Overview

overview

10

Static

static

8

8b04442da2...81.exe

windows7-x64

10

8b04442da2...81.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-12-2022 06:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b04442da25cfa5698f2ceddb2137c1306d84880a04fa2a2d662090fe23e3e81.exe

  • Size

    915KB

  • MD5

    d5517bed2e8eebb29ed1ac0df1fc0f27

  • SHA1

    a216d852812987b7026148f5cb3df3ebf0d64c80

  • SHA256

    8b04442da25cfa5698f2ceddb2137c1306d84880a04fa2a2d662090fe23e3e81

  • SHA512

    6d39794b8e400701593ec720ab8b6d211804f9a80634a4c68d301fb114054b40c87def9a915c76a226635238c094f0faab402437a7c738cf744e31900580a1c1

  • SSDEEP

    12288:J6Wq4aaE6KwyF5L0Y2D1PqLCL0AyP01MzKoKqEJlOAH3BxvvQTgaA:fthEVaPqLCLqEMuoKqWlOAXzxaA

Score
10/10
isrstealerstealertrojanupx

Malware Config

Signatures

  • ISR Stealer

    ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    trojanstealerisrstealer
  • ISR Stealer payload 4 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b04442da25cfa5698f2ceddb2137c1306d84880a04fa2a2d662090fe23e3e81.exe
    "C:\Users\Admin\AppData\Local\Temp\8b04442da25cfa5698f2ceddb2137c1306d84880a04fa2a2d662090fe23e3e81.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4776
    • C:\Windows\SysWOW64\calc.exe
      "C:\Windows\SysWOW64\calc.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2180
      • C:\Windows\SysWOW64\calc.exe
        /scomma "C:\Users\Admin\AppData\Local\Temp\tmp.ini"
        3⤵
          PID:4876

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\tmp.ini
      Filesize

      5B

      MD5

      d1ea279fb5559c020a1b4137dc4de237

      SHA1

      db6f8988af46b56216a6f0daf95ab8c9bdb57400

      SHA256

      fcdcc2c46896915a1c695d6231f0fee336a668531b7a3da46178c80362546dba

      SHA512

      720e9c284f0559015312df7fe977563e5e16f48d3506e51eb4016adf7971924d352f740b030aa3adc81b6f65fd1dba12df06d10fa6c115074e5097e7ee0f08b3

      Download Submit

    • memory/2180-146-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2180-134-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2180-136-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2180-148-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download

    • memory/4776-144-0x0000000000400000-0x000000000056B000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/4776-132-0x0000000000400000-0x000000000056B000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/4876-143-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    • memory/4876-145-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    • memory/4876-142-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    • memory/4876-140-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download