Overview

overview

10

Static

static

5c8e4758ca...le.exe

windows7_x64

7

5c8e4758ca...le.exe

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    114s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    28/10/2020, 14:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c8e4758ca55c7b3f6379d2edccdfd9616517eb420887601115f7736b25e6930.bin.sample.exe

  • Size

    2.3MB

  • MD5

    3fa08a11d59047a429dd90fcc15a6a87

  • SHA1

    60a15cd2a326fd390a80a6056843f3721c33e3ff

  • SHA256

    5c8e4758ca55c7b3f6379d2edccdfd9616517eb420887601115f7736b25e6930

  • SHA512

    6a23ec6be673d9607c080a2e1d35751d0622efc7f27500e5370bfc61fa5361cd2aed4a76e87a0c729f754cd78aa353475cb44b72fbcdfe47f094ce6ec219476a

Score
10/10
persistencespyware

Malware Config

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
  • Drops file in Drivers directory 10 IoCs
  • Modifies Installed Components in the registry 2 TTPs
    persistence
  • Drops startup file 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Drops file in System32 directory 1820 IoCs
  • Drops file in Program Files directory 13835 IoCs
  • Drops file in Windows directory 12618 IoCs
  • Program crash 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 44 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c8e4758ca55c7b3f6379d2edccdfd9616517eb420887601115f7736b25e6930.bin.sample.exe
    "C:\Users\Admin\AppData\Local\Temp\5c8e4758ca55c7b3f6379d2edccdfd9616517eb420887601115f7736b25e6930.bin.sample.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops startup file
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:3848
  • C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 3036 -s 2144
    1⤵
    • Program crash
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2212
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2580
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2580 -s 1836
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1256
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2580 -s 1836
      2⤵
      • Suspicious use of NtCreateProcessExOtherParentProcess
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4028

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1256-175-0x00000266BA7F0000-0x00000266BA7F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1256-178-0x00000266BBC60000-0x00000266BBC61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-237-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-193-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-168-0x0000028658950000-0x0000028658951000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-169-0x0000028658950000-0x0000028658951000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-171-0x0000028659DC0000-0x0000028659DC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-172-0x0000028659DC0000-0x0000028659DC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-339-0x0000028664D30000-0x0000028664D31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-337-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-335-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-249-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-333-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-331-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-329-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-327-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-325-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-323-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-321-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-319-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-317-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-184-0x000002865A390000-0x000002865A391000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-185-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-187-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-189-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-191-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-247-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-195-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-197-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-199-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-201-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-203-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-205-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-209-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-207-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-211-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-213-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-215-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-217-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-219-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-245-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-223-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-225-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-229-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-227-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-231-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-233-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-235-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-315-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-239-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-241-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-243-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-221-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-313-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-311-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-251-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-253-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-255-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-257-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-259-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-261-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-263-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-265-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-267-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-269-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-271-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-273-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-275-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-277-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-279-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-281-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-283-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-285-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-287-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-289-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-291-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-293-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-295-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-297-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-299-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-301-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-303-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-305-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-307-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-309-0x0000028658930000-0x0000028658931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3848-83-0x0000000003050000-0x0000000003051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3848-77-0x0000000003050000-0x0000000003051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3848-0-0x0000000000400000-0x000000000065F000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3848-2-0x0000000003850000-0x0000000003851000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3848-21-0x0000000003050000-0x0000000003051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3848-44-0x0000000003050000-0x0000000003051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3848-161-0x0000000003050000-0x0000000003051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3848-149-0x0000000003050000-0x0000000003051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3848-11-0x0000000003050000-0x0000000003051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3848-106-0x0000000003050000-0x0000000003051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3848-1-0x0000000003050000-0x0000000003051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3848-147-0x0000000003050000-0x0000000003051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3848-153-0x0000000003050000-0x0000000003051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3848-3-0x0000000003050000-0x0000000003051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3848-76-0x0000000003050000-0x0000000003051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3848-54-0x0000000003050000-0x0000000003051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3848-50-0x0000000003050000-0x0000000003051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4028-179-0x0000023F9F1D0000-0x0000023F9F1D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4028-182-0x0000023FA0040000-0x0000023FA0041000-memory.dmp

    Filesize

    4KB

    Download