Overview

overview

10

Static

static

3

20240904f4...ia.exe

windows7-x64

7

20240904f4...ia.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04-09-2024 06:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    20240904f42c665fe99295ac8f4936d8488487f3mafia.exe

  • Size

    3.3MB

  • MD5

    f42c665fe99295ac8f4936d8488487f3

  • SHA1

    0f674cacdf78311e8f310d06b1c89869592e880f

  • SHA256

    c9acf95beda28648ae089190cc72ae88e4ccccd50d59e06740714fbbfc16f432

  • SHA512

    b8014dbf8944105f40491f05d39a8d2077b6d740d15917f797435230a03dceda22e0981de67d7e7500a050fadf1bd8405434606a35403755a5276e0c092206db

  • SSDEEP

    98304:eeSgJLDOQD6MV91/3/yRbNBqWUBLKVYqbS66puB:F9D1XaRBBqWUcbS66pu

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\20240904f42c665fe99295ac8f4936d8488487f3mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\20240904f42c665fe99295ac8f4936d8488487f3mafia.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\Program Files (x86)\Funshion\DySDKController.exe
      "C:\Program Files (x86)\Funshion\DySDKController.exe"
      2⤵
      • Executes dropped EXE
      PID:2896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Funshion\DyCrashRpt.dll
    Filesize

    142KB

    MD5

    f4e8f95ef1dc8ac0406511fb489d5aa3

    SHA1

    259d274b31c7fe8152a0cc9aa2966164fe1d4113

    SHA256

    237a17b9d328255a03bd00578d9e4b9643201c367db4de7ed3a0912ce6c362b8

    SHA512

    f38b12cd4c8c7c96d36d92237cd1ddc8120443247150c826f9b590b08068d1f450aebe874c3efbaba4b191e81b856af022b5dd81932f23daf4df7b426efb61cd

    Download Submit

  • \Program Files (x86)\Funshion\DySDKController.exe
    Filesize

    1.1MB

    MD5

    5441bc3e3ceb2162a65cbfb4b6e7acd3

    SHA1

    103a0ec0f23e90def158eff9be7f63f6ca9af420

    SHA256

    90fe10bb10fbc95285696423e0ba4bfc10f4dcb63ea8d94fe29871036e4859f6

    SHA512

    f76ae8e1e43223e1fa06e5911b06dc7b2b3d60e3758fc5201c4dbd8df601b59be11e65f42ffe43a5823a71aa1cc328c7a2f625ca50893b1101d73d59b13b4ed4

    Download Submit