Overview

overview

10

Static

static

5

MV Starship.exe

windows7-x64

10

MV Starship.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    22-06-2024 01:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MV Starship.exe

  • Size

    1.1MB

  • MD5

    7735fefaf6b16dd97499d0d2016dff1b

  • SHA1

    598d7c0eea1ca5fee2f7d8c052a01225bcd72761

  • SHA256

    3cc81b7a9a59609e3267d06fad726352660b7c2e5c896c193939aff4744d499d

  • SHA512

    4df13f92972522e14497ad16051b876983caf97810bb00128030b0121289eb11cf4774b5f458ae04a0ba3b7ceb4a2b6de913dddfef357fd8a164eff3093c4ad9

  • SSDEEP

    24576:IAHnh+eWsN3skA4RV1Hom2KXMmHaxnRjGf9UYfLOKlD6J1y5:Ph+ZkldoPK8YaxnRjGSYfLdRN

Score
10/10
formbookty31ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ty31

Decoy

jejakunik.com

inb319.com

jifsjn.buzz

gkyukon.site

43443.cfd

cogil69id.com

oeaog.com

lpgatm.com

mymarketsales.com

tomclk.icu

404417.online

nysconstruction.com

ourwisequote.com

ahsanadvisory.com

ottawaherps.com

forevermust.com

apartments-for-rent-47679.bond

kdasjijaksdd.icu

buthaynah.com

manggungjayakanopi.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook payload 3 IoCs
    rat
  • Suspicious use of SetThreadContext 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 31 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1380
    • C:\Users\Admin\AppData\Local\Temp\MV Starship.exe
      "C:\Users\Admin\AppData\Local\Temp\MV Starship.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:816
      • C:\Windows\SysWOW64\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\MV Starship.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of AdjustPrivilegeToken
        PID:2704
    • C:\Windows\SysWOW64\help.exe
      "C:\Windows\SysWOW64\help.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2624
      • C:\Windows\SysWOW64\cmd.exe
        /c del "C:\Windows\SysWOW64\svchost.exe"
        3⤵
          PID:2736

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/816-10-0x00000000001A0000-0x00000000001A4000-memory.dmp
      Filesize

      16KB

      Download
    • memory/1380-32-0x00000000053A0000-0x000000000548F000-memory.dmp
      Filesize

      956KB

      Download
    • memory/1380-29-0x00000000053A0000-0x000000000548F000-memory.dmp
      Filesize

      956KB

      Download
    • memory/1380-28-0x00000000053A0000-0x000000000548F000-memory.dmp
      Filesize

      956KB

      Download
    • memory/1380-16-0x00000000002C0000-0x00000000003C0000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1380-24-0x0000000007320000-0x0000000007464000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/1380-17-0x0000000007320000-0x0000000007464000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/2624-21-0x0000000000080000-0x00000000000AF000-memory.dmp
      Filesize

      188KB

      Download
    • memory/2624-20-0x0000000000A40000-0x0000000000A46000-memory.dmp
      Filesize

      24KB

      Download
    • memory/2624-18-0x0000000000A40000-0x0000000000A46000-memory.dmp
      Filesize

      24KB

      Download
    • memory/2704-14-0x0000000000140000-0x0000000000154000-memory.dmp
      Filesize

      80KB

      Download
    • memory/2704-15-0x0000000000400000-0x000000000042F000-memory.dmp
      Filesize

      188KB

      Download
    • memory/2704-13-0x0000000000990000-0x0000000000C93000-memory.dmp
      Filesize

      3.0MB

      Download
    • memory/2704-11-0x0000000000400000-0x000000000042F000-memory.dmp
      Filesize

      188KB

      Download