Overview

overview

8

Static

static

9355f2a1ad...58.exe

windows7-x64

8

9355f2a1ad...58.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    191s
  • max time network
    199s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 05:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9355f2a1ad4d1e5de72da2520b8f8b8d0c5213dd87743e00a018e2733f213758.exe

  • Size

    1.2MB

  • MD5

    f2de7ad903bb18acc778c4175b5c0eb3

  • SHA1

    18991662a4389412ff9c56ef4debd3d55128d384

  • SHA256

    9355f2a1ad4d1e5de72da2520b8f8b8d0c5213dd87743e00a018e2733f213758

  • SHA512

    5fe0dc51c49b5af08c148d5f0780eebca26501b4277624e4878a67ad33d59d1678e576ea9d5d19d7213ac54d9374070bebf6ddb376ec8a4a698c3c2b16351952

  • SSDEEP

    12288:cEqQmf49lUNT8H2Ah4385hUHVNVqGFaTwNLSzbDcikVxGPODovUnkWQ3CQtEMyAq:2Qt9lBN4s5hsLBoiC9/2nvMyKvTBy2+R

Score
8/10
discoverypersistencespywarestealerupx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware

Processes

  • C:\Users\Admin\AppData\Local\Temp\9355f2a1ad4d1e5de72da2520b8f8b8d0c5213dd87743e00a018e2733f213758.exe
    "C:\Users\Admin\AppData\Local\Temp\9355f2a1ad4d1e5de72da2520b8f8b8d0c5213dd87743e00a018e2733f213758.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    PID:3660

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3660-132-0x0000000000400000-0x00000000006ED000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/3660-133-0x0000000000400000-0x00000000006ED000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/3660-135-0x0000000000400000-0x00000000006ED000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/3660-136-0x0000000000400000-0x00000000006ED000-memory.dmp

    Filesize

    2.9MB

    Download