Analysis
-
max time kernel
93s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
05-07-2024 00:04
Behavioral task
behavioral1
Sample
1e3d0c3aa8bedf4c0d08893595450607daa02900708a729c87e01872fe845080.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1e3d0c3aa8bedf4c0d08893595450607daa02900708a729c87e01872fe845080.exe
Resource
win10v2004-20240704-en
General
-
Target
1e3d0c3aa8bedf4c0d08893595450607daa02900708a729c87e01872fe845080.exe
-
Size
190KB
-
MD5
5e5fbb2be6f5eb8368b9f5508ae91c40
-
SHA1
ee5d2c45b329d9fa963d248dd309636a639d4fc4
-
SHA256
1e3d0c3aa8bedf4c0d08893595450607daa02900708a729c87e01872fe845080
-
SHA512
e8d6a6d9a5849da9bfe4ae27f73e1c255fea08f8eeb2717d5c20f29d5bcd118a168ced62db31f55623d6d2c7b53beecd0b5223b038b510bee709f22f8afe7827
-
SSDEEP
3072:rYubs4vIPfIOKyCRfyJiJJMXybJg30TZZ+MbpqdNjfBDckH8sbigzwQjod:Euk6fK6tixMbwNL+kDrm
Malware Config
Signatures
-
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Processes:
resource yara_rule C:\PROGRA~3\Mozilla\fhbnahd.exe aspack_v212_v242 -
Executes dropped EXE 1 IoCs
Processes:
fhbnahd.exepid process 3488 fhbnahd.exe -
Drops file in Program Files directory 2 IoCs
Processes:
1e3d0c3aa8bedf4c0d08893595450607daa02900708a729c87e01872fe845080.exefhbnahd.exedescription ioc process File created C:\PROGRA~3\Mozilla\fhbnahd.exe 1e3d0c3aa8bedf4c0d08893595450607daa02900708a729c87e01872fe845080.exe File created C:\PROGRA~3\Mozilla\vxhbflg.dll fhbnahd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1e3d0c3aa8bedf4c0d08893595450607daa02900708a729c87e01872fe845080.exe"C:\Users\Admin\AppData\Local\Temp\1e3d0c3aa8bedf4c0d08893595450607daa02900708a729c87e01872fe845080.exe"1⤵
- Drops file in Program Files directory
-
C:\PROGRA~3\Mozilla\fhbnahd.exeC:\PROGRA~3\Mozilla\fhbnahd.exe -yhwsvfa1⤵
- Executes dropped EXE
- Drops file in Program Files directory
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\PROGRA~3\Mozilla\fhbnahd.exeFilesize
190KB
MD548c749c85211261a0e1697ff07f38386
SHA14d84d6e3b1ce1adb8a1a50450de276fb9b388c26
SHA25699876ba0938060453102c6a08875d2fc4bc10b665acbf470c3d6b5e15e364228
SHA51208dafa543c3e521ae55be4d3f0637f6c313da89aa87c3d15c762664c0f8dddb06df94e849520403a596698e7d26b0df1d3af1b8c5ed573a927c3633adec2f62e
-
memory/3488-12-0x0000000000400000-0x0000000000461000-memory.dmpFilesize
388KB
-
memory/3488-14-0x0000000000400000-0x0000000000461000-memory.dmpFilesize
388KB
-
memory/3488-13-0x0000000000400000-0x0000000000461000-memory.dmpFilesize
388KB
-
memory/3488-11-0x0000000000400000-0x0000000000461000-memory.dmpFilesize
388KB
-
memory/3488-17-0x0000000000400000-0x000000000045B000-memory.dmpFilesize
364KB
-
memory/4764-4-0x0000000000400000-0x000000000045B000-memory.dmpFilesize
364KB
-
memory/4764-1-0x0000000000400000-0x0000000000461000-memory.dmpFilesize
388KB
-
memory/4764-2-0x0000000000400000-0x0000000000461000-memory.dmpFilesize
388KB
-
memory/4764-10-0x0000000000610000-0x000000000066B000-memory.dmpFilesize
364KB
-
memory/4764-0-0x0000000000400000-0x0000000000461000-memory.dmpFilesize
388KB
-
memory/4764-9-0x0000000000400000-0x000000000045B000-memory.dmpFilesize
364KB
-
memory/4764-3-0x0000000000610000-0x000000000066B000-memory.dmpFilesize
364KB