Overview

overview

7

Static

static

1

21e4c99973...bd.exe

windows7-x64

7

21e4c99973...bd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    30s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    21/03/2023, 13:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    21e4c999735b8078454d3407c9556aade8d9d477c3b7d2aebc3eee5b5670a3bd.exe

  • Size

    6.8MB

  • MD5

    31a11a0b81f43eeb43887467bbebf5fd

  • SHA1

    187eb286dd68d8421c55a8615ab584cdc280b108

  • SHA256

    21e4c999735b8078454d3407c9556aade8d9d477c3b7d2aebc3eee5b5670a3bd

  • SHA512

    924efe7a92bac35662e5a0e12f49ee18fcd37866d9e2fe7fed3776bc94d87c3a738bffa9bf1b87b47dc1a58154160f5bea2cb026b8204aecaa3cca759386a0f8

  • SSDEEP

    98304:zNESvhK3NdZ79CL5ii5wSreJUHKX0l+6p1TzUbjOl9czfxkcVrnkF9QUa8RP:5dKV9CYSwSrgUHKXXKijWWzfxkornzc

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21e4c999735b8078454d3407c9556aade8d9d477c3b7d2aebc3eee5b5670a3bd.exe
    "C:\Users\Admin\AppData\Local\Temp\21e4c999735b8078454d3407c9556aade8d9d477c3b7d2aebc3eee5b5670a3bd.exe"
    1⤵
    • Maps connected drives based on registry
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:1360

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\1491.tmp
          Filesize

          32B

          MD5

          48255136fc205998b4ebbe6f72b5cdd0

          SHA1

          c6f2c7fdd75a999a61ddfb5b4923d6a0dad917b1

          SHA256

          00523df8a35803806212867d9f6ab89d17a1bfdd3aef5fbb1dc10fcd6faa114c

          SHA512

          c74a7e214f93d124aed393e00f720ac91ca46328f4edf710b26235145b676003261943e4779acbc52ef14667a78636968c04c1065ac5cc70ba9f54d6ab0226de

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\1540.tmp
          Filesize

          71KB

          MD5

          6082dd13ad8102d17f9db9cd07600e97

          SHA1

          39becc88cea914d843b3c5521038907f2f2f4e71

          SHA256

          40a3f938c8c1eb929771c444d5f8887c42c7cde6281690e2071a2593ba92e48a

          SHA512

          b7d5c716b6339b3138492c8b0cf4c9540a8d8224f9d5e72e34ceab442bdfa9c855473bbed68a489851f019461e1b1f9d86baf067be556c67b948c930899d3c1e

          Download Submit

        • memory/1360-65-0x00000000002F0000-0x00000000002F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1360-67-0x0000000000300000-0x0000000000301000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1360-58-0x0000000000250000-0x0000000000251000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1360-59-0x0000000000250000-0x0000000000251000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1360-60-0x00000000002E0000-0x00000000002E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1360-61-0x00000000002E0000-0x00000000002E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1360-62-0x00000000002E0000-0x00000000002E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1360-64-0x00000000002F0000-0x00000000002F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1360-54-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1360-57-0x0000000000250000-0x0000000000251000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1360-68-0x0000000000300000-0x0000000000301000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1360-74-0x0000000000330000-0x0000000000331000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1360-73-0x0000000000330000-0x0000000000331000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1360-71-0x0000000000310000-0x0000000000311000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1360-75-0x0000000000400000-0x0000000000F04000-memory.dmp

          Filesize

          11.0MB

          Download

        • memory/1360-70-0x0000000000310000-0x0000000000311000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1360-56-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1360-55-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download