Overview

overview

8

Static

static

38039ca079...81.exe

windows7-x64

8

38039ca079...81.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 18:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38039ca0791871161f913df75ca0c0c84a5d997d47e354da376134e455041281.exe

  • Size

    284KB

  • MD5

    4464f9bc5babc1e96c985ac1f8c9afa0

  • SHA1

    2df8c41aedbef55365678f2e33f5caec401e20f9

  • SHA256

    38039ca0791871161f913df75ca0c0c84a5d997d47e354da376134e455041281

  • SHA512

    858fb81b70018255a7436c5473242ea4e429754182c6fa548895cda8959379088c74a944c6872ed4c18fd52237da7ed86a4450de38602a8116c1d93c1da79749

  • SSDEEP

    6144:clDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:clDx7mlHZo7HoRv177ePH

Score
8/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38039ca0791871161f913df75ca0c0c84a5d997d47e354da376134e455041281.exe
    "C:\Users\Admin\AppData\Local\Temp\38039ca0791871161f913df75ca0c0c84a5d997d47e354da376134e455041281.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5068
    • \??\c:\windows\system\sethome625.exe
      c:\windows\system\sethome625.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3116

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System\sethome625.exe
    Filesize

    284KB

    MD5

    41808c53bb0e8e2e15e1eb73f23656e0

    SHA1

    2d32726f8824275366fe816737c99f81e94d6f6b

    SHA256

    bb5b601d7314f8aaff6d605cf77a08cf4073cd68d2e95833ca31130edc980392

    SHA512

    03aab66ff8b48b207181fcad68d81cbe9ebf18a28440e251bdf560daad78e595419fcadc7cb50568bac42aed9607ef944251d43866014b28ba57d3e31ade58ca

    Download Submit

  • \??\c:\windows\system\sethome625.exe
    Filesize

    284KB

    MD5

    41808c53bb0e8e2e15e1eb73f23656e0

    SHA1

    2d32726f8824275366fe816737c99f81e94d6f6b

    SHA256

    bb5b601d7314f8aaff6d605cf77a08cf4073cd68d2e95833ca31130edc980392

    SHA512

    03aab66ff8b48b207181fcad68d81cbe9ebf18a28440e251bdf560daad78e595419fcadc7cb50568bac42aed9607ef944251d43866014b28ba57d3e31ade58ca

    Download Submit

  • memory/3116-132-0x0000000000000000-mapping.dmp

    Download