Overview

overview

10

Static

static

10

2db173ba61...c7.exe

windows7-x64

9

2db173ba61...c7.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    54s
  • max time network
    52s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-04-2024 19:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2db173ba615bcf6a1b736ae42a203dd092a1a0eb0dc8084edfa70a20ba26e7c7.exe

  • Size

    245KB

  • MD5

    faeea45a5be4a41f064856ba7497fdbc

  • SHA1

    3dd86d26bd2b6bf8b3569ffabed5f7bebcb3bede

  • SHA256

    2db173ba615bcf6a1b736ae42a203dd092a1a0eb0dc8084edfa70a20ba26e7c7

  • SHA512

    d384442b331ee1aa3f8e8b5df3922a89c9af5440332cac23846c48b8b10865fae235e3eb0de4c2e3c57bcaa2976ce1831bdc1dca45bd525ba0c7325d440bee35

  • SSDEEP

    6144:bMJ7Ql7ADyVL0/InyhSlUdo+DwNsA5MSD4jT0:b67QODtIrwQ5OA

Score
9/10
persistence

Malware Config

Signatures

  • Detects executables built or packed with MPress PE compressor 2 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2db173ba615bcf6a1b736ae42a203dd092a1a0eb0dc8084edfa70a20ba26e7c7.exe
    "C:\Users\Admin\AppData\Local\Temp\2db173ba615bcf6a1b736ae42a203dd092a1a0eb0dc8084edfa70a20ba26e7c7.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4904
  • C:\PROGRA~3\Mozilla\fccarae.exe
    C:\PROGRA~3\Mozilla\fccarae.exe -cxdgtgc
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:3180

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Mozilla\fccarae.exe
    Filesize

    245KB

    MD5

    b70437bb801d98f3423ec8f2867850d3

    SHA1

    e1392a80b16a988da8257422ceeeb0bb4db6abd2

    SHA256

    1408c9de096de07855355d8e1310f90ff18af0917219ad8f0bb54557d8a09021

    SHA512

    d5ef63d1a7854bcfe6cad7ccafba8d2bee1d50cb97912c10b7cf6cd7e54d74dce95d5d18306927763ae532c918705116834fb0441c149d57420ed1734b3dcbf2

    Download Submit

  • memory/3180-6-0x0000000000400000-0x000000000045E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/3180-9-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/3180-7-0x0000000000CB0000-0x0000000000D0B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/3180-12-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/4904-0-0x0000000000400000-0x000000000045E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/4904-1-0x0000000000900000-0x000000000095B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/4904-2-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/4904-8-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download