Overview

overview

8

Static

static

d1e02bdd98...9d.exe

windows7-x64

8

d1e02bdd98...9d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    154s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 08:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d1e02bdd98114d39cfee782fa4067a035d4d77d81347e088ed4986f1cdf7589d.exe

  • Size

    184KB

  • MD5

    255e4eafce3a7615aa2ea9081a9768c1

  • SHA1

    579f7d58bef31349cd0dd6e55818c6a18f8b8919

  • SHA256

    d1e02bdd98114d39cfee782fa4067a035d4d77d81347e088ed4986f1cdf7589d

  • SHA512

    5069e499e99b008957575ac1eaea99ca27064f85c43be71aa9305ce702f4a96fc590404a607abe1172c4e0132073fbb65cd17d206c24a6610357021a0659e822

  • SSDEEP

    3072:9LMU+HvgF7KoVDXPD3I5GmdHZutWq89FIwomRxd00yfzh5ewwQqZV6eDj+vPJx:9Le3yX7cHfL9ewomRA0WJfqr6TvPn

Score
8/10
spywarestealerupx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d1e02bdd98114d39cfee782fa4067a035d4d77d81347e088ed4986f1cdf7589d.exe
    "C:\Users\Admin\AppData\Local\Temp\d1e02bdd98114d39cfee782fa4067a035d4d77d81347e088ed4986f1cdf7589d.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2004
    • C:\Users\Admin\AppData\Local\Temp\d1e02bdd98114d39cfee782fa4067a035d4d77d81347e088ed4986f1cdf7589d.exe
      C:\Users\Admin\AppData\Local\Temp\d1e02bdd98114d39cfee782fa4067a035d4d77d81347e088ed4986f1cdf7589d.exe startC:\Program Files (x86)\LP\043B\236.exe%C:\Program Files (x86)\LP\043B
      2⤵
        PID:676
      • C:\Users\Admin\AppData\Local\Temp\d1e02bdd98114d39cfee782fa4067a035d4d77d81347e088ed4986f1cdf7589d.exe
        C:\Users\Admin\AppData\Local\Temp\d1e02bdd98114d39cfee782fa4067a035d4d77d81347e088ed4986f1cdf7589d.exe startC:\Users\Admin\AppData\Roaming\BCD46\AC504.exe%C:\Users\Admin\AppData\Roaming\BCD46
        2⤵
          PID:1812

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/676-63-0x0000000000400000-0x0000000000455000-memory.dmp

        Filesize

        340KB

        Download

      • memory/676-64-0x00000000004F1000-0x000000000050B000-memory.dmp

        Filesize

        104KB

        Download

      • memory/1812-68-0x0000000000400000-0x0000000000455000-memory.dmp

        Filesize

        340KB

        Download

      • memory/1812-69-0x0000000000591000-0x00000000005AB000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2004-54-0x0000000000400000-0x0000000000455000-memory.dmp

        Filesize

        340KB

        Download

      • memory/2004-55-0x0000000076651000-0x0000000076653000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2004-56-0x0000000000400000-0x0000000000455000-memory.dmp

        Filesize

        340KB

        Download

      • memory/2004-57-0x0000000000581000-0x000000000059B000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2004-60-0x0000000000400000-0x0000000000455000-memory.dmp

        Filesize

        340KB

        Download

      • memory/2004-61-0x0000000000581000-0x000000000059B000-memory.dmp

        Filesize

        104KB

        Download