Overview

overview

7

Static

static

GRP Produc...22.exe

windows7_x64

7

GRP Produc...22.exe

windows10_x64

7

Analysis

  • max time kernel
    114s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    30-06-2020 06:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GRP Production drawing Order confrimation 0022.exe

  • Size

    258KB

  • MD5

    ac9fa9d4866f1ac20a24463942ea7189

  • SHA1

    292ac8c75a35f04e86b021e6ca3b284eb27fa870

  • SHA256

    885c0db8dce61efe0b93c41f8eaf4e42f0180ba4b9045d8ca6978298d81bebec

  • SHA512

    d6abd43e4b6ca2036701a19a202710798802eeeab07dc55b2ec6ff14e97a9dd355cf48e801c624e40fe5b503af4a1ce0872a6b565c5a77de3252ac8c57a09125

Score
7/10
spyware

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 12 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

Processes

  • C:\Users\Admin\AppData\Local\Temp\GRP Production drawing Order confrimation 0022.exe
    "C:\Users\Admin\AppData\Local\Temp\GRP Production drawing Order confrimation 0022.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    • Suspicious use of SetThreadContext
    PID:1080
    • C:\Users\Admin\AppData\Local\Temp\GRP Production drawing Order confrimation 0022.exe
      "{path}"
      2⤵
      • Loads dropped DLL
      PID:1340

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\freebl3.dll
    Download Submit
  • \Users\Admin\AppData\Local\Temp\mozglue.dll
    Download Submit
  • \Users\Admin\AppData\Local\Temp\msvcp140.dll
    Download Submit
  • \Users\Admin\AppData\Local\Temp\nss3.dll
    Download Submit
  • \Users\Admin\AppData\Local\Temp\softokn3.dll
    Download Submit
  • \Users\Admin\AppData\Local\Temp\vcruntime140.dll
    Download Submit
  • memory/1340-0-0x0000000000400000-0x0000000000554000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/1340-1-0x0000000000405A3D-mapping.dmp
    Download
  • memory/1340-2-0x0000000000400000-0x0000000000554000-memory.dmp
    Filesize

    1.3MB

    Download