Overview

overview

10

Static

static

dea037fb97...57.exe

windows7_x64

1

dea037fb97...57.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    144s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    01-05-2022 23:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dea037fb97aad6ad1b9d0c0088b4b9ffc6e2f5ea19c387106689d113b4d48257.exe

  • Size

    695KB

  • MD5

    c39c53de74a74595f4d9a838a3fd685b

  • SHA1

    1894daad144af9a174cddfc36af778484ecd0c6b

  • SHA256

    dea037fb97aad6ad1b9d0c0088b4b9ffc6e2f5ea19c387106689d113b4d48257

  • SHA512

    23d9725ea30576605c1fc20321b4328208846b196ffe4b1cd0320b74e391f84b09ea1ebfc6f093ea98cdb9234dfdb56386c5979e93f785c6d0c7e0676170d0e1

Score
10/10
massloggerspywarestealer

Malware Config

Signatures

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger
  • MassLogger Main Payload 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dea037fb97aad6ad1b9d0c0088b4b9ffc6e2f5ea19c387106689d113b4d48257.exe
    "C:\Users\Admin\AppData\Local\Temp\dea037fb97aad6ad1b9d0c0088b4b9ffc6e2f5ea19c387106689d113b4d48257.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Users\Admin\AppData\Local\Temp\dea037fb97aad6ad1b9d0c0088b4b9ffc6e2f5ea19c387106689d113b4d48257.exe
      "{path}"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3832
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        "powershell" Start-Sleep -Seconds 2; Remove-Item -path 'C:\Users\Admin\AppData\Local\Temp\dea037fb97aad6ad1b9d0c0088b4b9ffc6e2f5ea19c387106689d113b4d48257.exe'
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dea037fb97aad6ad1b9d0c0088b4b9ffc6e2f5ea19c387106689d113b4d48257.exe.log
    Filesize

    323B

    MD5

    288c2dfaef4744587ed9babe65464432

    SHA1

    28da9bc6b0411d2eb02f5e68187ccc5b5d040cae

    SHA256

    ac74e39389d05bc95d40efc9cc7f4726281809d360ab117f92685d3779a85af9

    SHA512

    48530d4bff93f816ddaa5aab1127d4ae6868a86bcf47eed6c1558e0ae9b6cb70a23fa6aca0dfd24b701cd2ab5075c8c0e100d40c94b08ea32123ec2866388b27

    Download Submit

  • memory/2896-130-0x0000000000010000-0x00000000000C6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2896-131-0x000000000A290000-0x000000000A32C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/3832-133-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3832-135-0x0000000005A90000-0x0000000005B22000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3832-136-0x00000000060E0000-0x0000000006684000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3832-137-0x0000000005B30000-0x0000000005B96000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4920-139-0x00000000025B0000-0x00000000025E6000-memory.dmp

    Filesize

    216KB

    Download

  • memory/4920-140-0x0000000005190000-0x00000000057B8000-memory.dmp

    Filesize

    6.2MB

    Download

  • memory/4920-141-0x0000000005030000-0x0000000005052000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4920-142-0x00000000050D0000-0x0000000005136000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4920-143-0x0000000005ED0000-0x0000000005EEE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4920-144-0x00000000077F0000-0x0000000007E6A000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4920-145-0x00000000063B0000-0x00000000063CA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4920-146-0x0000000007170000-0x0000000007206000-memory.dmp

    Filesize

    600KB

    Download

  • memory/4920-147-0x0000000006480000-0x00000000064A2000-memory.dmp

    Filesize

    136KB

    Download