Overview

overview

7

Static

static

d48e9bec98...39.exe

windows7-x64

7

d48e9bec98...39.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    184s
  • max time network
    209s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 13:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d48e9bec9842e7ab2ad0fe5b9d47e85fb9c9349f40813c16bf59a16ac4267f39.exe

  • Size

    1.6MB

  • MD5

    34391bc02afb14842325b2c6f65ce7a9

  • SHA1

    bce4c65f2dce6b8a20d9622a268e655ce582e83e

  • SHA256

    d48e9bec9842e7ab2ad0fe5b9d47e85fb9c9349f40813c16bf59a16ac4267f39

  • SHA512

    dad94fe0264f23a406fbd1c2d23f492ad04b0660f5cb7321b326e44a84b950c83ac1baa7900c3776d259595494043425c23f7edde8ceb1cd820362632dbb149a

  • SSDEEP

    24576:d8KxJKb+XyQZ3jrEc0+q4Kim2kvzcmIFK3LX7LaBrQ2R9sjeQgrKYk1eTF1dOJRH:Qb0xE4tmLXniQW97QPYk19vFR

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d48e9bec9842e7ab2ad0fe5b9d47e85fb9c9349f40813c16bf59a16ac4267f39.exe
    "C:\Users\Admin\AppData\Local\Temp\d48e9bec9842e7ab2ad0fe5b9d47e85fb9c9349f40813c16bf59a16ac4267f39.exe"
    1⤵
    • Drops Chrome extension
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    PID:3184
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
    1⤵
      PID:5084
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
      1⤵
        PID:1852

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Credential Access

      Credentials in Files

      1
      T1081

      Discovery

      Query Registry

      1
      T1012

      Lateral Movement

      Collection

      Data from Local System

      1
      T1005

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3184-132-0x0000000002940000-0x00000000029E7000-memory.dmp
        Filesize

        668KB

        Download