Overview

overview

7

Static

static

ca7b716813...9a.exe

windows7-x64

7

ca7b716813...9a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    89s
  • max time network
    205s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    04-12-2022 00:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca7b716813110160be02494e58af951d8dafcf528ed093e1529e4e65fa9dba9a.exe

  • Size

    57KB

  • MD5

    6d3bfb9852789806eefc97f991155001

  • SHA1

    7c002d225f7f11ca1449c98503251f15c4bcf736

  • SHA256

    ca7b716813110160be02494e58af951d8dafcf528ed093e1529e4e65fa9dba9a

  • SHA512

    7288e1017f95365cd6a06ec9cfaf90bf7cee0170ceec6765103605d4851c80d3466540962fa361e59877cd749a55776879e8d3062dafe2e67707608c82d0df72

  • SSDEEP

    1536:c7UxKGBsBWZ1Z2qSDnRa8Mc39/aUjkM0sZl1NgY:yBySDnRaK9Usf16Y

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 14 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 8 IoCs
    evasionspywaretrojan
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ca7b716813110160be02494e58af951d8dafcf528ed093e1529e4e65fa9dba9a.exe
    "C:\Users\Admin\AppData\Local\Temp\ca7b716813110160be02494e58af951d8dafcf528ed093e1529e4e65fa9dba9a.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    • Modifies system certificate store
    • Suspicious use of SetWindowsHookEx
    PID:2040
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x140
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1472

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2040-54-0x000007FEF4130000-0x000007FEF4B53000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/2040-55-0x000007FEF2E50000-0x000007FEF3EE6000-memory.dmp

    Filesize

    16.6MB

    Download

  • memory/2040-56-0x000007FEFBB11000-0x000007FEFBB13000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2040-57-0x0000000001F16000-0x0000000001F35000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2040-58-0x000000001EB60000-0x000000001EE5F000-memory.dmp

    Filesize

    3.0MB

    Download