Overview

overview

8

Static

static

711b8eae59...65.exe

windows7-x64

8

711b8eae59...65.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    19/10/2022, 22:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    711b8eae591a1263be3bb9d7335d7aee131e6ec946d7b02d50bd4891d8691a65.exe

  • Size

    244KB

  • MD5

    90bb71d6b2ad3c4e69c134ae01cc1d80

  • SHA1

    a1ee32519f77bf8af82f8134609da003f6d305ab

  • SHA256

    711b8eae591a1263be3bb9d7335d7aee131e6ec946d7b02d50bd4891d8691a65

  • SHA512

    c2d7461bb2e4a09ce36e638239a72b3ff106c8424833e58b730c472f1d6b633cad781e58c92652d0ed99ad0a11ceca5130034f5a357b0655c130e693d2113b40

  • SSDEEP

    3072:QjyQE1Jlrgku8X2rrP9/4Za5lq27nki3IMtnd9hh7DZUNaeqr6/qiFTqPsg:Qez92nPVAajnki3IMtd9WNafHil1g

Score
8/10
discoverypersistencespywarestealerupx

Malware Config

Signatures

  • Blocklisted process makes network request 18 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Deletes itself 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies Internet Explorer Protected Mode 1 TTPs 1 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\711b8eae591a1263be3bb9d7335d7aee131e6ec946d7b02d50bd4891d8691a65.exe
    "C:\Users\Admin\AppData\Local\Temp\711b8eae591a1263be3bb9d7335d7aee131e6ec946d7b02d50bd4891d8691a65.exe"
    1⤵
    • Adds Run key to start application
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1048
    • C:\Windows\SysWOW64\RegisterIEPKEYs.exe
      C:\Windows\System32\RegisterIEPKEYs.exe
      2⤵
      • Deletes itself
      • Checks processor information in registry
      • Enumerates system info in registry
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:336
      • C:\Windows\SysWOW64\cscript.exe
        C:\Windows\System32\cscript.exe
        3⤵
        • Blocklisted process makes network request
        • Enumerates system info in registry
        • Suspicious use of AdjustPrivilegeToken
        PID:1056

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          60KB

          MD5

          d15aaa7c9be910a9898260767e2490e1

          SHA1

          2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

          SHA256

          f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

          SHA512

          7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          78e37714f6976fceca959076c0b87fe0

          SHA1

          3d94ae7283c6f9291f53ce2d5befc763192805ff

          SHA256

          52feaf38dcc9674b727164ea5f89cd425282853d4cbc939e0a212c65165e306d

          SHA512

          9c323494194e96387bcb7a2435edafa1cbaf7ba912d280a8e9e1ee58ee7d8f1414c19c361e8f3ed9c2757b46192a381460e6be6737b51e6e73b21264cd2614a3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          91c894ea6f15dd70e3c7a2a92104ace3

          SHA1

          b9d33ae6fce5d59fe84ac8e6ea947aed3b6a4e0b

          SHA256

          237b8ad7ccc72768d81efae859d8d5eeff1fc0ec91b97d726c388dd01c36a69a

          SHA512

          1c2cfba711ef0f568edd46f8e2288acf81b48196b7fe584ebd445f0b00471c5230e03051daa0d044809c5cca99bb69e0a7b7c4e5400beffde7752d5ccbc85a59

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          66e2070f333300aaf32c5080292cd616

          SHA1

          035baf3824a0df105d7f63984a83baa43ee91f7b

          SHA256

          b2c33d6747566c169e6a7a4328fb05cdbda01169f2377fe8624ac7daf24394ac

          SHA512

          f1158787d63737c051f7c3ba93aaea87ceb5ef8274548121b9b991a2c3d1f8d00b5eee6b66482a7734dda9bc10b730b8cd77ba565f30d2a040b8cddc8b26f7ab

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3f6952ebbd38261df219516b02835ead

          SHA1

          ba0e01776b72a10d1e327b33e1fed70ae37dd598

          SHA256

          20575e49a5ca04cd8e5f0a65d00a3a387bc00341814111893e370ffcae4b78b4

          SHA512

          0159298375ddef9e32da89e68a48472eb80f162e6fdd2fc6c97440963d12c14cf770a829d294f28377854caf5b3e2f89950ea5595a7f49fd6931cb5e0fb5d95e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5070a6293f94608354eada8a874a45d6

          SHA1

          6f2ab22035e270fcfd7ec552675f60a8bb15a840

          SHA256

          2019c30a9ed5e07a9c04e3de78b50806f829d71f1a6e662f3826b4b7b3c468e1

          SHA512

          30277ea74e4be7999c01adeace2cebf3dfbf447694229502a41902ac88695d1c17b761f88b080c3eeb737b3d1ed3abd1285a680b0b8408438ba39a25731a4851

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5f2cba428613b853c39c058dc9f02cd2

          SHA1

          9fa282eb2a0258cc944e972487013c629e18d1a0

          SHA256

          904e60c63a423767969d89adc5fdf9f015c31950f1771455e5db3964398d42ed

          SHA512

          773d1c8568299a56f3d75d8a257fc4a1f309026e9b1481f8542c43c485c389aaa9e548ae8c73cb619caf848535953765abbaa8fcd19ab7c33831bdc88ddeed6b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          53976faa9e5c3f9d0c09346245b73f78

          SHA1

          2073bdcff71cf2880a3e1ba6e6d9e82f64d45fe8

          SHA256

          a3809c34f8bb138d48ea5bed5d857958f96902f8ed703ce07e12f78272a12bf8

          SHA512

          11892ee778756f0e3eb8c2a1c64c4de182dc3fff667dda5c777529481767bda32ac2e6e154f9c8f8bb042e3b2a84c122cd2c7e5b7ae7aa3e32f8fe20ef7286e2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          919d524c9c4fe878b83875242bdfe6f2

          SHA1

          efa58a612ee9cb1de1a313b6c8855e93a0ca40f8

          SHA256

          1d5692baee3219f6294f1a917c9244dcac2c0df2d57a8e17d3a28a31ef2194f4

          SHA512

          8947606c8125d4d307cac29bf8594c160e97f6c9623102ebcfbae367b195bec0bcaacbe778ea489074199abde1ea6095c5bd1ccc78c73e9d7baddb3c8c7b7aac

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7c5d348e104aa0f2d40ccbcfe21b7ecf

          SHA1

          424e9da3ff8c59d94ce36becf69f8547d843df31

          SHA256

          090c3a4109b584fc531fea67f265768fee668119e72313740046985f9358b1d7

          SHA512

          984e3ed1e5f94694c69bd20de4f1e36d27ac20b6bdea51a6efd4b9312b62a9941957e329146d80258bf97bc8f82656ef8b2cd818da7d1877aadd56cc07eb4091

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          16cbd26121c0e2ed759621ad65ab9847

          SHA1

          c21c4dbd2a4d7c77a725854a5889befbe3b797ee

          SHA256

          06ba1d2e43fea1f61f0c8c3eb5b69387a63eeabfe3d3baaafb2d72f69f38bba5

          SHA512

          acc0f561eb5bc6d43f197fdcdfdde95f0e1115e9f64c48d13808516684fa77072e28e55d8728a8d1275a625e8942757f1323add4338f2360a0d09da73ee314c3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8f4711c8f7e3208be436bf7d8e8627c1

          SHA1

          bb89bd3a5d38d1205c53a5899031e164ef098b1f

          SHA256

          dc68196714385f37a72f8a3a8f84ae783551e391ba80f42341972dd535a9db91

          SHA512

          613002938281f3c68352f55336a5b50a725aec751d93c9c5271087e4394d0674c19a2fea9b84d83929afb86b674c6a723ae9498b0dd5bc21b6495689d7c1cebf

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4gq1sglk.default-release\bookmarkbackups\SystemPropertiesRemote.exe
          Filesize

          244KB

          MD5

          90bb71d6b2ad3c4e69c134ae01cc1d80

          SHA1

          a1ee32519f77bf8af82f8134609da003f6d305ab

          SHA256

          711b8eae591a1263be3bb9d7335d7aee131e6ec946d7b02d50bd4891d8691a65

          SHA512

          c2d7461bb2e4a09ce36e638239a72b3ff106c8424833e58b730c472f1d6b633cad781e58c92652d0ed99ad0a11ceca5130034f5a357b0655c130e693d2113b40

          Download Submit

        • memory/336-92-0x0000000077840000-0x00000000779C0000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/336-73-0x00000000759A0000-0x00000000759E7000-memory.dmp

          Filesize

          284KB

          Download

        • memory/336-87-0x0000000000080000-0x00000000000CA000-memory.dmp

          Filesize

          296KB

          Download

        • memory/336-88-0x0000000077840000-0x00000000779C0000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/336-89-0x0000000075480000-0x0000000075590000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/336-90-0x00000000759A0000-0x00000000759E7000-memory.dmp

          Filesize

          284KB

          Download

        • memory/336-91-0x0000000077840000-0x00000000779C0000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/336-63-0x0000000000080000-0x00000000000CA000-memory.dmp

          Filesize

          296KB

          Download

        • memory/336-93-0x0000000077840000-0x00000000779C0000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/336-94-0x0000000077840000-0x00000000779C0000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/336-75-0x0000000077200000-0x0000000077235000-memory.dmp

          Filesize

          212KB

          Download

        • memory/336-74-0x00000000759F0000-0x000000007663A000-memory.dmp

          Filesize

          12.3MB

          Download

        • memory/336-61-0x0000000000110000-0x000000000014D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/336-111-0x0000000077840000-0x00000000779C0000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/336-79-0x00000000759A0000-0x00000000759E7000-memory.dmp

          Filesize

          284KB

          Download

        • memory/336-68-0x0000000000080000-0x00000000000CA000-memory.dmp

          Filesize

          296KB

          Download

        • memory/336-109-0x0000000000080000-0x00000000000CA000-memory.dmp

          Filesize

          296KB

          Download

        • memory/336-110-0x00000000759A0000-0x00000000759E7000-memory.dmp

          Filesize

          284KB

          Download

        • memory/1048-66-0x0000000000380000-0x00000000003CA000-memory.dmp

          Filesize

          296KB

          Download

        • memory/1048-54-0x00000000759F1000-0x00000000759F3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1048-60-0x0000000000380000-0x00000000003CA000-memory.dmp

          Filesize

          296KB

          Download

        • memory/1048-59-0x0000000000400000-0x000000000044D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/1048-58-0x0000000000290000-0x00000000002A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1048-55-0x0000000000380000-0x00000000003CA000-memory.dmp

          Filesize

          296KB

          Download

        • memory/1056-106-0x00000000000B0000-0x00000000000FA000-memory.dmp

          Filesize

          296KB

          Download

        • memory/1056-112-0x00000000000B0000-0x00000000000FA000-memory.dmp

          Filesize

          296KB

          Download

        • memory/1056-102-0x00000000000B0000-0x00000000000FA000-memory.dmp

          Filesize

          296KB

          Download