e082c6d30278139fdab5a7ddddecbcbafad12ab4dff1d5a960d9704fe635c007

Resubmissions

09/03/2025, 14:14

250309-rj642ssps3 7

09/03/2025, 14:13

250309-rjnygaswfw 3

27/08/2024, 09:43

240827-lp8l6swdmr 10

Analysis

max time kernel
9s
max time network
10s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
09/03/2025, 14:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

F-Secure-Safe-Network-Installer.exe
Size

3.0MB
MD5

9c15aac2f31dd9e1e8d64cf8f04ea5d6
SHA1

aaeeb05a24f6e7ef77d46ba71794490afbc414ab
SHA256

e082c6d30278139fdab5a7ddddecbcbafad12ab4dff1d5a960d9704fe635c007
SHA512

0249416a9a1b526b887007704133166353fa97f9def8e57725092ee61f3bc0f5090238699c47733962495cd64550413acf25ff3086d1617e4440e9b6eba1a975
SSDEEP

49152:+zk68h1xr/Rq09zUWUus6qidDQjvBJVSq2UCur80qDt5OXqj:+I6Q/Rq09zUWUus6qidE80qDt5OXqj

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4312	F-Secure-Safe-Network-Installer.exe

C:\Users\Admin\AppData\Local\Temp\F-Secure-Safe-Network-Installer.exe
"C:\Users\Admin\AppData\Local\Temp\F-Secure-Safe-Network-Installer.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\installer.exe

Filesize
109B

MD5
b541927e2370668abe84110f62b74557

SHA1
32d6d7f0f5bc292a52c4085cfa203f64195ba2ee

SHA256
b6fc2d8a8ef5f8152e85bf5db63abb69f7460ee73d48785cfc4b803af455cba7

SHA512
7ef0bf20793f2c11c3d20276b271e714d295076e3508d58267b30f84f8f5cbcc2268e18106180519db7943db0c604772c144864f2cb4c249c229c03bc6a368ba

Download Submit
memory/4312-14-0x00007FF60F190000-0x00007FF60F312000-memory.dmp

Filesize
1.5MB

Download