Overview

overview

10

Static

static

10

FPS.exe

windows7-x64

7

FPS.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FPS.exe

  • Size

    6.9MB

  • Sample

    240706-atqflssgmh

  • MD5

    39f91df6f7bd2563328795216e6ccd50

  • SHA1

    999b0480756bb45e480b7590e7abe400d859cfc8

  • SHA256

    c8e6dc5429cb18844dd09917e975631fcefe18960622168ffa69ea71d63d9cc8

  • SHA512

    bafa786d64b3bd0b7ce62bf2976b3c86bbb96e1be4ed28f020b5ec572693cf7020b45d107524e98f95a5a8e244fb5c09a102ec6f31cba5d93670577ec16fec91

  • SSDEEP

    98304:79zHqdVfB2FS27wAyFuDyuT/9vUIdD9C+z3zO917vOTh+ezDNh7bvmJ1nmOBN9n+:7hQslyubT/9bvLz3S1bA3zin97A

Score
10/10
blankgrabberexecutionupx

Malware Config

Targets

    • Target

      FPS.exe

    • Size

      6.9MB

    • MD5

      39f91df6f7bd2563328795216e6ccd50

    • SHA1

      999b0480756bb45e480b7590e7abe400d859cfc8

    • SHA256

      c8e6dc5429cb18844dd09917e975631fcefe18960622168ffa69ea71d63d9cc8

    • SHA512

      bafa786d64b3bd0b7ce62bf2976b3c86bbb96e1be4ed28f020b5ec572693cf7020b45d107524e98f95a5a8e244fb5c09a102ec6f31cba5d93670577ec16fec91

    • SSDEEP

      98304:79zHqdVfB2FS27wAyFuDyuT/9vUIdD9C+z3zO917vOTh+ezDNh7bvmJ1nmOBN9n+:7hQslyubT/9bvLz3S1bA3zin97A

    Score
    8/10
    upxexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks