Overview

overview

8

Static

static

7

c307f2376d...3a.exe

windows7-x64

8

c307f2376d...3a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    04/10/2023, 06:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c307f2376df6ab6813dfdbcf90c4cec2bf4ee48240bdf065a1483ed13f2c023a.exe

  • Size

    1.3MB

  • MD5

    019d9f71d07ff19de9f4082310dfebf2

  • SHA1

    7cb355a5d4970706e40c4dde3d9ea9a31ba570c2

  • SHA256

    c307f2376df6ab6813dfdbcf90c4cec2bf4ee48240bdf065a1483ed13f2c023a

  • SHA512

    914226343ec1f49638bbd0aa94cf490c77803e42f5e0e695db0083507a8ee132acd8c73c7c2e60fa81bfbe08a024588a4982642749b3121d6fab7fba25546177

  • SSDEEP

    24576:Qak/7Nk4RZ3OKZu0zoFmDcpii9iGn+66rLfJIgtEqPILWz8oDqE:Qak/NHZu+k0WdEacJRIo+E

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c307f2376df6ab6813dfdbcf90c4cec2bf4ee48240bdf065a1483ed13f2c023a.exe
    "C:\Users\Admin\AppData\Local\Temp\c307f2376df6ab6813dfdbcf90c4cec2bf4ee48240bdf065a1483ed13f2c023a.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:488
    • C:\Users\Admin\AppData\Local\Temp\c307f2376df6ab6813dfdbcf90c4cec2bf4ee48240bdf065a1483ed13f2c023a.exe
      "C:\Users\Admin\AppData\Local\Temp\c307f2376df6ab6813dfdbcf90c4cec2bf4ee48240bdf065a1483ed13f2c023a.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2276
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2968
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f1e0b13a21214899520d15817172dbea

    SHA1

    489fafab7b76d98bff9aa2dd5583482af454e4d8

    SHA256

    fa3cdc9fd2d83010b2583cccb72f4b9ba3092ac7779a4d4f816823e7d7cfb7d8

    SHA512

    6069141634c7abed804fdd4242df8cb80702b22b2293d13f2f21ae6031db053c1e22ee620372e88ea6e5c7605f88a7ae288d687a4ebdbd37b6cf7622e894c570

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e5e2d37a33d3165c837fdc12ad426e78

    SHA1

    73c74cfd75c486ac9ec8381b1a42c1326e13e445

    SHA256

    c8ee8c2ea3c854bb6c42618b36a3278e959e3a298aec76842d5863f23f16fe06

    SHA512

    fd619c55ccf2f9e0182564c71050e8b8fab30410d1b8387a9db08d4d2af4fc268b3e76fd1909c1aa4f33bc6f06e57108860b1caf1e4e43db36031f79c8f68c1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e7e6d070d45331161ae53b45941e3081

    SHA1

    64bcf80ffccab4ad1d477907281074bbce4992c8

    SHA256

    ed3843351bb19f0fe4f7ae3d1aa1d38158249f6e2ade9e88ad8966efdf321bd7

    SHA512

    90498316bbbddd65dd139a7cba1d1e323a02fe6cf83c0a297e7326f81667db7e3dd3a8de880116587bc2417bcd833aa7610f69ac422289683e0343dedd250f9c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    18981fdd314b0757c2b0bf1ad3084c87

    SHA1

    5448914ac12beeed7e5943ceaf42706e5b84161c

    SHA256

    d6cacfb8459b81d2ef18c79ffb9157ba8f179e12324410fc336798d7749a45d6

    SHA512

    67f975541e9c8f195e78c8c9ce3ca77a4e02774dff787c50518313790d2002c7e4a99a354727fc012b7f512a2387f53ac1ccef880704ffa159279c14f23796f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    19b07da0c1555cb7683f8152ae9f9ace

    SHA1

    70a82b75588e7790e24fd9a148970b0047c35a6d

    SHA256

    3d0c64df76cf0009b99224c08b9ee85cdc2055e55b39b4055608427b4f96b6e5

    SHA512

    539c91170fc0629879a1820da801258e328bf6abd02aa5c26ed4e0b3ac4532a13a27a36cd29a701c34d3b9665073077a27fb106bcf7ee5b042c05a8012bc2603

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f87060e2e7c783a7ff8683137ea2bcc9

    SHA1

    e006afd71b5100d7b3ef529c7f050ed7f198f331

    SHA256

    98bf39892d95f384778f65acfe353d8d367f229471864a17f328c1089a4a2aaa

    SHA512

    e8b8d4f3186e7f4ce3521bafc7023582306d57093d8d9edf4db5b915192d12320bbf87db420d4bb78a80e8ee97ca5fc65d769721820d7dfb6780a8904f80abf1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    82eb1c94e6a5983ede312db51af95b4b

    SHA1

    efff29203571a6f7b37a2bf767f4166b0ed74920

    SHA256

    c393166b17d7e008d87da2cc07a3121a02b2a0de88a8c40ad4fb70a82e5e17e8

    SHA512

    56589562d44e4ed565d4c59f15b35d45d44030fbdf880976480660bae3d90efde920195581af1934628b826101beb5fd1e8b4b96934a913719c1541da142a6f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6b0d798071ff9cb2f7f6d2b642b5584e

    SHA1

    b6e959ed6889d7ea99d5cde4752270d6c4cc69ed

    SHA256

    295abc527a0e8eb6150a2ba618782c2ab4a6ad34ad20fd59bdcacce95764fd66

    SHA512

    c816c35870b6efe5208948f7140139e0281794f24335a1ad4fc84f3a6d2e3b27444dc91efa5f3200dcfb81837fb55d22323a559e8104905fb4d60ae7a265fa95

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    820bf0ca9b4d36177164b0f06e18378d

    SHA1

    949a1be006cbd86b6a2bb039a4c0f6afb08a4dc2

    SHA256

    3ae876ab941de5f161d22b995d485834f4ac397dc775c9a0c0fb429bf5d7201d

    SHA512

    bf51aafa22875c040d9cf3f5346579182fb973fc37a2f693cd6aa7ed975ee4dfc195e67b6dfdb3a8ad25a18f244854a84e03b4c227204545d933986c30a327cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b664550c03fbdfcc21530fd6fe30390c

    SHA1

    5efc2b75f63eab195fdcb4d8aea1a2abf42cfe40

    SHA256

    02c0595a239c3ecf953e69553cee86509f82c82947f9992b2ae5de90edc57216

    SHA512

    cc5cd289b59da024ebb69c8a7d37c41f7cb46dce7f35f16ea8d79c27456abab89e0739fd226a6a037e44472e1d41dafa6d11bb4a4a34e6773c7fd7ad5061dd9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    91f580bb1bc966bb4bfe6bb91486a83d

    SHA1

    ae33acc52f7d18facc77610a9e5e6541894fc3ef

    SHA256

    38b60d6b5032553577a832b56ebf35c46b3d2b1e3264303347caf3ea7c3e827d

    SHA512

    fe0b0d50c2460a1f09ddecf3031b4e6061296edb7ec025b1718695239b47e115ac923a413601379a810976d6871e2e53f462087c9e0e277a9fb31fada37d8660

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7fc53f1123df600d145d3ff9ba2430e9

    SHA1

    cdd2bc176a07a61d0ba023792d658a428092f4fb

    SHA256

    df6c6d57be16c448bcf732f67b02dafe0c14975db0d2175b3b99243c7aab58d1

    SHA512

    0d578603026b4281c96710f3785bbd0293d7e0d64d48613aafae0aa1bba9a72af563cc9f80108c316eb1f9e38eb15c80c0a658cd3e1c7fa18f63792c3e74be16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3cb0944f881be1367f586ac9ae91c3fc

    SHA1

    1f5c30fc812ec5a7e3689ebd8ea5aad4d452784b

    SHA256

    0815a5af9483bc29c3792a134cea6b7137211f2c69e7c94ca35b0291667d8715

    SHA512

    94d7bb39c1d4b0e423d556b473ab218b6dc80fd70f33edb80724b2dc88572176e97f171dcb94a6280b61091d363e9281b7a2330addd52e515ada5a6561ef0c55

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    63e094070d1fb99f0a166ca1b72e89d7

    SHA1

    e9f81ce503a92ffac30bc67086d52709fb3d0e5c

    SHA256

    1ffa3ac1ab49cc7c19c74c79ff36b8478f06da7685cced37d338dd0d317276ce

    SHA512

    479a5a32264203a8a222a8864c7a098e5b31bbe62e565be180c49d1c5b1b09f90ca0a5ce5b35706b5adf618eb945bf6186efa9f1a569dcaabc641f51e46fc56d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    759de8d35a0165e282639ae67bba56e8

    SHA1

    6dfc7f77800257cb44a06d78f0369963f1807b3b

    SHA256

    e8fff18e99886af72c227d58fc00cd9bf05c110aea9830b735b11953011b8aa5

    SHA512

    91a5da3cacc05ecd03cea9d60b3f5446d277c2afdb55013da414b45f70001a6e8ee51a830783d5d78d2143e033967816ac8e4cd1a3f3b507b6f43a122510a66a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    05f7bda07b1780518042cad55e14c647

    SHA1

    310f33ffd2890c0d68be988fe7d98edbb29eef80

    SHA256

    12981e17343c8416d29c7bef0421a7d9772baa16173cc066d14fc2772bc708a0

    SHA512

    3876da033f8c8e084a639993511ae6da298fadf390745cc48f2554c1f2b79c2babdf513350df355380b3beb8b81e7e2294b3a4ab0fd3b458f47167f958705e75

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0d176280b395979e83b32e5ad042e123

    SHA1

    cb77af9d8e53056c55a8bf7a14304755818a8ff6

    SHA256

    c34f87d3b9fbe167930217000edec3eefb9a07a891e2c2e41204345c369a7c7b

    SHA512

    f521724322d744339bc88586237e1eb3d9ac8b6ef2b049b8194a8d0bb49bd2052cf50c9f15de14c36b07bfa9b92b395e1115076394156bfaeada352b9d7e38dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a5474a435122dd5721828bc4df31d8a7

    SHA1

    6afd7e97e1303cf50d6759257d90c7dee1917482

    SHA256

    cc3692d8cec71023577fbba39d5ecf80c60cbb2e62ddefd401d859b4bf9a42f9

    SHA512

    ba09a5a74890d6aa2c38f35579907e59774fdc29abff888f363bb1dfe481865d9752b77496d59b0de0d8779f93b38fbeafc93e1cc9b7372ca0a647a204c89a4b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE87C.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE92D.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • memory/488-9-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/488-0-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/488-1-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/488-3-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/488-2-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/488-4-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/488-5-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/488-6-0x00000000033F0000-0x0000000003696000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2276-12-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2276-10-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2276-11-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2276-8-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2276-7-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2276-13-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2276-16-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2276-17-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2276-18-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2276-21-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download