Overview

overview

10

Static

static

5

Company Profile.exe

windows7_x64

10

Company Profile.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    146s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20-05-2022 13:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Company Profile.exe

  • Size

    2.1MB

  • MD5

    c29a529830426b09db4a2e8fabea26d7

  • SHA1

    e533dad57fd624eacc2627afa7d55ca728142e11

  • SHA256

    796be4e7eb4f284e2d1747b4bd8b7b5479a15b00b14c857ac27e40411d6415c8

  • SHA512

    308fd89df7ff1b61b0ec72eb2f108ec5ade4b3886e6258634f9a6237deffaec0e521deac8390fad1438933a42c03d5d4a3819ff817f5d30d12c029d16881c07a

Score
10/10
massloggercollectionspywarestealer

Malware Config

Signatures

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger
  • MassLogger Main Payload 61 IoCs
  • MassLogger log file 3 IoCs

    Detects a log file produced by MassLogger.

  • Accesses Microsoft Outlook profiles 1 TTPs 30 IoCs
    collection
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 4 IoCs
  • Suspicious behavior: AddClipboardFormatListener 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 29 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Company Profile.exe
    "C:\Users\Admin\AppData\Local\Temp\Company Profile.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4120
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"
      2⤵
      • Accesses Microsoft Outlook profiles
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:716
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"
      2⤵
      • Accesses Microsoft Outlook profiles
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1720
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"
      2⤵
      • Accesses Microsoft Outlook profiles
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • outlook_office_path
      • outlook_win_path
      PID:4072
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:100

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log
    Filesize

    1KB

    MD5

    477919ada73b78523752f7749a348fa1

    SHA1

    51b57855e49a1216bf0d7c29bf5f2faf737b83d3

    SHA256

    b321a24188cc81f337b1f2fd2020fa86cfec3c73b0bae2cdb81b1e8fbf8a1f19

    SHA512

    c9ae07a841fb15682b287a56d245722b4ccc50a3410d27fea3e4e56baf1fe1ce2528a5b5783fab3c392b82f099a5d8b0362ae53cfbc792c94f725012cba873ab

    Download Submit

  • memory/100-909-0x0000000000000000-mapping.dmp

    Download

  • memory/716-167-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-177-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-136-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-137-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-138-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-172-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-139-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-143-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-144-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-145-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-146-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-147-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-148-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-150-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-149-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-151-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-152-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-153-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-154-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-155-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-156-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-157-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-158-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-159-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-161-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-160-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-162-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-163-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-164-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-165-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-166-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-168-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-169-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-170-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-130-0x0000000000000000-mapping.dmp

    Download

  • memory/716-171-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-141-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-173-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-131-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-175-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-176-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-174-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-178-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-181-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-180-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-182-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-179-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-183-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-184-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-186-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-187-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-188-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-185-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-189-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-191-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-192-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-193-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-194-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-195-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-196-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-190-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/716-388-0x00000000059C0000-0x0000000005A52000-memory.dmp

    Filesize

    584KB

    Download

  • memory/716-389-0x0000000006010000-0x00000000065B4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/716-390-0x00000000067C0000-0x0000000006826000-memory.dmp

    Filesize

    408KB

    Download

  • memory/716-391-0x0000000006CE0000-0x0000000006CEA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/716-392-0x0000000007CE0000-0x0000000007D30000-memory.dmp

    Filesize

    320KB

    Download

  • memory/716-393-0x0000000007DD0000-0x0000000007E6C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/1720-394-0x0000000000000000-mapping.dmp

    Download

  • memory/1720-401-0x0000000000340000-0x00000000003E6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/4072-652-0x0000000000000000-mapping.dmp

    Download

  • memory/4120-140-0x0000000005930000-0x0000000005A71000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4120-142-0x0000000005A80000-0x0000000005BC1000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4120-760-0x0000000001FE0000-0x0000000002086000-memory.dmp

    Filesize

    664KB

    Download