70bd462f83868e130cecbcf54f438070e042e8d7b1c1db2229192b7c344f6f19

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 04:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70bd462f83868e130cecbcf54f438070e042e8d7b1c1db2229192b7c344f6f19.exe
Size

655KB
MD5

8154ad949bfb5e8690bc8dc6ef8abd90
SHA1

8f1b39f243c21c0806862fd7951c0618f8c35ecc
SHA256

70bd462f83868e130cecbcf54f438070e042e8d7b1c1db2229192b7c344f6f19
SHA512

b7f5019ebce70de95fe830b5c9144887c4dcab54e52c246070e178446ef99ff8cf7f9622826f43c9006b2f67d5d0cc03e6e8e2e81ae66a2ed494e14ec1fd8486
SSDEEP

12288:t/36Cpd8FZT3IV9IRLhccD16bko2n6X66DFRXcYft227aA7HeyqvC:t/3ZkZTGiXccD1Gf2n6KsrbtRf3qvC

Score

8^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1148	jK7.exe

Loads dropped DLL 1 IoCs

pid	Process
1308	70bd462f83868e130cecbcf54f438070e042e8d7b1c1db2229192b7c344f6f19.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 3 IoCs

description	ioc	Process
File created	C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjakabnaamfemgadfbecmlkhlalhjmcf\1.1\manifest.json	jK7.exe
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjakabnaamfemgadfbecmlkhlalhjmcf\1.1\manifest.json	jK7.exe
File created	C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjakabnaamfemgadfbecmlkhlalhjmcf\1.1\manifest.json	jK7.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 1148	1308	70bd462f83868e130cecbcf54f438070e042e8d7b1c1db2229192b7c344f6f19.exe	27
PID 1308 wrote to memory of 1148	1308	70bd462f83868e130cecbcf54f438070e042e8d7b1c1db2229192b7c344f6f19.exe	27
PID 1308 wrote to memory of 1148	1308	70bd462f83868e130cecbcf54f438070e042e8d7b1c1db2229192b7c344f6f19.exe	27
PID 1308 wrote to memory of 1148	1308	70bd462f83868e130cecbcf54f438070e042e8d7b1c1db2229192b7c344f6f19.exe	27

C:\Users\Admin\AppData\Local\Temp\70bd462f83868e130cecbcf54f438070e042e8d7b1c1db2229192b7c344f6f19.exe
"C:\Users\Admin\AppData\Local\Temp\70bd462f83868e130cecbcf54f438070e042e8d7b1c1db2229192b7c344f6f19.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Users\Admin\AppData\Local\Temp\3bd823b0\jK7.exe
  "C:\Users\Admin\AppData\Local\Temp/3bd823b0/jK7.exe"
  2⤵
  - Executes dropped EXE
  - Drops Chrome extension
  PID:1148

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3bd823b0\[email protected]\bootstrap.js

Filesize
2KB

MD5
df13f711e20e9c80171846d4f2f7ae06

SHA1
56d29cda58427efe0e21d3880d39eb1b0ef60bee

SHA256
6c325461fba531a94cf8cbdcfc52755494973df0629ce0ee3fef734ab0838fc4

SHA512
6c51cee3bf13f164c4a5c9884cc6053cbf9db9701d34c07dc5761d2c047d3d1f7a361b32996a430107e9a4ce68a29149d747a84c76778a1e8780719a3d30470e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3bd823b0\[email protected]\chrome.manifest

Filesize
23B

MD5
16b0016aad86a2cb0698bde454fb59ad

SHA1
ea4dde3606d835749aea51f7653ae009d2e73929

SHA256
59e6833ad3bc4f5264586b76dd7f70d98d8a32c5b148c3f1fbafa8b58a2854b5

SHA512
f2ac01d7d6d593b81bc5e51f3ea47126407b4d6c14484a454c07d5dc4e691463b8ce39c9868ad38373d107a1206c3b8aede593d1536aff8189973e96a4a7d443

Download Submit
C:\Users\Admin\AppData\Local\Temp\3bd823b0\[email protected]\content\bg.js

Filesize
31KB

MD5
156b24966457d164087bfbf923de2789

SHA1
82f2f170b785de590a8c1dd67ef6c5c778901f50

SHA256
f2be683330684b30623b3ee969d55e0b8e0a9d64c1b40c87c41da55149938e2d

SHA512
98ee44925a5c1ea1e1ce7ab7e50f045977bb24887a032097d6ba175f8c4b636c373433cef1069c673c51a221ef44d107a50b81d217d628675209d0d8890a7dab

Download Submit
C:\Users\Admin\AppData\Local\Temp\3bd823b0\[email protected]\install.rdf

Filesize
596B

MD5
bec5c3cb2153365b2f24233821e33d9e

SHA1
43e24da31205d4df0b6a85318c248f61d43c8f73

SHA256
b8c7241368e888373953d5ed85191e142246839f777faa87df5fd0c084cbee09

SHA512
5a7d0a6dddf752f9d0eb7d7d1f6077c4c8e2af1430a70ecd84947a8454b98d07168ed95e2456f5f2a31f9179b1e799ee0c8ee89889976413276a00681a2712d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\3bd823b0\jK7.dat

Filesize
1KB

MD5
b59bb9d4efff2d90768f956d7bada6f3

SHA1
bc35eac6ad1032d064f4b626874e4d7021c3a440

SHA256
cbca919572829a8c3a00a1671c4878d47d4301ba0a79bb215accb5752d85920e

SHA512
a3ef03cc4eb7548644c219407eef56cff9bf3f8daa29292d1e31e3684f00d3d5cd8f289d5b4bcaf48d4502088046985b51e09f874e428826b37d2be1bbf53b5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\3bd823b0\jK7.exe

Filesize
414KB

MD5
18c75d6e6235019d9d92dd51ff43cc3b

SHA1
43a8d282ea4e1b4f93df8d658fa5f82ba867c63b

SHA256
6fa174fac7057197989781c0e04e76f326e424e75685b12af12d293934e16335

SHA512
deffac9f5605d3ddc9cdc1eb276802be7975dda1af6bdf6d5eb5ff6dece6208ae7af50ad2af5ceeadf17091270aa34a957a8d9ca676b3cf037f0bc6e181dc1fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\3bd823b0\mjakabnaamfemgadfbecmlkhlalhjmcf\background.html

Filesize
141B

MD5
51a02997a338af65351ad789afe10c9f

SHA1
641e148d3f0bf22c0a1f0b75afdd5a4449c2dbcb

SHA256
0acda6fbb4b6b36b1a219d796a3b54f050f57f4f1c535f41985e94cc54c278de

SHA512
065f8695feb8d6afc6f97916e6cfd146269f1643ee457a67f348d5bbb81942a6bf4b3f5c68affa3ab041bc06d1f496a142ebdca25bc669251d3d631847226253

Download Submit
C:\Users\Admin\AppData\Local\Temp\3bd823b0\mjakabnaamfemgadfbecmlkhlalhjmcf\content.js

Filesize
6KB

MD5
070935dbcbf87a5c8dec8e66e2674cb7

SHA1
085b91f28fb5b500407e965357f6e235eafec733

SHA256
25741a02264650f32ce82f1d4a029339173913001f1df0e0edd41239276f1d98

SHA512
4254d1399ec35fc94126dce2b77a2464c238aff48f956f540f3f7d62f5a4e178c55ec9a4fa4291a6b6d9ffe70667916ea17dd7292b94a47bbfa8597e234ad668

Download Submit
C:\Users\Admin\AppData\Local\Temp\3bd823b0\mjakabnaamfemgadfbecmlkhlalhjmcf\lsdb.js

Filesize
8KB

MD5
dbb98dc974f63cb105e645998e4d7ff6

SHA1
3d7b37a385b87f423e8c5173e9e13c750107ae78

SHA256
cdac8c2ba7c67e80d367e7d60e6a2fab551767abc5d47c8a523c77e7fe5d2bb1

SHA512
9c081cea671cc8c41f406456894aa597964b1fa764263f15312f0b137469089f368f55d9255e70564b70dc060f5afd9ca5c42562d1bcf11cd2c2bef9fe5d62b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\3bd823b0\mjakabnaamfemgadfbecmlkhlalhjmcf\manifest.json

Filesize
499B

MD5
6c487d339b633b81516f2f2dc227365b

SHA1
b3d8d4a83b82b09f310d5aeff3f5f49ba55d452b

SHA256
92f4924550f7511a5304ced379105df9be807a55d5b54b6531d6028745556ab2

SHA512
7bc5bb722eb4aec3f1d4a9b0091170de5d7c7ef648473035696c7735b172bf660e6af73d230bb63bd4cff26e76857cfb054b84cadddcf4c3154b576f7230d668

Download Submit
C:\Users\Admin\AppData\Local\Temp\3bd823b0\mjakabnaamfemgadfbecmlkhlalhjmcf\rHqV.js

Filesize
25KB

MD5
ca6a07061c406433c097efaa390ad17f

SHA1
7547105d6870afedee970c49661efb8a460f1756

SHA256
79b5cf522da71c9443f2b776a23de691a3aed166d68b15cb1dbfe535a94f4568

SHA512
08f6101ef863186d8091dc87532992e83bd436e359ee36733fef2406eabb81c89d1036f0cde503821d7636bb8100f111f6eb2e7ca58341ce01baede6047a6e33

Download Submit
\Users\Admin\AppData\Local\Temp\3bd823b0\jK7.exe

Filesize
414KB

MD5
18c75d6e6235019d9d92dd51ff43cc3b

SHA1
43a8d282ea4e1b4f93df8d658fa5f82ba867c63b

SHA256
6fa174fac7057197989781c0e04e76f326e424e75685b12af12d293934e16335

SHA512
deffac9f5605d3ddc9cdc1eb276802be7975dda1af6bdf6d5eb5ff6dece6208ae7af50ad2af5ceeadf17091270aa34a957a8d9ca676b3cf037f0bc6e181dc1fd

Download Submit
memory/1308-54-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download