Overview

overview

10

Static

static

10

b682c6d6ce...27.exe

windows7-x64

7

b682c6d6ce...27.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220721-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-08-2022 16:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b682c6d6ce2db9c102b7b21a905f2e27.exe

  • Size

    572KB

  • MD5

    b682c6d6ce2db9c102b7b21a905f2e27

  • SHA1

    94579bf2d9bdbb3b11109b02c6ed87d48192b80f

  • SHA256

    ab5ac9bfb40fe0f3580c6ab3bbadab22f435af987cb0303d0b5f3ad4f9aa908c

  • SHA512

    ece2b6a1502da626900586e8a00a5ad4d12632d31cbfcfd889e1dd0984f9cc5c37f6959a0bd6553ec16ea620680729737b124ee915a3ef088756f328dadb9c8d

Score
7/10
spywarestealer

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b682c6d6ce2db9c102b7b21a905f2e27.exe
    "C:\Users\Admin\AppData\Local\Temp\b682c6d6ce2db9c102b7b21a905f2e27.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:544
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
      C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
      2⤵
        PID:4132

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Public\3037384246424646303030333036443242464246463030303330\SQLite3_StdCall.dll
      Filesize

      59KB

      MD5

      d77b227a28a78627c2323cac75948390

      SHA1

      e228c3951f2a9fd0febfe07390633ab4f35727f4

      SHA256

      527ec201dcd7695bd9830eb82ab35a3986121de9ea156193834aed9d79223b82

      SHA512

      5627fbc8bbb98f644e21f101a68f0e0b07b87c264d00ea227286bed8ab6dd4ebf5114f03b632604f775ff93666a409a1a179a81ebfc9246956ba8150ff5b0587

      Download Submit

    • C:\Users\Public\3037384246424646303030333036443242464246463030303330\sqlite3.dll
      Filesize

      585KB

      MD5

      5405413fff79b8d9c747aa900f60f082

      SHA1

      71caf8907ddd9a3a25d71356bd2ce09bd293bd78

      SHA256

      3e5a28ffde07ac661c26b6ccf94e64c1c90b1f25b3b24c90605aa922b87642eb

      SHA512

      2f09a30fc4da5166bd665210fefa1d44ce344f0ec6a37f127d677aeb3ca4fc0d09b7c9c1540f57da1e3449b7f588a1c61115395e965fa153d4baa5033266ed66

      Download Submit

    • memory/4132-133-0x0000000000D50000-0x0000000000D5E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/4132-136-0x0000000073EF0000-0x00000000744A1000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4132-137-0x0000000073EF0000-0x00000000744A1000-memory.dmp

      Filesize

      5.7MB

      Download