Analysis

  • max time kernel
    15s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    16-08-2024 18:07

General

  • Target

    Fatality.exe

  • Size

    303KB

  • MD5

    c58de13d43a4505c3d560f02782e7772

  • SHA1

    1639355d610c3f8e0df698ab47835455a9687441

  • SHA256

    7b7ffe08ad313ab1c699624e2240ff43a23466becef02d4c2d6b992efd7ac1bc

  • SHA512

    4aab677344c2c07f95e5ed66aff445203a61b93ccbb31705757ed6bb37d58447cf294b87f1d8d5841f5a00c8ede742e3ab608319953166524774cffda35d7ac0

  • SSDEEP

    6144:0HcT6MDdbICydeByXDmEjmpPwsQ6LmA1D0RuM:0HKgDmEjmoDA1DTM

Malware Config

Extracted

Family

44caliber

C2

https://discordapp.com/api/webhooks/1271420596722602126/pddK9O-e2ezh4XTOXIuVC-VkRWZALv5GTMKGnWaVgpAmoiQ4OGECd3TQ5qCQ_5FFPItE

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\Fatality.exe
    "C:\Users\Admin\AppData\Local\Temp\Fatality.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:760
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 760 -s 1180
      2⤵
        PID:2904

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/760-0-0x000007FEF6003000-0x000007FEF6004000-memory.dmp

      Filesize

      4KB

    • memory/760-1-0x0000000000280000-0x00000000002D2000-memory.dmp

      Filesize

      328KB

    • memory/760-22-0x000007FEF6000000-0x000007FEF69EC000-memory.dmp

      Filesize

      9.9MB

    • memory/760-23-0x000007FEF6003000-0x000007FEF6004000-memory.dmp

      Filesize

      4KB

    • memory/760-24-0x000007FEF6000000-0x000007FEF69EC000-memory.dmp

      Filesize

      9.9MB