Overview

overview

10

Static

static

bb940b97_e...ed.exe

windows7_x64

10

bb940b97_e...ed.exe

windows10_x64

10

Analysis

  • max time kernel
    53s
  • max time network
    54s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    16-02-2021 17:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bb940b97_extracted.exe

  • Size

    2.0MB

  • MD5

    aa42d84248af944b0947399f4d72267a

  • SHA1

    08815276a5efc5c49746fd9a10e6ed32069958d5

  • SHA256

    64bfbbdf08aebb66f89866457a931b330968c126c87e8b02f1324392e65a4606

  • SHA512

    864c958a0d4277c208dddcee66dc19604480043b213b457042015185e523b0e3219ff022a7df8ad935a16f6557dcb9ad8554092273f382181a6bac59fc90f0c9

Score
10/10
parasitediscoveryspywarestealer

Malware Config

Signatures

  • Parasite, Nexus

    Parasite (or Nexus) is an infostealer written in C++.

    stealerparasite
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb940b97_extracted.exe
    "C:\Users\Admin\AppData\Local\Temp\bb940b97_extracted.exe"
    1⤵
    • Checks processor information in registry
    PID:1968

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1648-3-0x000007FEF5E90000-0x000007FEF610A000-memory.dmp
    Filesize

    2.5MB

    Download
  • memory/1968-2-0x0000000075ED1000-0x0000000075ED3000-memory.dmp
    Filesize

    8KB

    Download