Analysis
-
max time kernel
79s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
resource tags
arch:x64arch:x86image:win10v2004-20220414-enlocale:en-usos:windows10-2004-x64system -
submitted
20-07-2022 09:16
Static task
static1
Behavioral task
behavioral1
Sample
185.4.65.203_-_update.exe___b78436c8bdcd14b81c4a828651ef8f6a.exe
Resource
win7-20220718-en
General
-
Target
185.4.65.203_-_update.exe___b78436c8bdcd14b81c4a828651ef8f6a.exe
-
Size
159KB
-
MD5
b78436c8bdcd14b81c4a828651ef8f6a
-
SHA1
bee132bfbb59e41b02dd0fbd65ba3eba2a3a5c17
-
SHA256
f5d6e5e4b06d5597f705053b15db15b8cbcb33c40c5437cda4d90af430a218fa
-
SHA512
9b7db48478eee118b708cd34d4e0755705e5437c476fc2c73875ec72582a93a657b6779808d36f7a358272d262048605a5b56809c6b32800dcf7e0ca493d413a
Malware Config
Extracted
arkei
Default
Signatures
-
Loads dropped DLL 2 IoCs
Processes:
185.4.65.203_-_update.exe___b78436c8bdcd14b81c4a828651ef8f6a.exepid process 4684 185.4.65.203_-_update.exe___b78436c8bdcd14b81c4a828651ef8f6a.exe 4684 185.4.65.203_-_update.exe___b78436c8bdcd14b81c4a828651ef8f6a.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
185.4.65.203_-_update.exe___b78436c8bdcd14b81c4a828651ef8f6a.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 185.4.65.203_-_update.exe___b78436c8bdcd14b81c4a828651ef8f6a.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 185.4.65.203_-_update.exe___b78436c8bdcd14b81c4a828651ef8f6a.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\mozglue.dllFilesize
133KB
MD58f73c08a9660691143661bf7332c3c27
SHA137fa65dd737c50fda710fdbde89e51374d0c204a
SHA2563fe6b1c54b8cf28f571e0c5d6636b4069a8ab00b4f11dd842cfec00691d0c9cd
SHA5120042ecf9b3571bb5eba2de893e8b2371df18f7c5a589f52ee66e4bfbaa15a5b8b7cc6a155792aaa8988528c27196896d5e82e1751c998bacea0d92395f66ad89
-
C:\ProgramData\nss3.dllFilesize
1.2MB
MD5bfac4e3c5908856ba17d41edcd455a51
SHA18eec7e888767aa9e4cca8ff246eb2aacb9170428
SHA256e2935b5b28550d47dc971f456d6961f20d1633b4892998750140e0eaa9ae9d78
SHA5122565bab776c4d732ffb1f9b415992a4c65b81bcd644a9a1df1333a269e322925fc1df4f76913463296efd7c88ef194c3056de2f1ca1357d7b5fe5ff0da877a66
-
memory/4684-130-0x0000000000400000-0x000000000043D000-memory.dmpFilesize
244KB
-
memory/4684-131-0x0000000060900000-0x0000000060992000-memory.dmpFilesize
584KB
-
memory/4684-152-0x0000000000400000-0x000000000043D000-memory.dmpFilesize
244KB