Overview

overview

8

Static

static

b769e9d9be...27.exe

windows7-x64

8

b769e9d9be...27.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    173s
  • max time network
    180s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 17:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b769e9d9bedad46653bf6863981d8ab3114454c4f68a4802263b154b92a8ee27.exe

  • Size

    652KB

  • MD5

    44936b39b760483fb442dd2703739580

  • SHA1

    39364f81bcc45e1a46dbfe1fbef5436297e9f684

  • SHA256

    b769e9d9bedad46653bf6863981d8ab3114454c4f68a4802263b154b92a8ee27

  • SHA512

    ceee23b5f4ddd997ed03e97a7d118ac567908839419e22edeefb76d214c5463454c0a00136fe540ff5006ff36441fe57d7731f57e70c25b4d262411c8d5ceb64

  • SSDEEP

    12288:RVQFavy/WI+tjyvJO87+cQeRdQYVrQSpuxoBa9TgDtrBXXDCBfW1TQ/VtPW:RVQFGy+I+tc7+TeDVu+BatgDdxCpW1cd

Score
8/10
spywarestealerupx

Malware Config

Signatures

  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b769e9d9bedad46653bf6863981d8ab3114454c4f68a4802263b154b92a8ee27.exe
    "C:\Users\Admin\AppData\Local\Temp\b769e9d9bedad46653bf6863981d8ab3114454c4f68a4802263b154b92a8ee27.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1436

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1436-133-0x0000000002180000-0x0000000002224000-memory.dmp
    Filesize

    656KB

    Download
  • memory/1436-132-0x0000000000400000-0x0000000000414000-memory.dmp
    Filesize

    80KB

    Download
  • memory/1436-134-0x00000000022D0000-0x0000000002413000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/1436-137-0x00000000022D0000-0x0000000002413000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/1436-138-0x00000000022D0000-0x0000000002413000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/1436-139-0x00000000022D0000-0x0000000002413000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/1436-140-0x00000000022D0000-0x0000000002413000-memory.dmp
    Filesize

    1.3MB

    Download