4ede3b354c89dcdbed4e12e985f9917a8edb9340cd3e2f1e5aa0818405669bfc | Triage

Submit
Reports

Overview

overview

8

Static

static

1

procexp.exe

windows10-2004-x64

8

Resubmissions

28-06-2023 17:47

230628-wc2yzaae36 1

28-06-2023 17:00

230628-vjabvsbd2t 8

Sharing

General

Target

procexp.exe
Size

3.1MB
Sample

230628-vjabvsbd2t
MD5

aa61b3c107aa9b5be362c979720398ac
SHA1

118d4f18b3d6606cccd53c6781bb9dc3a0480f0e
SHA256

4ede3b354c89dcdbed4e12e985f9917a8edb9340cd3e2f1e5aa0818405669bfc
SHA512

1bbb566ec15b113f3f9d48f693b7ee3a3f9d6942c0fa6fd10d5c0f7c2012dff219814a0fee2799ffabc596b6728fc35f2a7388022b9da06ca3bc0fcacb466a4e
SSDEEP

24576:0+pml4FJNz3enB1DB4XGVOk1N1C8YmillGm1JNNVUdz0wHIKCcEkdGh5jfgyufXg:bh3GDyXGVOk1ZYZwdzNp5sg9+

Score

8^/10

adware discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

procexp.exe

Resource

win10v2004-20230621-en

adware discovery persistence spyware stealer

windows10-2004-x64

37 signatures

1800 seconds

Malware Config

Targets

- Target
  
  procexp.exe
- Size
  
  3.1MB
- MD5
  
  aa61b3c107aa9b5be362c979720398ac
- SHA1
  
  118d4f18b3d6606cccd53c6781bb9dc3a0480f0e
- SHA256
  
  4ede3b354c89dcdbed4e12e985f9917a8edb9340cd3e2f1e5aa0818405669bfc
- SHA512
  
  1bbb566ec15b113f3f9d48f693b7ee3a3f9d6942c0fa6fd10d5c0f7c2012dff219814a0fee2799ffabc596b6728fc35f2a7388022b9da06ca3bc0fcacb466a4e
- SSDEEP
  
  24576:0+pml4FJNz3enB1DB4XGVOk1N1C8YmillGm1JNNVUdz0wHIKCcEkdGh5jfgyufXg:bh3GDyXGVOk1ZYZwdzNp5sg9+
Score

8^/10

adware discovery persistence spyware stealer
- Downloads MZ/PE file
- Drops file in Drivers directory
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy