Overview

overview

8

Static

static

8

77eed2d72a...ca.exe

windows7-x64

8

77eed2d72a...ca.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    162s
  • max time network
    174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/11/2022, 06:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    77eed2d72a28fca639dfd1269ab2ac3d9a9229e6982306229fc6cae015b6f9ca.exe

  • Size

    106KB

  • MD5

    ccf8ff587d454902ccd6a308cfac647b

  • SHA1

    6dacbbc8baf38e1a4f3938c27c4608d1da6b8edd

  • SHA256

    77eed2d72a28fca639dfd1269ab2ac3d9a9229e6982306229fc6cae015b6f9ca

  • SHA512

    8d8425156336a40945e25c5eac80f5ee3f01bbfb3ee0358363e71d0a788a686999e0a3559b3e313e4f856b9bc6726a8b52f66820e014b03dac5d628daa1e7d6e

  • SSDEEP

    3072:GefSgCjWQgOsMTbijH0UUsJRGyoutiOMYcYYrm:GaSrgOsIUzUopoSiOK

Score
8/10
spywarestealerupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in System32 directory 12 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Modifies registry class 46 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\77eed2d72a28fca639dfd1269ab2ac3d9a9229e6982306229fc6cae015b6f9ca.exe
    "C:\Users\Admin\AppData\Local\Temp\77eed2d72a28fca639dfd1269ab2ac3d9a9229e6982306229fc6cae015b6f9ca.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3628
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://tc.go4321.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2640
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2640 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:5048
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.dh4321.com/?system
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4740
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4740 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1936
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\77EED2~1.EXE > nul
      2⤵
        PID:4232

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E30C5166-6FD3-11ED-89AC-D2D0017C8629}.dat
      Filesize

      5KB

      MD5

      8b4e054492bec2fedad1b0dec5010527

      SHA1

      26116db29006e3c7efe85a3203ea5986a615a069

      SHA256

      df61182e85ce7e368a4ee1541f5a0842a9ec1b35854281f9aea9573d98f386c5

      SHA512

      534af88e4b2904114b8e79a4313b36ed1080f26b15009b928a7597241ab70123e73299c20402575aa6eecd3fdb03641c957ba4693a6f15caf11ba3837b3046b0

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E30EB3E9-6FD3-11ED-89AC-D2D0017C8629}.dat
      Filesize

      3KB

      MD5

      4783376654737cf4e9c23822d381f182

      SHA1

      f8bbbb6ced25c6c5adaea16fd9d82fa07bac0220

      SHA256

      fd746ffdf49142764fdc1fed4cf133b60abd548b38acedf9efc3c8305a56185a

      SHA512

      bab060f45a1b8c5e14a36deccf04b37a4bb5e55dcf4682301bcceee5b14f77b516b091e4d5b374712d9934890eb78b6f06b97c6471d90ef6afd1beb648c2996c

      Download Submit

    • C:\Users\Admin\Favorites\°ËØÔɫͼ.url
      Filesize

      180B

      MD5

      0bafb62d881ef1ade22f2b266ffc2c84

      SHA1

      70a84d1c8ea217ee6a6537db5c46584b73dd9eac

      SHA256

      bc3593b8a137b4303ffc8732c04045665378aa483cc8f00ee87a31c059df6c51

      SHA512

      216870a713adf51fda9ea8218ea5b11004dc44659644565a73f35f36d97d0b5af020cb29953060efe531fffa5f6244e675539f2ebea432c9b68192cb37b2f4f7

      Download Submit

    • C:\Users\Admin\Favorites\´´ÒµÍ¶×ʺÃÏîÄ¿.url
      Filesize

      139B

      MD5

      de86db8dbb6de27ce328ee8651cfd3a2

      SHA1

      120e434052c858d64fc318b2ee2ebb6785555366

      SHA256

      f5afe8b1408b0071bd92f2591c17e2a23681456e569a675b933b09ed8ffef729

      SHA512

      7953046b2419dc4cd3f03aed61d278b88e2080a2439eed8d5aa8da8fe128f8972163399a1e800b61012156a83846923ce50eeef47ad9e2b6febd9f495ebdeef0

      Download Submit

    • C:\Users\Admin\Favorites\¾«²ÊСÓÎÏ·.url
      Filesize

      76B

      MD5

      c76bbb15fcf582a7572661475cfacf45

      SHA1

      30f6496f1daaab31799ca1e6ad090ead25f78008

      SHA256

      e0f06f9c6128e4d7dca5174e5d286d8d25da601e95b7b331e1737f949a0edfe4

      SHA512

      e9c60ae79939b816cdc2925d4fadca0b679fabc5031908ea96efae0a85683654fcfc1e8a8b10efbff27d6fa658c2a333d54cd1add629585ec808d5f4fd99e2e8

      Download Submit

    • C:\Users\Admin\Favorites\ÃÀÅ®ÀÖÔ°.url
      Filesize

      141B

      MD5

      79108a52cb15331069f15c1d7350c889

      SHA1

      cabdc071c5e57c54e518e5c2282bae7018097c18

      SHA256

      89ba7c85cb7c973e3a9bbe47996f1ad4221cfb00b0c8dcc01a5b3a35e5bda48f

      SHA512

      0e9afd60a3905a7f9b3831041dcdfad13316e35963a022e02f1a06d32b552782c225f4e6c4abe76b2744394fa2dff48ac2a7a9f925c835194984c79b8449a1be

      Download Submit

    • C:\Users\Admin\Favorites\ÃÀÅ®ÊÓƵ.url
      Filesize

      180B

      MD5

      3d39e5583810293bb962d6387d5394f7

      SHA1

      48e6cbd6101005cec1cd4d6c59b74aeb16cfcfb9

      SHA256

      454624996b96eabb2bb6d19cff4b631be74a96cdd8625a58011fb2f22dd2af6c

      SHA512

      341944143f49c03395e8cb1ae0b8ab5b07bb9753a5e294e0ce27c33b342b904c8194f522cab60184c463e7bd09fc8d7d49e05c9e157f149fcaa53f126e956179

      Download Submit

    • C:\Users\Admin\Favorites\Å®ÈËÊÀ½ç.url
      Filesize

      179B

      MD5

      cac57ca8eb2c25526cfc900787e184a2

      SHA1

      fd1f7f519abb1eca1e923a49f5716c3a565b2e56

      SHA256

      c036a95be3aa3fdc28c45cfb9257c18db64290b97cccf601c837e39caca1e1da

      SHA512

      6e3bc3fe14664fd012fbca9f57a175ea43836fad0644db6fe40d05cd31cfb82a980b3e955b0a4ee26876c0ac218ee4d6901aedfacdee5898a0346875cebd2ff0

      Download Submit

    • C:\Users\Admin\Favorites\ÌÔ±¦¹ºÎï.url
      Filesize

      177B

      MD5

      208b4a2146373e0aca3206a369677116

      SHA1

      e804a4af33c9d80b3c92d4aa6753687edd5f2608

      SHA256

      d200fd8c4b99c65652f1e2447e46d11834a927d08b5080848185e6f032cda195

      SHA512

      621e0c415507d91f9fa868cd9a8024e96414bbf9090c866f3a8f6d1290911605ca8e6f59b9c2493c05a4c73686efe9097ddd8f5f8fab877eab179bb965e76e85

      Download Submit

    • C:\Users\Admin\Favorites\ÍøÖ·´óÈ«.url
      Filesize

      155B

      MD5

      761f5bbcd8993b9db625865bd9a1be41

      SHA1

      dff63c0d8b7b1410d952dc452642f53e10f47f19

      SHA256

      62439cd57973cdfcfa7333551bd496279bb101572b2356f345fc0dd157070c5d

      SHA512

      01efccfee3cd433cfc7c84c136d80ce9fcecb691f02aef9e732c4e921d2ee0b3bc739776f8f80928aba50634a45fb3865d6566ed5aa8c15abde6696ae9943b5d

      Download Submit

    • C:\Users\Admin\Favorites\ÑÔÇéС˵.url
      Filesize

      76B

      MD5

      a5d8afe991a28dcd842fc52a3cb5e9df

      SHA1

      984b4d2ff6ed73516d191cd29b1408e6e26f0f65

      SHA256

      cf4aa8ba3d54066e70453ac006a00fbe45c86ca36970105ec75ed897b0acdefe

      SHA512

      d7fae173c59911e739bce51f18d316f65877d6761643984357ed36a89fbe25dddfbffffffd0a208dff91bc899813af6c7a443256e863c9e803b1d60b92c0a43b

      Download Submit

    • memory/3628-133-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/3628-132-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download