Overview

overview

7

Static

static

cf773b582a...82.exe

windows7-x64

7

cf773b582a...82.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    188s
  • max time network
    193s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-11-2022 17:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cf773b582ab5d60764e7274240babb5c65c186703215e120334d78c7c765d782.exe

  • Size

    104KB

  • MD5

    105bfe6b2c3105d292586ad60f636b5e

  • SHA1

    7ac5d7882f91691f6e16eeb98125e49bf7516e7a

  • SHA256

    cf773b582ab5d60764e7274240babb5c65c186703215e120334d78c7c765d782

  • SHA512

    597323fca2b33358b88d37068cf5d8663c324bc4689fda686cad8a3d6e3ffa75a35affd42782b966caf610c32f3690e9c2e2328d8da5cea532b0fd43ea9e7c58

  • SSDEEP

    3072:m11111q111/RnWLfFB7L/U11111f111IhtSSiKzm+k7CtTwBr6O:jcPLnt5dp1lUr

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cf773b582ab5d60764e7274240babb5c65c186703215e120334d78c7c765d782.exe
    "C:\Users\Admin\AppData\Local\Temp\cf773b582ab5d60764e7274240babb5c65c186703215e120334d78c7c765d782.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3104
    • C:\Users\Admin\AppData\Local\Temp\cf773b582ab5d60764e7274240babb5c65c186703215e120334d78c7c765d782.exe
      C:\Users\Admin\AppData\Local\Temp\cf773b582ab5d60764e7274240babb5c65c186703215e120334d78c7c765d782.exe
      2⤵
      • Modifies Internet Explorer settings
      • Modifies Internet Explorer start page
      • Suspicious use of SetWindowsHookEx
      PID:4176

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4176-134-0x0000000000000000-mapping.dmp

    Download

  • memory/4176-135-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4176-139-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download