Overview

overview

10

Static

static

10

7zS850A099...ed.exe

windows7_x64

10

7zS850A099...ed.exe

windows10-2004_x64

10

7zS850A099...1a.exe

windows7_x64

10

7zS850A099...1a.exe

windows10-2004_x64

1

7zS850A099...b7.exe

windows7_x64

10

7zS850A099...b7.exe

windows10-2004_x64

10

7zS850A099...5e.exe

windows7_x64

10

7zS850A099...5e.exe

windows10-2004_x64

10

7zS850A099...a0.exe

windows7_x64

10

7zS850A099...a0.exe

windows10-2004_x64

10

7zS850A099...95.exe

windows7_x64

7

7zS850A099...95.exe

windows10-2004_x64

7

7zS850A099...cb.exe

windows7_x64

10

7zS850A099...cb.exe

windows10-2004_x64

1

7zS850A099...58.exe

windows7_x64

7

7zS850A099...58.exe

windows10-2004_x64

1

7zS850A099...7f.exe

windows7_x64

7

7zS850A099...7f.exe

windows10-2004_x64

1

7zS850A099...32.exe

windows7_x64

7

7zS850A099...32.exe

windows10-2004_x64

7

7zS850A099...c3.exe

windows7_x64

8

7zS850A099...c3.exe

windows10-2004_x64

8

7zS850A099...e9.exe

windows7_x64

6

7zS850A099...e9.exe

windows10-2004_x64

6

7zS850A099...8c.exe

windows7_x64

8

7zS850A099...8c.exe

windows10-2004_x64

1

7zS850A099...8c.exe

windows7_x64

10

7zS850A099...8c.exe

windows10-2004_x64

10

7zS850A099...ll.exe

windows7_x64

10

7zS850A099...ll.exe

windows10-2004_x64

1

Analysis

  • max time kernel
    117s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    19-01-2022 08:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7zS850A099E/61e7501db65f3_Tue23c7b395c3.exe

  • Size

    1.6MB

  • MD5

    79400b1fd740d9cb7ec7c2c2e9a7d618

  • SHA1

    8ab8d7dcd469853f61ca27b8afe2ab6e0f2a1bb3

  • SHA256

    556d5c93b2ceb585711ccce22e39e3327f388b893d76a3a7974967fe99a6fa7f

  • SHA512

    3ed024b02d7410d5ddc7bb772a2b3e8a5516a16d1cb5fac9f5d925da84b376b67117daf238fb53c7707e6bb86a0198534ad1e79b6ebed979b505b3faf9ae55ac

Score
8/10
spywarestealerupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7zS850A099E\61e7501db65f3_Tue23c7b395c3.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS850A099E\61e7501db65f3_Tue23c7b395c3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1452
    • C:\Users\Admin\AppData\Local\Temp\11111.exe
      C:\Users\Admin\AppData\Local\Temp\11111.exe /stab C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1896

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\11111.exe
    MD5

    d0527733abcc5c58735e11d43061b431

    SHA1

    28de9d191826192721e325787b8a50a84328cffd

    SHA256

    b4ef7ee228c1500f7bb3686361b1a246954efe04cf14d218b5ee709bc0d88b45

    SHA512

    7704b215fade38c9a4aa2395263f3d4d9392b318b5644146464d233006a6de86f53a5f6e47cd909c0d968e3ef4db397f52e28ca4d6a1b2e88e1c40a1dbde3fb5

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
    MD5

    46183ada973d3bfaab7be726c800e96e

    SHA1

    7fcb7272b04d8b1caaf1343ec720461ca79f45c2

    SHA256

    0cba483c4b5eeb5d275d2a54db9f7c3c213615628b4ac79044980347930e7a1f

    SHA512

    338c4ccf7cde74e3aa5c9bb27672797ab8b4c8aa6e99fbcf61a2dc8caecdd871b747e4bcc654391479bc4df5a1e72257da9957f9768c67b2846dd9435b950926

    Download Submit
  • memory/1896-55-0x0000000075D61000-0x0000000075D63000-memory.dmp
    Filesize

    8KB

    Download