Resubmissions

12-06-2024 18:38

240612-w98g1syhkk 7

12-06-2024 18:29

240612-w46fgayfjn 7

Analysis

  • max time kernel
    140s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 18:29

General

  • Target

    filezilla.exe

  • Size

    4.0MB

  • MD5

    79cef3c9de232d1f58f0e26292376584

  • SHA1

    2dd2ab98e8fcf5c720bf3618a3a0b84666ca191d

  • SHA256

    26d717e65101b0ccd5d491c406f76a216381410890508d3d154d5aa073698887

  • SHA512

    2378c3ea857cbf0ff8b14c7984a0237613533c7f6451bed1ba8e09aeb71ab4c35b7f37f7298259a67467d40925cad4a4e8baf556444215ab84ec9ea4856246c4

  • SSDEEP

    49152:o7BUd0rZmYl3zoN/SXsS9BsF91aVi5WgLli6RbJjwKwam6+I8qzPqS6RxC5UIcOM:gZE/cBstwjein2Vj8B

Score
7/10

Malware Config

Signatures

  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\filezilla.exe
    "C:\Users\Admin\AppData\Local\Temp\filezilla.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1796-38-0x000007FEF6C50000-0x000007FEF6CEE000-memory.dmp

    Filesize

    632KB

  • memory/1796-42-0x000007FEF58C0000-0x000007FEF5AD3000-memory.dmp

    Filesize

    2.1MB

  • memory/1796-37-0x000000011FFF0000-0x00000001203FE000-memory.dmp

    Filesize

    4.1MB

  • memory/1796-53-0x000007FEF4E00000-0x000007FEF4E40000-memory.dmp

    Filesize

    256KB

  • memory/1796-54-0x0000000066380000-0x00000000664BB000-memory.dmp

    Filesize

    1.2MB

  • memory/1796-52-0x000007FEF4E40000-0x000007FEF4EFA000-memory.dmp

    Filesize

    744KB

  • memory/1796-51-0x0000000074780000-0x00000000747BF000-memory.dmp

    Filesize

    252KB

  • memory/1796-50-0x000007FEF4F60000-0x000007FEF5461000-memory.dmp

    Filesize

    5.0MB

  • memory/1796-49-0x000007FEF5470000-0x000007FEF54F2000-memory.dmp

    Filesize

    520KB

  • memory/1796-48-0x00000000747C0000-0x00000000747E9000-memory.dmp

    Filesize

    164KB

  • memory/1796-47-0x000007FEF5500000-0x000007FEF56C4000-memory.dmp

    Filesize

    1.8MB

  • memory/1796-46-0x000007FEF56D0000-0x000007FEF58B7000-memory.dmp

    Filesize

    1.9MB

  • memory/1796-45-0x000007FEFA230000-0x000007FEFA251000-memory.dmp

    Filesize

    132KB

  • memory/1796-44-0x000007FEF5FB0000-0x000007FEF6005000-memory.dmp

    Filesize

    340KB

  • memory/1796-43-0x000007FEF7A20000-0x000007FEF7A69000-memory.dmp

    Filesize

    292KB

  • memory/1796-41-0x000007FEF6010000-0x000007FEF60B4000-memory.dmp

    Filesize

    656KB

  • memory/1796-40-0x000007FEF6B60000-0x000007FEF6C4F000-memory.dmp

    Filesize

    956KB

  • memory/1796-39-0x000007FEF5AE0000-0x000007FEF5C3D000-memory.dmp

    Filesize

    1.4MB

  • memory/1796-66-0x000007FEF5500000-0x000007FEF56C4000-memory.dmp

    Filesize

    1.8MB