Overview

overview

10

Static

static

3

WexSide Crack.exe

windows7-x64

10

WexSide Crack.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    59s
  • max time network
    55s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    07-06-2023 10:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WexSide Crack.exe

  • Size

    718KB

  • MD5

    e5701891f96e5727971f223551b64f45

  • SHA1

    dcc476ee7b6c9bb75195c1ab81512d5c6efacd40

  • SHA256

    1a7c622544bc7fce75780a488bbf9d66a68176405c40d196a7afb7124244bd41

  • SHA512

    2c8a44b882bce13e226ab0a7941c57a8b383c793626cf15a16e81abbcaa033b78a536cbeb03e2bdbd4c923102bb6d967f90e4cc38570fb2f5ebd32706da9e998

  • SSDEEP

    12288:jccr2M0k0CTUxid6rfBCWxskGxo5PlAXY5sMIGH/c4j:IcpBjN6rfBCWmx42I5HIGfcY

Score
10/10
44caliberspywarestealer

Malware Config

Extracted

Family

44caliber

C2

https://discordapp.com/api/webhooks/1049356312187772968/RhGBI5VRUa2070gE61YTrZzr1G_QOPG0A5RvRIUDuTemlVPlposGOfVeFkkYgdFFQO5I

Signatures

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 50 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WexSide Crack.exe
    "C:\Users\Admin\AppData\Local\Temp\WexSide Crack.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1304
    • C:\Users\Admin\AppData\Local\Temp\Insidious.exe
      "C:\Users\Admin\AppData\Local\Temp\Insidious.exe"
      2⤵
      • Executes dropped EXE
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1300
    • C:\Users\Admin\AppData\Local\Temp\loader.exe
      "C:\Users\Admin\AppData\Local\Temp\loader.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:668
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:540
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:540 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:452

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b131d0e3ea3f91128d00d702f4ddd349

    SHA1

    d37bda65aa0829853dc8777a9b00a3997f27ebb5

    SHA256

    07345689eb2611a4b429f2c6ec259789abb5e7710bf80fa5eb10a326ef1b0fe4

    SHA512

    6ea0e308141d16564ecb2264f2d907732dfdda0e757925c8c58a68847d0329ea8aa7564f4212d8568652bded011781c72c65c4f3d8721aa2914950ed48808090

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    efa629f804526f971bd868796ac6afad

    SHA1

    9050ea8675963f4e19df81233fee9f9fae89cc42

    SHA256

    fc2aec76be6ce5b1a172ede8bbef7c897da8073f72b48887c76f66bf3192e2fd

    SHA512

    5b21661c5bed2dab743d2605026259bd4f8447e71c0b601a7ae105e59a327d138820f61c2357a0e1fb454c3a454dbc39652a6ae8ac0e22e00f88837c95013bf9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    372997155b7f323c85b2043c940e1060

    SHA1

    128b80113c5ad3d8e1c9c1f63d63ff190ae8f888

    SHA256

    05e25d4a1b63f13ac8aa1bad3574b3f644a6a72a193fa5270c3bcceea8acfa4e

    SHA512

    e48f313402f51fc490ce5d9f57b65fecd1b0e7505e5985d2379e9bbe569bdf02d4d96e47e2e271fd7a0d695a4002c9af32619a7afb81b401ba30d4af2264df56

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2386eb16c6e666a1ade7f7866a71e24d

    SHA1

    cf7b5cb3d9991cfe775e1d47e041038d004b1a9c

    SHA256

    8b9e6bf848ef357cdd7d20aebbf92a9e7d768e413953e9a4600b627de7faadb0

    SHA512

    a898f56f4f0c66c9c9aeddf64e2aa327307796e671630dee996f64f23a837946087a312b7d9a962541e2100ddf3ff13059874f47a3561c1cbcb6a4d000762b3a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9f8e9f11272701ed29faefd9209000cc

    SHA1

    921419ae83c83251171a74b32d9d04ed9d180137

    SHA256

    5d32084781f3e936d5c3be4c2f869e609dff1ae2ed476e0f7d9c4ead9d213fb8

    SHA512

    625bae81a422070bc105880d10f864eed1b6cbcf3ee55015c9ba80bf62c25f46edc844180129303d5685d95fc29c19d9f48560495ff7053e48822dd059621a7e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    54275a982edfd1ae435b1139aff82739

    SHA1

    cdd32a0b290c7333e83310a06992ff95d90acab0

    SHA256

    181672a81048be758c255e533a53d4266ba8d27df10078dd185df133d14f9b6d

    SHA512

    47dd7f6ab172ca6037f4d555db9e22a9e0fcc0e7e7b9ff7190215ebf3ed4070f06947229faad51a6f4e74cb0477248714ce7c0eba99547f3e64f155d60e01820

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6b6f1c1c154a26e80e2d656fda1c06e4

    SHA1

    93d6de726438dc0ea81503a0319b00fd9ea17e71

    SHA256

    98eb0ee8fb5303e54f2fcb5b107443429d66df29fe9899702147a6c59cc03c7e

    SHA512

    001ba2ff477d4b589df62aeb37d30e0539ccc84700ccae9ae1703a759e29e0763f9fff52cb35368250b70b4e42f80596ca9d797f8cfa016ed9844388f4138d42

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    30fc714f8b9922c1521538b50da5aeed

    SHA1

    c8f307cc0d3f46835f4de568dd33bb56198c8ca6

    SHA256

    0861bf73caa60f4cd6a72660b5404d46b098e05f5c707e98b529fda5b875c760

    SHA512

    95fd9a8364e93060074b75c7c7cc04e27e16f0aa877b6ed89012acc16ed24522dc6c9c85b3dbdb68293a19bae0df3edd7a5566069d39231bed6809fd9b0973ad

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8838b288888d99ef45825d259056a5d2

    SHA1

    5f1ddfec49434a1ce4d763dfbfa5144704ef4fa3

    SHA256

    0c92455e65dda30202215a12d5f453c4f8f46d0f5d5f03d61abc62ff8f734525

    SHA512

    b982b57bc0ef155dbd00db73fc9c06003b2900cc3f6f8d9889791ee8634d9164a16e2f0b4b1a255ea2c0c561cd905b5fe0772036b75bab15be76984ccf27726a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    25f284793334efa7332f50fb31245b36

    SHA1

    2eab19c33899e89d7e08eca019256c1b080b51aa

    SHA256

    a3b2b1a68e91e13ebf6f97ba2369a85f9adbd5d484d9204ddd1cad2666db42c1

    SHA512

    f44018136d8a151da2b5cb2697bb13aaa4bea49db977e2c9f9b7c3388390fc1f58fcd3cbc6d5161172a4a645cbac944355accc22d6697496111c78a83d6a6500

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    142399a8e174a126ebd8a25bc9e0cf87

    SHA1

    a7e49e761b8e83a1954ca39d0e2d5a90acf40da1

    SHA256

    ef6f71d0602775b0055d50dc539b8b8e33bc0105ecc050dcba7f05970b7997c2

    SHA512

    76862b53419e3314b9d3867519345552226cfa7c6f59e0b2046dfb8ba275f4d12bc7a2b802c9c17ac5a1a0347833e747e0c12cd71f8360b1283eede14d073a4a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    08875125f94d04afe95d9454c95f28e9

    SHA1

    a1caa792d557a64a98ea0064cfe18dc1c31a013a

    SHA256

    dae58d92205b2e716d9d23b85bf8cbfd7b4ff855d005809b9bfc1cc10c862109

    SHA512

    c65ddf9035b4d793c724533427d18d0aa83fcfcfdada29b2971cdf99d4a166022e6aa9a7179d4f2ad32ae95cadef81fd486b1f303529e7846a3a2c489fd08e1e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BCVIUOL2\www.oracle[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BCVIUOL2\www.oracle[1].xml
    Filesize

    151B

    MD5

    90d783aedf1501fab00f884d41b61937

    SHA1

    d85f14a5d047c34cb0a0f3fbdbd4dfd2a2389c6a

    SHA256

    ae54f09c1d7b5903cf04b6230564cd7b128d45043597ca1cc9e71c1786866666

    SHA512

    1ebc1d09d1148fa08d9bc2e8ccb78257d125f4422145b3d04a4ba7e2a1b0734d68a1f818e2d5e80b5b5dd48f445aebc76e635772d91e594607365511a9af496e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\07asiie\imagestore.dat
    Filesize

    5KB

    MD5

    1b1ac9ef20b4b5e962e45bc45a68c548

    SHA1

    5e198c29c27748fbd4d2c15d3157f304d3b063f9

    SHA256

    c18568c4f449338aaaa4538ac99e22925dde9d24d0ab412acf9aecc3c0d02d06

    SHA512

    e92b995b4857078889d04be81e60c1a13a42578cd7d525b9565e5b6a8209228023862bd22458a1b4167332e1ced8a340b24f999dace98e262f06ff60b708cfbb

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\favicon-32[1].png
    Filesize

    1KB

    MD5

    51db57e829efd1958c47eef011040d9e

    SHA1

    32dae01af230fffb57070054d5693ba66d191d5e

    SHA256

    e24f15815d2cf3e2bab2323a684dfc8b0b86ea3da044465765b0e35cfd50793c

    SHA512

    4545758b7fabbe8016fb2c5de71e156697a2e7cda866333df024087f454a6a0ff098928d5592680e0812e596d9fefbd54895845876db8c2b5c06ad879f4ce949

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab733F.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Insidious.exe
    Filesize

    274KB

    MD5

    082a96ffc0b5c79bba76f7614a855ee3

    SHA1

    b44a3ced7c9db4dc25ff5235d2b8e7ffb64200f7

    SHA256

    ee8cec604cd3b8273898f378a6a9490b7d530df3d7841c22b41b003d688543a9

    SHA512

    85dc97673d1967670e953897d51a9ca012860759a27b15d4668fb961184ecf2e49a7c32216bede507246828c4aa114eb8b04bec4579b096b38d0fa0f7603b526

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Insidious.exe
    Filesize

    274KB

    MD5

    082a96ffc0b5c79bba76f7614a855ee3

    SHA1

    b44a3ced7c9db4dc25ff5235d2b8e7ffb64200f7

    SHA256

    ee8cec604cd3b8273898f378a6a9490b7d530df3d7841c22b41b003d688543a9

    SHA512

    85dc97673d1967670e953897d51a9ca012860759a27b15d4668fb961184ecf2e49a7c32216bede507246828c4aa114eb8b04bec4579b096b38d0fa0f7603b526

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar7340.tmp
    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar7470.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\loader.exe
    Filesize

    610KB

    MD5

    1ff7c7c08621c82d68330f0f5a15fb46

    SHA1

    2930047d59c82f2c943bbbe766389474995617a7

    SHA256

    479c4f5c81bf090205a00f953c03400c3a411c731caffa75b67c280a4cbe5c81

    SHA512

    491ad95296a048b1fc609d8c9ceb8ba4383f8b452a8c273d9d869539adb2f7f8c343d9072acf4a86d4c0d9d679e7da6dcb8527484a728e3c32fb1c0f42370e67

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\loader.exe
    Filesize

    610KB

    MD5

    1ff7c7c08621c82d68330f0f5a15fb46

    SHA1

    2930047d59c82f2c943bbbe766389474995617a7

    SHA256

    479c4f5c81bf090205a00f953c03400c3a411c731caffa75b67c280a4cbe5c81

    SHA512

    491ad95296a048b1fc609d8c9ceb8ba4383f8b452a8c273d9d869539adb2f7f8c343d9072acf4a86d4c0d9d679e7da6dcb8527484a728e3c32fb1c0f42370e67

    Download Submit
  • \Users\Admin\AppData\Local\Temp\Insidious.exe
    Filesize

    274KB

    MD5

    082a96ffc0b5c79bba76f7614a855ee3

    SHA1

    b44a3ced7c9db4dc25ff5235d2b8e7ffb64200f7

    SHA256

    ee8cec604cd3b8273898f378a6a9490b7d530df3d7841c22b41b003d688543a9

    SHA512

    85dc97673d1967670e953897d51a9ca012860759a27b15d4668fb961184ecf2e49a7c32216bede507246828c4aa114eb8b04bec4579b096b38d0fa0f7603b526

    Download Submit
  • \Users\Admin\AppData\Local\Temp\loader.exe
    Filesize

    610KB

    MD5

    1ff7c7c08621c82d68330f0f5a15fb46

    SHA1

    2930047d59c82f2c943bbbe766389474995617a7

    SHA256

    479c4f5c81bf090205a00f953c03400c3a411c731caffa75b67c280a4cbe5c81

    SHA512

    491ad95296a048b1fc609d8c9ceb8ba4383f8b452a8c273d9d869539adb2f7f8c343d9072acf4a86d4c0d9d679e7da6dcb8527484a728e3c32fb1c0f42370e67

    Download Submit
  • \Users\Admin\AppData\Local\Temp\loader.exe
    Filesize

    610KB

    MD5

    1ff7c7c08621c82d68330f0f5a15fb46

    SHA1

    2930047d59c82f2c943bbbe766389474995617a7

    SHA256

    479c4f5c81bf090205a00f953c03400c3a411c731caffa75b67c280a4cbe5c81

    SHA512

    491ad95296a048b1fc609d8c9ceb8ba4383f8b452a8c273d9d869539adb2f7f8c343d9072acf4a86d4c0d9d679e7da6dcb8527484a728e3c32fb1c0f42370e67

    Download Submit
  • memory/668-91-0x0000000000400000-0x0000000000457000-memory.dmp
    Filesize

    348KB

    Download
  • memory/1300-90-0x000000001AFF0000-0x000000001B070000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1300-71-0x00000000009D0000-0x0000000000A1A000-memory.dmp
    Filesize

    296KB

    Download