Overview

overview

8

Static

static

8

511dfbde20...3a.exe

windows7-x64

8

511dfbde20...3a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/10/2022, 00:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe

  • Size

    171KB

  • MD5

    a15baae14a7886c47ae9f581d0aed221

  • SHA1

    e7544cd38a07ffb8878c20b75b1a631bc8b25be1

  • SHA256

    511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a

  • SHA512

    6da1fb1f0074b29b9bbb6e331605e1abb7e7fb23479808680a37d0ba4c0f2789f2eaaf5a593491b6faf0498df30a395275a408cd519f305c04f3b5e08998cc8c

  • SSDEEP

    3072:IFODvWtpHSlNAyx1+fhvFoEdqhJEkiLgRP19ip8AtIXPcqKG1j+i:cODery71WNPsE9LotABIXUS1P

Score
8/10
persistencespywarestealerupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Modifies WinLogon 2 TTPs 6 IoCs
    persistence
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
    "C:\Users\Admin\AppData\Local\Temp\511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe"
    1⤵
    • Adds Run key to start application
    • Modifies WinLogon
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3132
    • C:\Users\Admin\AppData\Local\Temp\_511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
      C:\Users\Admin\AppData\Local\Temp\_511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe "C:\Users\Admin\AppData\Local\Temp\511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe"
      2⤵
      • Executes dropped EXE
      PID:3708

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
          Filesize

          152KB

          MD5

          08785071b116574b079df3b4e4d37d4b

          SHA1

          0fa56d2e7bf4a2fb62b76b4b073ad8280b6f07aa

          SHA256

          e44497e679a9febec852dbd158fd93ca944c3a4eca34ecfe0aceb4e39a9acc95

          SHA512

          4ac9ed6b4dc49e3174fd33ec131cb24868a2939189d1db46f1480421fa5e0c0f69a49197815fd81ae3ad0968bdcf3ea32968d451bf9f4becfa3fadfd4c458485

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
          Filesize

          152KB

          MD5

          08785071b116574b079df3b4e4d37d4b

          SHA1

          0fa56d2e7bf4a2fb62b76b4b073ad8280b6f07aa

          SHA256

          e44497e679a9febec852dbd158fd93ca944c3a4eca34ecfe0aceb4e39a9acc95

          SHA512

          4ac9ed6b4dc49e3174fd33ec131cb24868a2939189d1db46f1480421fa5e0c0f69a49197815fd81ae3ad0968bdcf3ea32968d451bf9f4becfa3fadfd4c458485

          Download Submit

        • memory/3132-132-0x0000000000400000-0x0000000000410000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3132-136-0x0000000000400000-0x0000000000410000-memory.dmp

          Filesize

          64KB

          Download