Overview

overview

10

Static

static

14e3bedb83...18.exe

windows7-x64

10

14e3bedb83...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    164s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2022 09:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14e3bedb83065443f19b1e5bfd91b20f681f8887ed7c1441a25c160c87f34e18.exe

  • Size

    1.3MB

  • MD5

    54206c07a82332c8a41180fa260cf38b

  • SHA1

    d424d36f32690f22d53bd31410f47fa97efec7ab

  • SHA256

    14e3bedb83065443f19b1e5bfd91b20f681f8887ed7c1441a25c160c87f34e18

  • SHA512

    d1273b61571857de1b43158e343a80ea4ccdd03307ad2e917e14b773ec4410aa397b6bf458b387fc705b2b04fe60126b807a3f1a1e7fe12660b86c1267e5fa1d

  • SSDEEP

    24576:pN43s1uw4XvpXWcpWNC3wTRj765jYEkZUZaP4Pd882vu30NIs4jCMtE2+:CsYw4fpm453C65kEkZUAM8szsoE

Score
10/10
shurkinfostealerspywarestealer

Malware Config

Signatures

  • Shurk

    Shurk is an infostealer, written in C++ which appeared in 2021.

    infostealershurk
  • Shurk Stealer payload 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of NtSetInformationThreadHideFromDebugger 10 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14e3bedb83065443f19b1e5bfd91b20f681f8887ed7c1441a25c160c87f34e18.exe
    "C:\Users\Admin\AppData\Local\Temp\14e3bedb83065443f19b1e5bfd91b20f681f8887ed7c1441a25c160c87f34e18.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1324

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1324-54-0x0000000075F51000-0x0000000075F53000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1324-55-0x0000000000A60000-0x0000000000E37000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1324-56-0x0000000000A60000-0x0000000000E37000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1324-57-0x0000000000A60000-0x0000000000E37000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1324-58-0x0000000000A60000-0x0000000000E37000-memory.dmp

    Filesize

    3.8MB

    Download