Analysis
-
max time kernel
146s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
16-12-2024 06:21
General
-
Target
Fast Download.exe
-
Size
27KB
-
MD5
97d80681daef809909ac1b1e3b9898ba
-
SHA1
f0ecc4ef701ea6ff61290f6fd4407049cd904e60
-
SHA256
345d5d2759abd08a84c4c2e2a337a1babd02b5eda3921db1b83eb5d5f5ccc011
-
SHA512
f90bb8868612f5bc52c07cf90c4e62daf47ba3a3418fae3a82030bff449d62cd83ce185b22fdae632abdb661c8e3a725cc5fa5c44e47ca34f9ccbda6fafd21da
-
SSDEEP
384:YL1q6J1G4APO7l0j8YCYPPdR9MZAQk93vmhm7UMKmIEecKdbXTzm9bVhcaW6mr6s:mccEY6AZA/vMHTi9bD
Score
7/10
Malware Config
Signatures
-
Drops startup file 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Fast Download.exe"C:\Users\Admin\AppData\Local\Temp\Fast Download.exe"1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\attrib.exeattrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe"2⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Windows.exe"2⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB