Analysis
-
max time kernel
96s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
08-10-2024 13:35
General
-
Target
fcf632af143e88dfba5e9256d0fb238eb314b0d20e63141cb659ed7ad001cbb4.exe
-
Size
1.6MB
-
MD5
3364dc2488f8444000a9da4c6d999fc4
-
SHA1
19cf9bd0f6976d75f7738ec74d2b326edee5bdde
-
SHA256
fcf632af143e88dfba5e9256d0fb238eb314b0d20e63141cb659ed7ad001cbb4
-
SHA512
24778076f2e3fbd0ab39675bab98bd7da9feaa08e276d720da2fca252377ceb2c7b1da1b9c3b862e2acbea9b6e0c29e77e093c9cff366055d894a969545ea921
-
SSDEEP
49152:AAodtaG9kS2U84B+FLan9k5TRM9zlcVj7vdLJ7t:A/B18P7t
Malware Config
Extracted
formbook
4.1
md02
onsen1508.com
partymaxclubmen36.click
texasshelvingwarehouse.com
tiantiying.com
taxcredits-pr.com
33mgbet.com
equipoleiremnacional.com
andrewghita.com
zbbnp.xyz
englandbreaking.com
a1b5v.xyz
vizamag.com
h0lg3.rest
ux-design-courses-17184.bond
of84.top
qqkartel88v1.com
avalynkate.com
cpuk-finance.com
yeslabs.xyz
webuyandsellpa.com
Signatures
-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of UnmapMainImage 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fcf632af143e88dfba5e9256d0fb238eb314b0d20e63141cb659ed7ad001cbb4.exe"C:\Users\Admin\AppData\Local\Temp\fcf632af143e88dfba5e9256d0fb238eb314b0d20e63141cb659ed7ad001cbb4.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe"2⤵
- Suspicious use of UnmapMainImage
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 203⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5020 -ip 50201⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
188KB