Overview

overview

10

Static

static

02151539f5...44.exe

windows7_x64

8

02151539f5...44.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    52s
  • max time network
    74s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    15-04-2022 05:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02151539f5f9f89a9021ea2914bb520772ae1c8deb938b0646c4a319367e4744.exe

  • Size

    96KB

  • MD5

    b85e836c181e4b209d56c0d2df72d53e

  • SHA1

    e3bf80c50892d44db8391f00b3329863a9d19993

  • SHA256

    02151539f5f9f89a9021ea2914bb520772ae1c8deb938b0646c4a319367e4744

  • SHA512

    0b767f55b1033e1340c0a98c0a880bdac102f6de79520cc868c357c1d0e54de70f76798398d16167dfed8594a83ff012050cfc57aa9c63f1343f9d12160220bb

Score
10/10
metastealerevasionstealertrojan

Malware Config

Signatures

  • Meta Stealer Stealer

    Meta Stealer steals passwords stored in browsers, written in C++.

    stealermetastealer
  • Executes dropped EXE 2 IoCs
  • Windows security modification 2 TTPs 4 IoCs
    evasiontrojan
  • Drops file in System32 directory 7 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02151539f5f9f89a9021ea2914bb520772ae1c8deb938b0646c4a319367e4744.exe
    "C:\Users\Admin\AppData\Local\Temp\02151539f5f9f89a9021ea2914bb520772ae1c8deb938b0646c4a319367e4744.exe"
    1⤵
    • Windows security modification
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Windows\SYSTEM32\cmd.exe
      "cmd.exe" /c w3wpdiag.exe -install
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2544
      • C:\Windows\system32\w3wpdiag.exe
        w3wpdiag.exe -install
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        PID:1336
    • C:\Windows\SYSTEM32\cmd.exe
      "cmd.exe" /c del *.InstallLog *.InstallState
      2⤵
        PID:3080
    • C:\Windows\system32\w3wpdiag.exe
      "C:\Windows\system32\w3wpdiag.exe"
      1⤵
      • Executes dropped EXE
      PID:4568

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\System32\w3wpdiag.exe
      Filesize

      58KB

      MD5

      371b4380080e3d94ffcae1a7e9a0d5e2

      SHA1

      f7088075d1c798f27b0d269c97dc877ff16f1401

      SHA256

      2986bae15cfa78b919d21dc070be944e949a027e8047a812026e35c66ab17353

      SHA512

      990c3b43a9cdaa45432d2934aac005042f72ee4d1f441c474c07fa28e950c926e2474263bbc4bbd35aa74e4f6819f7194066f1f94dd300f2b04eee82bb7f5fb7

      Download Submit

    • C:\Windows\System32\w3wpdiag.exe
      Filesize

      58KB

      MD5

      371b4380080e3d94ffcae1a7e9a0d5e2

      SHA1

      f7088075d1c798f27b0d269c97dc877ff16f1401

      SHA256

      2986bae15cfa78b919d21dc070be944e949a027e8047a812026e35c66ab17353

      SHA512

      990c3b43a9cdaa45432d2934aac005042f72ee4d1f441c474c07fa28e950c926e2474263bbc4bbd35aa74e4f6819f7194066f1f94dd300f2b04eee82bb7f5fb7

      Download Submit

    • C:\Windows\system32\InstallUtil.InstallLog
      Filesize

      254B

      MD5

      c5d53c48801385ee40db4cd8fb2c8871

      SHA1

      ced3935c87a5885f270d087b4e3e033eba71f7be

      SHA256

      f8f0c2d425321cd0051c4400eb173cd88f00a7c2b670d1f42d7b107ed2a699a3

      SHA512

      131071b64a871761a547c3fd89215493a51f2005eb356786f75e5f3f4f2c7382b842bb54dbabf5a574aaf94f3b59e730995229c5fcad0afae2e274bfa6587f0a

      Download Submit

    • C:\Windows\system32\System.Web.Helpers.dll
      Filesize

      135KB

      MD5

      4f13bec852002ea7208deaf82b53f90d

      SHA1

      fffd7f988637d3f79bad6e6fb725f00aa8558044

      SHA256

      6bdd4e1a2887176b20bdc2d710c5d81b68b18e7006a8281f4973e9e31e25f40f

      SHA512

      2216dc754a787bc159e9bc363f8a57ee02caadce16dae41e73ce27cc37d7eef956983bf0dca7c78ef988030d69c4977a067b32667111ca10926a7d684771bf40

      Download Submit

    • C:\Windows\system32\w3wpdiag.InstallLog
      Filesize

      352B

      MD5

      be383fd6276114a5d483f97eb30f0e20

      SHA1

      0381d345da9668131e25032ad02581c09263f9bb

      SHA256

      9e4a506eb9dbef1df26011133b620482107696e9b28fa795f74c80cb7b23af2b

      SHA512

      5bb3d49dff84d2ae2fe69b5c1a315f2c0a4ccfc8d174b95d81da06ee14e31597f102949c05ba236fc210a7c8c977d70852f35c9b5e53a7012e7c90c3e66300e3

      Download Submit

    • C:\Windows\system32\w3wpdiag.exe
      Filesize

      58KB

      MD5

      371b4380080e3d94ffcae1a7e9a0d5e2

      SHA1

      f7088075d1c798f27b0d269c97dc877ff16f1401

      SHA256

      2986bae15cfa78b919d21dc070be944e949a027e8047a812026e35c66ab17353

      SHA512

      990c3b43a9cdaa45432d2934aac005042f72ee4d1f441c474c07fa28e950c926e2474263bbc4bbd35aa74e4f6819f7194066f1f94dd300f2b04eee82bb7f5fb7

      Download Submit

    • memory/1336-142-0x000000001B810000-0x000000001B812000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1336-140-0x00000000002C0000-0x00000000002D4000-memory.dmp

      Filesize

      80KB

      Download

    • memory/1336-141-0x00007FFF9B510000-0x00007FFF9BFD1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/1336-150-0x00000000024A0000-0x00000000024DC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1336-147-0x0000000000780000-0x0000000000792000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2092-130-0x0000000000900000-0x000000000091E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/2092-135-0x000000001BE80000-0x000000001C3A8000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/2092-134-0x000000001B780000-0x000000001B942000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/2092-133-0x00000000011E0000-0x0000000001206000-memory.dmp

      Filesize

      152KB

      Download

    • memory/2092-132-0x0000000000F60000-0x0000000000F62000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2092-131-0x00007FFF9B510000-0x00007FFF9BFD1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4568-148-0x000000001A960000-0x000000001A9D6000-memory.dmp

      Filesize

      472KB

      Download

    • memory/4568-151-0x00007FFF9B510000-0x00007FFF9BFD1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4568-152-0x0000000001A40000-0x0000000001A42000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4568-153-0x0000000001A50000-0x0000000001A6E000-memory.dmp

      Filesize

      120KB

      Download