Overview

overview

8

Static

static

2e01c2d7f3...e2.exe

windows7-x64

8

2e01c2d7f3...e2.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/10/2022, 00:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2e01c2d7f36fe517f17e5953ce63eef86228ecf856d139d1c9bfd11a0efa97e2.exe

  • Size

    685KB

  • MD5

    412697eb54c0a62d6506ee80b78b6990

  • SHA1

    adbef5d4ad4097d83c2273ce4c2c13102da77953

  • SHA256

    2e01c2d7f36fe517f17e5953ce63eef86228ecf856d139d1c9bfd11a0efa97e2

  • SHA512

    20faa8836c34b0cbcf35eb3f899b7745ddf485c78ba3db2e92c06b3c7fbfe6c01174dfdc5dfffc9443de6d58d5deb7e65a75978231598e4ef80887465d238127

  • SSDEEP

    12288:1e2lkdlFg1eiDX8VBNhhMXDtOEdFX5RSznI6CeBhrRNnh3RH:11kjK1xQVBNh2xDXWzI6Pj9Nnh

Score
8/10
discoveryevasionspywarestealertrojan

Malware Config

Signatures

  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 1 IoCs
  • Enumerates connected drives 3 TTPs 44 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 28 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e01c2d7f36fe517f17e5953ce63eef86228ecf856d139d1c9bfd11a0efa97e2.exe
    "C:\Users\Admin\AppData\Local\Temp\2e01c2d7f36fe517f17e5953ce63eef86228ecf856d139d1c9bfd11a0efa97e2.exe"
    1⤵
    • Drops Chrome extension
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1600
  • C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
    "C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    PID:3856
  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    • Windows security modification
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • System policy modification
    PID:3352
  • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:3612
  • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    1⤵
    • Executes dropped EXE
    PID:2784

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
          Filesize

          2.1MB

          MD5

          e4acad4d0353ec83103cb2594406b6c4

          SHA1

          b025ea17b25f0fd8843666e49626d52bf6b0346d

          SHA256

          13a5c40082e38ceeee4004ad8758db7b939b0d8ffed74ae9abc244249aff4ced

          SHA512

          d1a343a2471cbd6d1ec0853f855d4a123f7ad2d21b0ce62a980c6685165796d519936446e70a4e494e93c09b47661e98e425319a362806c325ff378aec53ffc8

          Download Submit

        • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
          Filesize

          820KB

          MD5

          5d6cad240819fbafc2f578a187f0d697

          SHA1

          6789eddda1a31022ca870d32c26d78955ba2abef

          SHA256

          7196f6a0aaa2c2ef4c944f97ed9b3cd1ac5925db2bd66ba65e3b33ba2055c46c

          SHA512

          728b3154b71ba40028353c434a823a0295e5d8d23c1b12a10319affc50b098f59768ce0ccc71e0be96db752719c192c812e0ab619263feb9155114598f64dd79

          Download Submit

        • C:\Program Files\7-Zip\7z.exe
          Filesize

          1.0MB

          MD5

          4a1ffe7744c093d1625c65795ab07d9f

          SHA1

          496386c0fee6f34b4c31e941dd71faeda7fa4599

          SHA256

          6b828960d89d5f1e0e63b33ff50ec5d444376fdd3302678674b5412f635b9b7d

          SHA512

          803eebb3cf1e7d753cebf6bbd25f4c0ee9ee3387c5aea4e590bbf6b675bb61603cd523ad628b0d85315039bd4931d45005f39ca4097a3cc4c1903a592eac99d4

          Download Submit

        • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
          Filesize

          829KB

          MD5

          7cd764bd8d38eecae909341fc9a7839d

          SHA1

          2392301d19f413313a74406002307b63c5dbb951

          SHA256

          583563a9714ca6b867f55710c5248eb139a1571a15913d30b51e4946ef5acb5e

          SHA512

          f2a343e0594b6b79f797c005ce91297a5c1ee90e36c2a00bc55d9635ae5e064d53d2a9300d3b52bf8b42e3c6763d9074f3fc76c5225b60dca93b3218db5686a1

          Download Submit

        • C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
          Filesize

          2.0MB

          MD5

          2495535016da5a90cc2590ea7357b8a7

          SHA1

          606a9bab36101887bd26ce4b26cd4f8bd64f8f11

          SHA256

          5f781f768e4cccdb3691f86bc2108f2753b84480b4b47ceeac69d0e763983d97

          SHA512

          b381fcc01492aabd4c66264d1a50e6f034a5d5a2b3674a5a65f98bc75de1adebc2b4b4f69c6e25a40a64fe889678e4307551e0ef7c9741aa564a88c9e3cc2745

          Download Submit

        • C:\odt\office2016setup.exe
          Filesize

          5.6MB

          MD5

          e7df703f42b90cbfb7c6f03c85fbb2bb

          SHA1

          dcacdbf26ab71cc3e6817c44f20ee4dc066f0096

          SHA256

          359386d483b47ed76061ab634278d6ffd5dcb5fc1768424bd4e143dd09861f49

          SHA512

          acdd94b23f481dc7a812bd052e2172dbcbb362730db81a1688c9234c30ec21712e621a6f9739937433c304ae9a2f3fc4637a86e17c13bdb0c013dd0ccf9b1437

          Download Submit

        • \??\c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
          Filesize

          820KB

          MD5

          5d6cad240819fbafc2f578a187f0d697

          SHA1

          6789eddda1a31022ca870d32c26d78955ba2abef

          SHA256

          7196f6a0aaa2c2ef4c944f97ed9b3cd1ac5925db2bd66ba65e3b33ba2055c46c

          SHA512

          728b3154b71ba40028353c434a823a0295e5d8d23c1b12a10319affc50b098f59768ce0ccc71e0be96db752719c192c812e0ab619263feb9155114598f64dd79

          Download Submit

        • \??\c:\program files\common files\microsoft shared\source engine\ose.exe
          Filesize

          829KB

          MD5

          7cd764bd8d38eecae909341fc9a7839d

          SHA1

          2392301d19f413313a74406002307b63c5dbb951

          SHA256

          583563a9714ca6b867f55710c5248eb139a1571a15913d30b51e4946ef5acb5e

          SHA512

          f2a343e0594b6b79f797c005ce91297a5c1ee90e36c2a00bc55d9635ae5e064d53d2a9300d3b52bf8b42e3c6763d9074f3fc76c5225b60dca93b3218db5686a1

          Download Submit

        • \??\c:\program files\windows media player\wmpnetwk.exe
          Filesize

          1.5MB

          MD5

          660fdd0501b47239ce47bfff5c7198de

          SHA1

          c9c8e9f56aeb8be7ba269296ed2d33be8a0466dd

          SHA256

          0d5bc23245b5cce8ec044491ef5c4cb95e1d26714d809b5bdde8faf21ac3a350

          SHA512

          87cc8f3ac172559e992b78a885b901b282de60077ba8f01716f6fdeab895412d60445272d8a12b54eeeb875af5782304d544fd8def015c59e5ed61b8cbdc16e1

          Download Submit

        • \??\c:\windows\system32\Agentservice.exe
          Filesize

          1.8MB

          MD5

          401e6646295d298f0862b65403fea2fa

          SHA1

          936af6273f9e729e68e03a1f8bf7d766b1eca966

          SHA256

          95a22bbc9b28dada3b2f6d3f5a63e09c8d28c7d496169e32fb5d5c13e9d300d5

          SHA512

          ffc0e177cd7d1502be32fff46dee11ad5b3aa32ac61ab986d699355c99ee53d43b63d891d7861bc476ddb5f1c478eedace61919a6ef1ab695e483168f2908a2c

          Download Submit

        • \??\c:\windows\system32\Appvclient.exe
          Filesize

          1.3MB

          MD5

          0754fef4eebf9f46f79dcd0cfce770d1

          SHA1

          78a3a7b4238f99712511a5f800d5e4a1242be7d1

          SHA256

          e142b5fd0a50441dde9885524962f6d990da001d9a2e13e16a511bd28368e3c7

          SHA512

          1324b3046ba083739ec776d001ffb482ac23d99316f0b1735f9dfe461c1dadf93b0f88aa178b57e750fef87f527229d472d6d56d6251fa7fff335e07ba6c1693

          Download Submit

        • \??\c:\windows\system32\fxssvc.exe
          Filesize

          1.2MB

          MD5

          afc869bc8679533776e8bb393a467683

          SHA1

          58138abae3fed5e0bfbf92112aa50e0930b8e765

          SHA256

          ced8fb12dfe4e3f9d60c92870a595f95f410c5986715685ca4a359aad31186e7

          SHA512

          def3c496245229241acad556c6df0488c48d21b9d182abe7c0dcc2c1dd0e5cc4ae55fda17fda9588ea780b3db8a8f90cde590bf8caebd5dda6f9f07de1c69c8f

          Download Submit

        • \??\c:\windows\system32\msdtc.exe
          Filesize

          732KB

          MD5

          c0b219ca1af5a2c61d1533f0534677b8

          SHA1

          32ef0319c7e4b92e9a8f5fb022aae8a6386763b7

          SHA256

          c180246642633041db4bd865d27099a4ef3a19a789336bb601f7cedab1121365

          SHA512

          88777b2906e355d9aa31d608827578813a17b5982e909d116c0493bf8a4e8e7739fa301fd94b24dec72f9011581cbbce1fc8b0753f390f0d0a504fa05a02622e

          Download Submit

        • \??\c:\windows\system32\msiexec.exe
          Filesize

          655KB

          MD5

          9f80874c727dbcdb47abf544dafeec58

          SHA1

          68e78bd916ef3261cce6ed8d8e3ece66e5440ca3

          SHA256

          80494fb926830f4bfd49adbe74ac92e308cd578caac0021fb2db195428dd3cbe

          SHA512

          d5a9965ed3c440e1e5fc9d4c04943bd9c003621fd503a198c9e2f6631a7324e99742ea05469d036e0b3bb76b1f21ff9c94940b4d958f9955cfc07a41e07bc63a

          Download Submit

        • \??\c:\windows\system32\openssh\ssh-agent.exe
          Filesize

          964KB

          MD5

          1b67328e879826f46cebd8cb7bf328c8

          SHA1

          caeeebea517a808ceeb295367b07b709cf7aad78

          SHA256

          90fa954223b13b54205f6070c64b4643a34234179eeed346632a2aa1bdd1afd8

          SHA512

          17d1046fdce6553f946f137699a42f3a3df10c8a2d69803fe0063c633f9714130a789468657aa3f856926d9b13249fb3c686f47939d0377df22be003ecd34e83

          Download Submit

        • \??\c:\windows\system32\snmptrap.exe
          Filesize

          604KB

          MD5

          be4c2a2d3be45a552446758bf74925de

          SHA1

          7aaf06542b8f099673db701f6681a3e1e66b08cc

          SHA256

          a67496476350d57b40ae0dd6913f93ee548c5033eca47463f468f4f67c60f430

          SHA512

          32b6448a66755ef11faf585abffa6602836fb3e5d22e7cb3f29ea0e01611dfdd4de35706c132e37d06fd8d839aebe2cbe7094a70468108d5d7948bebea93fba6

          Download Submit

        • \??\c:\windows\system32\wbengine.exe
          Filesize

          2.1MB

          MD5

          564b6cfa8a29bb853765409034c59f7d

          SHA1

          6dfaf895ae400410b1243d9d8abbeb7578286f57

          SHA256

          2453d86250026b287a9e565c80ff395e4ff4603dba538c7db2443fbade7fa85e

          SHA512

          479bd79437ccecd5e90787164016bef7514b5442dd107628536f866e4be39bdcc23de5f60fa95d317f0098d23acfcd8a89805d8e267b77653509cb4adad855ea

          Download Submit

        • memory/1600-133-0x0000000001000000-0x0000000001279000-memory.dmp

          Filesize

          2.5MB

          Download

        • memory/1600-132-0x0000000001000000-0x0000000001279000-memory.dmp

          Filesize

          2.5MB

          Download

        • memory/2784-150-0x0000000140000000-0x00000001402C9000-memory.dmp

          Filesize

          2.8MB

          Download

        • memory/2784-153-0x0000000140000000-0x00000001402C9000-memory.dmp

          Filesize

          2.8MB

          Download

        • memory/3352-137-0x0000000140000000-0x0000000140425000-memory.dmp

          Filesize

          4.1MB

          Download

        • memory/3352-142-0x0000000140000000-0x0000000140425000-memory.dmp

          Filesize

          4.1MB

          Download

        • memory/3612-140-0x0000000140000000-0x00000001402C9000-memory.dmp

          Filesize

          2.8MB

          Download

        • memory/3612-139-0x0000000140000000-0x00000001402C9000-memory.dmp

          Filesize

          2.8MB

          Download

        • memory/3856-141-0x0000000140000000-0x0000000140408000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/3856-135-0x0000000140000000-0x0000000140408000-memory.dmp

          Filesize

          4.0MB

          Download