Overview

overview

10

Static

static

3

md2_2efs.exe

windows7-x64

10

md2_2efs.exe

windows10-1703-x64

10

md2_2efs.exe

windows10-2004-x64

10

md2_2efs.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    90s
  • max time network
    122s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13-07-2024 23:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    md2_2efs.exe

  • Size

    1.4MB

  • MD5

    ffceece2e297cf5769a35bf387c310ef

  • SHA1

    2758f2f99b2b741e4c85d0808952cf1c0ca13be7

  • SHA256

    708542577a656b24962e07bfb4b958a57a7e916475bd99beaed79f91c71504f3

  • SHA512

    ecd0de3eb036d6fe62a08b84dd16a533ab3f0310877d17e998be9fa5c503ce647f9a0db8fe7d44caef298a92681ffc8ded7818a88fe0c67ef2d879f8a53fcb5f

  • SSDEEP

    24576:ZEl3CiZjrmmDzA+uWtcqa4J1Fy529Esn9bsO4nTb3sKnhrwvQYV:GD2mQWcqnbsjf39hrwvQYV

Score
10/10
ffdroiderevasionspywarestealertrojan

Malware Config

Signatures

  • FFDroider

    Stealer targeting social media platform users first seen in April 2022.

    stealerffdroider
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\md2_2efs.exe
    "C:\Users\Admin\AppData\Local\Temp\md2_2efs.exe"
    1⤵
    • Checks whether UAC is enabled
    • Suspicious use of AdjustPrivilegeToken
    PID:3560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\d
    Filesize

    14.0MB

    MD5

    b884ca817826bd71802209670a4d16cf

    SHA1

    7483caa8e75fef281131b7fee3bcec158e1cb8a2

    SHA256

    1873ef2e4215009f28b272d1330fd29f5e99246318cfc4b60a0ee4ad8d6baa43

    SHA512

    1809afd974f420e4de78091286d38645563fe3f702a7bae7ae119715d648dc1b380e117f4009c70e09f0a71e9053cbb10ac4090405bb0bd00226b61e09614b7b

    Download Submit

  • memory/3560-28-0x00000000056A0000-0x00000000056A8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3560-20-0x0000000004F80000-0x0000000004F88000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3560-30-0x0000000005410000-0x0000000005418000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3560-35-0x0000000004FA0000-0x0000000004FA8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3560-23-0x0000000005060000-0x0000000005068000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3560-26-0x00000000051A0000-0x00000000051A8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3560-27-0x0000000005300000-0x0000000005308000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3560-0-0x0000000000B60000-0x0000000000CD4000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3560-95-0x0000000004E60000-0x0000000004E68000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3560-11-0x00000000044B0000-0x00000000044C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3560-21-0x0000000004FA0000-0x0000000004FA8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3560-39-0x0000000005410000-0x0000000005418000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3560-41-0x0000000005540000-0x0000000005548000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3560-46-0x0000000004FA0000-0x0000000004FA8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3560-50-0x0000000005540000-0x0000000005548000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3560-52-0x0000000005410000-0x0000000005418000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3560-3-0x00000000042F0000-0x0000000004300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3560-29-0x0000000005590000-0x0000000005598000-memory.dmp

    Filesize

    32KB

    Download