Overview

overview

8

Static

static

3

d49e20fe17...54.exe

windows7-x64

8

d49e20fe17...54.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    05-10-2023 05:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d49e20fe1786b518713c00669474d1f71cacc392dc0dab3968aa2473be7d8854.exe

  • Size

    2.6MB

  • MD5

    c0a9b99b75aed9218217dc7ab478466d

  • SHA1

    732c8b96aba87c684850d81f17bb3572022c88b4

  • SHA256

    d49e20fe1786b518713c00669474d1f71cacc392dc0dab3968aa2473be7d8854

  • SHA512

    22c915d1fe94491bae1054be934d3e059b97cdddf9a20847cdf836ba3b0abbbfe252a49de7edff73fa4281bf395629057c5adb7be6aa3ae583d2091a27f0ea1d

  • SSDEEP

    24576:+A8vyrepIND/0bfSPdaY7RFo3UR+h+8fEvdDrGnrdEROGHOhBBoKpYC/hRJHOh:+A81IJPPqnEvdDqnroHOPHO

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d49e20fe1786b518713c00669474d1f71cacc392dc0dab3968aa2473be7d8854.exe
    "C:\Users\Admin\AppData\Local\Temp\d49e20fe1786b518713c00669474d1f71cacc392dc0dab3968aa2473be7d8854.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Users\Admin\AppData\Local\Temp\d49e20fe1786b518713c00669474d1f71cacc392dc0dab3968aa2473be7d8854.exe
      "C:\Users\Admin\AppData\Local\Temp\d49e20fe1786b518713c00669474d1f71cacc392dc0dab3968aa2473be7d8854.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2360
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2728
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    88f9982bf582caf8e294c7cb68fca3a3

    SHA1

    d3e4f99beab0d38922643c5e59ed8bbc6a69b157

    SHA256

    f8f3e8ce62373670db171e512c854cdfeec0e8f23b38dcce5a8f4185a03e97fe

    SHA512

    cc0253a3eb16f507b27d6a014ffd4a9cbc960325d6ef4849e01d130f6ce4d4eb9ff2fa0fa5238ce9b1129904e250688895f41c5f6d6b284e9b7aa5328d328804

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    897013f0cceb0b9784f8f92ec4482674

    SHA1

    0d3d15a07a4e5553bb44b5aa4ab85689f94d81d6

    SHA256

    b2a10a46d4bafbd7526f1fbbde3717167a5d3e6e364c1ebd7f3efa814ce58124

    SHA512

    ac42bd010db9bf209c691f08fb8fd6c38a5328ff59438b27ded5aac36c01e7af0d3e46fa493826d2e8947b1bd609410711541c5a857e2830b3ec0d33786f0442

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    11ae5322378fa7878c9337922493a153

    SHA1

    0a24a76a82b5ed002387be59a9908c4759da08e9

    SHA256

    69077e723fdb19212ea1b993e3fab61653324fc3e7bbded3742395d64fca89c3

    SHA512

    65a0d68ea7d0773b56e143afa5b23fee030204047385fb9432395201675523cba21ee1bc7802c077b0301b6ea3b047acd5fc8a0049d3369f63f899eef5b64100

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3a02eb0d9117f96ea64715363d21f80e

    SHA1

    ca9d9cf6490050afc01c657f2069f3be0fd02581

    SHA256

    6918c7e6db63c323d8033d22a7a8499ea0204ce86e970ebda9744b9b21f44641

    SHA512

    3b3b817ed816d8b55b3946e07b02bcf76328d12b0cc81777e850200520f094e95148c1d93f7ab395842ab0716498da5346db407ce2fbd3760ec8f77d3eab740b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4fe5a21e631a10c1c97d3d9f1a8862a6

    SHA1

    f9988c5e041bb1110738bd2b900715e3253aad19

    SHA256

    5eb32ca4b882b92dca9a02d3b91898a2aab1f795b795ab91f6da5070fdbb4ce1

    SHA512

    e6b99ba7488c9d1f8d19ef930734293621a48709842a9705b2fd2205c9ee7ca1c6e484a487e6af2ee67e31c29817f86265a2693112655303ec5ab2481c8b2473

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    325b456b070f3bd1c70660d32c666ea6

    SHA1

    beda77bdd2a0facf927b8bb8b94154cbd791ac53

    SHA256

    e3e21a2f475ec5c9c147344fcc19da27f676881e5f391b841f18b196d4b09c5a

    SHA512

    50fe74a1487e309ed130c0d1cc7d33ac70ffa6ef492933f77a4549f72e571170fdbd5f25ea1c7a3365a0e5784fde859d0d6c86d0219fb7a57bc31d232868241a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2a8a178e3cb13f06bbcc4cb7c65e6ddb

    SHA1

    0fd6d392ab9829f109836d09bcc92b607c5b151d

    SHA256

    731d9ffaecfd96493247c70243ffa466edcd08559dbb44a20e305aa54269cfad

    SHA512

    aaa4b97a521080db62a8a6789a4d7cfd49911e2b5e3cec65a085eb40cd01289439baf6fae20e6776fc3ecf3b6bd0c0a80fe892e3b4fe1ab0825ce5331a2f59bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    26080fdd7cdc2e9e9b01594b30b860e5

    SHA1

    dd987f215778ee60a2f31213b5193afe9d7cfbb8

    SHA256

    d8a6e799256b1eb0055c8aecdef814c85c335f40857664b915fcb8f7bf0babc6

    SHA512

    85f8ffc4b7591ac6f39f954dc45882456f05960fef75a18f2a7eb9e9eb92bcef0037d6ba8befbcdc4ee99d8ff3b5967db517bbacfc15396fe100cde5f6080230

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    65de3054f27abccb704faefc66908328

    SHA1

    20888def948eaa507d0b1d8d17cabc2d4a2ce381

    SHA256

    b222b62164b0b543ff076236c74c298c1fcae4e2ec0675c7560f6a21f337ec5f

    SHA512

    37b7b970604fb74a2b70de2ce3eaf0b6bf1b68dff4eecffe82c3be547404092ffc52307d9b24dd11811c584f8e8ccb2ef7282e02f1bd27231fd902ecd15f3709

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4aba13f7c85a5a90fcf8fa335646a938

    SHA1

    ecf846e40ed369f6868a223be1fd0bef0df347c5

    SHA256

    ec3127e183e372f63a88a8662f84c856cbcd4818780017fcdfd7dd7c391ffee4

    SHA512

    815589ab61b4d7908c53761e9b293df0d6543d21d6b52b7adc1fd60eb75c9465ee6c48ac92a072e474cda908721e372ea6c5e9ae83548303ddd7b4a0b692b7ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d9a442e0a43486acf9397c474187826a

    SHA1

    94d3e2594112e81dc6c1b8955a5107ee2abb1481

    SHA256

    73b00801b4afbdf37fbe09c6d0cbe9cfa6c3b24be3c53f8bc5c5a225db4961d9

    SHA512

    b6e83d056c3cbb5bc4addfb6a3a563e1f7d84c76e5ce7bcbb7cc2857ca3eebc9aa7115cae9ed144efe5ffe0388161e414f6f06b2d786bad039c5292872ee450b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d277d34fdba951a60508a07329351b4a

    SHA1

    a511527ae75f291c543aa895bad5cb9c2485d3b2

    SHA256

    c607620cc36ebcb8c8ab22fbafedbc2745c438f5ea895124232c7c9a27b427de

    SHA512

    ef76614187be4d2acb250a437cb546a0bdd6c3024eb36d7317ec902c15acbb3e83b6bb54265894f9e9e8d3abe44961430c770ba7193792736e47c9facfb44308

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1e5a549697f5b142dde63d288b0d78c6

    SHA1

    49653fbfc9dd76be54b40963d7f4222bf3fa039c

    SHA256

    8aef7a3e5fa29c2f1635ce4329fe17d0890ec1a00657dd9c6348efd0e9b1d722

    SHA512

    3c2ff96fba30b7f0dec3bc48145cece093189556971d6d9b932acb0d1b0ebe9943b245bec5dde4d23f9fb3e4d2e9beda2ceeba6e47260f90478ef3eb947e08dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6b89fbb8a300b80b9adb1944fd7f947e

    SHA1

    b60d8e588689623217847c3572c96ad4ef0441b1

    SHA256

    9b611586a3ef770f178ee59a02643e42d9df99c2eccc0bd78dad5a4daa6740ef

    SHA512

    a73468d29908fe49c9182b1b313cb29c2676d129092346d2138c15b4ce467c62cc54ac915fcb7986dd35ca5022d043e6c70982876a88e791355e7437e8ed9368

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0967ada24247577a0bf616640df7c0f0

    SHA1

    75b613c7a5bea948b0750bcdb518b63cda82d582

    SHA256

    df936efb75fd6f6a9236f0a0c52c1a5dc5c9544f74ef9a3810ca3db31ad79241

    SHA512

    11c27cbec21744c9a59949d1a1814b23c029d87221a9c853b0b7a1591d1ca1fed9472a736f08f1dad9ff761235bad969f080954b2cd88f8b0d801a04912bf0b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9ff67e27bbf394a4e8e9838396a48a12

    SHA1

    26b7eca19a5e57a25784e43563d9405262efefb1

    SHA256

    1d00f58ecc7746dd8138f095253767a1a1aef2e97ca2f5136607fa8a3079edc0

    SHA512

    3eac953afba4f3637f4670f8d95394cac65c670b200bd2be20fddddf4b63234a1c29d799eafe10e2eaa67a09eac78a85ec42374a12607029a86bbf2f8bff6fe6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB157.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB216.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • memory/2016-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2016-1-0x0000000000400000-0x000000000069F000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2360-2-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2360-5-0x0000000000400000-0x000000000069F000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2360-6-0x0000000000400000-0x000000000069F000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2360-9-0x0000000000400000-0x000000000069F000-memory.dmp

    Filesize

    2.6MB

    Download