Overview

overview

10

Static

static

10

Object.exe

windows7_x64

10

Object.exe

windows10_x64

10

Oleacc.dll

windows7_x64

10

Oleacc.dll

windows10_x64

3

libeay32.dll

windows7_x64

1

libeay32.dll

windows10_x64

1

ssleay32.dll

windows7_x64

1

ssleay32.dll

windows10_x64

1

Analysis

  • max time kernel
    123s
  • max time network
    143s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    14-12-2021 08:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Object.exe

  • Size

    1.2MB

  • MD5

    06b1b36cd7c59cf46cd7f5d661c4da6f

  • SHA1

    ed225d67e410c4c70a205fe969def346035ada72

  • SHA256

    0d1882db000f8898f7598e87cefd2f1f7689524ee10b406870d1ae7a92ee775b

  • SHA512

    6e448b9e44b57f05cc760c313d4898751afc23b2db14c4f981880e0183af67944d92ab0ad946b52d365e17ba5f2a6b2a97097450ac8a0e5c636f1c43a21d7c3a

Score
10/10
numandobackdoorpersistencespywarestealertrojan

Malware Config

Signatures

  • Detect Numando Payload 1 IoCs
  • Numando

    Numando is a banking trojan/backdoor targeting Latin America which uses Youtube and Pastebin for C2 communications.

    trojanbackdoornumando
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Object.exe
    "C:\Users\Admin\AppData\Local\Temp\Object.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:368
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" %1 "https://bit.ly/3DvoVCc"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:764
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:764 CREDAT:82945 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3424

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    MD5

    c6811946b9694670de5f75aaf166d62b

    SHA1

    76ba97e32d8ea96aa9d3eac166da08bc9d47d275

    SHA256

    ca091ead302426a084c41aa611582fe645b9ab8b0c72471c69b48bf6319a4bdb

    SHA512

    b45674e75601fb1f9ecb85066e99855b4e144aa2a36fe13e096325e31c8a87eca859718d2860f56189909475622038fe91796aa289ad65ff0b90185d23c976cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    MD5

    874a353f887eb5313317664dc4c2e7ae

    SHA1

    5894788d61446c0641679564282e6e247deced1c

    SHA256

    778f0e3a3707b383976d47c8f0e8050c1b153dc749decf61ba90c1df63074332

    SHA512

    f8fcb4e1563a7d97aee9cb5bf79b28f60375a03c59d13f044ee75e6afd20a7187d57ee2925cfa4f6d55c1348557d7bbda7f7f4d63fab1f93230eea43e889b6e7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\3BKDCO1B.cookie
    MD5

    da79f078560df897cb2c63aba450982d

    SHA1

    d96608cb061e6a96ee242bd962f72e7c7fe3b409

    SHA256

    c6da1bc1f872d4345a26c98aafe2d639599b6a9a66bb359f9f22accb0a8311c1

    SHA512

    8cc0ab272192f67074c76670415aae54cd7b15f29a3428a570f0a80af8b1ead7897ec58fa9247d2fae4a6e4d72df24fab5502cada0dbb771ceba40d14f7bafbd

    Download Submit

  • memory/368-115-0x0000000000B20000-0x000000000142F000-memory.dmp

    Filesize

    9.1MB

    Download

  • memory/368-179-0x0000000000580000-0x0000000000581000-memory.dmp

    Filesize

    4KB

    Download

  • memory/764-144-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-124-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-123-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-147-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-125-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-126-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-127-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-129-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-131-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-130-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-133-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-134-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-135-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-137-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-138-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-149-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-140-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-116-0x0000000000000000-mapping.dmp

    Download

  • memory/764-143-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-121-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-117-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-122-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-139-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-151-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-152-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-153-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-157-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-158-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-159-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-160-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-161-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-162-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-163-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-164-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-165-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-169-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-171-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-174-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-175-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-119-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-118-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/764-146-0x00007FFF99380000-0x00007FFF993EB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/3424-142-0x0000000000000000-mapping.dmp

    Download