Overview

overview

8

Static

static

932a643377...82.exe

windows7-x64

8

932a643377...82.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 13:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    932a64337784ca39c0a50e1c57b6a7ef5a33f1bd454986986914f4baaf7c6282.exe

  • Size

    200KB

  • MD5

    e06cb24456c5f35199fade662cd0906b

  • SHA1

    1f8758dbcd563d6c76860d16e563b6e62fb6342b

  • SHA256

    932a64337784ca39c0a50e1c57b6a7ef5a33f1bd454986986914f4baaf7c6282

  • SHA512

    56d15c526e73d20a8252652707e1ac574e6ad4eef5254aa295086bae7e38d70d635b81a7958431519cbcacdd9a8f5f3a85602d42bfdfca79b9e5113fa3baafc2

  • SSDEEP

    3072:qoTRAGJselmx5SYJ2KD/PxnDcDNILKa98t5bxHpRgnKayJD63zk:qoTRxse07S0bbxIN2S/JRgPy94

Score
8/10
spywarestealerupx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\932a64337784ca39c0a50e1c57b6a7ef5a33f1bd454986986914f4baaf7c6282.exe
    "C:\Users\Admin\AppData\Local\Temp\932a64337784ca39c0a50e1c57b6a7ef5a33f1bd454986986914f4baaf7c6282.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4988
    • C:\Users\Admin\AppData\Local\Temp\932a64337784ca39c0a50e1c57b6a7ef5a33f1bd454986986914f4baaf7c6282.exe
      C:\Users\Admin\AppData\Local\Temp\932a64337784ca39c0a50e1c57b6a7ef5a33f1bd454986986914f4baaf7c6282.exe startC:\Program Files (x86)\LP\B13B\603.exe%C:\Program Files (x86)\LP\B13B
      2⤵
        PID:3496
      • C:\Users\Admin\AppData\Local\Temp\932a64337784ca39c0a50e1c57b6a7ef5a33f1bd454986986914f4baaf7c6282.exe
        C:\Users\Admin\AppData\Local\Temp\932a64337784ca39c0a50e1c57b6a7ef5a33f1bd454986986914f4baaf7c6282.exe startC:\Users\Admin\AppData\Roaming\B2A6E\54FB1.exe%C:\Users\Admin\AppData\Roaming\B2A6E
        2⤵
          PID:4700

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Credential Access

      Credentials in Files

      1
      T1081

      Discovery

      Lateral Movement

      Collection

      Data from Local System

      1
      T1005

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3496-135-0x0000000000000000-mapping.dmp
        Download
      • memory/3496-137-0x0000000000400000-0x0000000000455000-memory.dmp
        Filesize

        340KB

        Download
      • memory/4700-140-0x0000000000000000-mapping.dmp
        Download
      • memory/4700-142-0x0000000000400000-0x0000000000455000-memory.dmp
        Filesize

        340KB

        Download
      • memory/4700-143-0x0000000000789000-0x000000000079F000-memory.dmp
        Filesize

        88KB

        Download
      • memory/4988-132-0x0000000000400000-0x0000000000455000-memory.dmp
        Filesize

        340KB

        Download
      • memory/4988-133-0x0000000000400000-0x0000000000455000-memory.dmp
        Filesize

        340KB

        Download
      • memory/4988-134-0x00000000006A3000-0x00000000006B9000-memory.dmp
        Filesize

        88KB

        Download
      • memory/4988-138-0x0000000000400000-0x0000000000455000-memory.dmp
        Filesize

        340KB

        Download
      • memory/4988-139-0x00000000006A3000-0x00000000006B9000-memory.dmp
        Filesize

        88KB

        Download