Overview

overview

8

Static

static

aeb208cb0a...4a.exe

windows7-x64

8

aeb208cb0a...4a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    154s
  • max time network
    195s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 19:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe

  • Size

    817KB

  • MD5

    fda22cca531a5955a7bc7302661e020a

  • SHA1

    74bf8f5188f32d9663dc13c72f7a10d280317dfb

  • SHA256

    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a

  • SHA512

    a0d167b0e244766dc08ab076cf88b221301c0cb61bcfaa7f11da86c1b379050179019a3644b3e00ab48e4a09e9eab74cada7153f91dece78b9cc1cd2085b6f2f

  • SSDEEP

    24576:U5ZHwdBltEgsKrp58UThku0SuEU+Y/TEd:UXHw9KgssdD05rTE

Score
8/10
discoverypersistencespywarestealerupx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware

Processes

  • C:\Users\Admin\AppData\Local\Temp\aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
    "C:\Users\Admin\AppData\Local\Temp\aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    PID:5064

Network

  • flag-unknown
    DNS
    14.110.152.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.110.152.52.in-addr.arpa
    IN PTR
    Response
  • 93.184.221.240:80
    322 B
     7
  • 52.182.143.208:443
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 104.80.225.205:443
    322 B
     7
  • 46.118.99.51:80
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
    208 B
     4
  • 127.0.0.1:49755
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
  • 178.137.73.12:80
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
    208 B
     4
  • 127.0.0.1:49764
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
  • 46.236.142.108:80
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
    208 B
     4
  • 127.0.0.1:49777
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
  • 79.164.222.0:80
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
    208 B
     4
  • 127.0.0.1:49784
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
  • 46.252.209.14:80
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
    208 B
     4
  • 127.0.0.1:49793
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
  • 217.172.179.45:80
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
    208 B
     4
  • 127.0.0.1:49808
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
  • 178.172.226.222:80
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
    208 B
     4
  • 127.0.0.1:49816
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
  • 213.231.28.194:80
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
    208 B
     4
  • 127.0.0.1:49826
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
  • 188.237.34.141:80
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
    208 B
     4
  • 127.0.0.1:49830
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
  • 37.46.233.39:80
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
    208 B
     4
  • 127.0.0.1:49835
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
  • 178.137.73.12:80
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
    208 B
     4
  • 127.0.0.1:49838
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
  • 79.164.222.0:80
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
    208 B
     4
  • 127.0.0.1:49841
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
  • 178.150.202.131:80
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
    208 B
     4
  • 127.0.0.1:49847
    aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe
  • 8.8.8.8:53
    14.110.152.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    14.110.152.52.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5064-132-0x0000000000400000-0x00000000007A6000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/5064-134-0x0000000000400000-0x00000000007A6000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/5064-135-0x0000000000400000-0x00000000007A6000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/5064-136-0x0000000000400000-0x00000000007A6000-memory.dmp

    Filesize

    3.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.