Analysis

  • max time kernel
    140s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 14:41

General

  • Target

    filezilla.exe

  • Size

    4.0MB

  • MD5

    79cef3c9de232d1f58f0e26292376584

  • SHA1

    2dd2ab98e8fcf5c720bf3618a3a0b84666ca191d

  • SHA256

    26d717e65101b0ccd5d491c406f76a216381410890508d3d154d5aa073698887

  • SHA512

    2378c3ea857cbf0ff8b14c7984a0237613533c7f6451bed1ba8e09aeb71ab4c35b7f37f7298259a67467d40925cad4a4e8baf556444215ab84ec9ea4856246c4

  • SSDEEP

    49152:o7BUd0rZmYl3zoN/SXsS9BsF91aVi5WgLli6RbJjwKwam6+I8qzPqS6RxC5UIcOM:gZE/cBstwjein2Vj8B

Score
7/10

Malware Config

Signatures

  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\filezilla.exe
    "C:\Users\Admin\AppData\Local\Temp\filezilla.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1244

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1244-38-0x000007FEF6E20000-0x000007FEF6EBE000-memory.dmp

    Filesize

    632KB

  • memory/1244-46-0x000007FEF5DD0000-0x000007FEF5FB7000-memory.dmp

    Filesize

    1.9MB

  • memory/1244-45-0x000007FEF7930000-0x000007FEF7951000-memory.dmp

    Filesize

    132KB

  • memory/1244-44-0x000007FEF6880000-0x000007FEF68D5000-memory.dmp

    Filesize

    340KB

  • memory/1244-43-0x000007FEF78C0000-0x000007FEF7909000-memory.dmp

    Filesize

    292KB

  • memory/1244-42-0x000007FEF5FC0000-0x000007FEF61D3000-memory.dmp

    Filesize

    2.1MB

  • memory/1244-41-0x000007FEF6710000-0x000007FEF67B4000-memory.dmp

    Filesize

    656KB

  • memory/1244-40-0x000007FEF6D30000-0x000007FEF6E1F000-memory.dmp

    Filesize

    956KB

  • memory/1244-39-0x000007FEF61E0000-0x000007FEF633D000-memory.dmp

    Filesize

    1.4MB

  • memory/1244-37-0x000000011F540000-0x000000011F94E000-memory.dmp

    Filesize

    4.1MB

  • memory/1244-54-0x0000000066380000-0x00000000664BB000-memory.dmp

    Filesize

    1.2MB

  • memory/1244-53-0x000007FEF5560000-0x000007FEF55A0000-memory.dmp

    Filesize

    256KB

  • memory/1244-52-0x000007FEF55A0000-0x000007FEF565A000-memory.dmp

    Filesize

    744KB

  • memory/1244-51-0x0000000075030000-0x000000007506F000-memory.dmp

    Filesize

    252KB

  • memory/1244-50-0x000007FEF5660000-0x000007FEF5B61000-memory.dmp

    Filesize

    5.0MB

  • memory/1244-49-0x000007FEF5B70000-0x000007FEF5BF2000-memory.dmp

    Filesize

    520KB

  • memory/1244-48-0x0000000075070000-0x0000000075099000-memory.dmp

    Filesize

    164KB

  • memory/1244-47-0x000007FEF5C00000-0x000007FEF5DC4000-memory.dmp

    Filesize

    1.8MB

  • memory/1244-66-0x000007FEF5C00000-0x000007FEF5DC4000-memory.dmp

    Filesize

    1.8MB