Overview

overview

3

Static

static

3

fig.exe

windows7-x64

fig.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    36s
  • max time network
    37s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2024, 08:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fig.exe

  • Size

    2.7MB

  • MD5

    b17c95177329e1a944fc539c8e6d7af1

  • SHA1

    7d437c968b38c88dbdfe72e1e1f876fae49ef534

  • SHA256

    aec7f67dfb1a813c4acb5ad55b2e1a41d17c77f98a6a879b171fd258393b301f

  • SHA512

    380af2173328b58a29c192c6bad0ccfbde7f89dd7ecdfcdc13347b720c2e820cbac154c3a90ad4af595d24c85f9ff03b89e751d07deffc076d7df8b19d8c0f1b

  • SSDEEP

    49152:cB+9ma/ZZl0jIm69nnrJTsZ18//aLGhWq0G/DkkfHbzUJY34j8:cIAaBZI6FnrJTs38KqECqq3P

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 31 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fig.exe
    "C:\Users\Admin\AppData\Local\Temp\fig.exe"
    1⤵
      PID:1496
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4380
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3440
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4792
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:5044
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3888
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:5056
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4720
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:1796
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3344
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:2016
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:2696
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4812
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3416
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4236
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:5020
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4212
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4876
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4400
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:1300
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4264
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:1348
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3292
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4100
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3076
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:2524
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4352
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3920
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:2808
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:1872
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3440
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:1660
      • C:\Users\Admin\AppData\Local\Temp\fig.exe
        "C:\Users\Admin\AppData\Local\Temp\fig.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3396

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1496-0-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/1496-7-0x0000021BD23F0000-0x0000021BD246A000-memory.dmp

        Filesize

        488KB

        Download

      • memory/1496-8-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/1496-2-0x00007FF6A03EA000-0x00007FF6A0640000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/1496-13-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/1496-14-0x00007FF6A03EA000-0x00007FF6A0640000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/1796-107-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/1796-55-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/1796-72-0x000001EF82CD0000-0x000001EF82D4A000-memory.dmp

        Filesize

        488KB

        Download

      • memory/2016-58-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/2016-270-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/2016-138-0x000001EA8DA10000-0x000001EA8DA8A000-memory.dmp

        Filesize

        488KB

        Download

      • memory/2696-148-0x0000012AB1C90000-0x0000012AB1D0A000-memory.dmp

        Filesize

        488KB

        Download

      • memory/2696-261-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/3344-152-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/3344-105-0x000001E0260A0000-0x000001E02611A000-memory.dmp

        Filesize

        488KB

        Download

      • memory/3344-59-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/3416-266-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/3416-132-0x000001567F000000-0x000001567F07A000-memory.dmp

        Filesize

        488KB

        Download

      • memory/3440-28-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/3440-25-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/3440-22-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/3440-21-0x000001E6C64D0000-0x000001E6C654A000-memory.dmp

        Filesize

        488KB

        Download

      • memory/3440-15-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/3888-48-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/3888-65-0x0000026DB0EC0000-0x0000026DB0F3A000-memory.dmp

        Filesize

        488KB

        Download

      • memory/3888-97-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/4212-81-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/4212-211-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/4212-170-0x0000025C4D200000-0x0000025C4D27A000-memory.dmp

        Filesize

        488KB

        Download

      • memory/4236-149-0x000001B6B24C0000-0x000001B6B253A000-memory.dmp

        Filesize

        488KB

        Download

      • memory/4236-264-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/4264-355-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/4720-80-0x0000021BFEE40000-0x0000021BFEEBA000-memory.dmp

        Filesize

        488KB

        Download

      • memory/4720-111-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/4720-52-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/4792-29-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/4792-35-0x0000021C39AF0000-0x0000021C39B6A000-memory.dmp

        Filesize

        488KB

        Download

      • memory/4792-36-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/4792-41-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/4812-66-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/4812-268-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/4812-125-0x000001E5A0CA0000-0x000001E5A0D1A000-memory.dmp

        Filesize

        488KB

        Download

      • memory/4876-320-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/5020-120-0x00000209D6640000-0x00000209D66BA000-memory.dmp

        Filesize

        488KB

        Download

      • memory/5020-217-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/5044-42-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/5044-49-0x0000025536A60000-0x0000025536ADA000-memory.dmp

        Filesize

        488KB

        Download

      • memory/5044-57-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/5056-53-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/5056-110-0x00007FF6A0130000-0x00007FF6A0640056-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/5056-87-0x000001B73FF30000-0x000001B73FFAA000-memory.dmp

        Filesize

        488KB

        Download