Overview

overview

10

Static

static

3

FATALITY c...TY.exe

windows7-x64

10

FATALITY c...TY.exe

windows10-2004-x64

10

FATALITY c...it.cfg

windows7-x64

3

FATALITY c...it.cfg

windows10-2004-x64

3

FATALITY c...ge.cfg

windows7-x64

3

FATALITY c...ge.cfg

windows10-2004-x64

3

FATALITY c...ck.pdb

windows7-x64

3

FATALITY c...ck.pdb

windows10-2004-x64

3

FATALITY c...or.dll

windows7-x64

1

FATALITY c...or.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    16-07-2024 10:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FATALITY crack/crack.pdb

  • Size

    175KB

  • MD5

    bba057869db12538db08489b52e24f8e

  • SHA1

    1f97afcdb8e6efdde576f8341b9db6e928c901e8

  • SHA256

    3f2ffba4d665d930671518bdf7ccd59e1d63c7c0ae568e98d7e379fc40c952d1

  • SHA512

    b4d793425ded065683ae9910545b00dea7b581bdebee6d543ceebb78e2d121e4447daa33a70f2e1066b676bffb04f9fa13fac7afdf5c2b23b05d33b4bb9a6469

  • SSDEEP

    768:Tdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd7:L

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\FATALITY crack\crack.pdb"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\FATALITY crack\crack.pdb
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2388
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\FATALITY crack\crack.pdb"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2916

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    46161282d3492ec1f7e559d6f2330e0c

    SHA1

    93426c9d5f892cd2b094f8efbb31aaeb4573a35b

    SHA256

    d29f1c4bcd421a7d0edc0d4e171bb67eba1ecf1d240dc29abbd0804fe395a4a2

    SHA512

    5f78746e8a177e1184ad74aa1be2a24bd7b87214bc6f268bb9b7d7b4db8013b50f86e323e9d16299b6321491e0140b20352dec50317b4c2bce9a0e0a6518aeae

    Download Submit