Overview

overview

8

Static

static

c346ea7512...64.exe

windows7-x64

8

c346ea7512...64.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    133s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2022 19:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c346ea75129efc4f8b4d008543566df849ad2123b2642fc4efe8129a8dcd7364.exe

  • Size

    932KB

  • MD5

    54280a701fd7161a791feb757c31f084

  • SHA1

    3d1a32215c2bee5c44c2c42008d0a2253a88c1ae

  • SHA256

    c346ea75129efc4f8b4d008543566df849ad2123b2642fc4efe8129a8dcd7364

  • SHA512

    eefca64f748ea30399579474ed00705589afe9f8af845c728c3d5331ef8453739270fcf759b310cb1687039fdb9517b83c64bbadaab6c89bfdbed37c472f9bbb

  • SSDEEP

    24576:h1OYdaOBCZ/iWCvu/2sWsJA/jlt+DHhsR:h1OsPCpYO/dJJDHhsR

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c346ea75129efc4f8b4d008543566df849ad2123b2642fc4efe8129a8dcd7364.exe
    "C:\Users\Admin\AppData\Local\Temp\c346ea75129efc4f8b4d008543566df849ad2123b2642fc4efe8129a8dcd7364.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5080
    • C:\Users\Admin\AppData\Local\Temp\7zSE6AB.tmp\LOLLY1fxatj18UJ.exe
      .\LOLLY1fxatj18UJ.exe
      2⤵
      • Executes dropped EXE
      • Drops Chrome extension
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4964
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
    1⤵
      PID:4408
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
      1⤵
        PID:1696

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Credential Access

      Credentials in Files

      1
      T1081

      Discovery

      Query Registry

      1
      T1012

      Lateral Movement

      Collection

      Data from Local System

      1
      T1005

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\7zSE6AB.tmp\[email protected]\bootstrap.js
        Filesize

        2KB

        MD5

        df13f711e20e9c80171846d4f2f7ae06

        SHA1

        56d29cda58427efe0e21d3880d39eb1b0ef60bee

        SHA256

        6c325461fba531a94cf8cbdcfc52755494973df0629ce0ee3fef734ab0838fc4

        SHA512

        6c51cee3bf13f164c4a5c9884cc6053cbf9db9701d34c07dc5761d2c047d3d1f7a361b32996a430107e9a4ce68a29149d747a84c76778a1e8780719a3d30470e

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\7zSE6AB.tmp\[email protected]\chrome.manifest
        Filesize

        35B

        MD5

        9a5bffc9fb9aba2fa3409423c6da0b4e

        SHA1

        b8591499a69bb3db56c8e2d25d04a6a86569f502

        SHA256

        95545a23b030f7d97fa7e9fd7e48eed513d971b0157596f7e9c2228da8d9130b

        SHA512

        84c7010523adc5af8f736dd31c5d897a49362c7829fe648787b1f2c4c40da7a3dd10342a02eecf4726d683982c63d681742b51d6ed62cf4fac285570f011fbc0

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\7zSE6AB.tmp\[email protected]\content\bg.js
        Filesize

        9KB

        MD5

        c0e666da59d7eba799b56a57ba344fb3

        SHA1

        538aee69196adde21398da743483a969e11ce410

        SHA256

        0586d610b1a04200daaeb27c2ee79497fcfc18af15a415b1e13be873fa488bff

        SHA512

        44ade8b215bbdbd6bae90ed15791ac02ad7406990102e3bb38a4c17a5c0891acfc463cc9e48491f85deee5d40a74da9eb91b4097a7df06181f32f809bf5e2f29

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\7zSE6AB.tmp\[email protected]\install.rdf
        Filesize

        595B

        MD5

        ec159a1d797d97c5990e68255805f44d

        SHA1

        049197ba3bfdcbb1fcb543a507c328adb01166d7

        SHA256

        f381f170260e55306592c37cf02dc332aef846aa96e33ade380c732612c40d71

        SHA512

        2e7120cbd0bb238fda9d8a6c1a5797b473bc93bd2b612d2d9e51adc874927bbbcbd082ac2b8d844aec179e658b685354174e815a3ec8183631b8beb03bbfcf49

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\7zSE6AB.tmp\LOLLY1fxatj18UJ.dat
        Filesize

        1KB

        MD5

        2125c00e0c6a90c52d904f4ada367a71

        SHA1

        118cead8473e4487ee4836edde5e6a8362d788a6

        SHA256

        5e5177d719f5ade6aa6e55d107225aa0245a5200dfd51c265fda7b076d5b7d5b

        SHA512

        b4f77ad25c9c130555fcd3f0537ec22425c6b179b225e44c0ebd7c14b0aff9dcc9cefe984ba105b7786ce8f56fe43a7155aa6c7626b513dac1ef367edb72cd2b

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\7zSE6AB.tmp\LOLLY1fxatj18UJ.exe
        Filesize

        772KB

        MD5

        5ed7019dcd0008dbcd8e54017b8c7dd9

        SHA1

        7e4457da2ff06c2170bad636c9eb7c1bb436fd06

        SHA256

        7f069fe03db518eee8162ba5f65f98f2afd28137dfde9450d26cd47f6cea8eb7

        SHA512

        10cef6104aeca8f7a135d4ffffb907b127f055477af4d98228c7385f0da15677357dfed13fc442ee173f85245224fc4b0ae100b832514c80802c5e5a054b70db

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\7zSE6AB.tmp\LOLLY1fxatj18UJ.exe
        Filesize

        772KB

        MD5

        5ed7019dcd0008dbcd8e54017b8c7dd9

        SHA1

        7e4457da2ff06c2170bad636c9eb7c1bb436fd06

        SHA256

        7f069fe03db518eee8162ba5f65f98f2afd28137dfde9450d26cd47f6cea8eb7

        SHA512

        10cef6104aeca8f7a135d4ffffb907b127f055477af4d98228c7385f0da15677357dfed13fc442ee173f85245224fc4b0ae100b832514c80802c5e5a054b70db

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\7zSE6AB.tmp\ngcbcoadgljfgedbiadmegmimihbcihc\DTHI.js
        Filesize

        6KB

        MD5

        3a85c92c794b216e2d1e94aa1ca4994c

        SHA1

        59697f5d0abcd2a3efe61cf72a954289b962eecb

        SHA256

        b6a154adc5e689a3ee9c9e4a50dc92d2ec366191cab8421a185e3c3bdf3f42d7

        SHA512

        ab5ad559e07e48b5975934725d8cb5d2dc979641ba49a22be0ed66df3d17f62aebc691065f5dc78ed439a012dc9b4fa769bc59ed5f853781915dfbfca1678ea0

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\7zSE6AB.tmp\ngcbcoadgljfgedbiadmegmimihbcihc\background.html
        Filesize

        141B

        MD5

        8dc876f456b3f3deeffb0c7837c4438d

        SHA1

        6ea8fd1046262fc46f388e0059b076670840312e

        SHA256

        8785c4168d4c0879601345fc23f206262c56f7cc964666187fdecc15423536d7

        SHA512

        f1fd658f2b063d3a1b31a2fb60cd63cc973fb1d55b536c7b80b0984a1a8b4875a08f18f03be48bf1dcfa2625132562d7a3c7f697631dd74b48d95c37b164fd35

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\7zSE6AB.tmp\ngcbcoadgljfgedbiadmegmimihbcihc\content.js
        Filesize

        144B

        MD5

        fca19198fd8af21016a8b1dec7980002

        SHA1

        fd01a47d14004e17a625efe66cc46a06c786cf40

        SHA256

        332b00395bc23d4cb0bf6506b0fbb7e17d690ed41f91cf9b5d1c481cb1d3e82a

        SHA512

        60f4286b3818f996fab50c09b191fbc82ed1c73b2b98d00b088b5afbbc0368c01819bd3868bd3c6bcb2cd083b719e29c28209317c7411213a25f923cfc1f0e47

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\7zSE6AB.tmp\ngcbcoadgljfgedbiadmegmimihbcihc\lsdb.js
        Filesize

        531B

        MD5

        36d98318ab2b3b2585a30984db328afb

        SHA1

        f30b85fbe08e1d569ad49dfeafaf7cb2da6585a5

        SHA256

        ea2caf61817c6f7781ee049217e51c1083c8fc4f1e08e07792052dfdfa529ae7

        SHA512

        6f61ccda2eba18369409850b2c91c9817fc741755e29a1579646e3816e0deab80e34a5adb9ff865c773793d32ac338163a224dbf363b46420d6ea42a7bbb2b3a

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\7zSE6AB.tmp\ngcbcoadgljfgedbiadmegmimihbcihc\manifest.json
        Filesize

        498B

        MD5

        640199ea4621e34510de919f6a54436f

        SHA1

        dc65dbfad02bd2688030bd56ca1cab85917a9937

        SHA256

        e4aa7c089e32d14ddf584e9de6d007ec16581cd30c248ff7284bc0eb7757d4af

        SHA512

        d64bc524d6df7c4c21a5ddfb0e6636317482ef4dc28006bd0a38d5e26c2db75626f216143026bf8acf3baa11d86c278e902c78afad4f806ca36f9e54bc75ff0a

        Download Submit
      • memory/4964-132-0x0000000000000000-mapping.dmp
        Download