Analysis

  • max time kernel
    69s
  • max time network
    304s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    22-10-2022 04:46

General

  • Target

    91c9e06e0ff399a4eff06cbd2a5512a6144af70de685a26239b02194412faa28.exe

  • Size

    92KB

  • MD5

    6ecf287cf8d64e1efb5282166ca5c848

  • SHA1

    44c04b9927d0ff82901205d53e274369a1dbcdc5

  • SHA256

    91c9e06e0ff399a4eff06cbd2a5512a6144af70de685a26239b02194412faa28

  • SHA512

    a591ce0eee936f947b06fbca22e145137ce7745c12a7f46dd380f2898bc9f7c8d9707a55a4562911f10336ebe0a5399cf9dbdc8addb0b32aa1c75e6bcdbf4418

  • SSDEEP

    1536:oDk2FTfrEMFyWXHuQlrYesejnPRq5xemr7kwTmB5j/+mQ8L8Ev:oDk0rhFTXuQegnPyecgw6B5D+mZL82

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\91c9e06e0ff399a4eff06cbd2a5512a6144af70de685a26239b02194412faa28.exe
    "C:\Users\Admin\AppData\Local\Temp\91c9e06e0ff399a4eff06cbd2a5512a6144af70de685a26239b02194412faa28.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4940
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c (ping 127.0.0.1) & (del /F /Q "C:\Users\Admin\AppData\Local\Temp\91c9e06e0ff399a4eff06cbd2a5512a6144af70de685a26239b02194412faa28.exe") & (start "" "C:\ProgramData\080df012.exe")
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3792
      • C:\Windows\SysWOW64\PING.EXE
        ping 127.0.0.1
        3⤵
        • Runs ping.exe
        PID:2364
      • C:\ProgramData\080df012.exe
        "C:\ProgramData\080df012.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:4072

Network

    No results found
  • 168.100.8.124:443
    https
    080df012.exe
    26.6kB
    44.3kB
    556
    1094
  • 13.89.179.8:443
    322 B
    7
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\080df012.exe

    Filesize

    92KB

    MD5

    6ecf287cf8d64e1efb5282166ca5c848

    SHA1

    44c04b9927d0ff82901205d53e274369a1dbcdc5

    SHA256

    91c9e06e0ff399a4eff06cbd2a5512a6144af70de685a26239b02194412faa28

    SHA512

    a591ce0eee936f947b06fbca22e145137ce7745c12a7f46dd380f2898bc9f7c8d9707a55a4562911f10336ebe0a5399cf9dbdc8addb0b32aa1c75e6bcdbf4418

  • C:\ProgramData\080df012.exe

    Filesize

    92KB

    MD5

    6ecf287cf8d64e1efb5282166ca5c848

    SHA1

    44c04b9927d0ff82901205d53e274369a1dbcdc5

    SHA256

    91c9e06e0ff399a4eff06cbd2a5512a6144af70de685a26239b02194412faa28

    SHA512

    a591ce0eee936f947b06fbca22e145137ce7745c12a7f46dd380f2898bc9f7c8d9707a55a4562911f10336ebe0a5399cf9dbdc8addb0b32aa1c75e6bcdbf4418

  • memory/2364-177-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/2364-185-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/2364-176-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/2364-184-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/2364-183-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/2364-182-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/2364-181-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/2364-180-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/2364-175-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/2364-178-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/2364-172-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/2364-179-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/2364-174-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/2364-173-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/3792-166-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/3792-170-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/3792-169-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/3792-168-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/3792-167-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-137-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-142-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-146-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-147-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-148-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-149-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-150-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-151-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-152-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-153-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-154-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-155-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-156-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-157-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-158-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-159-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-160-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-161-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-162-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-163-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-164-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-143-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-144-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-145-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-141-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-140-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-139-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-138-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-120-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-136-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-135-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-134-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-133-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-132-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-131-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-130-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-129-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-128-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-127-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-125-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-126-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-124-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-123-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-122-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

  • memory/4940-121-0x0000000077D50000-0x0000000077EDE000-memory.dmp

    Filesize

    1.6MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.