Analysis
-
max time kernel
149s -
max time network
118s -
platform
windows10_x64 -
resource
win10v200722 -
submitted
18-08-2020 13:23
General
-
Target
DHl Delivery reciept.exe
-
Size
624KB
-
MD5
2cfdae4ee4082225277048a7735c1561
-
SHA1
da23e01a6e02dddfcd7a52b3822c28c5b16aafc2
-
SHA256
8243c8a72e7a2021b4d956f5dafc19ded0162e9eb99f158f8da83660ea9368b5
-
SHA512
764946c9a353ab7b4a71376efbfe143deaedfb753b6cf98489761b6fab442a79d07ef9b2e030f93f9bd9a3f7be7a65695e61f015da093dccfed8278be87df14a
Malware Config
Signatures
-
404 Keylogger
Information stealer and keylogger first seen in 2019.
-
404 Keylogger Main Executable 4 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\DHl Delivery reciept.exe"C:\Users\Admin\AppData\Local\Temp\DHl Delivery reciept.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\DHl Delivery reciept.exe"C:\Users\Admin\AppData\Local\Temp\DHl Delivery reciept.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/728-1-0x000000000044E450-mapping.dmp
-
memory/728-0-0x0000000000400000-0x0000000000450000-memory.dmpFilesize
320KB
-
memory/728-2-0x0000000000400000-0x0000000000450000-memory.dmpFilesize
320KB
-
memory/728-3-0x0000000000400000-0x0000000000450000-memory.dmpFilesize
320KB
-
memory/728-4-0x00000000005D0000-0x00000000005F2000-memory.dmpFilesize
136KB
-
memory/728-5-0x00000000009D2000-0x00000000009D3000-memory.dmpFilesize
4KB
-
memory/728-6-0x00000000733B0000-0x0000000073A9E000-memory.dmpFilesize
6.9MB
-
memory/728-9-0x0000000004710000-0x0000000004711000-memory.dmpFilesize
4KB
-
memory/728-10-0x0000000004C10000-0x0000000004C11000-memory.dmpFilesize
4KB
-
memory/728-11-0x0000000005630000-0x0000000005631000-memory.dmpFilesize
4KB
-
memory/728-12-0x0000000005A60000-0x0000000005A61000-memory.dmpFilesize
4KB
-
memory/728-13-0x0000000005F30000-0x0000000005F31000-memory.dmpFilesize
4KB
-
memory/728-14-0x00000000060F0000-0x00000000060F1000-memory.dmpFilesize
4KB