Overview

overview

10

Static

static

10

fec.exe

windows7-x64

fec.exe

windows10-2004-x64

Analysis

  • max time kernel
    275s
  • max time network
    276s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    15-05-2024 23:13

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    fec.exe

  • Size

    13.6MB

  • MD5

    cb4827f8da72fcf72ac694571946125d

  • SHA1

    c6ff6a2a2656da0d98890d04b6e53fe991e85a2d

  • SHA256

    a6c979d23e9204f2537877778fb86c10b41c895a9a922d9a56dc6800a366df2e

  • SHA512

    b345da28a9f48c6233d23342dbd78c14d882ca7d69ff4d128913a1bb6e614985c636c7ae9cfc9933bc7df899a21e3e5a2f20bfa215cb6ba9df1c59c763168cb7

  • SSDEEP

    393216:iEkcqY4q1+TtIiF0Y9Z8D8Ccl6ln7E1PKksbuK+:ikD4q1QtILa8DZcIl7tkBK+

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fec.exe
    "C:\Users\Admin\AppData\Local\Temp\fec.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1392
    • C:\Users\Admin\AppData\Local\Temp\fec.exe
      "C:\Users\Admin\AppData\Local\Temp\fec.exe"
      2⤵
      • Loads dropped DLL
      PID:2520
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1240
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x174
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1876
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x0
      1⤵
        PID:2404
      • C:\Windows\system32\LogonUI.exe
        "LogonUI.exe" /flags:0x1
        1⤵
          PID:1988

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI13922\python312.dll
          Filesize

          6.6MB

          MD5

          3c388ce47c0d9117d2a50b3fa5ac981d

          SHA1

          038484ff7460d03d1d36c23f0de4874cbaea2c48

          SHA256

          c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

          SHA512

          e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

          Download Submit

        • memory/2404-145-0x0000000002D90000-0x0000000002D91000-memory.dmp

          Filesize

          4KB

          Download