7e190e48165cf7c72173ce84e0f0b164fbe794d3e45069408055ba7496da1497 | Triage

Submit
Reports

Overview

overview

Static

static

3

FastAimX64.exe

windows7-x64

8

FastAimX64.exe

windows10-2004-x64

8

Automatic_...p4.exe

windows7-x64

Automatic_...p4.exe

windows10-2004-x64

install.bat

windows7-x64

1

install.bat

windows10-2004-x64

1

install_python.bat

windows7-x64

8

install_python.bat

windows10-2004-x64

8

Sharing

General

Target

FastAimX64.exe
Size

36.9MB
Sample

240701-gl3jja1dkp
MD5

132db3303d3b0cfbc12a578688c581fd
SHA1

198d5010e04c9ad0670c7a54a942cf4eba416aee
SHA256

7e190e48165cf7c72173ce84e0f0b164fbe794d3e45069408055ba7496da1497
SHA512

f2c2568745a46920453ba6b500e02e078bc4fc45264dbb3df8451b38524f2765465a4cdc6a70b61dce554c1d3b41c44b32934d9a1f8a87109a0223ae1af7ae57
SSDEEP

786432:FYpCWvC8TK4HxoCoZjzlBeTV+WreWniTuzVVqGlQdEon/x3Ol5IPEWz:FhWvC8wrJBmV1eWniTmVV9lcLx3u5I8M

Score

10^/10

discovery evasion execution exploit persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

FastAimX64.exe

Resource

win7-20240611-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

FastAimX64.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral3

Sample

Automatic_converter_rff_to_mp4.exe

Resource

win7-20240419-en

discovery evasion exploit persistence

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral4

Sample

Automatic_converter_rff_to_mp4.exe

Resource

win10v2004-20240508-en

discovery evasion exploit persistence

windows10-2004-x64

12 signatures

150 seconds

Behavioral task

behavioral5

Sample

install.bat

Resource

win7-20240611-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

install.bat

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

install_python.bat

Resource

win7-20240508-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral8

Sample

install_python.bat

Resource

win10v2004-20240508-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  FastAimX64.exe
- Size
  
  36.9MB
- MD5
  
  132db3303d3b0cfbc12a578688c581fd
- SHA1
  
  198d5010e04c9ad0670c7a54a942cf4eba416aee
- SHA256
  
  7e190e48165cf7c72173ce84e0f0b164fbe794d3e45069408055ba7496da1497
- SHA512
  
  f2c2568745a46920453ba6b500e02e078bc4fc45264dbb3df8451b38524f2765465a4cdc6a70b61dce554c1d3b41c44b32934d9a1f8a87109a0223ae1af7ae57
- SSDEEP
  
  786432:FYpCWvC8TK4HxoCoZjzlBeTV+WreWniTuzVVqGlQdEon/x3Ol5IPEWz:FhWvC8wrJBmV1eWniTmVV9lcLx3u5I8M
Score

8^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
behavioral1 behavioral2
- Target
  
  Automatic_converter_rff_to_mp4.exe
- Size
  
  322KB
- MD5
  
  1b4f89bdb12a349de92ca7f1261e67a0
- SHA1
  
  f368916850332757d7ed2f0ee335c16b9c9fc95b
- SHA256
  
  d4c83205cf6f3098ab6a757312525f4d14a57a819306eeea5c0d022b00b38cf3
- SHA512
  
  f2f7985fbf462bc35e099b58308ddef91320d3d81040f77e7c1c0a3cfc3a4da50c849efd0f063c839848a80927398cc24bc8368d5b0b92014abe2ea7bdc2ddeb
- SSDEEP
  
  6144:iibVlHNEHBpDDf2vfQ21NV0zUiCqWjH6YPON9q:igtCpPfGfZSWPf
Score

10^/10

discovery evasion exploit persistence
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  install.bat
- Size
  
  527B
- MD5
  
  c8774911b9bddd3fccb91264d715c7ba
- SHA1
  
  132c223574d1d947ef259238ffc3820ddb525492
- SHA256
  
  a67aeedd2738732a462eb4fb998d1f937aebd1fdc68072539a4774c0a5af1350
- SHA512
  
  9bb3ae0d4762c1aee9c5d0b67702854a51d75a3a28ab8eed41c4b62006d6e3168ef80dcfac8167113f22760f7309d45e0277081f6b2a22a31dbc3102216f781d
Score

1^/10
behavioral5 behavioral6
- Target
  
  install_python.bat
- Size
  
  686B
- MD5
  
  f30718a354e7cc104ea553ce5ae2d486
- SHA1
  
  3876134e6b92da57a49d868013ed35b5d946f8fd
- SHA256
  
  94008c8135d149fecd29ca62aded487f0fbfa6af893596ffc3e4b621a0fe4966
- SHA512
  
  601b2256ea709a885741f1dec5c97dda6fb7fd4e485b4afac3503af1aefe73472e5bc5529c144814a3defbc0b51ac4b50e02a50dccc69b41ee5d87a3f4282874
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

File and Directory Permissions Modification

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

discoveryevasionexploitpersistence

behavioral4

discoveryevasionexploitpersistence

behavioral5

behavioral6

behavioral7

behavioral8

© 2018-2024

Terms | Privacy