Analysis
-
max time kernel
117s -
max time network
143s -
platform
windows7_x64 -
resource
win7 -
submitted
13-07-2020 12:04
General
-
Target
Guqcvju_Signed_.exe
-
Size
1.1MB
-
MD5
271646d2ae5f0c7693be133688eaca38
-
SHA1
fce0e671122419cbb94f9651039323e945960964
-
SHA256
b2ebc0f8c302a04961b8c2ed0673384050e5932a370be062788b7630bf188123
-
SHA512
263656c10302a5ae39d3712b7bcbf8424b46bb98132bdb1f659baebba72eb1e166e5af4b63ad83e4b458fc4547ebcb1b7be62c18e4dd3622fdcf8067f40fe3b7
Score
8/10
Malware Config
Signatures
-
Modifies registry key 1 TTPs 3 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Script User-Agent 1 IoCs
-
Suspicious use of WriteProcessMemory 527 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Loads dropped DLL 6 IoCs
-
Executes dropped EXE 2 IoCs
-
Adds Run entry to start application 2 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Guqcvju_Signed_.exe"C:\Users\Admin\AppData\Local\Temp\Guqcvju_Signed_.exe"1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
- Adds Run entry to start application
-
C:\Windows\SysWOW64\TapiUnattend.exe"C:\Windows\System32\TapiUnattend.exe"2⤵
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Public\Natso.bat3⤵
-
C:\Windows\SysWOW64\reg.exereg delete hkcu\Environment /v windir /f4⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\x.bat reg delete hkcu\Environment /v windir /f && REM "4⤵
- Modifies registry key
-
C:\Windows\SysWOW64\schtasks.exeschtasks /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /I4⤵
-
C:\Windows\SysWOW64\reg.exereg delete hkcu\Environment /v windir /f4⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Public\Runex.bat3⤵
-
C:\Windows \System32\fodhelper.exe"C:\Windows \System32\fodhelper.exe"4⤵
- Executes dropped EXE
-
C:\Windows \System32\fodhelper.exe"C:\Windows \System32\fodhelper.exe"4⤵
- Executes dropped EXE
-
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Program Files (x86)\internet explorer\ieinstal.exe"2⤵
- Loads dropped DLL
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Filesize
256KB
-
-
Filesize
1.3MB
-
-
Filesize
1.3MB
-
-
-
-
-