Overview

overview

10

Static

static

SKM_C33501...00.exe

windows7_x64

5

SKM_C33501...00.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    91s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20-05-2022 13:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SKM_C3350191107102300.exe

  • Size

    1.3MB

  • MD5

    4509f8b27545e3a27ee3bc66df679b7c

  • SHA1

    0b3687916e09fdf8528e06670ab6ba7b0b72fdf3

  • SHA256

    15d49746815865a2bc0eb51c3479cf49a1e3cff398479a31c935d1cfbb64d5f0

  • SHA512

    f77331f04e958ba87a4ba1b927d28058ce382242bf2242636bf9e96101b4ac43ca49c557744d7a7df6a35ea7c314101ae40491edde643aa8894d656873d93d92

Score
10/10
massloggerspywarestealer

Malware Config

Signatures

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger
  • MassLogger Main Payload 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SKM_C3350191107102300.exe
    "C:\Users\Admin\AppData\Local\Temp\SKM_C3350191107102300.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4976
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.ExE
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.ExE"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3856
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
        dw20.exe -x -s 764
        3⤵
        • Drops file in Windows directory
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious use of AdjustPrivilegeToken
        PID:1416

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1416-135-0x0000000000000000-mapping.dmp

    Download

  • memory/3856-132-0x0000000000000000-mapping.dmp

    Download

  • memory/3856-133-0x0000000000400000-0x00000000004B8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/3856-134-0x0000000074A10000-0x0000000074FC1000-memory.dmp

    Filesize

    5.7MB

    Download