Analysis
-
max time kernel
151s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 15:41
Behavioral task
behavioral1
Sample
88b0f30e64908abf1c10e4d0df5588c627cdcbde00013d4669d2e810d0863c73.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
88b0f30e64908abf1c10e4d0df5588c627cdcbde00013d4669d2e810d0863c73.exe
Resource
win10v2004-20220901-en
General
-
Target
88b0f30e64908abf1c10e4d0df5588c627cdcbde00013d4669d2e810d0863c73.exe
-
Size
895KB
-
MD5
44abf1317bed424bff31f27d5478b9bc
-
SHA1
87b768834f44ed76c2841e20c6ed7906a9b2efd7
-
SHA256
88b0f30e64908abf1c10e4d0df5588c627cdcbde00013d4669d2e810d0863c73
-
SHA512
a0c3e73a41152c7deeaa7d10d1ce58bfe8c2b3c04885082a2b9e50a126e5fa7f67d1e6fe7c6efb910ca2028ef7fc91a637b40a4dc158e025d445913191dab6dc
-
SSDEEP
24576:hloxEeSPPoK3IcHxcM6toNTGETPMHfKWjr:hXPwKVRN79VT+
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/5068-132-0x0000000000650000-0x000000000088E000-memory.dmp upx behavioral2/memory/5068-133-0x0000000000650000-0x000000000088E000-memory.dmp upx -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
88b0f30e64908abf1c10e4d0df5588c627cdcbde00013d4669d2e810d0863c73.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 88b0f30e64908abf1c10e4d0df5588c627cdcbde00013d4669d2e810d0863c73.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\NetworkChecker = "C:\\Users\\Admin\\AppData\\Local\\Temp\\88b0f30e64908abf1c10e4d0df5588c627cdcbde00013d4669d2e810d0863c73.exe" 88b0f30e64908abf1c10e4d0df5588c627cdcbde00013d4669d2e810d0863c73.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
88b0f30e64908abf1c10e4d0df5588c627cdcbde00013d4669d2e810d0863c73.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main 88b0f30e64908abf1c10e4d0df5588c627cdcbde00013d4669d2e810d0863c73.exe Set value (data) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\DefaultCompressedRecord = d980f97f7378f3e5985ef85b969440ebfeecc37c519cda49fe2d546cb8d23a7fce3912bdc62f67ebd0a1404011d94c8c3abd7c9f14aab6f83ab137b81487120064cd5d126cf47e5504532eb636d7528a0cc9b772d1677fc6b8f82a8de6506920e9a23eb5a5d074 88b0f30e64908abf1c10e4d0df5588c627cdcbde00013d4669d2e810d0863c73.exe Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\RecordModifiedMax = "DKyXE9eCHgFxPifGtYITJGSvHHG3Sv7dU3/U52vESZ3mCxLLWm7Qzg8k1WCcPYmDeg==" 88b0f30e64908abf1c10e4d0df5588c627cdcbde00013d4669d2e810d0863c73.exe Set value (data) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FlagsModifiedValid = 0000000000000000 88b0f30e64908abf1c10e4d0df5588c627cdcbde00013d4669d2e810d0863c73.exe