Analysis
-
max time kernel
9s -
max time network
1s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
27-06-2024 10:22
Static task
static1
Behavioral task
behavioral1
Sample
Fisses242.exe
Resource
win7-20240611-en
General
-
Target
Fisses242.exe
-
Size
851KB
-
MD5
96f5ba27b0197df599f8b3c6a7857649
-
SHA1
06d21d98d5ff65532104e073d0cb95444a091cf2
-
SHA256
3ad893089224a6d72a8050457a2d0a3053781e1527c869ce68ce11831f0c81e7
-
SHA512
36803717cc7546210e63ac78705faa6966370278729d34fb33a1dab171599b6c16b41735697919cfe3aa3c84aa8a19f3139866c53cfe165cf195d39d31a64d8d
-
SSDEEP
12288:XcIjd3nQIQsk3na+QiH64keTjXmCSXaIVrfllStkVymDqos1ySIpkAtiN:XcIjUna3iFTT+awllSyMCqNNMi
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
Fisses242.exepid process 1412 Fisses242.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
Fisses242.exepid process 1412 Fisses242.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
Fisses242.exedescription pid process target process PID 1412 set thread context of 2800 1412 Fisses242.exe Fisses242.exe -
Drops file in Windows directory 1 IoCs
Processes:
Fisses242.exedescription ioc process File opened for modification C:\Windows\reassigned\sandi.ini Fisses242.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: MapViewOfSection 1 IoCs
Processes:
Fisses242.exepid process 1412 Fisses242.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
Fisses242.exedescription pid process target process PID 1412 wrote to memory of 2800 1412 Fisses242.exe Fisses242.exe PID 1412 wrote to memory of 2800 1412 Fisses242.exe Fisses242.exe PID 1412 wrote to memory of 2800 1412 Fisses242.exe Fisses242.exe PID 1412 wrote to memory of 2800 1412 Fisses242.exe Fisses242.exe PID 1412 wrote to memory of 2800 1412 Fisses242.exe Fisses242.exe PID 1412 wrote to memory of 2800 1412 Fisses242.exe Fisses242.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Fisses242.exe"C:\Users\Admin\AppData\Local\Temp\Fisses242.exe"1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Fisses242.exe"C:\Users\Admin\AppData\Local\Temp\Fisses242.exe"2⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\nst1779.tmp\System.dllFilesize
11KB
MD555a26d7800446f1373056064c64c3ce8
SHA180256857e9a0a9c8897923b717f3435295a76002
SHA256904fd5481d72f4e03b01a455f848dedd095d0fb17e33608e0d849f5196fb6ff8
SHA51204b8ab7a85c26f188c0a06f524488d6f2ac2884bf107c860c82e94ae12c3859f825133d78338fd2b594dfc48f7dc9888ae76fee786c6252a5c77c88755128a5b
-
memory/1412-25-0x0000000077631000-0x0000000077732000-memory.dmpFilesize
1.0MB
-
memory/1412-26-0x0000000077630000-0x00000000777D9000-memory.dmpFilesize
1.7MB
-
memory/2800-27-0x0000000000400000-0x0000000001462000-memory.dmpFilesize
16.4MB