Overview

overview

8

Static

static

45c192a39f...61.exe

windows7-x64

8

45c192a39f...61.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    176s
  • max time network
    213s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 20:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45c192a39f53883c514c6e348c94d92eac4bfaf1536cbc6215a224a5d0fcbc61.exe

  • Size

    1.4MB

  • MD5

    f00fa3463339db0e2067377e05f816c2

  • SHA1

    f2a1d9e9cb210f99464901169dde0069b6d67fcf

  • SHA256

    45c192a39f53883c514c6e348c94d92eac4bfaf1536cbc6215a224a5d0fcbc61

  • SHA512

    a27d1be733f634846ff4c6bc629e09472145705729858fe41e6f44bdc58e1d6eba5b1468ca2812ee705324f29d244f17002a95b1d291f7f66de8d3a035b7a689

  • SSDEEP

    12288:2bZ7vG1OKQ6ILQ8a/i4N+9eEgYVwpZbY/Nlbr+ROs4OslS17F8PooJ7KNniLYu:2v7KrItDk+wEgGwrUrX+OAsotFdNPu

Score
7/10
discoverypersistencespywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\45c192a39f53883c514c6e348c94d92eac4bfaf1536cbc6215a224a5d0fcbc61.exe
    "C:\Users\Admin\AppData\Local\Temp\45c192a39f53883c514c6e348c94d92eac4bfaf1536cbc6215a224a5d0fcbc61.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:4304
    • C:\Users\Admin\AppData\Local\Temp\45c192a39f53883c514c6e348c94d92eac4bfaf1536cbc6215a224a5d0fcbc61.exe
      "C:\Users\Admin\AppData\Local\Temp\45c192a39f53883c514c6e348c94d92eac4bfaf1536cbc6215a224a5d0fcbc61.exe"
      2⤵
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1876

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1876-134-0x0000000000400000-0x000000000063E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1876-135-0x0000000000400000-0x000000000063E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4304-132-0x0000000000400000-0x000000000063E000-memory.dmp

    Filesize

    2.2MB

    Download