Overview

overview

10

Static

static

49b64249d5...fb.zip

windows7_x64

1

49b64249d5...fb.zip

windows10-2004_x64

1

DESIGNS AR...ER.exe

windows7_x64

10

DESIGNS AR...ER.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    164s
  • max time network
    179s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20-05-2022 13:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DESIGNS ARTWORK FOR ORDER.exe

  • Size

    867KB

  • MD5

    73b302dc6804f0099e0957150f7a5782

  • SHA1

    c6cc6631668f0f8132651bd01dd4ca0303dd5fb1

  • SHA256

    0b59a5ffd1da84a9bf88fc0c49d758fb8288f1e9564111ec5c4f8e0ffa91940d

  • SHA512

    81f8751498372369f7dcdeb8a16a8d4a3460dfe64a59e1ec703a1f2a71e53d322ecd32b7a47039ee03f0628132b164806aef522a2ddd97013b41e2c32a3b61d3

Score
10/10
massloggerspywarestealer

Malware Config

Signatures

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger
  • MassLogger Main Payload 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DESIGNS ARTWORK FOR ORDER.exe
    "C:\Users\Admin\AppData\Local\Temp\DESIGNS ARTWORK FOR ORDER.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2964
    • C:\Users\Admin\AppData\Local\Temp\DESIGNS ARTWORK FOR ORDER.exe
      "C:\Users\Admin\AppData\Local\Temp\DESIGNS ARTWORK FOR ORDER.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4404
      • C:\Windows\SysWOW64\cmd.exe
        "cmd" /c start /b powershell Start-Sleep -Seconds 2; Remove-Item -path 'C:\Users\Admin\AppData\Local\Temp\DESIGNS ARTWORK FOR ORDER.exe' & exit
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2364
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell Start-Sleep -Seconds 2; Remove-Item -path 'C:\Users\Admin\AppData\Local\Temp\DESIGNS ARTWORK FOR ORDER.exe'
          4⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:3192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2364-137-0x0000000000000000-mapping.dmp

    Download

  • memory/2964-131-0x0000000004F60000-0x0000000004FFC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2964-132-0x00000000058B0000-0x0000000005E54000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2964-133-0x00000000054A0000-0x0000000005532000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2964-130-0x0000000000330000-0x0000000000410000-memory.dmp

    Filesize

    896KB

    Download

  • memory/3192-142-0x0000000005760000-0x00000000057C6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3192-138-0x0000000000000000-mapping.dmp

    Download

  • memory/3192-139-0x0000000002610000-0x0000000002646000-memory.dmp

    Filesize

    216KB

    Download

  • memory/3192-140-0x00000000050C0000-0x00000000056E8000-memory.dmp

    Filesize

    6.2MB

    Download

  • memory/3192-141-0x0000000005030000-0x0000000005052000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3192-143-0x0000000005EF0000-0x0000000005F0E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/3192-144-0x0000000007520000-0x0000000007B9A000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/3192-145-0x0000000006410000-0x000000000642A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3192-146-0x0000000007140000-0x00000000071D6000-memory.dmp

    Filesize

    600KB

    Download

  • memory/3192-147-0x00000000064C0000-0x00000000064E2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4404-136-0x0000000005820000-0x0000000005886000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4404-135-0x0000000000400000-0x00000000004B8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4404-134-0x0000000000000000-mapping.dmp

    Download