Overview

overview

10

Static

static

3

232470444 ...PO.exe

windows7-x64

10

232470444 ...PO.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/08/2023, 20:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    232470444 Precise PO.exe

  • Size

    604KB

  • MD5

    13222327967b090cf32bd7bb266f4c4f

  • SHA1

    9f48440b76715716d4841e9cdad6c41d801772f5

  • SHA256

    df7d91d4002f96a8852431095308e5271f900a30125ec3d1d55beb80c6995d1f

  • SHA512

    d55f35eb06b195bc938f0e6f0b98f484b5281ca4cefd763a93b821d296a128061324aa89f8ea558f27b6d9ac84fbdf56ebae04123dff9563157d9fad68c366f0

  • SSDEEP

    12288:87Mxm/gPrkhaDcivBlqH8wF+HtbpuLwEBk9iUu6S9SnzHWC:871wrkhaDxZHC+HUBk9iUuEH

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious behavior: EnumeratesProcesses 58 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\232470444 Precise PO.exe
    "C:\Users\Admin\AppData\Local\Temp\232470444 Precise PO.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4384

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4384-133-0x0000000074630000-0x0000000074DE0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4384-134-0x0000000000E70000-0x0000000000F0C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/4384-135-0x0000000005F00000-0x00000000064A4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4384-136-0x0000000005950000-0x00000000059E2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4384-137-0x0000000005B60000-0x0000000005B70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4384-138-0x0000000005A60000-0x0000000005A6A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4384-139-0x0000000074630000-0x0000000074DE0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4384-140-0x0000000005B60000-0x0000000005B70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4384-141-0x000000000ADF0000-0x000000000AE8C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/4384-142-0x000000000B100000-0x000000000B166000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4384-143-0x00000000087B0000-0x0000000008800000-memory.dmp

    Filesize

    320KB

    Download

  • memory/4384-144-0x00000000089D0000-0x0000000008B92000-memory.dmp

    Filesize

    1.8MB

    Download