Overview

overview

7

Static

static

3

xpajB.exe

windows7-x64

7

xpajB.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    124s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    28-04-2024 16:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xpajB.exe

  • Size

    520KB

  • MD5

    bd76fc01deed43cd6e368a1f860d44ed

  • SHA1

    a2e241e9af346714e93c0600f160d05c95839768

  • SHA256

    e04c85cd4bffa1f5465ff62c9baf0b29b7b2faddf7362789013fbac8c90268bf

  • SHA512

    d0ebe108f5baf156ecd9e1bf41e23a76b043fcaac78ff5761fdca2740b71241bd827e861ada957891fbc426b3d7baa87d10724765c45e25f25aa7bd6d31ab4ec

  • SSDEEP

    12288:Kbx6vZrcRsEQNMnnGpL0zTnPzCFjBL0C2k8apE:Kbx6vam9innGWzUB

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 20 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\xpajB.exe
    "C:\Users\Admin\AppData\Local\Temp\xpajB.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious behavior: RenamesItself
    PID:2232

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2232-0-0x0000000000400000-0x0000000000483000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2232-1-0x0000000000400000-0x0000000000483000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2232-2-0x0000000000400000-0x0000000000483000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2232-3-0x0000000000100000-0x0000000000103000-memory.dmp
    Filesize

    12KB

    Download
  • memory/2232-4-0x0000000000320000-0x0000000000344000-memory.dmp
    Filesize

    144KB

    Download
  • memory/2232-6-0x0000000000320000-0x0000000000344000-memory.dmp
    Filesize

    144KB

    Download
  • memory/2232-5-0x0000000000400000-0x0000000000483000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2232-7-0x00000000001A0000-0x00000000001A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2232-8-0x0000000000400000-0x0000000000483000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2232-9-0x0000000000400000-0x0000000000483000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2232-10-0x0000000000400000-0x0000000000483000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2232-11-0x0000000000400000-0x0000000000483000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2232-12-0x0000000000320000-0x0000000000344000-memory.dmp
    Filesize

    144KB

    Download
  • memory/2232-13-0x0000000000400000-0x0000000000483000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2232-14-0x0000000000400000-0x0000000000483000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2232-15-0x0000000000400000-0x0000000000483000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2232-16-0x0000000000400000-0x0000000000483000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2232-17-0x0000000000400000-0x0000000000483000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2232-18-0x0000000000400000-0x0000000000483000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2232-19-0x0000000000400000-0x0000000000483000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2232-20-0x0000000000400000-0x0000000000483000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2232-22-0x0000000000400000-0x0000000000483000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2232-23-0x0000000000400000-0x0000000000483000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2232-24-0x0000000000400000-0x0000000000483000-memory.dmp
    Filesize

    524KB

    Download
  • memory/2232-25-0x0000000000320000-0x0000000000344000-memory.dmp
    Filesize

    144KB

    Download