e082c6d30278139fdab5a7ddddecbcbafad12ab4dff1d5a960d9704fe635c007

Resubmissions

09/03/2025, 14:14

250309-rj642ssps3 7

09/03/2025, 14:13

250309-rjnygaswfw 3

27/08/2024, 09:43

240827-lp8l6swdmr 10

Analysis

max time kernel
79s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2025, 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

F-Secure-Safe-Network-Installer.exe
Size

3.0MB
MD5

9c15aac2f31dd9e1e8d64cf8f04ea5d6
SHA1

aaeeb05a24f6e7ef77d46ba71794490afbc414ab
SHA256

e082c6d30278139fdab5a7ddddecbcbafad12ab4dff1d5a960d9704fe635c007
SHA512

0249416a9a1b526b887007704133166353fa97f9def8e57725092ee61f3bc0f5090238699c47733962495cd64550413acf25ff3086d1617e4440e9b6eba1a975
SSDEEP

49152:+zk68h1xr/Rq09zUWUus6qidDQjvBJVSq2UCur80qDt5OXqj:+I6Q/Rq09zUWUus6qidE80qDt5OXqj

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\Control Panel\International\Geo\Nation	F-Secure-Safe-Network-Installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4480	F-Secure-Safe-Network-Installer.exe

C:\Users\Admin\AppData\Local\Temp\F-Secure-Safe-Network-Installer.exe
"C:\Users\Admin\AppData\Local\Temp\F-Secure-Safe-Network-Installer.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:4480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\installer.exe

Filesize
109B

MD5
c8f3b4c59f6eddf6969166ce2850f876

SHA1
54982753f49c9da63702ae94e65d391be1ad40c6

SHA256
0788f062e51aff997696c751be5eec0f9eec94423424bd566325bc64560e6cc0

SHA512
9db8a5b8754d7eadb33ff93fe383a8c1e8ef3c709d942cb7c4656045f6c0b24c17a955c1d57ee87dfc7a815edc6bd780790ebc2e48e442a9eb75248f101a1277

Download Submit
memory/4480-14-0x00007FF6AACC0000-0x00007FF6AAE42000-memory.dmp

Filesize
1.5MB

Download
memory/4480-15-0x00007FF6AACC0000-0x00007FF6AAE42000-memory.dmp

Filesize
1.5MB

Download