Analysis
-
max time kernel
151s -
max time network
194s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 15:42
Static task
static1
Behavioral task
behavioral1
Sample
63f646a129e54f941bff7d7840955ac9d1f01cec56bcc1d0772134ae0ea254fb.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
63f646a129e54f941bff7d7840955ac9d1f01cec56bcc1d0772134ae0ea254fb.exe
Resource
win10v2004-20221111-en
General
-
Target
63f646a129e54f941bff7d7840955ac9d1f01cec56bcc1d0772134ae0ea254fb.exe
-
Size
809KB
-
MD5
f585aea21cc735aa83fb93b1f95339ac
-
SHA1
202b156a1812ae95b70827c15140d44d7ee9febf
-
SHA256
63f646a129e54f941bff7d7840955ac9d1f01cec56bcc1d0772134ae0ea254fb
-
SHA512
674670227b4641cf8e859b53fb0b1b44e2dcecbf0d4efca4c5fdc6f0ff1bd285589ad1a04cb6d498f431f77ec45388875121595a6c00e84fdbd0136e1256e29e
-
SSDEEP
24576:YaBM42lo1i05NjJ2tsperkXfHUAarbYRiM7:3iC1/5RJ0YTfH3Riq
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1372-54-0x0000000000400000-0x000000000063E000-memory.dmp upx behavioral1/memory/1372-56-0x0000000000400000-0x000000000063E000-memory.dmp upx behavioral1/memory/1372-58-0x0000000000400000-0x000000000063E000-memory.dmp upx behavioral1/memory/1372-59-0x0000000000400000-0x000000000063E000-memory.dmp upx -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
63f646a129e54f941bff7d7840955ac9d1f01cec56bcc1d0772134ae0ea254fb.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run 63f646a129e54f941bff7d7840955ac9d1f01cec56bcc1d0772134ae0ea254fb.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NetworkChecker = "C:\\Users\\Admin\\AppData\\Local\\Temp\\63f646a129e54f941bff7d7840955ac9d1f01cec56bcc1d0772134ae0ea254fb.exe" 63f646a129e54f941bff7d7840955ac9d1f01cec56bcc1d0772134ae0ea254fb.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1372-54-0x0000000000400000-0x000000000063E000-memory.dmpFilesize
2.2MB
-
memory/1372-56-0x0000000000400000-0x000000000063E000-memory.dmpFilesize
2.2MB
-
memory/1372-57-0x0000000076041000-0x0000000076043000-memory.dmpFilesize
8KB
-
memory/1372-58-0x0000000000400000-0x000000000063E000-memory.dmpFilesize
2.2MB
-
memory/1372-59-0x0000000000400000-0x000000000063E000-memory.dmpFilesize
2.2MB