Analysis
-
max time kernel
151s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
28-11-2022 14:31
Behavioral task
behavioral1
Sample
dacbeeea364cfc537f4b44dccdbea25d6ac59fa8f6c64567f01b2fafc215b240.exe
Resource
win7-20221111-en
General
-
Target
dacbeeea364cfc537f4b44dccdbea25d6ac59fa8f6c64567f01b2fafc215b240.exe
-
Size
546KB
-
MD5
b0f259540ee308eed5818e2db8559e2d
-
SHA1
1d5ff83168b42fad2eb5318e5b2a6793ae1f188f
-
SHA256
dacbeeea364cfc537f4b44dccdbea25d6ac59fa8f6c64567f01b2fafc215b240
-
SHA512
f12b09eff7ae5bc30cb984154fb313d8fbf23941876585f6da92c5da6a6b657e1264d87a01586a596f6aa03678c43f9fed7575b23533d16db0800f2343a64729
-
SSDEEP
12288:iYfphvOedW7V+3wGA3yem9jnDi+KFBXqWKZoMPLDJ6q44dy8MM1e:iYxFOYAwDi+KFBAPZ6q4YZMM1e
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/528-132-0x0000000000400000-0x000000000051A000-memory.dmp upx behavioral2/memory/528-133-0x0000000000400000-0x000000000051A000-memory.dmp upx behavioral2/memory/528-134-0x0000000000400000-0x000000000051A000-memory.dmp upx behavioral2/memory/528-135-0x0000000000400000-0x000000000051A000-memory.dmp upx -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Program Files directory 1 IoCs
Processes:
dacbeeea364cfc537f4b44dccdbea25d6ac59fa8f6c64567f01b2fafc215b240.exedescription ioc process File created C:\PROGRA~2\is240568281.log dacbeeea364cfc537f4b44dccdbea25d6ac59fa8f6c64567f01b2fafc215b240.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
dacbeeea364cfc537f4b44dccdbea25d6ac59fa8f6c64567f01b2fafc215b240.exepid process 528 dacbeeea364cfc537f4b44dccdbea25d6ac59fa8f6c64567f01b2fafc215b240.exe 528 dacbeeea364cfc537f4b44dccdbea25d6ac59fa8f6c64567f01b2fafc215b240.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/528-132-0x0000000000400000-0x000000000051A000-memory.dmpFilesize
1.1MB
-
memory/528-133-0x0000000000400000-0x000000000051A000-memory.dmpFilesize
1.1MB
-
memory/528-134-0x0000000000400000-0x000000000051A000-memory.dmpFilesize
1.1MB
-
memory/528-135-0x0000000000400000-0x000000000051A000-memory.dmpFilesize
1.1MB