-0x000000013F7C0000-0x0000000140404000-memory.dmp

    Filesize

    12.3MB

    Download

  • memory/2548-21-0x0000000077A00000-0x0000000077BA9000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2548-24-0x000007FEFF770000-0x000007FEFF80F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2548-14-0x000000013F7C0000-0x0000000140404000-memory.dmp

    Filesize

    12.3MB

    Download

  • memory/2548-13-0x000000013F7C0000-0x0000000140404000-memory.dmp

    Filesize

    12.3MB

    Download

  • memory/2548-29-0x00000000001D0000-0x0000000000215000-memory.dmp

    Filesize

    276KB

    Download

  • memory/2548-9-0x000000013F7C0000-0x0000000140404000-memory.dmp

    Filesize

    12.3MB

    Download

  • memory/2548-11-0x00000000001D0000-0x0000000000215000-memory.dmp

    Filesize

    276KB

    Download

  • memory/2548-7-0x000000013F7C0000-0x0000000140404000-memory.dmp

    Filesize

    12.3MB

    Download

  • memory/3012-10-0x00000000023E0000-0x0000000003024000-memory.dmp

    Filesize

    12.3MB

    Download

  • memory/3012-8-0x00000000023E0000-0x0000000003024000-memory.dmp

    Filesize

    12.3MB

    Download