Overview

overview

8

Static

static

7c8f58bb79...65.exe

windows7-x64

8

7c8f58bb79...65.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    175s
  • max time network
    222s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2022 08:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7c8f58bb7974cff2e0d229b908cd4c965e4d3768a6d61750d9a372eec869d165.exe

  • Size

    244KB

  • MD5

    dd51cec3367e6a339dd3449a8c23b988

  • SHA1

    39d9ed513b0374b0e2333bf6db13c8fa524d7608

  • SHA256

    7c8f58bb7974cff2e0d229b908cd4c965e4d3768a6d61750d9a372eec869d165

  • SHA512

    a2f149ed40cd2662955565c5ef186c1f213ec8921013e729e7cc9fb081184f4c82b4c639ce6c8cb541626e02724b3a2749038175d0f4e7560b5613825ce02785

  • SSDEEP

    3072:dSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbMtJyVdyw:ssqhJMxzJiU5SeLmNSbMtJU5

Score
8/10
persistencespywarestealer

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 7 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Sets file execution options in registry 2 TTPs 4 IoCs
    persistence
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7c8f58bb7974cff2e0d229b908cd4c965e4d3768a6d61750d9a372eec869d165.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8f58bb7974cff2e0d229b908cd4c965e4d3768a6d61750d9a372eec869d165.exe"
    1⤵
    • Adds policy Run key to start application
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:1388
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x4 /state0:0xa3994055 /state1:0x41c64e6d
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:440
  • C:\Windows\system32\gpscript.exe
    gpscript.exe /Shutdown
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of WriteProcessMemory
    PID:3744
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sr-Latn-RS\A2mYizvSiIz5hsoSP.exe
      "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sr-Latn-RS\A2mYizvSiIz5hsoSP.exe" 1
      2⤵
      • Adds policy Run key to start application
      • Executes dropped EXE
      • Sets file execution options in registry
      • Drops startup file
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:384

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\P92k3Kq3YMX4ZFRbrQmcv1Kpo0TCJ5OxDLhpYYMwiCCRUm5Rp.exe
    Filesize

    324KB

    MD5

    a18688bbacd30c24677463c45d0e7a68

    SHA1

    4714878da349af0d04d785f3c2ca8467b12bd52f

    SHA256

    3646dd2b78987a6b2b04fc8d3b76c3f58733ee8400a955110cffe1686086412a

    SHA512

    4f03fb8578fed373b3a9e4393944b1016beff1e14bc6a3efd6b8b797bafb34e5306ef5e4a9e872244d3441b0fa0b5c1f45af71fcfdde7fc8805135a3b8ec1ee0

    Download Submit
  • C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\Sl2ZqEHxb5ALTLR92pqZBD0fU8.exe
    Filesize

    403KB

    MD5

    23b6043f3f1e95617b985110e46c8f67

    SHA1

    92720cc20c4eda8644896aa23807a2b1aad95ba7

    SHA256

    0f8d2551378cce36e17d8f05b48ed2cc610df9a8ce62bed012517961c8e36280

    SHA512

    dff246231a7effe2c3e5c4f35561862ae7bf2dbbdabcfaff169f231d5e76462d9b196a45856176605f1a8a2a9ba4c3cc31ca681f45acf94f9f70a68c8bdaa105

    Download Submit
  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\cs\jLudoTmyz2lJDpjJoxmMPqZBDEqIK5UqmC8rDEBL744Z4r63L4U2XfhFo.exe
    Filesize

    447KB

    MD5

    0e8d4dd7f8c00d15ccc4061798184799

    SHA1

    f2b8b1419019df16846323b411e96237139c2073

    SHA256

    b9b37e73ce2362d29ede2a2132e6a21ffd0808d703951c2942b91e986b40625d

    SHA512

    d8383a18df369740b80e3ca65f3d2bc324e3740326dc8e59db5907a9ed32a4048b3b5a4ea8508a92f5cc35ed509881a3094713ad698b9c1f33affdc5406ff690

    Download Submit
  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\nl\cgX7Tsc5dGyTRrYvhWoUYXCJ7rflYXcuO5a.exe
    Filesize

    298KB

    MD5

    434cf0c8093d785788929b4532fb09a9

    SHA1

    11104bf6c5da301ff358a564e975e4d436db1445

    SHA256

    c0b831fdf99ee43b72edd7e07250984927747792d51bdb54693704312a12aa3d

    SHA512

    46e17e94c7e7c52829ef3d9f97a8816af64653a77977a622ca547699896be51fd84d7e7bdb13af1b23103f29b13e25c28d840b25ea29fe04b1b1622a87dc24ac

    Download Submit
  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.49.1_0\_locales\ne\dTvstSnpuYitl3ZSbco4oBATwZsxAbVFadfb3cF.exe
    Filesize

    387KB

    MD5

    03f85dc241a692e00c493a5f2db73839

    SHA1

    e48fe9cf675bfd536c8f4fb151d13829b2916b30

    SHA256

    863b1c921f868b57359e79aeeb13c4f505721969f576cb86a6409ec5de4e6171

    SHA512

    6c7c73844dbd0dc8349d1e6a3730960549dadf66f827b19e4f01b147c5e63e70e391d155e0f8dcd140f42605a32af9b9ec6d9e94ffee77224cb039b63960b232

    Download Submit
  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.49.1_0\_locales\nl\dGHMJ66brEw2Bq7cr1KYfPuLfLmMdsyxoS7nhuo6JQQm2fEbVl7THQCuQzzLL.exe
    Filesize

    258KB

    MD5

    6ef61c8c0e128e8a5740829d79aa9ac2

    SHA1

    39b686a6c48adba1f27face00234c65f461125a1

    SHA256

    4cf5aa603ae6fadf1dd71dc435d30b3676bc0ab13f624efb0d6d6130677bbed3

    SHA512

    d20cce8688a95973d70a662d13a775d38ae3534324b94c1f7db45aa1afce5f3e12a928f10f33d1621e0e99990900d8839adf0856bd81bb896b5e2ff154e3bbbf

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\2pGRHe3ojMhBc9vbUfdJcaS1H7q6Dt19Gt6Kf88lZBNySPBNXxLeugfPBD.exe
    Filesize

    349KB

    MD5

    869a7d940732651f8964334b91b303fe

    SHA1

    e40cdd84fc375f3ed5261a2652d046e7ce5a8bde

    SHA256

    8320c375a2ef64b98ee2f126179e56b9c0668c65f98ca25d9361dd065820900a

    SHA512

    30c01eacf50947c30a951872780aa7ab12c27b0a6b04120ce2ac2b2b9edb7bc3c73f87a9dde887334304c4014c5397ed0b8f90753474c30433ec7601746a039e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sr-Latn-RS\A2mYizvSiIz5hsoSP.exe
    Filesize

    426KB

    MD5

    3eb9e4a57ad818c90e5e5f4bb97b26e3

    SHA1

    b81ebdc99fa7a8eaf2873a2b0b0f27248ecee1c2

    SHA256

    ce055fa7fcccdce2191980e0d429c9095cfd32ae138848c848d7453b83b38603

    SHA512

    a60c22a2c8b892e34e2be4e13a22cd84401bcae8665b2d2458d88c863ff5056245eec4211c01d49de2e03cf14757c47fc1fafe970d7a79036dad2ba0e9a5a670

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sr-Latn-RS\A2mYizvSiIz5hsoSP.exe
    Filesize

    426KB

    MD5

    3eb9e4a57ad818c90e5e5f4bb97b26e3

    SHA1

    b81ebdc99fa7a8eaf2873a2b0b0f27248ecee1c2

    SHA256

    ce055fa7fcccdce2191980e0d429c9095cfd32ae138848c848d7453b83b38603

    SHA512

    a60c22a2c8b892e34e2be4e13a22cd84401bcae8665b2d2458d88c863ff5056245eec4211c01d49de2e03cf14757c47fc1fafe970d7a79036dad2ba0e9a5a670

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\Settings\WeCAe2nP9mKJeMGhZ5iPWRrX5OzUwBR6jV8kfyLFG3ENEV.exe
    Filesize

    324KB

    MD5

    971ad8e9bef3279aefe281c7ff984516

    SHA1

    f18740865d1109d3aaf5300d8ffba3ffa7c70ad8

    SHA256

    695bdd887810406fa4ce2965da486a96d9c736d6c399587084ec2fe939258724

    SHA512

    293f410d1410fd6400db2e5c55647c1dec87453c2f751e28fe93244bda756d0591cd9fc65a8c67ed44b7a8c7cfa8a34952104475981e8524468a5a1beda09c7b

    Download Submit
  • memory/384-136-0x0000000000000000-mapping.dmp
    Download
  • memory/384-141-0x0000000000400000-0x000000000042D000-memory.dmp
    Filesize

    180KB

    Download
  • memory/384-147-0x0000000000400000-0x000000000042D000-memory.dmp
    Filesize

    180KB

    Download
  • memory/1388-132-0x0000000000400000-0x000000000042D000-memory.dmp
    Filesize

    180KB

    Download
  • memory/1388-134-0x0000000000400000-0x000000000042D000-memory.dmp
    Filesize

    180KB

    Download
  • memory/1388-133-0x0000000000400000-0x000000000042D000-memory.dmp
    Filesize

    180KB

    Download