Overview

overview

9

Static

static

9

Sverka maj.exe

windows7_x64

7

Sverka maj.exe

windows10-2004_x64

7

Analysis

  • max time kernel
    124s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    21-05-2022 10:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Sverka maj.exe

  • Size

    187KB

  • MD5

    9c36d806f114ad981ed65f3763e04131

  • SHA1

    8b546cede088ececf790ac1cafb02cf5a0366c8e

  • SHA256

    489f3a394942157dbc0ed01c09989288c1a87a2d7b80a6382a4338094b35d710

  • SHA512

    7fb6bb68f45f5fe39ff61c7cd445c71039ddb1260c1a25fe61059ecb03f99f41db2ffd1a273f250168d5c592d2aa6d0fb1bc09a2293057dd5dbbfa6fd4712fe3

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Runs ping.exe 1 TTPs 1 IoCs
  • Script User-Agent 2 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Sverka maj.exe
    "C:\Users\Admin\AppData\Local\Temp\Sverka maj.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Users\Admin\AppData\Local\Temp\Sverka maj.exe
      "C:\Users\Admin\AppData\Local\Temp\Sverka maj.exe" dfsr
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4128
      • C:\Windows\SYSTEM32\cmd.exe
        cmd.exe /c ping 127.0.0.1 & del /F /Q "C:\Users\Admin\AppData\Local\Temp\Sverka maj.exe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4100
        • C:\Windows\system32\PING.EXE
          ping 127.0.0.1
          4⤵
          • Runs ping.exe
          PID:4940

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2176-131-0x0000000002170000-0x000000000217E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/2176-132-0x0000000000400000-0x0000000000431000-memory.dmp
    Filesize

    196KB

    Download
  • memory/4100-134-0x0000000000000000-mapping.dmp
    Download
  • memory/4128-130-0x0000000000000000-mapping.dmp
    Download
  • memory/4128-133-0x0000000000400000-0x0000000000431000-memory.dmp
    Filesize

    196KB

    Download
  • memory/4940-135-0x0000000000000000-mapping.dmp
    Download