Static

static

translator.exe

windows7_x64

10

translator.exe

windows10_x64

8

Analysis

  • max time kernel
    129s
  • max time network
    115s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    11/01/2021, 13:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    translator.exe

  • Size

    3.5MB

  • MD5

    a7cf97de0e85e78c2e9a78c8c1ffcc8d

  • SHA1

    ec1eb927bfdb0d2696941ee1b4d9f310eabd18e2

  • SHA256

    8351d952377c34ffbbf065f39567dbaf3907af610b5ef77831bcabf154795188

  • SHA512

    c585bacd64ac61019652de6958750e5688d70f52e2635b0e426490a1b189d2d0c21ab4356b675b0589fbe3228c3d1491bc3733b79589a3244c5fa4c900955339

Score
8/10
spywareupx

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 6 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Drops file in System32 directory 2 IoCs
  • Program crash 3 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\translator.exe
    "C:\Users\Admin\AppData\Local\Temp\translator.exe"
    1⤵
    • NTFS ADS
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:744
    • C:\Users\Admin\AppData\Roaming\amd64_microsoft-windows-videodiagnostic\puiapi.exe
      C:\Users\Admin\AppData\Roaming\amd64_microsoft-windows-videodiagnostic\puiapi.exe
      2⤵
      • Loads dropped DLL
      • NTFS ADS
      PID:2216
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 880
        3⤵
        • Program crash
        PID:2836
  • C:\Users\Admin\AppData\Roaming\amd64_microsoft-windows-videodiagnostic\puiapi.exe
    C:\Users\Admin\AppData\Roaming\amd64_microsoft-windows-videodiagnostic\puiapi.exe
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:696
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 1040
      2⤵
      • Program crash
      PID:2004
  • C:\Users\Admin\AppData\Roaming\amd64_microsoft-windows-videodiagnostic\puiapi.exe
    C:\Users\Admin\AppData\Roaming\amd64_microsoft-windows-videodiagnostic\puiapi.exe
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:1124
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 1192
      2⤵
      • Program crash
      PID:964

Network

    No results found
  • 52.109.12.18:443
    322 B
     7
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/696-8-0x0000000065080000-0x0000000065237000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1124-12-0x0000000065080000-0x0000000065237000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2216-5-0x0000000065080000-0x0000000065237000-memory.dmp

    Filesize

    1.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.