Analysis

  • max time kernel
    106s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 04:18

General

  • Target

    17c2070f9c9c0c9086d1cbfc78080478737a90523cd1add67eb233be806e0355.exe

  • Size

    3.0MB

  • MD5

    7ec8ecb42a68d7064babb5bee18c8251

  • SHA1

    70f81f6cd550981bf97665f19730c0cf696022c1

  • SHA256

    17c2070f9c9c0c9086d1cbfc78080478737a90523cd1add67eb233be806e0355

  • SHA512

    85429f2dc6bdcc558910b30118741f1c401f7a33557dc5c8ab3e56969d22ab9840506c916f83c8af48b722d6f26c848c166bfa21d6ba8fe4f0bbb2ad7d26bdf5

  • SSDEEP

    49152:jggTws/XWGgeLB45FkmCMYghoFfSbqgG23TSPfxWw8zJFtpWvgi/CmpVyR96S:cU/XPByFDNhoFfSbqgGEGPfx1cdu/l

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Suspicious behavior: EnumeratesProcesses 41 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\17c2070f9c9c0c9086d1cbfc78080478737a90523cd1add67eb233be806e0355.exe
    "C:\Users\Admin\AppData\Local\Temp\17c2070f9c9c0c9086d1cbfc78080478737a90523cd1add67eb233be806e0355.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1324
    • C:\Users\Admin\AppData\Local\Temp\17c2070f9c9c0c9086d1cbfc78080478737a90523cd1add67eb233be806e0355.exe
      "C:\Users\Admin\AppData\Local\Temp\17c2070f9c9c0c9086d1cbfc78080478737a90523cd1add67eb233be806e0355.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1352
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c copy 17c2070f9c9c0c9086d1cbfc78080478737a90523cd1add67eb233be806e0355.exe C:\SystemVolume\Program\
        3⤵
          PID:1756

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI13242\_psutil_mswindows.pyd

      Filesize

      35KB

      MD5

      24a624cfac7d2982c8e3a653a3babe8a

      SHA1

      444cd7c84b74667c920c879dc8d2fb7b4d702aa8

      SHA256

      195374f37ff4271fbd2f4def5305d30af703633e542fe6f7636b173de197d8af

      SHA512

      5fb7232b4708b89cd1b5cba5124836f6f5ac7c6dbab3be66feddceb38f346032783c618c20b247b572598340c55e7146f384d157c0ed35e85d0e15ea3493326e

    • C:\Users\Admin\AppData\Local\Temp\_MEI13242\_socket.pyd

      Filesize

      40KB

      MD5

      b7c3e334648a6cbb03b550b842818409

      SHA1

      767be295f1e4adedf0e10532f9c1b7908d17383a

      SHA256

      f0781a1b879584f494d984e31869eab13f0535825f68862e6597b1639df708bd

      SHA512

      43ee04452b685022bfdbaca5b3603d4c0e406599b8da70c6a25fa2c4ac5543ada4521eba9bbf0ca86a2a4775ce474ab89da7d27f842d63df62048a1b7ca431d1

    • C:\Users\Admin\AppData\Local\Temp\_MEI13242\_ssl.pyd

      Filesize

      704KB

      MD5

      27a7a40b2b83578e0c3bffb5a167d67a

      SHA1

      d20a7d3308990ce04839569b66f8639d6ed55848

      SHA256

      ea0efcab32e6572f61a3c765356e283bd6a8f75ec2a4c8b12f1fb3db76ca68d4

      SHA512

      7b97690b9ab68562ca85ce0ffc56ae517f8fafe44caff846d66bb4c2003aa6d1b0b321d9ea4526c4652b5152ec46dc600671f427957e6e847ba75ced0d09acef

    • C:\Users\Admin\AppData\Local\Temp\_MEI13242\python27.dll

      Filesize

      2.3MB

      MD5

      676fc65e4a49a525df0ecde3596f3ae5

      SHA1

      e125975958b08207be081e94ca1674fec0bcec98

      SHA256

      c9192fe69d7eef69b1e27e630ae643dcb0838b7bc0ac43e69a979f5a726256c1

      SHA512

      3a4dde17cbe3eb60c5ce6f3bc58c24769835c9fcef091df5883b47e058516b15be2dc28a49e3a360ee3e5da8e4c6845cbcfc05e0042ae2d592efc13778a23c42

    • \Users\Admin\AppData\Local\Temp\_MEI13242\_psutil_mswindows.pyd

      Filesize

      35KB

      MD5

      24a624cfac7d2982c8e3a653a3babe8a

      SHA1

      444cd7c84b74667c920c879dc8d2fb7b4d702aa8

      SHA256

      195374f37ff4271fbd2f4def5305d30af703633e542fe6f7636b173de197d8af

      SHA512

      5fb7232b4708b89cd1b5cba5124836f6f5ac7c6dbab3be66feddceb38f346032783c618c20b247b572598340c55e7146f384d157c0ed35e85d0e15ea3493326e

    • \Users\Admin\AppData\Local\Temp\_MEI13242\_socket.pyd

      Filesize

      40KB

      MD5

      b7c3e334648a6cbb03b550b842818409

      SHA1

      767be295f1e4adedf0e10532f9c1b7908d17383a

      SHA256

      f0781a1b879584f494d984e31869eab13f0535825f68862e6597b1639df708bd

      SHA512

      43ee04452b685022bfdbaca5b3603d4c0e406599b8da70c6a25fa2c4ac5543ada4521eba9bbf0ca86a2a4775ce474ab89da7d27f842d63df62048a1b7ca431d1

    • \Users\Admin\AppData\Local\Temp\_MEI13242\_ssl.pyd

      Filesize

      704KB

      MD5

      27a7a40b2b83578e0c3bffb5a167d67a

      SHA1

      d20a7d3308990ce04839569b66f8639d6ed55848

      SHA256

      ea0efcab32e6572f61a3c765356e283bd6a8f75ec2a4c8b12f1fb3db76ca68d4

      SHA512

      7b97690b9ab68562ca85ce0ffc56ae517f8fafe44caff846d66bb4c2003aa6d1b0b321d9ea4526c4652b5152ec46dc600671f427957e6e847ba75ced0d09acef

    • \Users\Admin\AppData\Local\Temp\_MEI13242\python27.dll

      Filesize

      2.3MB

      MD5

      676fc65e4a49a525df0ecde3596f3ae5

      SHA1

      e125975958b08207be081e94ca1674fec0bcec98

      SHA256

      c9192fe69d7eef69b1e27e630ae643dcb0838b7bc0ac43e69a979f5a726256c1

      SHA512

      3a4dde17cbe3eb60c5ce6f3bc58c24769835c9fcef091df5883b47e058516b15be2dc28a49e3a360ee3e5da8e4c6845cbcfc05e0042ae2d592efc13778a23c42

    • memory/1352-57-0x00000000752B1000-0x00000000752B3000-memory.dmp

      Filesize

      8KB

    • memory/1352-65-0x0000000000240000-0x000000000024C000-memory.dmp

      Filesize

      48KB

    • memory/1352-60-0x0000000000230000-0x000000000023C000-memory.dmp

      Filesize

      48KB

    • memory/1352-54-0x0000000000000000-mapping.dmp

    • memory/1756-66-0x0000000000000000-mapping.dmp