15b7a19da88dff979917f0977079fb3bbcff35307d40daf9ba7eb543320e49d8

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
21/08/2023, 21:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15b7a19da88dff979917f0977079fb3bbcff35307d40daf9ba7eb543320e49d8.exe
Size

7.6MB
MD5

6693204e07630a56940284c492ad3355
SHA1

027d46ead036b614c8ebf566e628e267d4e26bf1
SHA256

15b7a19da88dff979917f0977079fb3bbcff35307d40daf9ba7eb543320e49d8
SHA512

67703590d0a48408e0283404841cd8f4a46417ca467b0c8e94f1f329634e28ee1ccf3c20d436a6e44fd0fee4b32acb8fd39ad7af04941a2d3d0e81c50137159a
SSDEEP

196608:nkfN6ftJRNx3Kqt3RPcZWrduzuUr/BWeP2paKpVOFhy5+6GZTb:nkfN6ftTvmYduzuUH24SQ6Gh

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TypedURLs	15b7a19da88dff979917f0977079fb3bbcff35307d40daf9ba7eb543320e49d8.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1744	15b7a19da88dff979917f0977079fb3bbcff35307d40daf9ba7eb543320e49d8.exe
1744	15b7a19da88dff979917f0977079fb3bbcff35307d40daf9ba7eb543320e49d8.exe
1744	15b7a19da88dff979917f0977079fb3bbcff35307d40daf9ba7eb543320e49d8.exe
1744	15b7a19da88dff979917f0977079fb3bbcff35307d40daf9ba7eb543320e49d8.exe

C:\Users\Admin\AppData\Local\Temp\15b7a19da88dff979917f0977079fb3bbcff35307d40daf9ba7eb543320e49d8.exe
"C:\Users\Admin\AppData\Local\Temp\15b7a19da88dff979917f0977079fb3bbcff35307d40daf9ba7eb543320e49d8.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\15b7a19da88dff979917f0977079fb3bbcff35307d40daf9ba7eb543320e49d8.exepack.tmp

Filesize
2KB

MD5
c8949c4771b05014686973462edb8c12

SHA1
1860190f3b3b27b41d7272ce19f20c9f661201b9

SHA256
27bdd4667ed8c29a2978384b180f934619e6fd51dac5e08e330692be1ae75924

SHA512
54b1583c404e794d4b3e059965fde45f3d7c30850d346ec929240974d3fcd7891b983297a8cf3ad9a6c44990b0eec15dfa94d808869a84d083b8cee07a7afe3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\fa2c1cbf01e9a463d69bf88e3e439661.ini

Filesize
1KB

MD5
907d20fdf5d5bca71376188a3f562b7a

SHA1
e267a99dcf6a59e606b863885bfea970556fbe8d

SHA256
5706de3d1df4d51fd7e7fa94e545f054247340c8155621a64e7f128108666a14

SHA512
2fa383719ff3fd75a5a825b30cd2acb77e2508a6684d0d832871e8e97d946e4c2d1f664593c57eb6d7d9c94575bcfd6c480c6e314164e6eb8381571b8cf764b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\fa2c1cbf01e9a463d69bf88e3e439661A.ini

Filesize
1KB

MD5
46cd6e1ea405e3e658a34b118a21c245

SHA1
f9a9b6da7361cbbf5443bc8b4d42ffb26652892a

SHA256
f8c3393b8725ba15c6461bb07953b5ab34ad2ef383482245acc363dcc8dfa36e

SHA512
875c570682a145414448b08573a15427cfe4310beb8123461897928b3dae4e562d1dda9aca4bac61a03477e5b25430c5ed7083b90305b6089e32ef2a7a39e9e6

Download Submit
memory/1744-59-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/1744-54-0x0000000000400000-0x0000000001DB0000-memory.dmp

Filesize
25.7MB

Download
memory/1744-56-0x0000000000400000-0x0000000001DB0000-memory.dmp

Filesize
25.7MB

Download
memory/1744-55-0x0000000000250000-0x0000000000253000-memory.dmp

Filesize
12KB

Download
memory/1744-378-0x0000000000250000-0x0000000000253000-memory.dmp

Filesize
12KB

Download
memory/1744-379-0x0000000000400000-0x0000000001DB0000-memory.dmp

Filesize
25.7MB

Download
memory/1744-380-0x0000000000400000-0x0000000001DB0000-memory.dmp

Filesize
25.7MB

Download
memory/1744-381-0x0000000000400000-0x0000000001DB0000-memory.dmp

Filesize
25.7MB

Download
memory/1744-382-0x0000000000400000-0x0000000001DB0000-memory.dmp

Filesize
25.7MB

Download
memory/1744-383-0x0000000000400000-0x0000000001DB0000-memory.dmp

Filesize
25.7MB

Download
memory/1744-384-0x0000000000400000-0x0000000001DB0000-memory.dmp

Filesize
25.7MB

Download
memory/1744-385-0x0000000000400000-0x0000000001DB0000-memory.dmp

Filesize
25.7MB

Download