Overview

overview

10

Static

static

Parts enquiry.exe

windows7_x64

10

Parts enquiry.exe

windows10_x64

10

Analysis

  • max time kernel
    147s
  • max time network
    137s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    30-08-2021 17:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Parts enquiry.exe

  • Size

    792KB

  • MD5

    6a239782a002f49be71a6dfca139864c

  • SHA1

    6609a8974b80600598a64149340bad3989ecf780

  • SHA256

    722a5ea9b20e3a0b77f4f1628f763e46ccd4e87d284ac28997cec9874c479064

  • SHA512

    700385b2854878c8897a9733ac1288a67dfaa33bfeeef4a18286acfaf46e65a08cb2daec606edaee5421565e4f93508d254ae0834d466328174404db340b3b4a

Score
10/10
a310loggerpersistencespywarestealer

Malware Config

Signatures

  • A310logger

    A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    stealerspywarea310logger
  • A310logger Executable 2 IoCs
  • Executes dropped EXE 3 IoCs
  • Reads local data of messenger clients 2 TTPs

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Parts enquiry.exe
    "C:\Users\Admin\AppData\Local\Temp\Parts enquiry.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:632
    • C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe
      C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe
      2⤵
      • Executes dropped EXE
      PID:3428
    • C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe
      C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:688
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NET4\Fox.exe
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NET4\Fox.exe
        3⤵
        • Executes dropped EXE
        PID:2124

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/632-114-0x0000000000920000-0x0000000000921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/632-116-0x0000000005880000-0x0000000005881000-memory.dmp

    Filesize

    4KB

    Download

  • memory/632-122-0x00000000080C0000-0x00000000080C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/632-127-0x0000000008030000-0x00000000080A0000-memory.dmp

    Filesize

    448KB

    Download

  • memory/632-128-0x0000000008560000-0x0000000008561000-memory.dmp

    Filesize

    4KB

    Download

  • memory/632-117-0x0000000005380000-0x0000000005381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/632-119-0x0000000005360000-0x0000000005361000-memory.dmp

    Filesize

    4KB

    Download

  • memory/632-121-0x0000000007EF0000-0x0000000007F97000-memory.dmp

    Filesize

    668KB

    Download

  • memory/632-120-0x00000000052D0000-0x0000000005362000-memory.dmp

    Filesize

    584KB

    Download

  • memory/632-118-0x00000000052D0000-0x0000000005362000-memory.dmp

    Filesize

    584KB

    Download

  • memory/688-130-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2124-138-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2124-140-0x000000001AF10000-0x000000001AF12000-memory.dmp

    Filesize

    8KB

    Download