Overview

overview

8

Static

static

b02675b5e3...cb.exe

windows7-x64

8

b02675b5e3...cb.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/12/2022, 08:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b02675b5e311dd58611da7347ee6a41511cb7b96a07b01325fc11f9b40a5e4cb.exe

  • Size

    187KB

  • MD5

    0db9ef1a6ca00a5178a8005155fe38e4

  • SHA1

    18642d2461fcf44e4760d23e9b3a73a8e32b90e8

  • SHA256

    b02675b5e311dd58611da7347ee6a41511cb7b96a07b01325fc11f9b40a5e4cb

  • SHA512

    047d90e2b4e1c648e2e8771738b5f9b95f545216505cad27f7cececfc2e397824d33e4e0a0fec0a7d53bab3fa9bc413c283df8b0e3f23cc8f03e74c7e3b53533

  • SSDEEP

    3072:daHotWoUST1g+qSIPNcV84DEMsaj+4fPTHwls+yWIsT2nP0RammA5OZow8D+ZOE9:dGoqSeVaVqMx1fjWIs40RNOilD2sJ9W

Score
8/10
spywarestealerupx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b02675b5e311dd58611da7347ee6a41511cb7b96a07b01325fc11f9b40a5e4cb.exe
    "C:\Users\Admin\AppData\Local\Temp\b02675b5e311dd58611da7347ee6a41511cb7b96a07b01325fc11f9b40a5e4cb.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1448
    • C:\Users\Admin\AppData\Local\Temp\b02675b5e311dd58611da7347ee6a41511cb7b96a07b01325fc11f9b40a5e4cb.exe
      C:\Users\Admin\AppData\Local\Temp\b02675b5e311dd58611da7347ee6a41511cb7b96a07b01325fc11f9b40a5e4cb.exe startC:\Program Files (x86)\LP\7126\4FF.exe%C:\Program Files (x86)\LP\7126
      2⤵
        PID:3316
      • C:\Users\Admin\AppData\Local\Temp\b02675b5e311dd58611da7347ee6a41511cb7b96a07b01325fc11f9b40a5e4cb.exe
        C:\Users\Admin\AppData\Local\Temp\b02675b5e311dd58611da7347ee6a41511cb7b96a07b01325fc11f9b40a5e4cb.exe startC:\Users\Admin\AppData\Roaming\613F4\92971.exe%C:\Users\Admin\AppData\Roaming\613F4
        2⤵
          PID:5072

      Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1448-133-0x0000000000400000-0x0000000000454000-memory.dmp

              Filesize

              336KB

              Download

            • memory/1448-134-0x0000000000592000-0x00000000005AA000-memory.dmp

              Filesize

              96KB

              Download

            • memory/1448-138-0x0000000000592000-0x00000000005AA000-memory.dmp

              Filesize

              96KB

              Download

            • memory/3316-135-0x0000000000400000-0x0000000000454000-memory.dmp

              Filesize

              336KB

              Download

            • memory/3316-136-0x0000000000677000-0x000000000068F000-memory.dmp

              Filesize

              96KB

              Download

            • memory/3316-137-0x0000000000677000-0x000000000068F000-memory.dmp

              Filesize

              96KB

              Download

            • memory/5072-140-0x0000000000400000-0x0000000000454000-memory.dmp

              Filesize

              336KB

              Download