Overview

overview

10

Static

static

logo.png

windows7_x64

3

logo.png

windows10-2004_x64

3

requiremen...er.exe

windows7_x64

10

requiremen...er.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    153s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    21-05-2022 01:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    requirements and delivery order.exe

  • Size

    970KB

  • MD5

    6085ac87589c9ac7ce7fece0a743d4d3

  • SHA1

    d493ca5f57b3a9f8893a287c3ee64e387e30b1fa

  • SHA256

    f959039896cdd9c4add867b06af7d100629377c66ef7fb0fd4aeba48f9a9593e

  • SHA512

    09ecb1d0b7a70b0b9604f59bdc6ee9ca83560b7e0a815369992c80023a43bbd1ebe7aa199648744290121b042c22c90b3a4cd83da5682eccef48b5a390008546

Score
10/10
massloggerspywarestealer

Malware Config

Signatures

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger
  • MassLogger Main Payload 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\requirements and delivery order.exe
    "C:\Users\Admin\AppData\Local\Temp\requirements and delivery order.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3804
    • C:\Users\Admin\AppData\Local\Temp\requirements and delivery order.exe
      "{path}"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2332
      • C:\Windows\SysWOW64\cmd.exe
        "cmd" /c start /b powershell Start-Sleep -Seconds 2; Remove-Item -path 'C:\Users\Admin\AppData\Local\Temp\requirements and delivery order.exe' & exit
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3108
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell Start-Sleep -Seconds 2; Remove-Item -path 'C:\Users\Admin\AppData\Local\Temp\requirements and delivery order.exe'
          4⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:3660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\requirements and delivery order.exe.log
    Filesize

    1KB

    MD5

    8ec831f3e3a3f77e4a7b9cd32b48384c

    SHA1

    d83f09fd87c5bd86e045873c231c14836e76a05c

    SHA256

    7667e538030e3f8ce2886e47a01af24cb0ea70528b1e821c5d8832c5076cb982

    SHA512

    26bffa2406b66368bd412bf25869a792631455645992cdcade2dbc13a2e56fb546414a6a9223b94c96c38d89187add6678d4779a88b38b0c9e36be8527b213c3

    Download Submit

  • memory/2332-135-0x0000000000000000-mapping.dmp

    Download

  • memory/2332-137-0x0000000005930000-0x0000000005996000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2332-136-0x0000000000400000-0x00000000004B8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/3108-138-0x0000000000000000-mapping.dmp

    Download

  • memory/3660-140-0x0000000000000000-mapping.dmp

    Download

  • memory/3660-145-0x0000000006970000-0x000000000698E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/3660-149-0x0000000007AE0000-0x0000000007B02000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3660-148-0x0000000007B50000-0x0000000007BE6000-memory.dmp

    Filesize

    600KB

    Download

  • memory/3660-147-0x0000000007A20000-0x0000000007A3A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3660-146-0x0000000008070000-0x00000000086EA000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/3660-141-0x0000000003060000-0x0000000003096000-memory.dmp

    Filesize

    216KB

    Download

  • memory/3660-142-0x0000000005B10000-0x0000000006138000-memory.dmp

    Filesize

    6.2MB

    Download

  • memory/3660-143-0x00000000059C0000-0x00000000059E2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3660-144-0x00000000062B0000-0x0000000006316000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3804-134-0x0000000008970000-0x0000000008A0C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/3804-130-0x00000000005C0000-0x00000000006B8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/3804-131-0x0000000005550000-0x0000000005AF4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3804-132-0x0000000004FA0000-0x0000000005032000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3804-133-0x0000000004F60000-0x0000000004F6A000-memory.dmp

    Filesize

    40KB

    Download