Overview

overview

8

Static

static

711b8eae59...65.exe

windows7-x64

8

711b8eae59...65.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/10/2022, 22:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    711b8eae591a1263be3bb9d7335d7aee131e6ec946d7b02d50bd4891d8691a65.exe

  • Size

    244KB

  • MD5

    90bb71d6b2ad3c4e69c134ae01cc1d80

  • SHA1

    a1ee32519f77bf8af82f8134609da003f6d305ab

  • SHA256

    711b8eae591a1263be3bb9d7335d7aee131e6ec946d7b02d50bd4891d8691a65

  • SHA512

    c2d7461bb2e4a09ce36e638239a72b3ff106c8424833e58b730c472f1d6b633cad781e58c92652d0ed99ad0a11ceca5130034f5a357b0655c130e693d2113b40

  • SSDEEP

    3072:QjyQE1Jlrgku8X2rrP9/4Za5lq27nki3IMtnd9hh7DZUNaeqr6/qiFTqPsg:Qez92nPVAajnki3IMtd9WNafHil1g

Score
8/10
discoverypersistencespywarestealerupx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Checks processor information in registry 2 TTPs 9 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 12 IoCs
  • Modifies Internet Explorer Protected Mode 1 TTPs 2 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\711b8eae591a1263be3bb9d7335d7aee131e6ec946d7b02d50bd4891d8691a65.exe
    "C:\Users\Admin\AppData\Local\Temp\711b8eae591a1263be3bb9d7335d7aee131e6ec946d7b02d50bd4891d8691a65.exe"
    1⤵
    • Adds Run key to start application
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Windows\SysWOW64\verifiergui.exe
      C:\Windows\System32\verifiergui.exe
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3636
      • C:\Windows\SysWOW64\runonce.exe
        C:\Windows\System32\runonce.exe
        3⤵
        • Enumerates system info in registry
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3664
        • C:\Windows\SysWOW64\msfeedssync.exe
          C:\Windows\System32\msfeedssync.exe
          4⤵
          • Checks processor information in registry
          • Enumerates system info in registry
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious use of AdjustPrivilegeToken
          PID:1464
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 1756
        3⤵
        • Program crash
        PID:4960
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3636 -ip 3636
    1⤵
      PID:2792

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
            Filesize

            60KB

            MD5

            d15aaa7c9be910a9898260767e2490e1

            SHA1

            2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

            SHA256

            f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

            SHA512

            7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
            Filesize

            328B

            MD5

            ef46223549f8814fad7af34334982d15

            SHA1

            186d213a5f41047a7bfe4bacbf1d783dae4b77be

            SHA256

            613875ff7307d48b8702d75e6d603c3fddf37a6f22d43f05d79cf0dc1af334b6

            SHA512

            9c3a8b84fa9782dfff8c9d789a92cdadfd1e89e7b51160c8d2152d6b117144951401b319aa9b5c80c9fe93a7f21c1e197827cf88cbffc38bebbc38c173c06605

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0fx48ci0.default-release\minidumps\unregmp2.exe
            Filesize

            244KB

            MD5

            90bb71d6b2ad3c4e69c134ae01cc1d80

            SHA1

            a1ee32519f77bf8af82f8134609da003f6d305ab

            SHA256

            711b8eae591a1263be3bb9d7335d7aee131e6ec946d7b02d50bd4891d8691a65

            SHA512

            c2d7461bb2e4a09ce36e638239a72b3ff106c8424833e58b730c472f1d6b633cad781e58c92652d0ed99ad0a11ceca5130034f5a357b0655c130e693d2113b40

            Download Submit

          • memory/1464-177-0x0000000076330000-0x0000000076545000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/1464-183-0x0000000076330000-0x0000000076545000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/1464-190-0x0000000000C40000-0x0000000000C8A000-memory.dmp

            Filesize

            296KB

            Download

          • memory/1464-189-0x0000000077A10000-0x0000000077BB3000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1464-188-0x0000000077A10000-0x0000000077BB3000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1464-187-0x0000000077A10000-0x0000000077BB3000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1464-185-0x0000000077A10000-0x0000000077BB3000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1464-171-0x0000000000C40000-0x0000000000C8A000-memory.dmp

            Filesize

            296KB

            Download

          • memory/1464-186-0x0000000076330000-0x0000000076545000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/1464-184-0x0000000077A10000-0x0000000077BB3000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1464-172-0x0000000000C40000-0x0000000000C8A000-memory.dmp

            Filesize

            296KB

            Download

          • memory/1464-181-0x0000000077A10000-0x0000000077BB3000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1464-179-0x0000000077A10000-0x0000000077BB3000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1464-178-0x0000000076A40000-0x0000000076AA3000-memory.dmp

            Filesize

            396KB

            Download

          • memory/1464-175-0x0000000077A10000-0x0000000077BB3000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/1728-135-0x00000000022A0000-0x00000000022B0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1728-138-0x00000000022E0000-0x000000000232A000-memory.dmp

            Filesize

            296KB

            Download

          • memory/1728-137-0x00000000022E0000-0x000000000232A000-memory.dmp

            Filesize

            296KB

            Download

          • memory/1728-132-0x00000000022E0000-0x000000000232A000-memory.dmp

            Filesize

            296KB

            Download

          • memory/1728-140-0x00000000022E0000-0x000000000232A000-memory.dmp

            Filesize

            296KB

            Download

          • memory/1728-136-0x0000000000400000-0x000000000044D000-memory.dmp

            Filesize

            308KB

            Download

          • memory/3636-150-0x0000000077A10000-0x0000000077BB3000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/3636-152-0x0000000076330000-0x0000000076545000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/3636-166-0x0000000001020000-0x000000000106A000-memory.dmp

            Filesize

            296KB

            Download

          • memory/3636-141-0x0000000001020000-0x000000000106A000-memory.dmp

            Filesize

            296KB

            Download

          • memory/3636-144-0x0000000077A10000-0x0000000077BB3000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/3636-159-0x0000000077A10000-0x0000000077BB3000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/3636-158-0x0000000077A10000-0x0000000077BB3000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/3636-157-0x0000000077A10000-0x0000000077BB3000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/3636-156-0x0000000076330000-0x0000000076545000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/3636-155-0x0000000001020000-0x000000000106A000-memory.dmp

            Filesize

            296KB

            Download

          • memory/3636-154-0x0000000077A10000-0x0000000077BB3000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/3636-153-0x0000000077A10000-0x0000000077BB3000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/3636-146-0x0000000076330000-0x0000000076545000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/3636-148-0x0000000077A10000-0x0000000077BB3000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/3636-147-0x0000000076A40000-0x0000000076AA3000-memory.dmp

            Filesize

            396KB

            Download

          • memory/3664-167-0x0000000000AE0000-0x0000000000B2A000-memory.dmp

            Filesize

            296KB

            Download

          • memory/3664-162-0x0000000000AE0000-0x0000000000B2A000-memory.dmp

            Filesize

            296KB

            Download

          • memory/3664-165-0x0000000000AE0000-0x0000000000B2A000-memory.dmp

            Filesize

            296KB

            Download