Overview

overview

10

Static

static

5

407fbb0e90...bb.exe

windows7-x64

10

407fbb0e90...bb.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    37s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    02-12-2022 12:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    407fbb0e90f9c8796917dfeb4af0ace4a90086b755637b7d39226878828f85bb.exe

  • Size

    1.1MB

  • MD5

    6edf09906508321bc02ee3dc1611c837

  • SHA1

    2e97064a575aa81a8b21a943ab8cf8b67ee9e462

  • SHA256

    407fbb0e90f9c8796917dfeb4af0ace4a90086b755637b7d39226878828f85bb

  • SHA512

    1470e6664b271d69056f20b5dd6b69800730994bdd55c250ca89e1e3b8fe559b2963803cf67ee74446369056494379fbce6352897eaa2e3362df2e1db852c43c

  • SSDEEP

    24576:KaHMv6Corjqny/Q5QfUtsqb/oY+XWRTnMFN5:K1vqjd/Q5QGCXWd2N5

Score
10/10
isrstealerspywarestealertrojanupx

Malware Config

Signatures

  • ISR Stealer

    ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    trojanstealerisrstealer
  • ISR Stealer payload 5 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\407fbb0e90f9c8796917dfeb4af0ace4a90086b755637b7d39226878828f85bb.exe
    "C:\Users\Admin\AppData\Local\Temp\407fbb0e90f9c8796917dfeb4af0ace4a90086b755637b7d39226878828f85bb.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:964
    • C:\Users\Admin\AppData\Local\Temp\407fbb0e90f9c8796917dfeb4af0ace4a90086b755637b7d39226878828f85bb.exe
      "C:\Users\Admin\AppData\Local\Temp\407fbb0e90f9c8796917dfeb4af0ace4a90086b755637b7d39226878828f85bb.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2036
      • C:\Users\Admin\AppData\Local\Temp\407fbb0e90f9c8796917dfeb4af0ace4a90086b755637b7d39226878828f85bb.exe
        /scomma "C:\Users\Admin\AppData\Local\Temp\tmp.ini"
        3⤵
          PID:2008

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/964-54-0x0000000076411000-0x0000000076413000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2008-66-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    • memory/2008-73-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    • memory/2008-72-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    • memory/2008-71-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    • memory/2008-70-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    • memory/2008-67-0x00000000004512E0-mapping.dmp

      Download

    • memory/2036-58-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2036-65-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2036-61-0x0000000000401130-mapping.dmp

      Download

    • memory/2036-60-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2036-55-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2036-56-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2036-74-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download