Overview

overview

8

Static

static

7

Firefox Installer.exe

windows7-x64

8

Firefox Installer.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    88s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-02-2023 04:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Firefox Installer.exe

  • Size

    342KB

  • MD5

    699773f1df85496dfcf08df647e57a91

  • SHA1

    15b0e3ef49e5e1017c671d0a545d957637dcfa25

  • SHA256

    535ff53a4eb8cedab53d3368e7c5617ebb4ecb3b0fcc3f931196cf78c028f029

  • SHA512

    c6655ab0f2c1c1fd25444abda4039da4ea093d36ba212c95566a6a55125446b0a8f3e4ff331191508ed9fa45ffa6176763122b7c8f270fb438592557c6f0aaf5

  • SSDEEP

    6144:7aVWdyzOxeA1DfdwX3MmIOwB5dVow28rYv0dWPDRRAZKlsyQYUEj/ton5BNS3:7MROxdDfOnMmXiVR2EWPDRRAZKlsqj1l

Score
7/10
spywarestealerupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Firefox Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\Firefox Installer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4712
    • C:\Users\Admin\AppData\Local\Temp\7zS8622E926\setup-stub.exe
      .\setup-stub.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of SetWindowsHookEx
      PID:4056

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zS8622E926\setup-stub.exe
    Filesize

    551KB

    MD5

    32a1e51d0af50d523c4d8815bed5d2ef

    SHA1

    ae137d93c4f187f76edff03084b88c584b6db0be

    SHA256

    9da4ea89303bbf57576eb9bb0a817532976dabb404b43c0fb9e3ad052f5ddec3

    SHA512

    dcdfa931b94868c5dc5b93b0f269cc8093830436bee1a6cd7e1a5bf0c933e58df6426636162b51de8c416ecbeea696f142540f26acde130410242ab464486894

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS8622E926\setup-stub.exe
    Filesize

    551KB

    MD5

    32a1e51d0af50d523c4d8815bed5d2ef

    SHA1

    ae137d93c4f187f76edff03084b88c584b6db0be

    SHA256

    9da4ea89303bbf57576eb9bb0a817532976dabb404b43c0fb9e3ad052f5ddec3

    SHA512

    dcdfa931b94868c5dc5b93b0f269cc8093830436bee1a6cd7e1a5bf0c933e58df6426636162b51de8c416ecbeea696f142540f26acde130410242ab464486894

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nss68A3.tmp\CityHash.dll
    Filesize

    53KB

    MD5

    2021acc65fa998daa98131e20c4605be

    SHA1

    2e8407cfe3b1a9d839ea391cfc423e8df8d8a390

    SHA256

    c299a0a71bf57eb241868158b4fcfe839d15d5ba607e1bdc5499fdf67b334a14

    SHA512

    cb96d3547bab778cbe94076be6765ed2ae07e183e4888d6c380f240b8c6708662a3b2b6b2294e38c48bc91bf2cc5fc7cfcd3afe63775151ba2fe34b06ce38948

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nss68A3.tmp\InetBgDL.dll
    Filesize

    17KB

    MD5

    97c607f5d0add72295f8d0f27b448037

    SHA1

    dfb9a1aa1d3b1f7821152afaac149cad38c8ce3c

    SHA256

    dc98ed352476af459c91100b8c29073988da19d3adc73e2c2086d25f238544a5

    SHA512

    ad759062152869089558389c741876029198c5b98fa725e2d2927866dc8b416ae2de871cb2479f614f6d29b6f646bf7191d02837c3cabc15b8185b563bc46268

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nss68A3.tmp\System.dll
    Filesize

    22KB

    MD5

    b361682fa5e6a1906e754cfa08aa8d90

    SHA1

    c6701aee0c866565de1b7c1f81fd88da56b395d3

    SHA256

    b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04

    SHA512

    2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nss68A3.tmp\UAC.dll
    Filesize

    28KB

    MD5

    d23b256e9c12fe37d984bae5017c5f8c

    SHA1

    fd698b58a563816b2260bbc50d7f864b33523121

    SHA256

    ec6a56d981892bf251df1439bea425a5f6c7e1c7312d44bedd5e2957f270338c

    SHA512

    13f284821324ffaeadafd3651f64d896186f47cf9a68735642cf37b37de777dba197067fbccd3a7411b5dc7976e510439253bd24c9be1d36c0a59d924c17ae8e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nss68A3.tmp\UserInfo.dll
    Filesize

    14KB

    MD5

    610ad03dec634768cd91c7ed79672d67

    SHA1

    dc8099d476e2b324c09db95059ec5fd3febe1e1e

    SHA256

    c6c413108539f141bea3f679e0e2ef705898c51ec7c2607f478a865fc5e2e2df

    SHA512

    18c3c92be81aadfa73884fe3bdf1fce96ccfbd35057600ef52788a871de293b64f677351ba2885c6e9ce5c3890c22471c92832ffc13ba544e9d0b347c5d33bfd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nss68A3.tmp\UserInfo.dll
    Filesize

    14KB

    MD5

    610ad03dec634768cd91c7ed79672d67

    SHA1

    dc8099d476e2b324c09db95059ec5fd3febe1e1e

    SHA256

    c6c413108539f141bea3f679e0e2ef705898c51ec7c2607f478a865fc5e2e2df

    SHA512

    18c3c92be81aadfa73884fe3bdf1fce96ccfbd35057600ef52788a871de293b64f677351ba2885c6e9ce5c3890c22471c92832ffc13ba544e9d0b347c5d33bfd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nss68A3.tmp\WebBrowser.dll
    Filesize

    103KB

    MD5

    b53cd4ad8562a11f3f7c7890a09df27a

    SHA1

    db66b94670d47c7ee436c2a5481110ed4f013a48

    SHA256

    281a0dc8b4f644334c2283897963b20df88fa9fd32acca98ed2856b23318e6ec

    SHA512

    bb45d93ed13df24a2056040c219cdf36ee44c8cddb7e178fdaabcec63ac965e07f679ca1fa42591bba571992af619aa1dc76e819a7901709df79598a2b0cef81

    Download Submit

  • memory/4712-132-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4712-143-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download