Analysis
-
max time kernel
4265058s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220112 -
submitted
14-01-2022 18:05
Static task
static1
Behavioral task
behavioral1
Sample
07dd723a06bb89dc1bdce3cc56f1cf20.exe
Resource
win7-en-20211208
General
-
Target
07dd723a06bb89dc1bdce3cc56f1cf20.exe
-
Size
104KB
-
MD5
07dd723a06bb89dc1bdce3cc56f1cf20
-
SHA1
d36a56e3aa33c602cbb405dc6dd7425e17cf4672
-
SHA256
d56f880cb8c35e66750faa6ae9284f0eb2383cec287e8cef4f85122fe90d4305
-
SHA512
0d031e01c6f19357db61df8801971de597ad50a8a3822232f97b186aada2d7f2e9758d5d6d120b510f8e5eef61cb08020c5d308094a3ccee9364b9c51e8d60ed
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
MusNotification.exedescription ioc process Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 MusNotification.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz MusNotification.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
07dd723a06bb89dc1bdce3cc56f1cf20.exepid process 2976 07dd723a06bb89dc1bdce3cc56f1cf20.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
MusNotification.exe07dd723a06bb89dc1bdce3cc56f1cf20.exedescription pid process Token: SeShutdownPrivilege 3848 MusNotification.exe Token: SeCreatePagefilePrivilege 3848 MusNotification.exe Token: SeDebugPrivilege 2976 07dd723a06bb89dc1bdce3cc56f1cf20.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\07dd723a06bb89dc1bdce3cc56f1cf20.exe"C:\Users\Admin\AppData\Local\Temp\07dd723a06bb89dc1bdce3cc56f1cf20.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\MusNotification.exeC:\Windows\system32\MusNotification.exe1⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2976-130-0x0000000000DE0000-0x0000000000E00000-memory.dmpFilesize
128KB
-
memory/2976-131-0x0000000000DE0000-0x0000000000E00000-memory.dmpFilesize
128KB
-
memory/2976-132-0x0000000005CC0000-0x00000000062D8000-memory.dmpFilesize
6MB
-
memory/2976-133-0x0000000005760000-0x0000000005772000-memory.dmpFilesize
72KB
-
memory/2976-134-0x0000000005890000-0x000000000599A000-memory.dmpFilesize
1MB
-
memory/2976-135-0x00000000057C0000-0x00000000057FC000-memory.dmpFilesize
240KB
-
memory/2976-136-0x00000000056A0000-0x0000000005CB8000-memory.dmpFilesize
6MB
-
memory/2976-137-0x0000000005B50000-0x0000000005BB6000-memory.dmpFilesize
408KB
-
memory/2976-138-0x0000000006B90000-0x0000000007134000-memory.dmpFilesize
5MB
-
memory/2976-139-0x00000000066E0000-0x0000000006772000-memory.dmpFilesize
584KB
-
memory/2976-140-0x0000000006780000-0x00000000067F6000-memory.dmpFilesize
472KB
-
memory/2976-141-0x0000000006840000-0x000000000685E000-memory.dmpFilesize
120KB
-
memory/2976-142-0x0000000008500000-0x0000000008550000-memory.dmpFilesize
320KB
-
memory/2976-143-0x0000000008720000-0x00000000088E2000-memory.dmpFilesize
1MB
-
memory/2976-144-0x0000000008E20000-0x000000000934C000-memory.dmpFilesize
5MB